security framework with qradar - · pdf file©2014 ibm corporation 2014 보안 위협...
TRANSCRIPT
© 2014 IBM Corporation
2014 보안 위협 동향과 내부 통제를 위한 IBM의 제언
2014년 5월 20일
Security Framework with QRadar
김도형 Manager (SK Planet)
© 2014 IBM Corporation2
Agenda
1. Introduction
2. Security Threat & Protection
3. Security Monitoring & Response
4. Security Portfolio & QRadar Implementation
5. Hurdle
6. Q & A
© 2014 IBM Corporation3
About me
� SK Planet
– MSS & Security for Public service and IDC
� POSCO
– Enterprise Security Program & Governance
� NCA
– KIX, NCA-SIGN, Web-Hostng for Public Service
– Government Policy Advisory .
� KISA
– Standardization, KrCert/CC
� Army
– Network & Server administrator
Introduction
© 2014 IBM Corporation4
About SK Planet
� History : SK M&C(2008.4) + SK Planet(2011.10)
� Mission : HUG
� Business Area
– Digital Contents : T Store, hoppin, T Cloud, Tictoc, Cyworld, Nate, NateOn, Cymera
– Integrated Commerce : 11st, Gifticon, Smart Wallet, Paypin, Styletag, T Shopping
– Marketing Communication : OK Cashbag, BENEPIA
– Location Based Service : T Map, picket, OK Map, NaviCall
– Advertising
� Affiliates : SK Communications, Commerce planet, M & Service
Introduction
© 2014 IBM Corporation5
IT are varying and Threats are evolving.
Security Threat & Protection
Ref : http://blogs.cisco.com
© 2014 IBM Corporation6
Threats are widespread and Protection can be changed
Security Threat & Protection
Ref : 2012 ENISA Threat Landscape report
Ref : Modification of IPA Report
© 2014 IBM Corporation7
How do we as a customer rather than a solution provider protect and monitor the threats ?
Security Threat & Protection
Ref : 2012 ENISA Threat Landscape report
� Generally accepted concept
� IDS / IPS History
� ESM / SIEM
� Triage
© 2014 IBM Corporation8
It consists of staff, procedure, technology.
� Staff
� Procedure
� Technology
– Vulnerability Management
– IDS & IPS Operation
– Log management & Co-relation
– Security Insight
� IBM Security portfolio
– ISS(1994)
– Watchfire
– RealSecure,
– QRadar
– X-Force
Security Monitoring & Response
© 2014 IBM Corporation9
Why do you think QRadar is special ?
Security Portfolio & Q-radar implementation
Ref : Youtube(Jose Bravo)
© 2014 IBM Corporation10
A few difficulties In the real world to implement security monitoring and response
� Tailored process
� Ticket
� Rule & Methodology
� Normalization
Hurdle
© 2014 IBM Corporation11
feel free to ask and share the idea
Q & A
© 2014 IBM Corporation12
End of Presentation