Date post: | 14-Apr-2017 |
Category: |
Technology |
Upload: | ibm-security |
View: | 1,400 times |
Download: | 0 times |
© 2015 IBM Corporation
Chris MeenanDirector IBM Security Product Management
Patrick VandenbergDirector IBM Security Marketing
How Collaboration Can Help Strengthen Your Enterprise Defense
2© 2015 IBM Corporation
Criminals create and share easy-to-use,sophisticated, powerful weapons
Criminals are organized and collaborate on a global scale
Increasing Complexity
Unpatched Vulnerabilities
UserNegligence
ResourceConstraints
3© 2015 IBM Corporation
Security teams need to build a collaborative defense strategy
Integratedsecurity solutions
Intelligence sharing
Capability sharing
Break down silos with integrated
security controls
Share real-time threat intelligence
Share security intelligence workflows, use cases
and analytics
4© 2015 IBM Corporation
Integratedsecurity solutions
Intelligence sharing
Capability sharing
Break down silos with integrated
security controls
Share real-time threat intelligence
Share security intelligence workflows, use cases
and analytics
IBM Security continues investments to foster collaborative defense
IBM X-Force Exchange
IBM Threat Protection System
Today’sNews
April 16, 2015May 5, 2014 December 8, 2015
5© 2015 IBM Corporation
Introducing a new platform for security collaboration
Enables rapid innovation to deliver new apps and content for IBM Security solutions
NEWIBM Security App Exchange
Single platform for collaboration
Access to partner innovations
Validatedsecurity apps
Fast extensions to security functionality
6© 2015 IBM Corporation
Extend existing capabilities using easy-to-access security apps
Full ‘app’ description
and overview
Screenshots
Simple registration
Extensive community feedback
Easy download
7© 2015 IBM Corporation
QRadar API Components
New
Analyti
cs
Report
sData
Sources
New
Propertie
sEve
nt
Types GUI
App Assets
Threat
Intell
Rules
Search
es
Respo
nses
Behavoral
Rules
Dashboards
Referenc
e
DataSca
nning
Inciden
ts
QRadar App Framework underlies development and sharing
NEW
Open APIs for rapid innovation and creation
Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases
More flexibility and less complexity Economic and operational benefit Seamlessly integrated workflow Bundled components support new use cases
8© 2015 IBM Corporation
Example use case: Insider Threat
Continuously evaluateand track user risk
Highlight out of compliance activities
Detect anomalous actions with behavioral models
QRadar API Components
Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases
Quickly research and review ad hoc user activities
Cross reference with directory and HR systems for greater context
New
Analyti
cs
Report
sData
Sources
New
Propertie
sEve
nt
Types GUI
App Assets
Threat
Intell
Rules
Search
es
Respo
nses
Behavoral
Rules
Dashboards
Referenc
e
DataSca
nning
Inciden
ts
Enabling greater flexibility and less complexity
9© 2015 IBM Corporation
New
Analyti
cs
Report
sData
Sources
New
Propertie
sEve
nt
Types GUI
App Assets
Threat
Intell
Rules
Search
es
Respo
nses
Behavoral
Rules
Dashboards
Referenc
e
DataSca
nning
Inciden
ts
Example use case: Internet of Things
Discover and classify new “things”
Network “thing” specific visualizations
Custom attributes and management screens
Enabling greater flexibility and less complexity
QRadar API Components
Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases
Build behavioral and sequence rules to detect abnormal behavior
Integrate new data sources and properties
10© 2015 IBM Corporation
New
Analyti
cs
Report
sData
Sources
New
Propertie
sEve
nt
Types GUI
App Assets
Threat
Intell
Rules
Search
es
Respo
nses
Behavoral
Rules
Dashboards
Referenc
e
DataSca
nning
Inciden
ts
Example use case: Incident Response
Ensure detected incidents are following a CSIRT process
Enable automated responses and workflow to incidents
QRadar API Components
Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases
Associate evidence from QRadar with CSIRT case
Track progress of CSIRT process and priorities
Enabling greater flexibility and less complexity
11© 2015 IBM Corporation
Tracking the threat Understand the attack chain Quickly identify the severity and overall impact of a threat Enable faster response by understanding flow of data Forensic investigation to discover the DNA of the attack Relationships between IPs involved in this offense Context from other security operations solutions
IBM Security: Incident Visualization
New extensions from IBM SecurityIncident Visualization
12© 2015 IBM Corporation
New extensions from IBM SecurityThreat Intelligence
Pull in Threat Intelligence through open STIX/TAXII format Load threat indicators in collections into QRadar Reference sets Use reference sets for correlation, searching, reporting Create custom rule response to post IOCs to Collection USE CASE:
Bring watchlists of IP addresses from X-Force Exchange create a rule to raise the magnitude of any offense that includes the IP watchlist
IBM Security: Threat Intelligence
© 2015 IBM Corporation
Partners on board!
Bit9+Carbon Black: Brian Hazzard, VP of Technical Alliances
BrightPoint Security: Ajay Nigam, SVP of Products
Exabeam: Ted Plumis, VP Channels & Business Development
Resilient Systems: Ted Julian, VP Product Management & Co-Founder
14© 2015 IBM Corporation
Unified Console for SIEM & Endpoint Detection & ResponseKnow More, Respond Faster with the Carbon Black App for IBM Security QRadar
Carbon Black: Leading EDR solution– Endpoint Detection and Response– Real-time Visibility– Advanced Threat Detection– Powerful Live Response
App provides single pane of glass for SIEM & EDR
App embeds core EDR features inside QRadar
– Threat Detection– Process Search– File Search– Endpoint Isolation– Sensor Deployment
15© 2015 IBM Corporation
BrightPoint Sentinel fully integrated within QRadar
3. CONTEXTSentinel Global provides enrichment with threat data via (geo, file reputation, actor) and Trusted Circles powered by BrightPoint (sightings, frequency, timing)
4. ACTIONSentinel updates pushes QRadar watch lists, snort & YARA rules, export or publish STIX/TAXII, trouble tickets, monitoring, email alerts, dashboard, publishes IOCs for sharing
2. RELEVANCESentinel Queries QRadar and Carbon Black (or other configured security technologies) identifies current and historic activity to pinpoint exact devices affected
1. INGESTIONSentinel parses, normalizes, and processes structured & unstructured threat data
Sentinel View within QRadar
Threat Intelligence Sharing using Trusted CirclesTM for Predictive Insights
16© 2015 IBM Corporation
Stateful User TrackingTM, Behavior Analysis and Risk ScoringEmpower Security Analysts with Exabeam UBA for IBM Security QRadar
Exabeam: Leading UBA solution– User Behavioral Analytics– Detect compromised credentials– Prioritize alerts– Accelerate SOC response
App provides full context within QRadar console
– Risk assessment– Attack chain details– Normal and unusual behavioral analysis
17© 2015 IBM Corporation
React Faster, Coordinate Better, Respond Smarter to Security IncidentsSingle Hub Provides Easy Workflow Customization and Process Automation
Incident Response Platform (IRP) Helps cyber security teams orchestrate their IR process and manage and respond to incidents faster, better and more intelligently
QRadar Integration Drives down response times by streamlining the process of escalating and managing incidents
Benefits:– Reduces mean time to resolution– Ensures consistency– Adheres to regulatory requirements
and legal obligations– Consistently applies the appropriate process– Automates time-consuming tasks– Leverages staff more effectively
18© 2015 IBM Corporation
App posted in IBM Security App Exchange
App posted IBM PartnerWorld Ready for Security Intelligence Catalog
BP is issued IBM Ready for Security Intelligence Mark
App reviewed by IBM QRadar to ensure solution is free of security exposures and performance inhibitors.
Feedback
Approval
Log into IBM Security App Exchange Technical Community with your IBM ID.
Submit the Validation Document, and required documentation.
Package is reviewed by PartnerWorld Validation Lab.
Feedback, Approval and access to QRadar DeveloperWorks is granted.
Access the Security App Exchange Tutorial and SDK through QRadar Developer Works
Submit App and relevant App documentation through IBM Security App Exchange Technical Community
PublishValidateNominate
Secure content validated against set IBM criteria
Week 1 Week 2 Week 3
Certification Timeline
19© 2015 IBM Corporation
Easy Download and InstallStep 1 Visit IBM Security App Exchange at http://apps.xforce.ibmcloud.comStep 2 Select & download your extensionStep 3 Click to “Accept Terms and Conditions”Step 4 Use IBM Security QRadar Extensions Management Tool to Install and Manage
2
3
4
20© 2015 IBM Corporation
Join the new era of Collaborative Defense
Team-up against the bad guys and change the economics of cybercrime
Participate in the first ever dedicated forum for sharing technologies built around IBM Security solutions
Find, develop and share code, insights, best practices
Feel confident these extensions will not impact the stability of your environment
http://www.ibm.com/security/engage/app-exchange/
© 2015 IBM Corporation
Questions & Answers
22© 2015 IBM Corporation
Learn more about IBM Security
V2015-11-23
countries where IBM delivers managed security services
industry analyst reports rankIBM Security as a LEADER
enterprise security vendor in total revenue
clients protectedincluding…
13325
No. 1
12K+
90% of the Fortune 100 companies
Join IBM X-Force Exchangexforce.ibmcloud.com
Visit our websiteibm.com/security
Watch our videos on YouTubeIBM Security Channel
Read new blog postsSecurityIntelligence.com
Follow us on Twitter@ibmsecurity
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security