bogdan toporan biss - finmedia · 2015. 3. 26. · incident data (security information management)...
TRANSCRIPT
Bogdan Toporan │ BISS
_____________________________________________________Q4 2012 Velocity Security
PENTESTING
_____________________________________________________Q4 2012 Velocity Security
BISS > 11 ani experienta
» Gateway
» Server» Desktop
» IPS
» UTM
» VPN /ssl
» Encryption
» AV
» VA
» Web filtering
» DLP
» Monitorizare
» SIEM /intelligence
» Web App» E‐mail» Etc.
» WAF» XML Fw» Mail fw» AntiSpam» Mail archiving» App scans» Code review
» Oracle» SQL» DB2» Etc.
» DB VA» DB IPS» Discovery» Log mgmt» Admin
monitor» DAM» Reporting
» Compliance
» Plan
» Audit
» Deployment
» Training
» Support
» Professional services
_____________________________________________________Q4 2012 Velocity Security
BISS │ Best Internet Security
► Suntem o companie inovativa – un furnizor pentru cele mai avansate tehnologii, cu acces la ultimele descoperiri in domeniul IT Sec
► Protejam organizatii financiar‐bancare, guvernamentale, de telecomunicatii, utilitati si industrie
► Suntem parte a sistemelor de protectie ale clientilor si partenerilor nostri
Infiintata in 2001 | Bucuresti
Prima companie dedicata securitatii IT din Romania, certificata ISO 9001 si ISO 27001
Infiintata in 2001 | Bucuresti
Prima companie dedicata securitatii IT din Romania, certificata ISO 9001 si ISO 27001
Misiune: Oferirea celor mai performante solutii profesionale de securitate si protectie a sistemelor informatice
Echipa de profesionisti in domeniul securitatii sistemelor informatice pregatita la nivel mondial –training si expunere permanenta
Misiune: Oferirea celor mai performante solutii profesionale de securitate si protectie a sistemelor informatice
Echipa de profesionisti in domeniul securitatii sistemelor informatice pregatita la nivel mondial –training si expunere permanenta
Partenerii BISS sunt companii ce dezvolta concepte si tehnologii de varf, companii vizionare specializate in aria protectiei retelelor, comunicatiilor si datelor rezidente in sistemele informatice.
Experienta si referinte in sectorul financiar‐bancar, utilitati, public, industrial si telecom
Partenerii BISS sunt companii ce dezvolta concepte si tehnologii de varf, companii vizionare specializate in aria protectiei retelelor, comunicatiilor si datelor rezidente in sistemele informatice.
Experienta si referinte in sectorul financiar‐bancar, utilitati, public, industrial si telecom
_____________________________________________________Q4 2012 Velocity Security
BREACH
_____________________________________________________Q4 2012 Velocity Security
►Common points of entry– the public website, web applications and data servers.– employee workstations or endpoints.
X‐Force Trend Risk report H1 2011
_____________________________________________________Q4 2012 Velocity Security
2011: Year of the security breach
_____________________________________________________Q4 2012 Velocity Security
Business challenges to security
Compliance:PCI‐DSSISO 27000Basel III
_____________________________________________________Q4 2012 Velocity Security
IT Security is a board room discussion
Business results
Sony estimates potential $1B long term impact –$171M / 100 customers*
Supply chain
Epsilon breach impacts 100 national brands
Legal exposure
TJX estimates $150M class action settlement in release of credit / debit card info
Impact of hacktivism
Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony …
Audit risk
Zurich Insurance PLc fined £2.275M ($3.8M) for the loss and exposure of 46K customer records
Brand image
HSBC data breach discloses 24K private banking customers
_____________________________________________________Q4 2012 Velocity Security
Q4 2012
Security Velocity Package
_____________________________________________________Q4 2012 Velocity Security
IdentityFederation
Web ApplicationScanning
VirtualizationSecurity
NetworkSecurity
Image & Patch Management
DatabaseMonitoring
IBM Security Intelligence
Everything is EverywhereIBM is helping clients adopt flexible, layered security solutions
_____________________________________________________Q4 2012 Velocity Security
Expertise: Unmatched global coverage and security awareness
20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)
20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS)
World Wide Managed Security Services Coverage
Security Operations Centers
Security Research Centers
Security Solution Development Centers
Institute for Advanced Security Branches
IBM Research
_____________________________________________________Q4 2012 Velocity Security
IBM Security vision
Security Intelligence, Analytics &
GRC
People
Data
Applications
Infrastructure
_____________________________________________________Q4 2012 Velocity Security
IBM Security Systems
_____________________________________________________Q4 2012 Velocity Security
Security Velocity Offer
_____________________________________________________Q4 2012 Velocity Security
The mission of theIBM X‐Force® Research and Development
team is to:
Research and evaluate threat and protection issues
Deliver security protection for today’s security problems
Develop new technology for tomorrow’s security challenges
Educate the media and user communities
X‐Force Research
14B analyzed Web pages & images
40M spam & phishing attacks
65K documented vulnerabilities
13B security events daily
Provides Specific Analysis of:
Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends
X‐Force Research
_____________________________________________________Q4 2012 Velocity Security
_____________________________________________________Q4 2012 Velocity Security
The Application Security landscapeWeb application vulnerabilities dominate the enterprise threat landscape
*IBM X-Force 2011 Trend & Risk Report
Production Applications Developed in house
Acquired
Off‐the‐shelf commercial apps
In‐house development
Outsourced development
Applications in Development
**IBM X-Force 2010 Trend & Risk Report
41% of all new vulnerabilities are in web applications (2011)*
~4K new application vulnerabilities reported every year from 2006‐2010**
Vulnerabilities are spread through a wide variety of applications
_____________________________________________________Q4 2012 Velocity Security
Need for Application Security Action
99.9% of records were compromised from servers and applications
81% of organizations subject to PCI had not been found compliant prior to the breach
79% of compromised records were compromised using Web applications as the attack pathway
19
Action: Adopt application security
measures Address compliance
mandates with industry regulations (such as PCI-DSS, ISO 27000, BASEL, etc)
_____________________________________________________Q4 2012 Velocity Security
Organizations Progress in Their Security Maturity
People Data Applications Infrastructure Security Intelligence
Optimized
Role based analytics
Identity governance
Privileged user controls
Data flow analytics
Data governance
Secure app engineering processes
Fraud detection
Advanced network monitoring
Forensics / data mining
Secure systems
Advanced threat detection
Network anomaly detection
Predictive risk management
Proficient
User provisioning
Access mgmt
Strong authentication
Access monitoring
Data loss prevention
Application firewall
Source code scanning
Virtualization security
Asset mgmt
Endpoint / network security
management
Real‐time event correlation
Network forensics
BasicCentralized directory
Encryption
Access controlApplication scanning
Perimeter security
Anti‐virus
Log management
Compliance reporting
IBM Rational AppScan
_____________________________________________________Q4 2012 Velocity Security
AppScan: advanced security testing collaboration &
governance through application lifecycle
AppScan Standard
AppScan Enterprise
AppScan Source
_____________________________________________________Q4 2012 Velocity Security
AppScan Standard overview
► Simplify remediation by identifying vulnerabilities and generating results through comprehensive scanning coverage
► Scan complex web applications, including those that utilize Adobe Flash, JavaScript, Ajax and Simple Object Access Protocol (SOAP) web services
► Combine the advanced dynamic and innovative hybrid analysis of glass‐box testing (runtime analysis) with static taint analysis for superior accuracy
► Identify the latest threats including full coverage of the OWASP Top 10 web application vulnerabilities
► Manage regulatory requirements such as PCI‐DSS
_____________________________________________________Q4 2012 Velocity Security
AppScan Standard features
► Broad coverage of emerging threats, including Web 2.0 application vulnerabilities
► Advanced dynamic application security testing, also known as black‐box analysis
► Glass‐box testing, also known as runtime analysis or integrated application security testing
► Cross‐Site Scripting (XSS) Analyzer for cutting‐edge XSS detection and exploitation
► JavaScript Security Analyzer for static taint analysis of client‐side security issues
_____________________________________________________Q4 2012 Velocity Security
_____________________________________________________Q4 2012 Velocity Security
IBM Network Security
What It Does:Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach
Why Important:At the end of 2009, 52% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability.
What It Does:Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability.
Why Important:Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities.
What It Does:Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist.
Why Important:Flexible and scalable customized data search criteria; serves as a complement to data security strategy.
What It Does:Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery).
Why Important:Expands security capabilities to meet both compliance requirements and threat evolution.
What It Does:Manages control of unauthorized applications and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling.
Why Important:Enforces network application and service access based on corporate policy and governance.
What It Does:Protects end users against attacks targeting applications used everyday such as Microsoft Office, Adobe PDF, Multimedia files and Web browsers.
Why Important:At the end of 2009, vulnerabilities, which affect personal computers, represent the second-largest category of vulnerability disclosures and represent about a fifth of all vulnerability disclosures.
Intrusion prevention just got smarter with extensible protection backed by the power of X-Force
Virtual Patch Client-Side Application Protection
Web Application Protection
Threat Detection & Prevention Data Security Application Control
_____________________________________________________Q4 2012 Velocity Security
Network Security GX4004
Performance CharacteristicsThroughput 800 MbpsLatency < 150 millisecondConcurrent sessions 1,200,000Operating ModesActive protection YesPassive detection YesInline simulation YesScalabilityProtected segments 2Monitoring interfaces 4 x 10/100/1000 copperHigh Availability YesHardware‐level bypass Integrated bypass
_____________________________________________________Q4 2012 Velocity Security
• Supports compliance to regulations and laws
• Blocks unencrypted traffic with Data and Intellectual Property
• Reduced down‐time due to security breaches
• Reduced TCO thanks to preemptive security
• Effective, simple Web Application protection supports new business
• No need to understand the threats:X‐Force takes care of it
• Security becomes a business enabler(e.g. cloud)
• Improved visibility and alerting for early remediation
• Improved network performances
• Helps meet SLA with Business
• Disable protocols for unwanted applications
• Protection before deployment of patches
• Simple, centralized management
• Agentless Protection (VSP)
• Integration with SIEM/Intelligence
IBM Network Security
_____________________________________________________Q4 2012 Velocity Security
_____________________________________________________Q4 2012 Velocity Security
Challenges
• Compliance & Policy– Billions of logs and records a day
– compliance validation requires logging and reporting
– New regulations that have implications across many vertical markets
• Threats & Security Visibility– Combating fraud, targeted exploits and cyber warfare requires intelligent
visibility
– Telemetry for intelligence is traditionally siloed
– Without broad surveillance and integration, threats will be missed
_____________________________________________________Q4 2012 Velocity Security
QRADAR
Compliance validation and security response improvement in the same solution Out of the box content to
swiftly meet PCI, 27000, BASEL etc. Flexibility to meet new
compliance standards as they evolve
PCI HIPAA FISMA CoCo NERC SOX
_____________________________________________________Q4 2012 Velocity Security
Total Security Intelligence
► Log Sources (log management)
► Event Sources (security event management)
► Incident data (security information management)
► Flow data (network behaviour anomaly) + app&user level –Layer 7 flows
► Vulnerability data
► Realtime correlation & prioritization
► Visbility
► Relevance – offence identification
_____________________________________________________Q4 2012 Velocity Security
QRadar: Total IntelligenceSuspected Incidents
User correlation and application forensics enabled fraud detection prior to
exploit completion
2Bn log and event records a day reduced to 25 high priority
_____________________________________________________Q4 2012 Velocity Security
QRadar: Full Impact Analysis
_____________________________________________________Q4 2012 Velocity Security
IBM X-Force® ThreatInformation Center
Real-time Security Overvieww/ IP Reputation Correlation
Identity and User Context Real-time Network Visualization
and Application StatisticsInboundSecurity Events
1 Security Intelligence: QRadar provides security visibility
_____________________________________________________Q4 2012 Velocity Security
Activity / behavior monitoring, flow analytics and network anomaly detection
Behavior / activity base lining of users and processes
Helps detect day-zero attacks and covert channels that have no signature or AV / IPS detection
Provides definitive evidence of attack
Enables visibility into attacker communications
Network traffic does not lieAttackers can stop logging and erase their tracks, but can’t cut off the network (flow data)
_____________________________________________________Q4 2012 Velocity Security
Qradar: Offense Management
What was the attack?
Who was responsible?
How many targets involved?
Was it successful?
Where do I find them?
Are any of them vulnerable?
How valuable are they to the business?
Where is all the evidence?
Clear & concise delivery of the most relevant information …
_____________________________________________________Q4 2012 Velocity Security
QRadar 2100“All‐in‐One” Appliance
► Delivers the full power of QRadar in a single device
► Optimized hardware
► Does not require expensive external storage
► No third‐party databases, or ongoing database administration
_____________________________________________________Q4 2012 Velocity Security
Qradar 2100 features
► Includes QFlow Collector for Layer 7 flow analysis
► 10/100/1000 base T Connectivity for Monitoring
► 10/100/1000 base T Management
► 25000 to 50,000 Flows Per Second
► (50,000 to 100,000 NetFlows)
► 1000 Events Per Second
► Support for up to 750 Event Sources (devices)
► Dual Redundant Power Supplies
► Embedded Hardware RAID 10 for
► high availability and redundancy
_____________________________________________________Q4 2012 Velocity Security
Exceeding Regulatory Mandates: Being compliant and secure
• Companies today are under growing executive pressure to comply with mandates such as ISO 27000 or PCI‐DSS
• Compliance is more than simply generating reports
• 3 key factors need to be fulfilled:
Measurability
Metrics and reporting around
IT riskswithin a company
Accountability
Proving surveillance to report on whodid what and
when
Transparency
Visibility into the security controls,
the business applications and
the assets that are being protected
_____________________________________________________Q4 2012 Velocity Security
Predicting an Attack: How it looks in QRadarMultiple IP’s attack an IP
Drilling into one superflow record shows all IP records contributing to the attack
All pulled together in one offence which is detected and raised immediately to the security team
All pulled together in one offence which is detected and raised immediately to the security team
_____________________________________________________Q4 2012 Velocity Security
QRadar Advantages
Seamless, rapid deployment
Asset autodiscovery
Out of the box policies
Out of the box reports templates (27001, PCI‐DSS etc.) – FREE of charge
Qflow = Layer 7 Flow analysis – user and application information; beyond Net‐flow, J‐flow and S‐flow
Vflow – unique feature, only one in the industry able to colect flows from virtual environments
Complete network visibility
Complete integration of network and security devices and objects
SOC enabled
Unmatched scalability, unlimited
Low on staff
_____________________________________________________Q4 2012 Velocity Security
Our package
Our price€ 59900
Available to test from IBM IIC @ BISS HQPayment due – January 2013Latest order – Dec 20, 2012
_____________________________________________________Q4 2012 Velocity Security
MULŢUMESCBogdan Toporan │ BISS
Q&A
021 345 55 [email protected]