security for cloud - ibm · core connectivity & delivery saas integration & middleware apis...
TRANSCRIPT
IBM Security FOR the Cloud
Александр Гринюк
08 Июня 2017
IBM Security Ukraine/CIS
2 IBM Security
Агенда
§Риски и угрозы в Cloud.
§Безопасность ИЗ Cloud vs Безопасность ДЛЯ Cloud
§Стратегия облачной безопасности IBM
Security FOR the Cloud
Риски и Угрозы в Cloud
4 IBM Security
Cloud вычисления менее надежны
Cloud безопасность сложная и дорогостоящая
Cloud безопасность трудно поддерживать“ “ ““ “ “
Респондентов заявили, что их уровень защиты конфиденциальности увеличился в результате перехода на Cloud1
С момента перехода в Cloud,респондентов
сказали, что сэкономили деньги1
55% Cloud пользователей сократили время, затрачиваемое на управление безопасностью 1
Реальность Реальность Реальность
Общие восприятия безопасности заставляют организации переосмыслить, как они могут более эффективно управлять Cloud рисками
Восприятие Восприятие Восприятие
1 Microsoft Cloud Trust Study
69% 62%
5 IBM Security
Топ угрозы
Unauthorized access Hijacking of accounts Insecure interfaces/APIs
Posting of confidential proprietary data by employees | Malicious insiders | Denial of service attacks | Foreign state sponsored cyber attacks | Malware injection | Abuse of cloud services | Shared memory attacks | Lateral movement of threats (east-west traffic) | Theft of service | Lost mobile devices | Natural disasters
External sharing of data
6 IBM Security
Проблемы безопасности
Data loss/leakage Data privacy Confidentiality Legal and regulatorycompliance
Data sovereignty/control | Accidental exposure of credentials | Lack of forensic data | Incident & problem management | Visibility & transparency | Availability of services, systems and data | Liability | Disaster recovery | Performance | Business continuity | Fraud (e.g. account hijacking)
7 IBM Security
Что ускоряет переход в Cloud
Гибкость
БыстрыеИнновации
Снижениезатрат
НЕТдефициту
квалификации
Повышениебезопасности
8 IBM Security
Соответствия
Инсайдеры
Квалификациябезопасников
Видимостьпроцессов
Защитаданных
Что тормозит переход в Cloud
9 IBM Security
Где защищать?
На физическом уровне
На сетевом уровне
Уровень сервисов, приложений и данных
10 IBM Security
Использование нескольких моделей облачных сервисов решает бизнес-задачи, но создает новые сложности для обеспечения безопасности
PresentationModality
PresentationPlatform
APIs
Applications
Data Metadata Content
Integration & Middleware
APIs
Hardware
Facilities
Abstraction
Core Connectivity & Delivery
SaaS
Integration & Middleware
APIs
Hardware
Facilities
Abstraction
Core Connectivity & Delivery
PaaS
APIs
Hardware
Facilities
Abstraction
Core Connectivity & Delivery
IaaS
11 IBM Security
Security FOR the CloudSecurity FROM the Cloud
Безопасность– ИЗ Cloud и ДЛЯ Cloud
Enable Security-as-a-Service• Provide immediate access
to cloud-delivered security• Mobility, Fraud Prevention, Sec. Intel, and
App Sec from Cloud
Security-as-a-Service
Deliver cloud services securely• Manage access to cloud workloads• Secure infrastructure & applications in the Cloud• Protect data at rest and in transit• Gain security visibility across hybrid deployments
Private CloudPublic Cloud
ISAM, CIS, Guardium, App Security, QRadar, XGS, Encryption + SKLM, BigFix
QRadar on Cloud, Maas360, Trusteer, Application Security on Cloud, Enforcer
12 IBM Security
Безопасность “ДЛЯ Cloud” – разделение ответственности между заказчиком и Cloud провайдером
1. Identity and Access2. Network security3. Data protection
4. Vulnerability & patch mgmt5. Security monitoring &
intelligence6. Workload-centric Security
Management
3rd party cloud security products, policies, practices and processesCustomer Security Operations:Bring Your Own
Platform SecurityServices: Built in
1. Security monitoring2. Network protection3. Workload isolation4. Harden VMs & Containers
5. Application threat protection, vuln management6. Priv user mgmt7. Pen testing8. Compliance/Certification
Стратегия IBM дляCloud безопасности
14 IBM Security
“Must Haves” для безопасного CloudACCESS MANAGEMENTusers, privileges, clients Identity and access
management Privileged Identity
DATA PROTECTIONDatabases, workloads, content
Encryption PII Monitoring
APPLICATION SECURITYThreat prevention Vulnerability
Assessment Secure Appdevelopment
VISIBILITY and INTELLIGENCE Anomalies, threats, activities Event correlation
and alertingMonitoring and
Intelligence
WORKLOAD CENTRIC Security and Devops Management
Policy and AuditPatch Management
NETWORK SECURITYAnomalies, threats, activities
Monitoring Threat Protection
1
3
4
5
6
2
ISAM, IGI, PIM, CIS
XGS or Partner solutions
File + folder encryption, key management, Guardium DB Protection
Appscan, ApplicationSecurity on Cloud
QRadar
BigFix, Partner solutions
15 IBM Security
APPLICATIONUSER
CLOUDADMIN
CLOUDDEVELOPER
EDGE SERVICES
CLOUD APPLICATION
APPLICATION
DEVICE
DATASERVICES
RUNTIME SERVICES
INFRASTRUCTURESERVICES
ENTERPRISEUSER DIRECTORY
ENTERPRISE DATA
ENTERPRISEAPPLICATIONS
PUBLIC NETWORK CLOUD NETWORK (IaaS) ENTERPRISE NETWORK
LEGEND
ApplicationInfrastructure
ManagementData Store
SecurityScalable
User
SECURED CLOUD RESOURCES & SERVICES
SECURITY SERVICES
TRANSFORMATION &CONNECTIVITY
IDENTITY & ACCESSMANAGEMENT
1
NETWORKSECURITY
2
DATA PROTECTION
3
DATA PROTECTION
3
APPLICATION SECURITY
4
VULNERABILITY ASSESSMENT AND PATCH MANAGEMENT
4
SECURITY MONITORING & INTELLIGENCE
5
WORKLOAD CENTRIC SECURITY MANAGEMENT AND DEVOPS
6
PHYSICAL SECURITY
GOVERNANCE RISK &COMPLIANCE
CustomerProvided
IDENTITY & ACCESSMANAGEMENT
1
16 IBM Security
*According to Technology Business Research, Inc. (TBR) 2016
IBM Cloud Security Checklist
• Организация контроля доступа
• Применение широкого спектра методов аутентификации
• Интеграция политик и процессов
• Усиление Превентивных мер или Обнаружения и Реагирования
• Анализ Web и Application угроз
• Управление безопасностью мобильных девайсов
• Контроль чувствительных, критичных данных
• Шифрование, маскирование данных
17 IBM Security
*According to Technology Business Research, Inc. (TBR) 2016
IBM Cloud Security Checklist
• IaaS- Резервирование, бэкапирование- Dark fiber сети между центрами обработки данных- Надежная вычислительная платформа
• PaaS and SaaS- Выберите поставщиков, которые реализуют ключевые
наборы контролей: CSCC, NIST, CSA, PCI, ISO/IEC 27001
- Контроль аутентификации, использования SSO- Контроль безопасности хостов SaaS
(Endpoint+Antivirus)
• Общее Cloud Окружение- Строгий контроль доступа и соответствия
требованиям, SOC 1 and SOC 2(SOC for Service Organization: ICFR+ SOC for
Service Organizations: Trust Services Criteria)- Интеграция мобильной безопасности- Обеспечение безопасности облачных провайдеров; с
использованием лучших продуктов от ведущих поставщиков безопасности
Иммунная система IBM Security
19 IBM Security
Интегрированная и интеллектуальная иммунная система безопасности
Criminal detectionFraud protection
Workloadprotection
Cloud accesssecurity broker
Access managementEntitlements and rolesPrivileged identity management
Identity management
Data access control
Application security managementApplication scanning
Data monitoring
Device management
Transaction protection
Content security
Malware protectionAntivirus
Endpoint patching and management
Virtual patching
FirewallsNetwork forensics and threat management
Sandboxing
Network visibility and segmentation
Indicators of compromiseIP reputation Threat sharing
Vulnerability management Incident response
Threat hunting and investigation
User behavior analysisCognitive security
Anomaly detection
20 IBM Security
QRadar Vulnerability / Risk Manager Resilient Incident Response
X-Force Exchange
QRadar Incident ForensicsBigFix Network Protection XGS
QRadar User Behavior Analytics
QRadar SIEM I2 Enterprise Insight Analysis
App Exchange
SECURITY OPERATIONSAND RESPONSE
MaaS360
INFORMATION RISKAND PROTECTION
Trusteer Mobile
Trusteer Rapport
AppScan
Guardium
Identity as a Service
Privileged Identity ManagerIdentity Governance and Access
Cloud Identity ServiceKey Manager
zSecure
Trusteer Pinpoint
IBM SaaS Security Portfolio
Application Security on Cloud
QRadar on Cloud
21 IBM Security
QRadar Vulnerability / Risk Manager Resilient Incident Response
X-Force Exchange
QRadar Incident ForensicsBigFix Network Protection XGS
QRadar User Behavior Analytics
QRadar SIEM I2 Enterprise Insight Analysis
App Exchange
SECURITY OPERATIONSAND RESPONSE
MaaS360
INFORMATION RISKAND PROTECTION
Trusteer Mobile
Trusteer Rapport
AppScan
GuardiumPrivileged Identity ManagerIdentity Governance and Access
Cloud Identity ServiceKey Manager
zSecure
Trusteer Pinpoint
IBM IaaS Security Portfolio: Security FOR the Cloud
QRadar on Cloud
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU