presentation gdl
TRANSCRIPT
Reduzca costos y la complejidad de la seguridad en su negocio
Reduzca costos y la complejidad de la seguridad en su negocio
Juan Carlos CarrilloSecurity Sales Leader
miércoles 12 de abril de 2023
Reduzca costos y la complejidad de la seguridad en su negocio
2
agenda
6
5
IBM ISS product solutions
4
IBM Security Framework2
X-Force® 2008 Trend & Risk Report Highlights1
3
IBM ISS service solutions
IBM ISS security consulting solutions
Q&A
Reduzca costos y la complejidad de la seguridad en su negocio
X-Force® 2008 Trend & Risk Report
Reduzca costos y la complejidad de la seguridad en su negocio
4
The mission of the IBM Internet Security Systems™
X-Force® research and development team is to:
Research and evaluate threat and protection issues
Deliver security protection for today’s security problems
Develop new technology for tomorrow’s security challenges
Educate the media and user communities
The report data by the numbers… 9.1B analyzed Web pages &
images 150M intrusion attempts daily 40M spam & phishing attacks 40K documented vulnerabilities Millions of unique malware samples
Provides Specific Analysis of: Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends
The Annual X-Force 2008 Trend & Risk Report
Reduzca costos y la complejidad de la seguridad en su negocio
5
Criminal Economics
On a basic microeconomic level, an understanding of the opportunity for a computer criminal comes from considering the amount of revenue that can be generated from exploiting a vulnerability relative to the cost of doing so.
Obviously, vulnerabilities that present a high revenue opportunity at a low cost are likely to be popular with attackers. Both revenue (opportunity) and cost are made up of a complicated set of components, and some of these components can be influenced by the security industry.
Reduzca costos y la complejidad de la seguridad en su negocio
6
Vulnerabilities
2008 proved to be the busiest year in X-Force history chronicling vulnerabilities – a 13.5 percent increase compared to 2007.
The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up 67.5 percent.
Similar to 2007, nearly 92 percent of 2008 vulnerabilities can be exploited remotely.
Of all the vulnerabilities disclosed in 2008, only 47 percent can be corrected through vendor patches. Vendors do not always go back to patch previous year’s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008.
The two largest categories of vulnerabilities in 2008 are Web application at 55 percent and vulnerabilities affecting PC software at roughly 20 percent.
Reduzca costos y la complejidad de la seguridad en su negocio
7
Vulnerabilities
Reduzca costos y la complejidad de la seguridad en su negocio
8
Web-Related Security Threats
The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Last year, China replaced the US as the most prolific host of malicious Web sites.
Spammers are turning to the Web. URL spam (a spam email with little more than a link to a Web page that delivers the spam message) took the lead as the main type of Spam this year, and Spammers more and more are using familiar domain names like news and blogging Web sites to host their content.
Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications, and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008.
Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability.
In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position.
Reduzca costos y la complejidad de la seguridad en su negocio
9
Vulnerabilities
Reduzca costos y la complejidad de la seguridad en su negocio
10
Spam and Phishing Simple spam (text or URL-based) replaced complex (PDF, image, etc.) spam in 2008, with a
focus on URL spam near the end of the year. Spammers increasingly use familiar URL domains, like blogging Websites and news Websites, to host spam messages.
More than 97 percent of Spam URLs are up for one week or less.
In terms of the servers sending spam, Russia surpassed the US in 2008, and was accountable for 12 percent of all spam sent last year.
The most popular subject lines of phishing and spam are not so popular anymore. The top ten subject lines of 2008 took up a much smaller percentage in comparison to 2007. Spammers and phishers alike are becoming more granular and targeted, working harder in essence, to reach more targets. In 2007, the most popular phishing subject lines represented about 40% of all phishing emails. In 2008, the most popular subject lines made up only 6.23% of all phishing subject lines.
Trend that developed in 2008 is the focus on user action. Rather than having a generic subject like “security alert,” phishers attempt to engage the user into doing something, like fixing an account that has been suspended or updating their account information.
The majority of phishing – nearly 90 percent – was targeted at financial institutions. Over 99% of all financial phishing targets are in North America or Europe, with the majority of targets in North America (58.4 percent).
Reduzca costos y la complejidad de la seguridad en su negocio
11
Spam and Phishing
Reduzca costos y la complejidad de la seguridad en su negocio
12
You can read the full report in the following link
http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf
Reduzca costos y la complejidad de la seguridad en su negocio
IBM Security Framework
Reduzca costos y la complejidad de la seguridad en su negocio
14
The IBM Security framework
Is the only security vendor in the market with a end-to-end coverage of the security foundation
15,000 researchers, developers and SMEs on security initiatives
3,000 + security & risk management patents
200+ security customers reference and 50+ published cases
40+ years of proven sucess securing the Zseries enviorement
Already managing more than 2.5 billion security events per day for clients
$1.5 USD billion security spent in 2008
Reduzca costos y la complejidad de la seguridad en su negocio
1515 04/12/23
IBM ISS Solutions
IBM has the unmatched local and global expertise to deliver complete solutions and manage the cost and complexity of security. In addition, X-force, IBM ISS’ security and development organization, is one of the best-known commercial groups in the world. It discovers 30-60% of all vulnerabilities and captures more than 2 billion events per day
Reduzca costos y la complejidad de la seguridad en su negocio
IBM ISS product solutions
Reduzca costos y la complejidad de la seguridad en su negocio
17
ISS case I
A client needs to implement the following: Additional security controls on the
network perimeter IPS and AV inspection, and
Encryption (to support PCI certification) for all traffic between the main office and branch office
IPS to augment the existing firewall and proxy / AV implementation on the main office Internet link
Products that addresses the client’s need for a low cost solution Main Office primary link: Add
Proventia Network IPS, and leave existing infrastructure in place
Main Office secondary link: Add Proventia Network MFS
Branch Office primary link: Add Proventia Network MFS
Reduzca costos y la complejidad de la seguridad en su negocio
18
ISS case II
A client wants to implement an antispam solution. Their branch offices relay mail through the main office, and the client wants the ability to implement multiple filtering rules, and to minimize the amount of internal network traffic
Products that addresses the client’s need for a low cost solution Main Office primary link: Add
Proventia MFS, and set it as the principal MX record in the DNS
Main Office secondary link: Leave as it is
Branch Office primary link: Leave as it is
Reduzca costos y la complejidad de la seguridad en su negocio
19
ISS case III
A company wants a proposal bases on the following requirements Has 10 MB SDSL connection Wants to separate IPS policies per
segment, and is fundamentally interested in IPS capability
What can we offer Add a switch behind the firewall to
which the segments will be connected, and add a Proventia GX between the switch and the Proventia MX
Reduzca costos y la complejidad de la seguridad en su negocio
20
ISS case IV
A company needs to implement IPS technology to protect a Windows server farm. The solution must be easy to implement and maintain
What can we offer Deploy a Proventia Network IPS
model GX6116 between the two core switches
Reduzca costos y la complejidad de la seguridad en su negocio
21
ISS case V
A company needs a host protection solution for their server systems. The man requirement is IPS functionality, and the addition of OS monitoring would be a plus. The Operating systems deployed are Solaris Linux AIX
What can we offer Proventia Server and RealSecure
Server Sensor
IBM RealSecure® Server Sensor
provides server protection for:
Microsoft® Windows® AIX™ Solaris HP-UX
IBM Proventia® Server Intrusion Prevention System (IPS) for:
Microsoft® Windows® Linux® VMware Guest Operating System (OS)
Reduzca costos y la complejidad de la seguridad en su negocio
22
Performance Flexibility: IPS beyond the perimeter
“…It is important to mandate that all ingress (inbound) traffic run through a segment of inline networkintrusion protection. Trace packet flows to ensure that each packet entering your network passesthrough at least one IPS sensor…”
Reduzca costos y la complejidad de la seguridad en su negocio
23
Solution to stop automatically intrusion attacks either internal or external, also the Proventia GX has the best performance in bandwidth utilization and network availability of the market.
IPS Proventia GX Appliances
Proventia Network Multifunction Security
Solution all-in-one to help the enforce the security
IPS
Firewall
Traditional Antivirus
Heuristic Antivirus
Anti-Spam
Filtrado de URL
VPN estándar y SSL
Reduzca costos y la complejidad de la seguridad en su negocio
24
PAM drives security convergence in a single solution & eliminates point products
Virtual Patch™: Shielding a vulnerability from exploitation independent of a software patch
Threat Detection & Prevention: Advanced intrusion prevention for zero-day attacks
Proventia Content Analysis: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential data
Proventia Web application security: Protection for web apps, Web 2.0, databases (same protection as web application firewall)
Network Policy Enforcement: Reclaim bandwidth & block Skype, peer-to-peer networks, tunneling
Reduzca costos y la complejidad de la seguridad en su negocio
25
Managing the agent overload
Reduzca costos y la complejidad de la seguridad en su negocio
26
Multiple threats result in multiple endpoint security agents.
Function Vendor Deployment Impact Memory Updates Scheduled
Asset & Data Loss Prevention 1 Laptops Periodic Check N/A Manual
Data Loss Prevention 2 Workstations Periodic Check 6mb None
Computer Forensics 3 Workstations Agent remains dormant until off network
3mb Manual
Host Based Intrusion Prevention 4 Servers & Workstations
Periodic Check 75mb Automatic
Laptop Encryption 5 Workstations Periodic Check 18mb None
Removable Media Control 6 Workstations Periodic Check 2.5bm None
Virus Protection 7 Servers & Workstations
Periodic Check 42mb On Demand & Scheduled
Web Surfing 8 Workstations Agent remains dormant until off network
N/A Manual
Total Memory Usage 146mb
Typical deployment for midsize company
Reduzca costos y la complejidad de la seguridad en su negocio
27
Proventia Desktop/Phoenix Rising Comparison
Feature Proventia Desktop
ESC
Firewall IPS Behavioral AV Signature AV Anti-spyware Extensible framework - NAC - DLP - USB port control - Patch management - Asset discovery - Vulnerability assessment - Power management - Configuration management - Flexible systems management - Software deployment/removal - Security policy compliance -
Reduzca costos y la complejidad de la seguridad en su negocio
28
Case Study in Proventia ESC Savings: Financial CustomerMoved from low 80% success rate to 95% success rate with real-time reporting
Key Matrix
Before
Proventia ESC
After
Proventia ESC The Results
# of Managed Endpoints
40,000 out of 90,000
50K unknown endpoints
90,000 Uncovered 50K previously unknown
endpoints
# of Locations 100+ 800 Expanded locations by 700
Time to Install 8+ months for all infrastructure
1 week for all infrastructure
Saved more than 7 months for new
agent installation
# of Required Administrators
20 4 Reduced required admins by 1/5th
# of Dedicated Servers
25 1 Reduced dedicated servers by 24
Time to complete an enterprise wide full discovery, remediation and reporting cycle
~7 days ~5 minutes Saved 6 days, 23 hours, and 55 minutes for
enterprise wide discovery…
Reduzca costos y la complejidad de la seguridad en su negocio
IBM ISS service solutions
Reduzca costos y la complejidad de la seguridad en su negocio
30
Virtual Security Operations Center (VSOC)
Reduzca costos y la complejidad de la seguridad en su negocio
32
Source: IBM Internet Security Systems, 2008
Security Management Monthly Annual
Assumes full security staff of 10 providing 24x7x35 coverage, managing 12 HA Firewalls and 6 IDS engines, attending 2 training classes/yr, 20% employee turnover, equipment costs allocated over 3 years, and maintenance costing15% of total equipment costs.
In this example, leveraging a
managed protection provider
yields a 55% savings over
in-house security
In-house
ISS Managed Security
Cost Savings
$82,592
$37,671
$44,921
$995,102
$452,051
$543,05
1
Cost Savings at a Glance
Reduzca costos y la complejidad de la seguridad en su negocio
IBM ISS security consulting solutions
Reduzca costos y la complejidad de la seguridad en su negocio
34
Why IBM ISS Professional Security Services?
Exclusive security focus and expertise Senior-Level consultants Deep industry experience
Average of 8.5 years of security experience, 6 years IBM ISS tenure Certified security experts with leadership, consulting, investigative, law
enforcement and research and development backgrounds Big 4, FBI, X-Force R&D, Government Agencies, Former CISOs
Qualified Incident Response Company As a Qualified Incident Response Company, IBM ISS can assist
organizations with security incidents involving payment card data Leverages security intelligence of IBM X-Force Complete, quality deliverables
Analysis, prioritization and remediation recommendations Actionable recommendations Results presented in both technical and management terms
Proven methodology
Reduzca costos y la complejidad de la seguridad en su negocio
35
Penetration Testing
Quantifies risk to customer information, financial transactions, online applications and other critical business data and processes
Increases real-world perspective into hacker techniques and motivations Encourages executive support on direction of information security
strategy and resources Identifies steps needed to effectively reduce risk Provides the customer with insight into how technical vulnerabilities can
lead to serious risks to their business Helps to meet regulatory compliance requirements
Reduzca costos y la complejidad de la seguridad en su negocio
36
IBM Emergency Response Services
Incident response Responding to and helping minimize the
impact of information security incidents such as external/internal attackers, virus/worm outbreaks, web site defacements and PCI data breaches
Preparedness planning Assisting with the development of an
computer security incident response plan Prepares organizations for security
incidents in advance Helps to meet regulatory guidelines and
security best practices Incident Analysis
Collects data from security incidents in a forensically-sound manner
Perform data analysis from all collected data
ERS Can Assist With:
PCI Data Breaches
Web Page Defacement
Network Intrusion
Employee Misconduct
Regulatory Issues
Digital Forensics
Reduzca costos y la complejidad de la seguridad en su negocio
37
Information Security Assessment
Review of Network Security Architecture Assessment of current network security measures to get a clear picture of
the current security state Review of Security Policies, Procedures and Practices
Evaluation of current security processes in relation to ISO 17799 standards, industry best practices and business objectives
Review of Technical Security Controls and Mechanisms Review of the effectiveness of existing security practices and
mechanisms to recognize needed improvements External Vulnerability Testing
External network scan to understand network security posture and determine vulnerabilities
Internal Vulnerability Scan and Testing Internal network assessment to provide details on the vulnerability of
critical assets Social Engineering Assessment
Attempt to discover sensitive information by acting as a trusted employee or untrusted user
Reduzca costos y la complejidad de la seguridad en su negocio
38
Information Security Assessment II
Physical Security Assessment Determination of how physical security can impact overall data and
system security Modem Testing (“War Dialing”)
Attempt to connect with modems by dialing a range of numbers Wireless Penetration Test
Attempt to penetrate wireless devices to uncover vulnerabilities Wireless Assessment
Test of wireless network environment to assess security Application Assessment
Review of custom client/server applications to provide details on vulnerabilities
Mainframe Assessment Identification of vulnerabilities within the mainframe environment
Reduzca costos y la complejidad de la seguridad en su negocio
Q&A