bogdan toporan biss - finmedia · 2015. 3. 26. · incident data (security information management)...

Bogdan Toporan │ BISS

_____________________________________________________Q4 2012 Velocity Security

PENTESTING


BISS > 11 ani experienta

» Gateway

» Server» Desktop

» IPS

» UTM

» VPN /ssl

» Encryption

» AV

» VA

» Web filtering

» DLP

» Monitorizare

» SIEM /intelligence

» Web App» E‐mail» Etc.

» WAF» XML Fw» Mail fw» AntiSpam» Mail archiving» App scans» Code review

» Oracle» SQL» DB2» Etc.

» DB VA» DB IPS» Discovery» Log mgmt» Admin

monitor» DAM» Reporting

» Compliance

» Plan

» Audit

» Deployment

» Training

» Support

» Professional services


BISS │ Best Internet Security

► Suntem o companie inovativa – un furnizor pentru cele mai avansate tehnologii, cu acces la ultimele descoperiri in domeniul IT Sec

► Protejam organizatii financiar‐bancare, guvernamentale, de telecomunicatii, utilitati si industrie

► Suntem parte a sistemelor de protectie ale clientilor si partenerilor nostri

Infiintata in 2001 | Bucuresti

Prima companie dedicata securitatii IT din Romania, certificata ISO 9001 si ISO 27001

Infiintata in 2001 | Bucuresti

Prima companie dedicata securitatii IT din Romania, certificata ISO 9001 si ISO 27001

Misiune: Oferirea celor mai performante solutii profesionale de securitate si protectie a sistemelor informatice

Echipa de profesionisti in domeniul securitatii sistemelor informatice pregatita la nivel mondial –training si expunere permanenta

Misiune: Oferirea celor mai performante solutii profesionale de securitate si protectie a sistemelor informatice

Echipa de profesionisti in domeniul securitatii sistemelor informatice pregatita la nivel mondial –training si expunere permanenta

Partenerii BISS sunt companii ce dezvolta concepte si tehnologii de varf, companii vizionare specializate in aria protectiei retelelor, comunicatiilor si datelor rezidente in sistemele informatice.

Experienta si referinte in sectorul financiar‐bancar, utilitati, public, industrial si telecom

Partenerii BISS sunt companii ce dezvolta concepte si tehnologii de varf, companii vizionare specializate in aria protectiei retelelor, comunicatiilor si datelor rezidente in sistemele informatice.

Experienta si referinte in sectorul financiar‐bancar, utilitati, public, industrial si telecom


BREACH


►Common points of entry– the public website, web applications and data servers.– employee workstations or endpoints.

X‐Force Trend Risk report H1 2011


2011: Year of the security breach


Business challenges to security

Compliance:PCI‐DSSISO 27000Basel III


IT Security is a board room discussion

Business results

Sony estimates potential $1B long term impact –$171M / 100 customers*

Supply chain

Epsilon breach impacts 100 national brands

Legal exposure

TJX estimates $150M class action settlement in release of credit / debit card info

Impact of hacktivism

Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony …

Audit risk

Zurich Insurance PLc fined £2.275M ($3.8M) for the loss and exposure of 46K customer records

Brand image

HSBC data breach discloses 24K private banking customers


Q4 2012

Security Velocity Package


IdentityFederation

Web ApplicationScanning

VirtualizationSecurity

NetworkSecurity

Image & Patch Management

DatabaseMonitoring

IBM Security Intelligence

Everything is EverywhereIBM is helping clients adopt flexible, layered security solutions


Expertise: Unmatched global coverage and security awareness

20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)

20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)

World Wide Managed Security Services Coverage

Security Operations Centers

Security Research Centers

Security Solution Development Centers

Institute for Advanced Security Branches

IBM Research


IBM Security vision

Security Intelligence, Analytics &

GRC

People

Data

Applications

Infrastructure


IBM Security Systems


Security Velocity Offer


The mission of theIBM X‐Force® Research and Development

team is to:

Research and evaluate threat and protection issues

Deliver security protection for today’s security problems

Develop new technology for tomorrow’s security challenges

Educate the media and user communities

X‐Force Research

14B analyzed Web pages & images

40M spam & phishing attacks

65K documented vulnerabilities

13B security events daily

Provides Specific Analysis of:

Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends

X‐Force Research


The Application Security landscapeWeb application vulnerabilities dominate the enterprise threat landscape

*IBM X-Force 2011 Trend & Risk Report

Production Applications Developed in house

Acquired

Off‐the‐shelf commercial apps

In‐house development

Outsourced development

Applications in Development

**IBM X-Force 2010 Trend & Risk Report

41% of all new vulnerabilities are in web applications (2011)*

~4K new application vulnerabilities reported every year from 2006‐2010**

Vulnerabilities are spread through a wide variety of applications


Need for Application Security Action

99.9% of records were compromised from servers and applications

81% of organizations subject to PCI had not been found compliant prior to the breach

79% of compromised records were compromised using Web applications as the attack pathway

19

Action: Adopt application security

measures Address compliance

mandates with industry regulations (such as PCI-DSS, ISO 27000, BASEL, etc)


Organizations Progress in Their Security Maturity

People Data Applications Infrastructure Security Intelligence

Optimized

Role based analytics

Identity governance

Privileged user controls

Data flow analytics

Data governance

Secure app engineering processes

Fraud detection

Advanced network monitoring

Forensics / data mining

Secure systems

Advanced threat detection

Network anomaly detection

Predictive risk management

Proficient

User provisioning

Access mgmt

Strong authentication

Access monitoring

Data loss prevention

Application firewall

Source code scanning

Virtualization security

Asset mgmt

Endpoint / network security

management

Real‐time event correlation

Network forensics

BasicCentralized directory

Encryption

Access controlApplication scanning

Perimeter security

Anti‐virus

Log management

Compliance reporting

IBM Rational AppScan


AppScan: advanced security testing collaboration &

governance through application lifecycle

AppScan Standard

AppScan Enterprise

AppScan Source


AppScan Standard overview

► Simplify remediation by identifying vulnerabilities and generating results through comprehensive scanning coverage

► Scan complex web applications, including those that utilize Adobe Flash, JavaScript, Ajax and Simple Object Access Protocol (SOAP) web services

► Combine the advanced dynamic and innovative hybrid analysis of glass‐box testing (runtime analysis) with static taint analysis for superior accuracy

► Identify the latest threats including full coverage of the OWASP Top 10 web application vulnerabilities

► Manage regulatory requirements such as PCI‐DSS


AppScan Standard features

► Broad coverage of emerging threats, including Web 2.0 application vulnerabilities

► Advanced dynamic application security testing, also known as black‐box analysis

► Glass‐box testing, also known as runtime analysis or integrated application security testing

► Cross‐Site Scripting (XSS) Analyzer for cutting‐edge XSS detection and exploitation

► JavaScript Security Analyzer for static taint analysis of client‐side security issues


IBM Network Security

What It Does:Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach

Why Important:At the end of 2009, 52% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability.

What It Does:Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability.

Why Important:Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities.

What It Does:Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist.

Why Important:Flexible and scalable customized data search criteria; serves as a complement to data security strategy.

What It Does:Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery).

Why Important:Expands security capabilities to meet both compliance requirements and threat evolution.

What It Does:Manages control of unauthorized applications and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling.

Why Important:Enforces network application and service access based on corporate policy and governance.

What It Does:Protects end users against attacks targeting applications used everyday such as Microsoft Office, Adobe PDF, Multimedia files and Web browsers.

Why Important:At the end of 2009, vulnerabilities, which affect personal computers, represent the second-largest category of vulnerability disclosures and represent about a fifth of all vulnerability disclosures.

Intrusion prevention just got smarter with extensible protection backed by the power of X-Force

Virtual Patch Client-Side Application Protection

Web Application Protection

Threat Detection & Prevention Data Security Application Control


Network Security GX4004

Performance CharacteristicsThroughput 800 MbpsLatency < 150 millisecondConcurrent sessions 1,200,000Operating ModesActive protection YesPassive detection YesInline simulation YesScalabilityProtected segments 2Monitoring interfaces 4 x 10/100/1000 copperHigh Availability YesHardware‐level bypass Integrated bypass


• Supports compliance to regulations and laws

• Blocks unencrypted traffic with Data and Intellectual Property

• Reduced down‐time due to security breaches

• Reduced TCO thanks to preemptive security

• Effective, simple Web Application protection supports new business

• No need to understand the threats:X‐Force takes care of it

• Security becomes a business enabler(e.g. cloud)

• Improved visibility and alerting for early remediation

• Improved network performances

• Helps meet SLA with Business

• Disable protocols for unwanted applications

• Protection before deployment of patches

• Simple, centralized management

• Agentless Protection (VSP)

• Integration with SIEM/Intelligence

IBM Network Security


Challenges

• Compliance & Policy– Billions of logs and records a day

– compliance validation requires logging and reporting

– New regulations that have implications across many vertical markets

• Threats & Security Visibility– Combating fraud, targeted exploits and cyber warfare requires intelligent

visibility

– Telemetry for intelligence is traditionally siloed

– Without broad surveillance and integration, threats will be missed


QRADAR

Compliance validation and security response improvement in the same solution Out of the box content to

swiftly meet PCI, 27000, BASEL etc. Flexibility to meet new

compliance standards as they evolve

PCI HIPAA FISMA CoCo NERC SOX


Total Security Intelligence

► Log Sources (log management)

► Event Sources (security event management)

► Incident data (security information management)

► Flow data (network behaviour anomaly) + app&user level –Layer 7 flows

► Vulnerability data

► Realtime correlation & prioritization

► Visbility

► Relevance – offence identification


QRadar: Total IntelligenceSuspected Incidents

User correlation and application forensics enabled fraud detection prior to

exploit completion

2Bn log and event records a day reduced to 25 high priority


QRadar: Full Impact Analysis


IBM X-Force® ThreatInformation Center

Real-time Security Overvieww/ IP Reputation Correlation

Identity and User Context Real-time Network Visualization

and Application StatisticsInboundSecurity Events

1 Security Intelligence: QRadar provides security visibility


Activity / behavior monitoring, flow analytics and network anomaly detection

Behavior / activity base lining of users and processes

Helps detect day-zero attacks and covert channels that have no signature or AV / IPS detection

Provides definitive evidence of attack

Enables visibility into attacker communications

Network traffic does not lieAttackers can stop logging and erase their tracks, but can’t cut off the network (flow data)


Qradar: Offense Management

What was the attack?

Who was responsible?

How many targets involved?

Was it successful?

Where do I find them?

Are any of them vulnerable?

How valuable are they to the business?

Where is all the evidence?

Clear & concise delivery of the most relevant information …


QRadar 2100“All‐in‐One” Appliance

► Delivers the full power of QRadar in a single device

► Optimized hardware

► Does not require expensive external storage

► No third‐party databases, or ongoing database administration


Qradar 2100 features

► Includes QFlow Collector for Layer 7 flow analysis

► 10/100/1000 base T Connectivity for Monitoring

► 10/100/1000 base T Management

► 25000 to 50,000 Flows Per Second

► (50,000 to 100,000 NetFlows)

► 1000 Events Per Second

► Support for up to 750 Event Sources (devices)

► Dual Redundant Power Supplies

► Embedded Hardware RAID 10 for

► high availability and redundancy


Exceeding Regulatory Mandates: Being compliant and secure

• Companies today are under growing executive pressure to comply with mandates such as ISO 27000 or PCI‐DSS

• Compliance is more than simply generating reports

• 3 key factors need to be fulfilled:

Measurability

Metrics and reporting around

IT riskswithin a company

Accountability

Proving surveillance to report on whodid what and

when

Transparency

Visibility into the security controls,

the business applications and

the assets that are being protected


Predicting an Attack: How it looks in QRadarMultiple IP’s attack an IP

Drilling into one superflow record shows all IP records contributing to the attack

All pulled together in one offence which is detected and raised immediately to the security team

All pulled together in one offence which is detected and raised immediately to the security team


QRadar Advantages

Seamless, rapid deployment

Asset autodiscovery

Out of the box policies

Out of the box reports templates (27001, PCI‐DSS etc.) – FREE of charge

Qflow = Layer 7 Flow analysis – user and application information; beyond Net‐flow, J‐flow and S‐flow

Vflow – unique feature, only one in the industry able to colect flows from virtual environments

Complete network visibility

Complete integration of network and security devices and objects

SOC enabled

Unmatched scalability, unlimited

Low on staff


Our package

Our price€ 59900

Available to test from IBM IIC @ BISS HQPayment due – January 2013Latest order – Dec 20, 2012


MULŢUMESCBogdan Toporan │ BISS

[email protected]

Q&A

021 345 55 [email protected]

bogdan toporan biss - finmedia · 2015. 3. 26. · incident data (security information management)...

Documents