everyone in danger… - ibm · 3,700+ managed clients worldwide 13b+ events managed per day 133...
TRANSCRIPT
Everyone in Danger… Trends and perspectives of security solutions and IBM approach
to security solutions -IBM Security Framework
Gyorgy R. Racz Security Systems Executive, Central and Easter Europe
With Security threat evolving….
3
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected
objects
Innovative technology changes
everything
Motivations and sophistication are rapidly evolving
National
Security
Nation-state actors Stuxnet
Espionage,
Activism Competitors and Hacktivists Aurora
Monetary Gain
Organized crime Zeus
Revenge, Curiosity
Insiders and Script-kiddies Code Red
Numerous Vulnerabilities,Sophisticated Attackers means…
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Security
Incidents in the
first
half of
Security challenges are a complex, four-dimensional puzzle
…
… that requires a new approach
Applications Web
Applications Systems
Applications Web 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motion Unstructured Structured
People Hackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0 Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
Logs
Events Alerts
Configuration information
System audit trails
External threat feeds
E-mail and social activity
Network flows and anomalies
Identity context
Business process data
Malware information
Now: Intelligence
• Real-time monitoring
• Context-aware anomaly detection
• Automated correlation and analytics
Then: Collection
• Log collection
• Signature-based detection
Security Intelligence
Intrusion Prevention Complexity of
Attacks
Complexity of
Users 1 2 3
• Advanced Persistent Threats
• 0-Day Vulnerabilities
• Targeted Phishing
• Web application attacks
• Stealth Botnets
• Designer Malware
• Blending work/personal use
• Broad information sharing
• Poor security awareness and
vigilance
• Targeted by social engineering
and spear phishing attacks
• Point solutions creating
“Security Sprawl”
• Bring Your Own Device
• Evolving networking and
connectivity standards
• Rapid growth of web
applications
IBM Security Reach and Expertise
6,000 researchers, developers and subject matter experts working security initiatives worldwide
Security Research Centers
Security Solution Development Labs
Institute for Advanced Security Branches
Security Operations Centers
Collaborative IBM teams monitor and analyze the latest threats
Coverage
20,000+ devices
under contract
3,700+ managed
clients worldwide
13B+ events
managed per day
133 monitored
countries (MSS)
3,000+ security
related patents
Depth
Intelligence
Integration
Expertise
IBM delivers solutions across a Security Framework
IBM Security Systems
division is created
IBM Security Investment
• 6,000+ IBM Security experts worldwide
• 3,000+ IBM security patents
• 4,000+ IBM managed security services clients worldwide
• 25 IBM Security Labs worldwide
IBM Security: Market-changing milestones
Managed Security Services
Mainframe and Server
Security
SOA Management and Security
Network Intrusion Prevention
Database Monitoring
Access Management
Application Security
Compliance Management
1976
Resource Access Control Facility (RACF) is created, eliminating the need for each application to imbed security
1999
Dascom is acquired for access management capabilities
2006
Internet Security Systems, Inc. is acquired for security research and network protection capabilities
2007
Watchfire is acquired for security and compliance capabilities
Consul is acquired for risk management capabilities
Princeton Softech is acquired for data management capabilities
2008
Encentuate is acquired for enterprise single-sign-on capabilities
2009
Ounce Labs is acquired for application security capabilities
Guardium
is acquired
for enterprise
database
monitoring
and protection
capabilities
2010
Big Fix is acquired for endpoint security management capabilities
NISC is acquired for information and analytics management capabilities
2011
Q1 Labs is
acquired for
security intelligence
capabilities
2005
DataPower is acquired for SOA management and security capabilities
2013
Trusteer is
acquired for
mobile and
application
security,
counter-fraud
and malware
detection
2002
Access360 is acquired for identity management capabilities
MetaMerge is acquired for directory integration capabilities
Identity Management
Advanced Fraud
Protection
Security Analytics
Security Intelligence
IBM offers a comprehensive portfolio of security products
QRadar: All domains feed Security Intelligence
Endpoint Management vulnerabilities enrich QRadar’s
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed
QRadar SIEM for improved
asset risk assessment
IBM Endpoint Manager
Guardium Identity and Access Management
IBM Security Network
Intrusion Prevention System
Flow data into QRadar turns NIPS devices into activity sensors
Identity context for all security
domains w/ QRadar as the dashboard
Database assets, rule logic and database activity information
Correlate new threats based on X-Force IP reputation feeds
Hundreds of 3rd party information sources
Get engaged with IBM Security
Follow us at @ibmsecurity and @ibmxforce
Download X-Force security trend & risk reports
http://www-935.ibm.com/services/us/iss/xforce/
Subscribe to the security channel for latest security videos
www.youtube.com/ibmsecuritysolutions
Attend in-person events
http://www.ibm.com/events/calendar/
Subscribe to X-Force alerts at http://iss.net/rss.php or
Frequency X at http://blogs.iss.net/rss.php
Join the Institute for Advanced Security
www.instituteforadvancedsecurity.com