Three Steps to Security IntelligenceHow To Build a More Secure Enterprise

Brendan HanniganGeneral Manager, IBM Security Systems

© 2013 IBM Corporation

2

Evolving Threat Landscape

Evolving CISO Landscape

3

CISO Challenge: Competing priorities

Sorry, no applicants found

ITSecurityJobs.com

83% of

enterprises have difficulty filling security roles

increase in Web application vulnerabilities from 2011 to 2012

14%

Increase in compliance mandates

Common Vulnerabilitiesand Exposures

4

CISO Challenge: Inadequate tools

85 tools from

0 out of 46vendors detected

malware

45 vendors

Source: IBM client example

5

RISK

CISO Challenge: Business pressures

of CISOs are concerned about Cloud and mobile security

of organizations are using at least one cloud platform

70%

75%+

6

stolen from bank accounts in Operation High Roller

of C-level execs say that negligent insiders are their biggest concern

increasein critical

web browser vulnerabilities

59%43%

INTERNAL EXTERNAL PAYOFFS

$78M

CISO Challenge: Evolving Threats

7

Advantage: Attacker

8

1 2 3

InnovationIntelligenceFocus

9

Focus

USERS

ASSETSTRANSACTIONS

10

USERS

60,000 employeesProvisioning took up to 2 weeks

No monitoring of privileged users

Focus on users,not devices

Implement identity intelligence

Pay special attentionto trusted insiders

Privilege Identity Management

Monitoring and same-day

de-provisioningfor 100+ privileged users 

Source: IBM client example

11

ASSETS

critical databases

$21MSaved

2,000Secured

in compliance costs

Database Access and Monitoring

Thousands of databases containingHR, ERP, credit card, and other PII

in a world where 98%of breaches hit databases

Discover critical business data

Harden and secure repositories

Monitor and prevent unauthorized access

Source: IBM client example

12

30 Million customers in an industry where$3.4B industry losses from online fraud

85% of breaches go undetected

TRANSACTIONS

Identify most critical transactions

Monitor sessions, access, and devices

Look for anomalies and attacks

Advanced Fraud Protection

Zero instances of fraudon over 1 million customer endpoints

reportedSource: IBM client example

13

Intelligence

ANALYTICS

VISIBILITYINTEGRATION

14

Context, clustering, baselining,machine learning, and heuristics

Identify entire classes of Mutated threats

by analyzing 250+ protocols and file types ANALYTICS

Patternmatching

Don’t rely on signature detection

Use baselines and reputation

Identifyoutliers

15

Reduce 2 Billion logs and events per day

to 25 high priority offenses

Get full coverage,No more blind spots

Reduce and prioritize alerts

Continuousmonitoring

VISIBILITY

Source: IBM client example

16

IDENTITY INTELLIGENC

E

SECURITY INTELLIGENC

E

THREAT INTELLIGENC

E

IntegratedPlatforms

Eliminate silos and point solutions

Build upon a common platform

Share informationbetween controls

Monitor threats across 8 Million subscribers

with an integrated PlatformINTEGRATION

SiloedPoint Products

Source: IBM client example

17

CLOUD

MOBILE

Innovation

18

Cloud-enhanced SecurityAutomated, customizable,

and elastic

Cloud is an opportunity for enhanced security

Traditional SecurityManual

and static

19

Mobility is the opportunity to get security right

Network and Access

Control

FraudProtection

Applicationand DataSecurity

EndpointManagement

20

Intelligence

Integration

Expertise

IBM Security Framework

Professional, Managed,and Cloud Services

21

Advanced Threat ProtectionStaying ahead of sophisticated attacks

Defense Strategy

Break-in1

Latch-on2

Expand3

Gather4

Exfiltrate5

Attack Chain IBM Capabilities and Services

AnalyzeQRadar Security IntelligenceX-Force Threat Intelligence

Remediate Emergency Response Services

DetectNetwork ProtectionInfoSphere GuardiumTrusteer Apex

HardenQRadar Vulnerability ManagerEndpoint ManagerAppScan

22

CISO: Checkmate!

Analytics-powered securityLeaning forward.

Felix Mohan

Bharti Airtel Limited

© 2013 IBM Corporation

24

Align. Make intelligent.

Third-party risk

Advanced attacksRegulatory compliance

Voice to data shiftCompetitive pressure

Disruptive technologies

Automation

Optimization

Culture

Competency

Communication

Intelligence

Aggravators

Concerns

Align. Make

intelligent.

Business-aligned

Analytics-driven

25

Airtel intelligence structure.

Technology Interaction

Information Integration

Analytics

ContextSecurity devices

Network devices

Events

Flows

Contextual assessmentsBetter risk managementPrioritized and actionable intelligence

Broader and deeper vulnerability insightBetter protection from advanced attacks

Quicker response

QFlow and VFlow CollectorVulnerability Manager

Risk Manager

SIEM

QRadar

X-Force external threat feed

Trusteer* (2014) Openpages*, BigInsights* (2015-16)

26

Understand. Prioritize. Act.Advanced threat protection

Risk management

Compliance Resource optimization

Fraud protection

Simulate “what ifs” for risk impactRemediate zero-days and new security threatsMonitor asset profiles & behaviour continuouslyVisualize traffic patterns and connectionsComply with regulatory mandates and policiesPrioritize vulnerability remediationProtect transactionsCarry out advanced incident analysis & forensicsOptimize resources and efforts

We are moving from dousing fires to ensuring they don’t happen in the first place!

Vulnerability scan data

Configuration data

Event data Activity

dataContext

Network topology

#IBMINTERCONNECT

© 2013 IBM Corporation

Thank You

28

10+ demos 5 appliances

• Visit the Security Intelligence area in the Solution Center

• Meet experts from the IBM Security Singapore Lab

• Solution Center Sessions: Enhancing IBM Security solutions with Trusteer fraud detection capabilities

• Technical Session: Dedicated Security track featuring Identity and Access Management, Security Intelligence, Mobile Security, and more

Also, don’t miss customer speakers including YaData and Asian Paints

Don’t miss…

All

Day 1

Day 2

29

DisclaimerPlease Note:

IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

30

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.