IBM SECURITY STRATEGYINTEGRATED SECURITY FOR A NEW ERA

Jeff Crume, CISSP-ISSAPDistinguished EngineerIBM Master InventorIT Security Architectcrume@us.ibm.comBlog: InsideInternetSecurity.com

2 IBM Security

Today’s security drivers

COMPLIANCEHUMANERROR

SKILLS GAPADVANCEDATTACKS

INNOVATION

3 IBM Security

2013800+ Million records

20141+ Billion records

2015Unprecedented Impact

Attackers break through conventional safeguards every day

$7Mavg cost of US data breachaverage time to identify data breach

201 daysMILLION unfilled security positions by 20201.5

4 IBM Security

IBM X-Force® Research and Development

Expert analysis and data sharing on the global threat landscape

VulnerabilityProtection

IPReputation

Anti-Spam

MalwareAnalysis

WebApplication

Control

URL / WebFiltering

The IBM X-Force Mission

§ Monitor and evaluate the rapidly changing threat landscape § Research new attack techniques and develop protection for tomorrow’s security challenges§ Educate our customers and the general public§ Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

Zero-dayResearch

5 IBM Security

IBM X-Force monitors and analyzes the changing threat landscape

20,000+ devices under contract

35B+ events managed per day

133 monitored countries (MSS)

3,000+ security related patents

270M+ endpoints reporting malware

25B+ analyzed web pages and images

12M+ spam and phishing attacks daily

89K+ documented vulnerabilities

860K+ malicious IP addresses

Millions of unique malware samples

6 IBM Security

The next era of security

PERIMETER CONTROLS

7 IBM Security

How do I get started when all I see is chaos?

IP reputation

Indicators of compromiseThreat sharing

Firewalls

Incident and threat management

Virtual patching

Sandboxing

Network visibility

Malware protection

Antivirus

Data access control Data monitoring

Application security management

Application scanning

Access management

Entitlements and roles

Identity management

Transaction protection

Device management

Content security

Workloadprotection

Cloud accesssecurity brokerAnomaly detection

Log, flow, data analysis

Vulnerability management

Privileged identity management

Incident response

Criminal detection

Fraud protection Endpoint patching and management

8 IBM Security

The next era of security

INTELLIGENCEand INTEGRATION

PERIMETER CONTROLS

9 IBM Security

How do I get started when all I see is chaos?

IP reputation

Indicators of compromiseThreat sharing

Firewalls

Incident and threat management

Virtual patching

Sandboxing

Network visibility

Malware protection

Antivirus

Data access control Data monitoring

Application security management

Application scanning

Access management

Entitlements and roles

Identity management

Transaction protection

Device management

Content security

Workloadprotection

Cloud accesssecurity brokerAnomaly detection

Log, flow, data analysis

Vulnerability management

Privileged identity management

Incident response

Criminal detection

Fraud protection Endpoint patching and management

10 IBM Security

Threat Intelligence

Security Analytics

Cloud

Identityand

Access

Dataand

Apps

Mobile Advanced Fraud

NetworkEndpoint

Security Ecosystem

An integrated and intelligent security immune system

Criminal detectionFraud protection

Workloadprotection

Cloud accesssecurity broker

Access managementEntitlements and rolesPrivileged identity management

Identity management

Data access control

Application security managementApplication scanning

Data monitoring

Device Management

Transaction protection

Content security

Malware protectionAntivirus

Endpoint patching and management

Virtual patching

FirewallsIncident and threat management

Sandboxing

Network visibility

Vulnerability management Incident response

Log, flow, data analysis Anomaly detection

Indicators of compromiseIP reputation Threat sharing

11 IBM Security

SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security

Threat Intelligence

Security Analytics

Cloud

Identityand

Access

Dataand

Apps

Mobile Advanced Fraud

NetworkEndpoint

Security Ecosystem

IBM has the world’s broadest and deepest security portfolio

App Exchange

MaaS360

INFORMATION RISKAND PROTECTION

Trusteer Mobile

Trusteer Rapport

AppScan

Guardium

Cloud SecurityEnforcer

Privileged Identity ManagerIdentity Governance and Access

Cloud Identity ServiceKey Manager

zSecure

Trusteer PinpointQRadar Vulnerability Manager Resilient Incident Response

X-Force Exchange

QRadar Incident Forensics

SECURITY OPERATIONSAND RESPONSE

BigFix Network Protection XGS

QRadar SIEM QRadar Risk Manager

12 IBM Security

COGNITIVE, CLOUD,and COLLABORATION

The next era of security

INTELLIGENCEand INTEGRATION

PERIMETER CONTROLS

13 IBM Security

CollaborationCrowd-sourced information sharing based on 700+TB of threat intelligence

https://exchange.xforce.ibmcloud.com

14 IBM Security

Continuously stop attacks and remediate vulnerabilities

Upgrade your defenses with a coordinated platform to outthink threats

• Disrupt malware and exploits• Discover and patch endpoints• Automatically fix vulnerabilities

Respond to incidents quickly, with precision

• Hunt for indicators using deep forensics

• Orchestrate and automate incident response

Discover unknown threats with advanced analytics

• See attacks across the enterprise• Sense abnormal behaviors• Automatically prioritize threats

RESPOND

15 IBM Security

Understand deep security context across your organization in hours, not weeks

Prioritized incidents

EmbeddedIntelligence

IBM QRadarSense Analytics

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

EXTENSIVE DATA SOURCES

IBM QRadar

Find, fix, and secure endpoints

Prevent advanced network attacks

Use analytics to discover and eliminate threats

Coordinate response activity

Understand the latest threat actors

Get help from security experts

16 IBM Security

User Behavior Analytics

• Compiles risk scores for every user based on activities

• Provides behavioral analysis dashboard and watch-lists for leading candidates

• Available from IBM Security App Exchange app providing insights within hours of downloading to QRadar

• Enhances existing QRadar security data with user information pulled from LDAP

• Enhances out-of-the-box content with 20 new UBA rules

17 IBM Security

SOC analysts need help sensing behavioral deviations over time

§ Account accessing more high value assets than normal

§ More data being transferred then a normal to and from servers and / or external locations

§ Privileged account accessing high-value servers from a new location for the first time

§ Account used for the first time in a long time

§ Rare privilege escalation

§ Accounts being used from peculiar locations

§ User involved in previously malicious or threatening behavior

§ User an outlier within their peer group

§ Clustering group changes

Large Window Small Window

5 Hours2% of time application was active

1 Hour4% Activity

100% increase in activity

Large Window Small Window

New activity

18 IBM Security 5 IBM Security

A tremendous amount of security knowledge is created for human consumption, but most of it is untapped

SHARED UNDER NDA UNTIL MAY 10, 2016

Examples include:

• Research documents

• Industry publications

• Forensic information

• Threat intelligence commentary

• Conference presentations

• Analyst reports

• Webpages

• Wikis

• Blogs

• News sources

• Newsletters

• Tweets

A universe of security knowledge Dark to your defenses Typical organizations leverage only 8% of this content*

Traditional Security Data

Human Generated Knowledge

• Security events and alerts • Logs and configuration data

• User and network activity • Threat and vulnerability feeds

19 IBM Security 4 IBM Security

Human Expertise

Cognitive Security

Cognitive systems bridge this gap and unlock a new partnership between security analysts and their technology

SHARED UNDER NDA UNTIL MAY 10, 2016

Security Analytics • Data correlation

• Pattern identification

• Anomaly detection

• Prioritization

• Data visualization

• Workflow

• Unstructured analysis

• Natural language

• Question and answer

• Machine learning

• Bias elimination

• Tradeoff analytics

• Common sense

• Morals

• Compassion

• Abstraction

• Dilemmas

• Generalization SECURITY ANALYSTS

SECURITY ANALYTICS

COGNITIVE SECURITY

20 IBM Security

Connecting the dots

21 IBM Security

Connecting the dots – an example

DomainName

URL

IPAddress

File

User

LockyMalware

CO

NTA

INRESOLVE CONNECT

LINK AV SIGNATURE

22 IBM Security

23 IBM Security

24 IBM Security

Cognitive: Revolutionizing how security analysts work Natural language processing with security that understands, reasons, and learns

Watson determines the specific campaign (Locky),discovers more infected endpoints, and sends results to the incident response team

25 IBM Security

Modify your response as needs and incidents evolve IBM Resilient Incident Response Platform

Security Module

• Industry standard workflows (NIST, SANS)

• Threat intelligence feeds• Organizational SOPs• Community best practices

Action Module

• Automate processes• Enrich incident details• Gather forensics• Enact mitigation

Privacy Module

• Global breach regulations• Contractual obligations• Third-party requirements• Organizational SOPs• Privacy best practices

Find, fix, and secure endpoints

Prevent advanced network attacks

Use analytics to discover and eliminate threats

Coordinate response activity

Understand the latest threat actors

Get help from security experts

26 IBM Security

Industry analysts rank IBM SecurityDOMAIN SEGMENT MARKET SEGMENT / REPORT

ANALYST RANKINGS

Security Operations and Response

Security Intelligence Security Information and Event Management (SIEM) LEADER

Network and Endpoint Protection

Intrusion Prevention Systems (IPS) LEADER

Endpoint: Client Management Tools LEADER

Endpoint Protection Platforms (EPP) Strong Performer

Information Riskand Protection

Identity Governance and Access Management

Federated Identity Management and Single Sign-On LEADER

Identity and Access Governance LEADER

Identity and Access Management as a Service (IDaaS) LEADER

Web Access Management (WAM) LEADER

Mobile Access Management LEADER

Identity Provisioning Management LEADER

Data Security Data Masking LEADER

Application Security Application Security Testing (dynamic and static) LEADER

Mobile Protection Enterprise Mobility Management (MaaS360) LEADER

Fraud Protection Web Fraud Detection (Trusteer) LEADER

Security Transformation Services

Consulting and Managed Services

Managed Security Services (MSS) LEADER

Information Security Consulting Services LEADER

V2016-06-16Note: This is a collective view of top analyst rankings, compiled as of July, 2016

27 IBM Security

A Global Leader in Enterprise Security

• #1 in enterprise security software and services*

• 7,500+ people

• 12,000+ customers

• 133 countries

• 3,500+ security patents

• 15 acquisitions since 2005*According to Technology Business Research, Inc. (TBR) 2016

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

ibm.com/security

securityintelligence.com

xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

FOLLOW US ON:

THANK YOU