© 2015 IBM Corporation

Chris MeenanDirector IBM Security Product Management

Patrick VandenbergDirector IBM Security Marketing

How Collaboration Can Help Strengthen Your Enterprise Defense

2© 2015 IBM Corporation

Criminals create and share easy-to-use,sophisticated, powerful weapons

Criminals are organized and collaborate on a global scale

Increasing Complexity

Unpatched Vulnerabilities

UserNegligence

ResourceConstraints

3© 2015 IBM Corporation

Security teams need to build a collaborative defense strategy

Integratedsecurity solutions

Intelligence sharing

Capability sharing

Break down silos with integrated

security controls

Share real-time threat intelligence

Share security intelligence workflows, use cases

and analytics

4© 2015 IBM Corporation

Integratedsecurity solutions

Intelligence sharing

Capability sharing

Break down silos with integrated

security controls

Share real-time threat intelligence

Share security intelligence workflows, use cases

and analytics

IBM Security continues investments to foster collaborative defense

IBM X-Force Exchange

IBM Threat Protection System

Today’sNews

April 16, 2015May 5, 2014 December 8, 2015

5© 2015 IBM Corporation

Introducing a new platform for security collaboration

Enables rapid innovation to deliver new apps and content for IBM Security solutions

NEWIBM Security App Exchange

Single platform for collaboration

Access to partner innovations

Validatedsecurity apps

Fast extensions to security functionality

6© 2015 IBM Corporation

Extend existing capabilities using easy-to-access security apps

Full ‘app’ description

and overview

Screenshots

Simple registration

Extensive community feedback

Easy download

7© 2015 IBM Corporation

QRadar API Components

New

Analyti

cs

Report

sData

Sources

New

Propertie

sEve

nt

Types GUI

App Assets

Threat

Intell

Rules

Search

es

Respo

nses

Behavoral

Rules

Dashboards

Referenc

e

DataSca

nning

Inciden

ts

QRadar App Framework underlies development and sharing

NEW

Open APIs for rapid innovation and creation

Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases

More flexibility and less complexity Economic and operational benefit Seamlessly integrated workflow Bundled components support new use cases

8© 2015 IBM Corporation

Example use case: Insider Threat

Continuously evaluateand track user risk

Highlight out of compliance activities

Detect anomalous actions with behavioral models

QRadar API Components

Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases

Quickly research and review ad hoc user activities

Cross reference with directory and HR systems for greater context

New

Analyti

cs

Report

sData

Sources

New

Propertie

sEve

nt

Types GUI

App Assets

Threat

Intell

Rules

Search

es

Respo

nses

Behavoral

Rules

Dashboards

Referenc

e

DataSca

nning

Inciden

ts

Enabling greater flexibility and less complexity

9© 2015 IBM Corporation

New

Analyti

cs

Report

sData

Sources

New

Propertie

sEve

nt

Types GUI

App Assets

Threat

Intell

Rules

Search

es

Respo

nses

Behavoral

Rules

Dashboards

Referenc

e

DataSca

nning

Inciden

ts

Example use case: Internet of Things

Discover and classify new “things”

Network “thing” specific visualizations

Custom attributes and management screens

Enabling greater flexibility and less complexity

QRadar API Components

Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases

Build behavioral and sequence rules to detect abnormal behavior

Integrate new data sources and properties

10© 2015 IBM Corporation

New

Analyti

cs

Report

sData

Sources

New

Propertie

sEve

nt

Types GUI

App Assets

Threat

Intell

Rules

Search

es

Respo

nses

Behavoral

Rules

Dashboards

Referenc

e

DataSca

nning

Inciden

ts

Example use case: Incident Response

Ensure detected incidents are following a CSIRT process

Enable automated responses and workflow to incidents

QRadar API Components

Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases

Associate evidence from QRadar with CSIRT case

Track progress of CSIRT process and priorities

Enabling greater flexibility and less complexity

11© 2015 IBM Corporation

Tracking the threat Understand the attack chain Quickly identify the severity and overall impact of a threat Enable faster response by understanding flow of data Forensic investigation to discover the DNA of the attack Relationships between IPs involved in this offense Context from other security operations solutions

IBM Security: Incident Visualization

New extensions from IBM SecurityIncident Visualization

12© 2015 IBM Corporation

New extensions from IBM SecurityThreat Intelligence

Pull in Threat Intelligence through open STIX/TAXII format Load threat indicators in collections into QRadar Reference sets Use reference sets for correlation, searching, reporting Create custom rule response to post IOCs to Collection USE CASE:

Bring watchlists of IP addresses from X-Force Exchange create a rule to raise the magnitude of any offense that includes the IP watchlist

IBM Security: Threat Intelligence

© 2015 IBM Corporation

Partners on board!

Bit9+Carbon Black: Brian Hazzard, VP of Technical Alliances

BrightPoint Security: Ajay Nigam, SVP of Products

Exabeam: Ted Plumis, VP Channels & Business Development

Resilient Systems: Ted Julian, VP Product Management & Co-Founder

14© 2015 IBM Corporation

Unified Console for SIEM & Endpoint Detection & ResponseKnow More, Respond Faster with the Carbon Black App for IBM Security QRadar

Carbon Black: Leading EDR solution– Endpoint Detection and Response– Real-time Visibility– Advanced Threat Detection– Powerful Live Response

App provides single pane of glass for SIEM & EDR

App embeds core EDR features inside QRadar

– Threat Detection– Process Search– File Search– Endpoint Isolation– Sensor Deployment

15© 2015 IBM Corporation

BrightPoint Sentinel fully integrated within QRadar

3. CONTEXTSentinel Global provides enrichment with threat data via (geo, file reputation, actor) and Trusted Circles powered by BrightPoint (sightings, frequency, timing)

4. ACTIONSentinel updates pushes QRadar watch lists, snort & YARA rules, export or publish STIX/TAXII, trouble tickets, monitoring, email alerts, dashboard, publishes IOCs for sharing

2. RELEVANCESentinel Queries QRadar and Carbon Black (or other configured security technologies) identifies current and historic activity to pinpoint exact devices affected

1. INGESTIONSentinel parses, normalizes, and processes structured & unstructured threat data

Sentinel View within QRadar

Threat Intelligence Sharing using Trusted CirclesTM for Predictive Insights

16© 2015 IBM Corporation

Stateful User TrackingTM, Behavior Analysis and Risk ScoringEmpower Security Analysts with Exabeam UBA for IBM Security QRadar

Exabeam: Leading UBA solution– User Behavioral Analytics– Detect compromised credentials– Prioritize alerts– Accelerate SOC response

App provides full context within QRadar console

– Risk assessment– Attack chain details– Normal and unusual behavioral analysis

17© 2015 IBM Corporation

React Faster, Coordinate Better, Respond Smarter to Security IncidentsSingle Hub Provides Easy Workflow Customization and Process Automation

Incident Response Platform (IRP) Helps cyber security teams orchestrate their IR process and manage and respond to incidents faster, better and more intelligently

QRadar Integration Drives down response times by streamlining the process of escalating and managing incidents

Benefits:– Reduces mean time to resolution– Ensures consistency– Adheres to regulatory requirements

and legal obligations– Consistently applies the appropriate process– Automates time-consuming tasks– Leverages staff more effectively

18© 2015 IBM Corporation

App posted in IBM Security App Exchange

App posted IBM PartnerWorld Ready for Security Intelligence Catalog

BP is issued IBM Ready for Security Intelligence Mark

App reviewed by IBM QRadar to ensure solution is free of security exposures and performance inhibitors.

Feedback

Approval

Log into IBM Security App Exchange Technical Community with your IBM ID.

Submit the Validation Document, and required documentation.

Package is reviewed by PartnerWorld Validation Lab.

Feedback, Approval and access to QRadar DeveloperWorks is granted.

Access the Security App Exchange Tutorial and SDK through QRadar Developer Works

Submit App and relevant App documentation through IBM Security App Exchange Technical Community

PublishValidateNominate

Secure content validated against set IBM criteria

Week 1 Week 2 Week 3

Certification Timeline

19© 2015 IBM Corporation

Easy Download and InstallStep 1 Visit IBM Security App Exchange at http://apps.xforce.ibmcloud.comStep 2 Select & download your extensionStep 3 Click to “Accept Terms and Conditions”Step 4 Use IBM Security QRadar Extensions Management Tool to Install and Manage

2

3

4

20© 2015 IBM Corporation

Join the new era of Collaborative Defense

Team-up against the bad guys and change the economics of cybercrime

Participate in the first ever dedicated forum for sharing technologies built around IBM Security solutions

Find, develop and share code, insights, best practices

Feel confident these extensions will not impact the stability of your environment

http://www.ibm.com/security/engage/app-exchange/

© 2015 IBM Corporation

Questions & Answers

22© 2015 IBM Corporation

Learn more about IBM Security

V2015-11-23

countries where IBM delivers managed security services

industry analyst reports rankIBM Security as a LEADER

enterprise security vendor in total revenue

clients protectedincluding…

13325

No. 1

12K+

90% of the Fortune 100 companies

Join IBM X-Force Exchangexforce.ibmcloud.com

Visit our websiteibm.com/security

Watch our videos on YouTubeIBM Security Channel

Read new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security