Simone Riccetti

Sicurezza: cloud, ci si può fidare?

© 2014 IBM Corporation

2

Agenda

• Cloud security: Le sfide attuali

• L’approccio IBM

• Perché IBM ?

• Questions & Answers

© 2014 IBM Corporation

3

Cloud Security: Le sfide attuali

© 2014 IBM Corporation

4

Cyber security – I nuovi scenari

data theft and cybercrime are the

greatest threats to their reputation

of organizations say

us$5.9million

2013 Cost of Cyber Crime Study Ponemon Institute

2012 IBM Global Reputational Risk & IT Study

Average cost of a U.S.

security breach

Sophisticated attackers break through conventional safeguards every day

Cloud, mobile, social and big data drive unprecedented change

Yesterday’s security practices are unsustainable

2013 IBM CISO Survey

Of security executives

have cloud and mobile security

concerns

614%

2013 Juniper Mobile Threat Report

Mobile malware grew

in just one year

83%

of enterprises have

difficulty finding the security

skills they need

Security tools from

vendors

85

45IBM client example

2012 ESG Research

© 2014 IBM Corporation

5

Attacchi sempre più sofisticati. . .

Near Daily Leaks of Sensitive Data

40% increase in reported data

breaches and incidents

Relentless Use of Multiple Methods

500,000,000+ records were leaked, while the future

shows no sign of change

2011 2012 2013

Note: Size of circle estimates relative impact of incident in terms of cost to business.

SQL injection

Spear phishing

DDoS Third-party software

Physical access

Malware XSS Watering hole

Undisclosed

Attack types

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014

© 2014 IBM Corporation

6

Threats & Vulnerabilities

� Placement (co-tenancy) –exposure to data breach/loss

� Cloud resource exhaustion or unavailability – outages

� Configuration

� Malicious insider

� New business opportunities for bad guys

� Software vulnerabilities

. . . E il cloud non è immune

© 2014 IBM Corporation

7

Le sfide dei risk e security leader. . .

We can’t afford the business risk of

adopting Cloud solutions without

some kind of assurance that they

will be secure!

We need to be protected from

advance threats, both physical

and virtual, whether they are in the

public cloud or part of our cloud.

With the serious shortage of security

skills in the job market, how can we

discover and be aware of the dangers in

cloud technology and, what can we do

to reduce the risk/impact?

We have to meet regulatory compliance

and audit goals both in our own IT

environments and also in all the cloud

solutions we develop.

“ ““ “ “ “

“

“

© 2014 IBM Corporation

8

L’approccio corretto deve essere:

Comprehensive – spanning all aspects

of technology, process and people

Proactive – discover vulnerabilities and strive

to remediate and mitigate ahead of the

threat

Intelligent – driven by integrating security

data, threat intelligence and analysis

Robust – managed 24 x 7 by qualified experts

© 2014 IBM Corporation

9

Tipica architettura ibrida

Current Data Center

Softlayer

Amazon/Microsoft/GoogleVirtual Private Computing

Hybrid Monitoring and Intelligence

Public Cloud SaaS

© 2014 IBM Corporation

10

L’approccio IBM

© 2014 IBM Corporation

11

SoftLayer e MSS forniscono soluzioni di security per ognitipologia di cliente

SoftLayer Security Features & Options

� Physical DC Security

� Logical Segregation

� GeoTrust SSL Certificates

� Two-Factor Authentication

for Portal Administrators

� McAfee Host Protection

IBM MSS - Fully Managed Cloud Security Services� Hosted Web Defense

(DDoS+WAF)

� Hosted Application Security

Management Services

� Hosted Security Event and Log

Management

� Hosted Vulnerability Management

� Managed FW, IDPS and UTM

� Managed Email and Web Security

Comprehensive security for IT assets deployed in

SoftLayer

VALUE

© 2014 IBM Corporation

12

IBM Managed Security Services per il Cloud

Protecting the cloud data center, and next-gen business and application platforms

IBM Managed Security Services

Software as a Service

� Hosted Application Security Management (AppScan)

� Managed Web Defense (Akamai)

� Web Content Protection (bluecoat)

� Email Security (proofpoint)

Platform as a Service

� Managed Identity and Access Services

� Data security (Guardium)

Infrastructure as a Service

� Managed firewall, intrusion detection & prevention

� Hosted security event and log management

� Hosted vulnerability management

� Managed SIEM

� Managed HIDS

“Bare Metal”Public

Private

© 2014 IBM Corporation

13

Control

SoftLayer Transparency

With other cloud providers,you may only know:

� Zone

� Maybe the data center

With SoftLayer,

you know:

� Data center

� Pod

� Rack

� Rack unit

� Power port

� Network port

� Server

� NIC controllers

� Firmware

� Serial numbers

Plus

� Audit trail of all actions and

access to resources

The resulting

visibility means

you can have more

control over your

application and its

performance—as

well as security

and compliance

management

© 2014 IBM Corporation

14

SDLC, binary analysis, scanners,

webapp firewalls, transactional sec.

DLP, CMR, database activity monitoring, encryption

GRC, IAM, VA/VM, patch management, configuration management, monitoring

NIDS/NIPS, firewalls, DPI, anti-DDoS, QoS, DNSSEC, OAuth

Hardware & Software RoT & API’s

Host-based firewalls, HIDS/HIPS, integrity & file/log management, encryption, masking

Physical plant security, CCTV, guards

� Firewalls� Code review� WAF� Encryption� Unique user IDs� Anti-virus� Monitoring/IDS/IPS� Patch/vulnerability management� Physical access control� Two-factor authentication

Source: The Cloud Security Alliance

Example: PCI Compliance

© 2014 IBM Corporation

15

Benefit

� Fully integrated into SoftLayer

� Covers both virtual and bare metal

environments

� Provides managed security and

proactive threat monitoring and

mitigation for cloud workloads

� Compliance – SELM helps meet

compliance log storage needs

Managed Security

Services

IBM MSS – Threat mitigation

© 2014 IBM Corporation

16

IBM MSS – Vulnerability scanning

e application testing

� Fully managed scanning and testing

services

� Access to SME expertise – help

remediate infrastructure and

application vulnerabilities in the

cloud

Benefit

Managed Security

Services

© 2014 IBM Corporation

17

Email Security, Privacy e Compliance

**No appliance required for protection or privacy services

Proofpoint /IBM

Co-branded Web

Portal

Cloud Email Security Services

�Protection for inbound customer

email (security threats)

�Privacy for outbound customer email

(data loss)

�Compliance for encryption

and archival of email

Email Servers hosted in

SoftLayer

MX Record points to IBM Cloud

Email Security Services

Customer Location(s)

© 2014 IBM Corporation

18

Attacchi DDoS Attack contro Cloud-based Web

Infrastructure

© 2014 IBM Corporation

19

IBM Security Services & Akamai Kona: Anti DDoS multi-

layered security solution

The Akamai Kona platform is a leading Internet cloud platform

that can enable security-rich, high-performing user experiences on

virtually any device, anytime and anywhere.

Resulting in traffic of:

� 500 billion hits per day

� 19-plus million hits per second

� 100 million page views per second

� 1,000,000-plus concurrent streams

� 6-plus terabits per second average

� Approximately 23 percent of all web traffic

Source: Based on data provided by Akamai Cloud Services.

© 2014 IBM Corporation

20

Esempio: Il traffico di attacco viene deviato

With Akamai’s Kona Site Defender

�SoftLayer origin servers are “cloaked”

�Attackers are blocked, AWAY from the

origin SoftLayer infrastructure

Result

�Sustained performance and availability

Benefit

� Protect websites and web

applications on SoftLayer from DDoS

attacks

� Maintain website availability and

performance during DDoS attacks

� Reduce risk of breach with high

performance web application

firewall

Akamai Intelligent Platform

�100,000-plus servers

�1,900-plus data centers

�1,000-plus ISPs1

�800-plus cities

1Internet Service Providers (ISPs)

© 2014 IBM Corporation

21

IBM Virtual Security Operations Center (vSOC)

Virtual-SOC portalVirtual Security Operations

Center (V-SOC)

1Intrusion detection system and intrusion prevent system (IDS and IPS)

� Enables companies to see the global state of their cloud security around the clock

� Provides near-continuous threat profile, security posture and attack status, everywhere

� Provides more robust query tools for custom searches

Anti Virus and filtering

Vulnerability

Networking devices

Applications

Firewalls and

IDS and IPS1

© 2014 IBM Corporation

22

Esempio: Virtual Security Operations Center (vSOC) Portal

� Dashboards

� Interaction with SOC

Analysts

� Event Details

� Investigation Tools

� Reports

22

© 2014 IBM Corporation

23

Perché IBM?

© 2014 IBM Corporation

24

Security intelligence con una visione globale delle

minacce

Coverage

20,000+ devices under

contract

3,700+ managed clients

worldwide

13B+ events managed per

day

133 monitored countries

(MSS)

1,000+ security related

patents

Depth

14B analyzed web pages &

images

40M spam & phishing

attacks

64K documented

vulnerabilities

Billions of intrusion

attempts daily

Millions of unique malware

samples

You benefit from everything we learn world wide…

Security Operations Center - Background

© 2014 IBM Corporation

25

10 Security Operations Centers e 9 Security

Research Centers

The world is our test lab...

Security Operations Center – Background (cont.)

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only,

and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or

otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or

representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use

of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in

which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion

based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,

the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other

countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.