IBM per la sicurezza del Datacenter

Giovanni TodaroIBM Security Systems Leader

IBM Security SystemsSmarter Security per MSP

© 2013 IBM Corporation2

Bring your

own IT

Social business

Cloud e virtualizzazione

1 Miliardo di lavoratori mobile

1.000 miliardi di oggetti collegati

Le tecnologie Innovative stanno cambiando tutto attorno a noi…


Attacchi: Motivazioni e raffinatezza sono in rapida evoluzione

Sicurezza

Nazionale

Nazioni – StatiCyberwarStuxnet

Spionaggio,Attivismo

Competitors e HacktivistsAurora

Guadagno

FinaziarioCriminalità OrganizzataZeus

Vendetta,

Curiosità

Insiders and Script-kiddiesCode Red


Il mondo sta diventando più digitalizzato ed interconnesso,

aprendo la porta alle minacce emergenti e le perdite di dati…

L'età dei Big Data - l'esplosione di informazioni digitali - è arrivata ed èfacilitata dalla pervasività delle applicazioni accessibili da ovunque

EVERYTHING

IS EVERYWHERE

Con l'avvento di Enterprise 2.0 e di social business, la linea tra le ore di uso personale e professionale, i dispositivi e dei dati è scomparso

CONSUMERIZATION

OF IT

Le organizzazioni continuano a muoversi a nuove piattaforme compresi cloud, virtualizzazione, mobile, social business e molto altro ancora

DATA

EXPLOSION

La velocità e la destrezza degli attacchi è aumentata accoppiata con nuove motivazioni della criminalità informatica

ATTACK

SOPHISTICATION

SECURITY

INTELLIGENCE

MOBILE SECURITY

CLOUD

SECURITY

ADVANCED

THREAT

IBM Security Solutions Focus


IBM Vi porta nell’Era della Security Intelligence

13 Miliardidi eventi

di Securitygestiti

giornalmente

1,000 SecurityPatents

9 SecurityOperations

Centers

600 SecuritySales

Professionals

11 Laboratoridi sviluppo

per Soluzionidi Security

IBM Security Solutions

Le organizzazioni hanno bisogno di un nuovo approccio alla sicurezza che sfrutta l'intelligenza per stare al passo con l'innovazione.IBM Security Intelligence guida il cambiamento da una strategia "point-product" ad un framework integrato di sicurezza aziendale:La traduzione dei dati di Security in conoscenze

fruibili:

•Riduce i rischi ed i costi commerciali

•Innovazione con agilità e sicurezza

• Migliora la continuità operativa


IBM Security: Fornire l'intelligenza, l'integrazione e le competenze

in un Framework completo

Incrementa la Accuratezza e la consapevolezza nella Security

� Individuare e prevenire minacce avanzate

� Una maggiore visibilità e consapevolezza della

situazione

� Condurre indagini complete sugli incidenti

Semplicità di Gestione

� Semplificare la gestione del rischio e il processo

decisionale

� Migliorare le capacità di controllo e di accesso

Riduzione dei costi e complessità

� Fornire una rapida installazione, un minore TCO

lavorando con un unico partner strategico, con

un ampio portafoglio integrato

Incrementa la Accuratezza e la consapevolezza nella Security

� Individuare e prevenire minacce avanzate

� Una maggiore visibilità e consapevolezza della

situazione

� Condurre indagini complete sugli incidenti

Semplicità di Gestione

� Semplificare la gestione del rischio e il processo

decisionale

� Migliorare le capacità di controllo e di accesso

Riduzione dei costi e complessità

� Fornire una rapida installazione, un minore TCO

lavorando con un unico partner strategico, con

un ampio portafoglio integrato

Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise


La sicurezza è una delle preoccupazioni principali del

cloud, in quanto i clienti drasticamente ripensano il

modo in cui sono state progettate, distribuite e

consumate le risorse IT.

2. Cloud Computing

Fattori chiave che influenzano il business del sw di sicurezza

Sofisticati, attacchi mirati, volti a ottenere l'accesso

continuo alle informazioni critiche, sono in aumento

nella severità e nella ricorrenza.

4. Regulations and Compliance

1. Advanced Threats

Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi

Come gestire dispositivi di proprietà dei dipendenti e

garantire connettività alle applicazioni aziendali sono

esigenze da indirizzare per i CIO ampliando il

supporto per dispositivi mobili.

3. Mobile Computing

Advanced Persistent Threats

Stealth Bots Designer Malware

Targeted Attacks Zero-days

EnterpriseCustomers

Le pressioni normative e le conformità continuano ad

aumentare insieme alla necessità di memorizzare i

dati sensibili e le aziende diventano suscettibili ai

fallimenti di audit.


La sicurezza è una delle preoccupazioni principali del

cloud, in quanto i clienti drasticamente ripensano il

modo in cui sono state progettate, distribuite e

consumate le risorse IT.

2. Cloud Computing

Sofisticati, attacchi mirati, volti a ottenere l'accesso

continuo alle informazioni critiche, sono in aumento

nella severità e nella ricorrenza.

4. Regulations and Compliance

1. Advanced Threats

Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi

Come gestire dispositivi di proprietà dei dipendenti e

garantire connettività alle applicazioni aziendali sono

esigenze da indirizzare per i CIO ampliando il

supporto per dispositivi mobili.

3. Mobile Computing

Advanced Persistent Threats

Stealth Bots Designer Malware

Targeted Attacks Zero-days

EnterpriseCustomers

Le pressioni normative e le conformità continuano ad

aumentare insieme alla necessità di memorizzare i

dati sensibili e le aziende diventano suscettibili ai

fallimenti di audit.

BIG DATA

Fattori chiave che influenzano il business del sw di sicurezza


Una migliore protezione contro gli attacchi più sofisticati

On the Network

Across the Enterprise

Across the World

0day Exploit

Malicious PDF

SQL Injection

Brute Force

Botnet Communication

Malicious Insider

Vulnerable ServerMisconfigured

Firewall

Phishing Campaign

Infected Website

Spammer

IBM Advanced Threat Protection

IBM QRadar Security Intelligence

IBM X-Force® Threat Intelligence


IBM offre Soluzioni di Security in tutte le aree della Cloud Security

IBM protegge contro i rischi di cloud comuni con un ampio portafoglio di soluzioni

flessibili e di livelli di sicurezza

Protezione contro le minacce, riconquistare visibilità e dimostrare la compliance con il monitoraggio delle attività, il rilevamento delle

anomalie e la Security Intelligence

IBM Security Federated Identity

Manager

IBM Security Key Lifecycle

Manager


Mettere in sicurezza il Mobile Enterprise con le soluzioni IBM


La strategia IBM per la Data Security

Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics

Data Discovery and ClassificationData Discovery and Classification

Policy-based Access and EntitlementsPolicy-based Access and Entitlements

Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring

at Endpoint(workstations, laptops,

mobile,…)

over Network(SQL, HTTP, SSH, FTP,

email,. …)

Stored(Databases, File Servers,

Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..)

Secu

rity

So

luti

on

sS

ecu

rity

So

luti

on

s

IT &

Bu

sin

ess P

rocess

IT &

Bu

sin

ess P

rocess

inte

gra

te

inte

gra

te

• Proteggere i dati in qualsiasi forma, in qualsiasi luogo,

da minacce interne o esterne• Semplificare i processi di Compliance• Ridurre i costi operativi circa la protezione dei dati

DataSecurity


PartnerPrograms(3rd party)

PartnerPrograms(3rd party)

Security Ecosystem

Standards

Un Portfolio completo in tutti i domini di sicurezza


Temi Chiave…

Standardized IAM and Compliance Management

Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app,

and infrastructure

Secure Cloud, Mobile, Social Interaction

Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and

authentication solutions

Insider Threat and IAM Governance

Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management

IBM Identity and Access Management - Visione e Strategia


Temi Chiave…

Reduced Total Cost of Ownership

Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new

preventive capabilities

Enhanced Compliance Management

Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update

frequency, labels for specific

regulations, and product integrations

Dynamic Data Protection

Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and

confidential data

Data Security Vision

Across Multiple

Deployment

Models

QRadar

Integration


Temi Chiave…

Coverage for Mobile applications and new threats

Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and

glass box testing

Simplified interface and accelerated ROI

New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features

Security Intelligence

Integration

Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with

SiteProtector and the QRadar

Security Intelligence Platform

Application Security Vision


Temi Chiave…

Security for Mobile Devices

Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a

single platform

Expansion of Security Content

Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices

Security Intelligence Integration

Improved usage of analytics -providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence

Platform

Infrastructure Protection – Endpoint Vision


Temi Chiave…

Advanced Threat Protection Platform

Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence

Expanded X-Force Threat Intelligence

Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions


Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

Log Manager

SIEMNetwork Activity Monitor

Risk Manager

Vulnerability

Data

Malicious

Websites

Malware

Information

Intrusion Prevention

Content and DataSecurity

Web ApplicationProtection IBM Network

Security

SecurityIntelligencePlatform

Threat Intelligenceand Research

Advanced Threat Protection

Future

FutureNetwork Anomaly Detection

IP Reputation

Application Control

Future

Threat Protection Vision


X-Force database – il più esteso catalogo di vulnerabilità

Web filter database – il DB relativo a Siti infetti o malevoli

IP Reputation – botnets, anonymous proxies, bad actors

Application Identification – web application information

Vulnerability Research – le + aggiornate vulnerabilità e protezioni

Security Services – gestiscono IPS più di 3000 Clienti

X-Force Threat Intelligence: The IBM Differentiator

X-Force ThreatIntelligence Cloud


Security Intelligence: L'integrazione tra silos IT

Extensive Data SourcesDeep

IntelligenceExceptionally Accurate and

Actionable Insight+ =

JK

2012-0

4-2

6

High Priority Offenses

Event Correlation

Activity Baselining & Anomaly Detection

Offense Identification

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity


Tutti i domini alimentano la Security Intelligence

Endpoint Management vulnerabilities enrich QRadar’s

vulnerability database

AppScan Enterprise

AppScan vulnerability results feed QRadar SIEM for improved

asset risk assessment

Tivoli Endpoint Manager

Guardium Identity and Access Management

IBM Security NetworkIntrusion Prevention System

Flow data into QRadar turns NIPS

devices into activity sensors

Identity context for all security domains w/ QRadar as the dashboard

Database assets, rule logic and database activity information

Correlate new threats based on X-Force IP reputation feeds

Hundreds of 3rd party information sources

Luigi PerroneIBM SWG - Security Systems & z/OS Security

IBM QradarLa Security Intelligence per la protezione dei Data Center


� Qradar overview

� Demo

� Considerazioni finali

Agenda


Perché una Security Intelligence ?

• Risposta alle esigenze di auditing

• Automazione e snellimento dei processi di raccolta eventi

• Collezionamento eventi multi-sorgente

• Gestione e archiviazione sicura dei dati di log (conformità alle normative)

• Aggregazione dati e correlazione eventi

• Monitor ed analisi dati per:

- identificazione scoperture/anomalie di sicurezza

- attivazione allarmi

- avvio processi investigativi

- report di conformità


Le fasi che riguardano il ciclo di vita degli eventi


1 - Un efficiente gestione degli eventi

Forte acquisizione, profonda analisi, elevata reattività

Event Flows Log Event

jflow

sflow

nflow

qflow

syslog

snmp

odbc wmi

ftp/sftpsnare

wincollectjdbc

IDS-IPSFirewallSwitch-Router

• Auto-discovery of log sources

• Auto-discovery of applications

• Auto-discovery of assets

• Auto-grouping of assets

• Centralized log management

VA Scanner

Server DatabaseApplications

• Registrazione in tempo reale

• Facilità di configurazione

• Modalità agent-less

• Integrazione standard di molteplici dispositivi

MONITOR & ASSET DISCOVERY


2 - Un potente motore di elaborazione e correlazione

Auto-tuning

Auto-detect threats Thousands of pre-defined rules

Easy-to-use event filtering

Advanced security analytics

ANALYSYS

Un potente motore di correlazione analisi investigativa e reportistica avanzata per l’identificazione di eventi critici e loro immediata risoluzione


3 - Allarmi in tempo reale e profondità investigativa• Controllo chiaro e completo di tutte le attività di rete con monitoraggio in

tempo reale

• Avvisi ed individuazione di eventi insoliti rispetto alla condizione di normalità

• Analisi investigativa e reportistica avanzata

• Report di sicurezza standard integrati e di facile personalizzazione

• Thousands of predefined reports

• Asset-based prioritization

• Auto-update of threats

• Auto-response

• Directed remediation

ACTIONS & REPORTS


Qradar: le componenti

• Turnkey log management

• Upgradeable to enterprise SIEM

• Sophisticated event analytics

• Asset profiling and flow analytics

• Network analytics

• Behavioral and anomaly detection

• Predictive threat modeling & simulation

• Scalable configuration monitoring & audit

• Event processors

• Network activity processors

• Layer 7 application monitoring

• Content capture

Log Management

SIEM

Network Activity and Anomaly Detection

Risk Management

Scale

Visibility



Salvatore SollamiIBM Security Systems Technical Sales and Solutions

Next Generation IPS


The challenging state of network security

Social media sites present productivity, privacy and security risks including new threat vectors

SOCIAL NETWORKING

Streaming media sites are

consuming large amounts of

bandwidth

STREAMING MEDIA

Point solutions are siloed with

minimal integration or data sharing

POINT SOLUTIONSURL Filtering • IDS / IPS

IM / P2P • Web App Protection Vulnerability Management

Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure

SOPHISTICATED ATTACKS

Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware


Network Defense: Traditional solutions not up to today’s challenges

Internet

Firewall/VPN – port

and protocol filtering

Web Gateway – securing

web traffic only, port 80 / 443

Email Gateway – message

and attachment security only

� Threats continue to evolve and standard methods of detection are not enough

� Streaming media sites and Web applications introduce new security challenges

� Basic “Block Only” mode limits innovative use of streaming and new Web apps

� Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity

Requirement: Multi-faceted Protection

� 0-day threat protection tightly integrated with other technologies i.e. network anomaly detection

� Ability to reduce costs associated with non-business use of applications

� Controls to restrict access to social media sites by a user’s role and business need

� Augment point solutions to reduce overall cost and complexity

Stealth Bots

Worms, Trojans

Targeted Attacks

Designer Malware

Current Limitations

Everything Else

Multi-faceted Network Protection– security for all traffic,

applications and users


Block attachments on all outgoing emails and chats

Allow marketing and sales teams to access social networking sites

Advanced inspection of web application traffic destined to my web servers

Allow, but don’t inspect, traffic to financial and medical sites

Block known botnet servers and phishing sites

A more strict security policy is applied to traffic from countries where I do not do business

Client-Side Protection

Network

Awareness

Reputation

Web Protection

Botnet Protection

Web Category Protection

Access Control

Protocol Aware Intrusion

Protection

Web ApplicationsNon-web Applications

The Need to Understand the Who, What, and When

Server

Geography

User or Group

Reputation

Network

172.29.230.15, Bob, Alice 80, 443, 21, webmail, social networks

Who What PolicyTraffic Controls

July



Platform

Ability to prevent sophisticated

threats and detect abnormal

network behavior by leveraging

an extensible set of network

security capabilities - in

conjunction with real-time threat

information and Security

Intelligence

Expanded X-Force

Threat Intelligence

Increased coverage of world-wide

threat intelligence harvested by

X-Force and the consumption of

this data to make smarter and

more accurate security decisions

across the IBM portfolio


Tight integration between the


Platform and QRadar Security

Intelligence platform to provide

unique and meaningful ways to

detect, investigate and remediate

threats

Vulnerability Data Malicious Websites Malware Information IP Reputation

Intrusion

Prevention

Content and Data

Security

Web Application

Protection

Network Anomaly

DetectionIBM Network

Security

Threat Intelligenceand Research

Advanced

Threat ProtectionPlatform

Application

Control

The Advanced Threat Protection Platform

Log Manager SIEMNetwork

Activity MonitorRisk Manager

SecurityIntelligence

Platform

Vulnerability Manager

NEW


Next Generation Network IPS


Understanding who, what, and when

� Immediately discover which applications and

web sites are being

accessed

� Quickly Identify misuse by application, website,

user, and group

� Understand who and what are consuming

bandwidth on the network

� Superior detection of advanced threats through integration with

QRadar for network

anomaly and event details Network flows can be sent to QRadar for enhanced analysis, correlation and anomaly detection

Identity context ties users and groups with their network activity -going beyond IP address only policies

Application context fully classifies network traffic, regardless of port, protocol or evasion techniques

Increase Security Reduce Costs Enable Innovation


Ensure appropriate

application and network use

Understand the

Who, What and When for all

network activity

Extensible, 0-Day protection

powered

by X-Force®

Next Gen IPS: IBM Security Network Protection

XGS 5100

PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL

IBM Security Network Protection XGS 5100

builds on the proven security of IBM intrusion prevention solutions by delivering the

addition of next generation visibility and control to help balance security and business

requirements

NEW WITH XGS NEW WITH XGS


Proven Security: Extensible, 0-Day Protection Powered by X-Force®

IBM Security Network Protection XGS 5000

IBM Security Threat Protection – Backed by X-Force®

– 15 years+ of vulnerability research and development

– Trusted by the world’s largest enterprises and government agencies

– True protocol-aware intrusion prevention, not reliant on signatures

– Specialized engines

• Exploit Payload Detection

• Web Application Protection

• Content and File Inspection

Ability to protect against the threats of today and tomorrow

� Next Generation IPS powered

by X-Force® Research

protects weeks or even months

“ahead of the threat”

� Full protocol, content and

application aware protection

goes beyond signatures

� Expandable protection

modules defend against

emerging threats such as

malicious file attachments and

Web application attacks


QRadar Network Anomaly Detection� QRadar Network Anomaly Detection is a

purpose built version of QRadar for IBM’s intrusion prevention portfolio

� The addition of QRadar’s behavioral analytics and real-time correlation helps better detect and prioritize stealthy attacks

� Supplements visibility provided by IBM

Security Network Protection’s Local

Management (LMI)

� Integration with IBM Security Network Protection including the ability to send

network flow data from XGS to QRadar


IBM X-Force® ThreatInformation Center

Real-time Security Overvieww/ IP Reputation Correlation

Identity and User Context

Real-time Network Visualizationand Application Statistics

InboundSecurity Events


IBM Security Network Protection XGS 5100IBM Security Network Protection XGS 5100

The XGS 5100: The Best Solution for Threat Prevention

Internet

Firewall/VPN – port

and protocol filtering

Web Gateway – securing

web traffic only, port 80 / 443

Email Gateway – message

and attachment security only

Everything Else

Better Network Control

�Natural complement to current Firewall and VPN

�Not rip-and-replace – works with your existing network and security infrastructure

�More flexibility and depth in security and control over users, groups, networks and applications

Better Threat Protection

�True Protocol aware Network IPS

�Higher level of overall security and protection

�More effective against 0-day attacks

�Best of both worlds – true protocol and heuristic-based protection with customized signature support

Stealth Bots

Worms, Trojans

Targeted Attacks

Designer Malware

Proven Security Ultimate Visibility Complete Control

Date post:	18-Nov-2014
Category:	Technology
Upload:	anna-landolfi
View:	413 times
Download:	5 times

IBM per la sicurezza del Datacenter

Technology