Date post: | 15-Jan-2015 |
Category: |
Business |
Upload: | ibm-srbija |
View: | 500 times |
Download: | 1 times |
© 2012 IBM Corporation
IBM Security Systems
1© 2012 IBM Corporation
Potpuna zaštita sa IBM rešenjima
Dušan MilidragSecurity Systems SEE [email protected]
© 2012 IBM Corporation
IBM Security Systems
2
Solving a security issue is a complex, four-dimensional puzzle
People
Data
Applications
Infrastructure
Employees Hackers Outsourcers Suppliers
Systems applications
Web applications Web 2.0 Mobile apps
Structured Unstructured At rest In motion
Consultants Terrorists Customers
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
3
Motivation and sophistication is evolving rapidly
Adversary
Espionage,Political Activism
Monetary Gain
Revenge
Curiosity
National Security
1995 – 20051st Decade of the
Commercial Internet
2005 – 20152nd Decade of the
Commercial InternetMotive
Script-kiddies or hackers
Insiders, using inside information
Organized criminals with sophisticated tools
Competitors, hacktivists
Nation-state actors
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
4
IT Security is a board room discussion
Business results
Sony estimates potential $1B long term impact –$171M / 100 customers*
Supply chain
Epsilon breach impacts 100 national brands
Legal exposure
TJX estimates $150M class action settlement in release of credit / debit card info
Impact of hacktivism
Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony …
Audit risk
Zurich Insurance PLcfined £2.275M ($3.8M) for the loss and exposure of 46K customer records
Brand image
HSBC data breach discloses 24K private banking customers
*Sources for all breaches shown in speaker notes
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
5
JK 2012-04-26
IBM Security: Delivering intelligence, integration and expertiseacross a comprehensive framework
Intelligence ● Integration ● Expertise
� End-to-end coverage of the security foundation
� 6K+ security engineers and consultants
� Award-winning X-Force®
research
� Large vulnerability database
IBM Security
© 2012 IBM Corporation
IBM Security Systems
6
JK 2012-04-26
Source: IBM X-Force® 2011 Trend and Risk Report
Total Visibility : Product Portfolio, Services and Research
Security Systems portfolio
© 2012 IBM Corporation
IBM Security Systems
7
Expertise : Global coverage and security awareness
� 20,000+ devices under contract
� 3,700+ MSS clients worldwide
� 13B+ events managed per day
� 1,000+ security patents� 133 monitored countries (MSS)
� 20,000+ devices under contract
� 3,700+ MSS clients worldwide
� 13B+ events managed per day
� 1,000+ security patents� 133 monitored countries (MSS)
World Wide Managed Security Services Coverage
Security Operations Centers
Security Research Centers
Security Solution Development Centers
Institute for Advanced Security Branches
IBM Research14B analyzed Web pages & images
40M spam & phishing attacks
54K documented vulnerabilities
Billions of intrusion attempts daily
Millions of unique malware samples
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
8
� Customize protection to block specific vulnerabilities using scan results
� Converge access management with web service gateways
� Link identity information with database security
� Stay ahead of the changing threat landscape
� Detect the latest vulnerabilities, exploits and malware
� Add security intelligence to non-intelligent systems
� Consolidate and correlate siloed information from hundreds of sources
� Detect, notify and respond to threats missed by other security solutions
� Automate compliance tasks and assess risks
Integration : Increased security, collapsed silos, reduced complexityJK
2012-04-26
© 2012 IBM Corporation
IBM Security Systems
99
IBM Security Systems Portfolio
© 2012 IBM Corporation
IBM Security Systems
10
People
Manage and extend enterprise identity context acros s security domains with comprehensive Identity Intell igence
Portfolio Overview
IBM Security Identity Manager *• Automate the creation, modification, and
termination of users throughout the lifecycle
• Identity control including role management and auditing
IBM Security Access Manager Family *• Automates sign-on and authentication to enterprise
web applications and services • Entitlement management for fine-grained access
enforcement
IBM Security zSecure suite *• User friendly layer over RACF to improve
administration and reporting
• Monitor, audit and report on security events and exposures on mainframes
People
* Solution package purchase options available
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
11
Data
Enterprise-wide solutions for helping secure the pr ivacy and integrity of trusted information in your data c enter
Portfolio Overview
IBM InfoSphere Guardium Product Family•Database Activity Monitoring – continuously monitor and block unauthorized access to databases
•Privileged User Monitoring – detect or block malicious or unapproved activity by DBAs, developers and outsourced personnel
•Database Leak Prevention – help detect and block leakage in the data center
•Database Vulnerability Assessment – scan databases to detect vulnerabilities and take action
•Audit and Validate Compliance – simplify SOX, PCI-DSS, and Data Privacy processes with pre-configured reports and automated workflows
IBM Security Key Lifecycle Manager
•Centralize and automate the encryption key management process
•Simplify administration with an intuitive user interface for configuration and management JK
2012-04-26
© 2012 IBM Corporation
IBM Security Systems
12
Applications
Reducing the cost of developing more secure applicat ions Portfolio Overview
AppScan Enterprise Edition
•Enterprise-class solution for application security testing and risk management with governance and collaboration
•Multi-user solution providing simultaneous security scanning and centralized reporting
AppScan Standard Edition
•Desktop solution to automate web application security testing for IT Security, auditors, and penetration testers
AppScan Source Edition
• Adds source code analysis to AppScan Enterprise with static application security testing
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
13
Help guard against sophisticated attacks with insig ht into users, content and applications
Infrastructure (Network)
Portfolio Overview
IBM Security Network Intrusion Prevention (IPS)
•Delivers Advanced Threat Detection and Prevention to help stop targeted attacks against high value assets
•Proactively improves protection with IBM Virtual Patch® technology
•Helps protect web applications from threats such as SQL Injection and Cross-site Scripting attacks
•Integrated Data Loss Prevention (DLP) monitors data security risks throughout your network
•Provides Ahead of the Threat® protection backed by world renowned IBM X-Force Research
IBM Security SiteProtector
•Provides central management of security devices to control policies, events, analysis and reporting for your business
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
14
Infrastructure (Endpoint and Server)
Helping endpoints, servers, and mobile devices rema in compliant, updated, and protected
Portfolio Overview
IBM Endpoint Manager for Security and Compliance
•Addresses distributed environments with endpoint and security management in a single solution
IBM Endpoint Manager for Core Protection
•Helps protect endpoints from malware and other threats in real-time
IBM Endpoint Manager for Mobile Devices
• Manage and help secure traditional endpoints as well as iOS, Android, Symbian, and Microsoft devices
IBM Security Server Protection
• Helps provide multilayered protection against threats, supporting a broad range of operating systems
IBM Security Virtual Server Protection for VMware
• Helps provide dynamic security for virtualization with VM rootkit detection, auditing, network intrusion prevention
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
15
Helping customers optimize security with additional context, automation and integration
Security Intelligence and Analytics
Portfolio Overview
QRadar SIEM•Integrated log, threat, compliance management
•Asset profiling and flow analytics
•Offense management and workflow
QRadar Risk Manager•Predictive threat modeling and simulation
•Scalable configuration monitoring and audit•Advanced threat and impact analysis
QRadar Log Manager• Turnkey log management
• Upgradeable to enterprise SIEM
Network Activity Collectors (QFlow / VFlow)
•Network analytics, behavior and anomaly detection
•Fully integrated with SIEM
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
16
Key Advantages• Real-time activity correlation based on advanced in-
memory technology and widest set of contextual data
• Flow capture and analysis that delivers Layer 7 content visibility and supports deep forensic examination
• Intelligent incident analysis that reduces false positives and manual effort
• Unique combination of fast free-text search and analysis of normalized data
• Scalability for world’s largest deployments, using an embedded database and unified data architecture
© 2012 IBM Corporation
IBM Security Systems
17
• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM
• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow
• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis
• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM
• Layer 7 application monitoring• Content capture• Physical and virtual environments
SIEM
Log Management
Risk Management
Network Activity & Anomaly Detection
Network and Application
Visibility
© 2012 IBM Corporation
IBM Security Systems
18
Fully Integrated Security Intelligence
• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM
• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow
• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis
• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM
• Layer 7 application monitoring• Content capture• Physical and virtual environments
SIEM
Log Management
Risk Management
Network Activity & Anomaly Detection
Network and Application
Visibility
One Console Security
Built on a Single Data Architecture
© 2012 IBM Corporation
IBM Security Systems
19
Analysts: Gartner, Forrester, NSS Labs, IDC…
� Analysts recognize our products and portfolio, the most recent one for SIEM:
© 2012 IBM Corporation
IBM Security Systems
20
Helping solve customer challenges
Major UtilityCompany
Discovered 500 hosts with “Here You Have” virus, which other solutions missed
IDENTIFYING SOPHISTICATED THREATS
Fortune 500 Energy Company
2 billion logs and events per day reduced to 25 high priority offenses
CONSOLIDATING DATA SILOS
Branded Apparel Maker
Discovered a trusted insider stealing and destroying key data
DETECTING INSIDER FRAUD
$100B Diversified Corporation
Automated the policy monitoring and evaluation process for configuration change in the infrastructure
HELPING PREDICT RISKS AGAINST THE ENTERPRISE
Industrial Distributor
Real-time extensive monitoring of network activity, in addition to PCI mandates
ADDRESSING REGULATORY MANDATES
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
21
Prediction & Prevention Reaction & RemediationSIEM. Log Management.
Network and Host Intrusion Prevention. Network Anomaly Detection.
Packet Forensics. Data Loss Prevention. Database Activity Monitoring.
Incident Response.
Risk Management. Vulnerability Management. Configuration Monitoring. Patch Management.
X-Force Research and Threat Intelligence.Database Vulnerability Assessment.
Reporting and Scorecards. Compliance Management.
What are the external and internal threats?
Are we configuredto help protect against
these threats?
What is happening right now?
What was the impact?
IBM Security Intelligence
Attack SophisticationIBM is helping clients combat advanced threats with pre- and post-exploit intelligence and action
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
22
Data ExplosionIntegrating across IT silos with Security Intelligence solutions
Extensive Data Sources
Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
Event Correlation
Activity Baselining & Anomaly Detection
• Logs• Flows
• IP Reputation• Geo Location
• User Activity• Database Activity• Application Activity• Network Activity
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Suspected Incidents
Offense Identification• Credibility• Severity• Relevance
Security Devices
Network & Virtual Activity
Application Activity
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
23
DeviceInventory
Security PolicyManagement
Device andData Wipe
Anti-Jailbreakand Anti-Root
IBM Mobile Security Software
Lifecycle Management Mobile Enterprise Services (MES)
Endpoint Management Hosted Mobile DeviceSecurity Management
Security Rich ConnectivitySecurity for Enterprise Smartphone and Tablets
IBM MobileSecurity Services
Consumerization of ITIBM is converging traditional endpoint and mobile security management into a single solution with complementary services
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
24
IdentityFederation
Web ApplicationScanning
VirtualizationSecurity
NetworkSecurity
Image & Patch Management
DatabaseMonitoring
IBM Security Intelligence
Cloud SecurityOur approach to help clients adopt cloud with flexible, layered security across the entire cloud infrastructure
JK 2012-04-26
© 2012 IBM Corporation
IBM Security Systems
25
JK 2012-04-26
Source: IBM X-Force® 2011 Trend and Risk Report
Total Visibility : Product Portfolio, Services and Research
Security Systems portfolio
© 2012 IBM Corporation
IBM Security Systems
26
Security Intelligence
Going Forward…..
© 2012 IBM Corporation
IBM Security Systems
27
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserv ed. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.