© 2014 IBM Corporation

2014 보안 위협 동향과 내부 통제를 위한 IBM의 제언

2014년 5월 20일

Security Framework with QRadar

김도형 Manager (SK Planet)

© 2014 IBM Corporation2

Agenda

1. Introduction

2. Security Threat & Protection

3. Security Monitoring & Response

4. Security Portfolio & QRadar Implementation

5. Hurdle

6. Q & A

© 2014 IBM Corporation3

About me

� SK Planet

– MSS & Security for Public service and IDC

� POSCO

– Enterprise Security Program & Governance

� NCA

– KIX, NCA-SIGN, Web-Hostng for Public Service

– Government Policy Advisory .

� KISA

– Standardization, KrCert/CC

� Army

– Network & Server administrator

Introduction

© 2014 IBM Corporation4

About SK Planet

� History : SK M&C(2008.4) + SK Planet(2011.10)

� Mission : HUG

� Business Area

– Digital Contents : T Store, hoppin, T Cloud, Tictoc, Cyworld, Nate, NateOn, Cymera

– Integrated Commerce : 11st, Gifticon, Smart Wallet, Paypin, Styletag, T Shopping

– Marketing Communication : OK Cashbag, BENEPIA

– Location Based Service : T Map, picket, OK Map, NaviCall

– Advertising

� Affiliates : SK Communications, Commerce planet, M & Service

Introduction

© 2014 IBM Corporation5

IT are varying and Threats are evolving.

Security Threat & Protection

Ref : http://blogs.cisco.com

© 2014 IBM Corporation6

Threats are widespread and Protection can be changed

Security Threat & Protection

Ref : 2012 ENISA Threat Landscape report

Ref : Modification of IPA Report

© 2014 IBM Corporation7

How do we as a customer rather than a solution provider protect and monitor the threats ?

Security Threat & Protection

Ref : 2012 ENISA Threat Landscape report

� Generally accepted concept

� IDS / IPS History

� ESM / SIEM

� Triage

© 2014 IBM Corporation8

It consists of staff, procedure, technology.

� Staff

� Procedure

� Technology

– Vulnerability Management

– IDS & IPS Operation

– Log management & Co-relation

– Security Insight

� IBM Security portfolio

– ISS(1994)

– Watchfire

– RealSecure,

– QRadar

– X-Force

Security Monitoring & Response

© 2014 IBM Corporation9

Why do you think QRadar is special ?

Security Portfolio & Q-radar implementation

Ref : Youtube(Jose Bravo)

© 2014 IBM Corporation10

A few difficulties In the real world to implement security monitoring and response

� Tailored process

� Ticket

� Rule & Methodology

� Normalization

Hurdle

© 2014 IBM Corporation11

feel free to ask and share the idea

Q & A

© 2014 IBM Corporation12

End of Presentation