Everyone in Danger… Trends and perspectives of security solutions and IBM approach

to security solutions -IBM Security Framework

Gyorgy R. Racz Security Systems Executive, Central and Easter Europe

With Security threat evolving….

3

Bring your own IT

Social business

Cloud and virtualization

1 billion mobile workers

1 trillion connected

objects

Innovative technology changes

everything

Motivations and sophistication are rapidly evolving

National

Security

Nation-state actors Stuxnet

Espionage,

Activism Competitors and Hacktivists Aurora

Monetary Gain

Organized crime Zeus

Revenge, Curiosity

Insiders and Script-kiddies Code Red

Numerous Vulnerabilities,Sophisticated Attackers means…

2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Security

Incidents in the

first

half of

Security challenges are a complex, four-dimensional puzzle

…

… that requires a new approach

Applications Web

Applications Systems

Applications Web 2.0 Mobile

Applications

Infrastructure

Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motion Unstructured Structured

People Hackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0 Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications

Logs

Events Alerts

Configuration information

System audit trails

External threat feeds

E-mail and social activity

Network flows and anomalies

Identity context

Business process data

Malware information

Now: Intelligence

• Real-time monitoring

• Context-aware anomaly detection

• Automated correlation and analytics

Then: Collection

• Log collection

• Signature-based detection

Security Intelligence

Intrusion Prevention Complexity of

Attacks

Complexity of

Users 1 2 3

• Advanced Persistent Threats

• 0-Day Vulnerabilities

• Targeted Phishing

• Web application attacks

• Stealth Botnets

• Designer Malware

• Blending work/personal use

• Broad information sharing

• Poor security awareness and

vigilance

• Targeted by social engineering

and spear phishing attacks

• Point solutions creating

“Security Sprawl”

• Bring Your Own Device

• Evolving networking and

connectivity standards

• Rapid growth of web

applications

IBM Security Reach and Expertise

6,000 researchers, developers and subject matter experts working security initiatives worldwide

Security Research Centers

Security Solution Development Labs

Institute for Advanced Security Branches

Security Operations Centers

Collaborative IBM teams monitor and analyze the latest threats

Coverage

20,000+ devices

under contract

3,700+ managed

clients worldwide

13B+ events

managed per day

133 monitored

countries (MSS)

3,000+ security

related patents

Depth

Intelligence

Integration

Expertise

IBM delivers solutions across a Security Framework

IBM Security Systems

division is created

IBM Security Investment

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM security patents

• 4,000+ IBM managed security services clients worldwide

• 25 IBM Security Labs worldwide

IBM Security: Market-changing milestones

Managed Security Services

Mainframe and Server

Security

SOA Management and Security

Network Intrusion Prevention

Database Monitoring

Access Management

Application Security

Compliance Management

1976

Resource Access Control Facility (RACF) is created, eliminating the need for each application to imbed security

1999

Dascom is acquired for access management capabilities

2006

Internet Security Systems, Inc. is acquired for security research and network protection capabilities

2007

Watchfire is acquired for security and compliance capabilities

Consul is acquired for risk management capabilities

Princeton Softech is acquired for data management capabilities

2008

Encentuate is acquired for enterprise single-sign-on capabilities

2009

Ounce Labs is acquired for application security capabilities

Guardium

is acquired

for enterprise

database

monitoring

and protection

capabilities

2010

Big Fix is acquired for endpoint security management capabilities

NISC is acquired for information and analytics management capabilities

2011

Q1 Labs is

acquired for

security intelligence

capabilities

2005

DataPower is acquired for SOA management and security capabilities

2013

Trusteer is

acquired for

mobile and

application

security,

counter-fraud

and malware

detection

2002

Access360 is acquired for identity management capabilities

MetaMerge is acquired for directory integration capabilities

Identity Management

Advanced Fraud

Protection

Security Analytics

Security Intelligence

IBM offers a comprehensive portfolio of security products

QRadar: All domains feed Security Intelligence

Endpoint Management vulnerabilities enrich QRadar’s

vulnerability database

AppScan Enterprise

AppScan vulnerability results feed

QRadar SIEM for improved

asset risk assessment

IBM Endpoint Manager

Guardium Identity and Access Management

IBM Security Network

Intrusion Prevention System

Flow data into QRadar turns NIPS devices into activity sensors

Identity context for all security

domains w/ QRadar as the dashboard

Database assets, rule logic and database activity information

Correlate new threats based on X-Force IP reputation feeds

Hundreds of 3rd party information sources

Get engaged with IBM Security

Follow us at @ibmsecurity and @ibmxforce

Download X-Force security trend & risk reports

http://www-935.ibm.com/services/us/iss/xforce/

Subscribe to the security channel for latest security videos

www.youtube.com/ibmsecuritysolutions

Attend in-person events

http://www.ibm.com/events/calendar/

Subscribe to X-Force alerts at http://iss.net/rss.php or

Frequency X at http://blogs.iss.net/rss.php

Join the Institute for Advanced Security

www.instituteforadvancedsecurity.com