IBM SECURITY STRATEGYINTEGRATED SECURITY FOR A NEW ERA
Jeff Crume, CISSP-ISSAPDistinguished EngineerIBM Master InventorIT Security [email protected]: InsideInternetSecurity.com
2 IBM Security
Today’s security drivers
COMPLIANCEHUMANERROR
SKILLS GAPADVANCEDATTACKS
INNOVATION
3 IBM Security
2013800+ Million records
20141+ Billion records
2015Unprecedented Impact
Attackers break through conventional safeguards every day
$7Mavg cost of US data breachaverage time to identify data breach
201 daysMILLION unfilled security positions by 20201.5
4 IBM Security
IBM X-Force® Research and Development
Expert analysis and data sharing on the global threat landscape
VulnerabilityProtection
IPReputation
Anti-Spam
MalwareAnalysis
WebApplication
Control
URL / WebFiltering
The IBM X-Force Mission
§ Monitor and evaluate the rapidly changing threat landscape § Research new attack techniques and develop protection for tomorrow’s security challenges§ Educate our customers and the general public§ Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter
Zero-dayResearch
5 IBM Security
IBM X-Force monitors and analyzes the changing threat landscape
20,000+ devices under contract
35B+ events managed per day
133 monitored countries (MSS)
3,000+ security related patents
270M+ endpoints reporting malware
25B+ analyzed web pages and images
12M+ spam and phishing attacks daily
89K+ documented vulnerabilities
860K+ malicious IP addresses
Millions of unique malware samples
6 IBM Security
The next era of security
PERIMETER CONTROLS
7 IBM Security
How do I get started when all I see is chaos?
IP reputation
Indicators of compromiseThreat sharing
Firewalls
Incident and threat management
Virtual patching
Sandboxing
Network visibility
Malware protection
Antivirus
Data access control Data monitoring
Application security management
Application scanning
Access management
Entitlements and roles
Identity management
Transaction protection
Device management
Content security
Workloadprotection
Cloud accesssecurity brokerAnomaly detection
Log, flow, data analysis
Vulnerability management
Privileged identity management
Incident response
Criminal detection
Fraud protection Endpoint patching and management
8 IBM Security
The next era of security
INTELLIGENCEand INTEGRATION
PERIMETER CONTROLS
9 IBM Security
How do I get started when all I see is chaos?
IP reputation
Indicators of compromiseThreat sharing
Firewalls
Incident and threat management
Virtual patching
Sandboxing
Network visibility
Malware protection
Antivirus
Data access control Data monitoring
Application security management
Application scanning
Access management
Entitlements and roles
Identity management
Transaction protection
Device management
Content security
Workloadprotection
Cloud accesssecurity brokerAnomaly detection
Log, flow, data analysis
Vulnerability management
Privileged identity management
Incident response
Criminal detection
Fraud protection Endpoint patching and management
10 IBM Security
Threat Intelligence
Security Analytics
Cloud
Identityand
Access
Dataand
Apps
Mobile Advanced Fraud
NetworkEndpoint
Security Ecosystem
An integrated and intelligent security immune system
Criminal detectionFraud protection
Workloadprotection
Cloud accesssecurity broker
Access managementEntitlements and rolesPrivileged identity management
Identity management
Data access control
Application security managementApplication scanning
Data monitoring
Device Management
Transaction protection
Content security
Malware protectionAntivirus
Endpoint patching and management
Virtual patching
FirewallsIncident and threat management
Sandboxing
Network visibility
Vulnerability management Incident response
Log, flow, data analysis Anomaly detection
Indicators of compromiseIP reputation Threat sharing
11 IBM Security
SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security
Threat Intelligence
Security Analytics
Cloud
Identityand
Access
Dataand
Apps
Mobile Advanced Fraud
NetworkEndpoint
Security Ecosystem
IBM has the world’s broadest and deepest security portfolio
App Exchange
MaaS360
INFORMATION RISKAND PROTECTION
Trusteer Mobile
Trusteer Rapport
AppScan
Guardium
Cloud SecurityEnforcer
Privileged Identity ManagerIdentity Governance and Access
Cloud Identity ServiceKey Manager
zSecure
Trusteer PinpointQRadar Vulnerability Manager Resilient Incident Response
X-Force Exchange
QRadar Incident Forensics
SECURITY OPERATIONSAND RESPONSE
BigFix Network Protection XGS
QRadar SIEM QRadar Risk Manager
12 IBM Security
COGNITIVE, CLOUD,and COLLABORATION
The next era of security
INTELLIGENCEand INTEGRATION
PERIMETER CONTROLS
13 IBM Security
CollaborationCrowd-sourced information sharing based on 700+TB of threat intelligence
https://exchange.xforce.ibmcloud.com
14 IBM Security
Continuously stop attacks and remediate vulnerabilities
Upgrade your defenses with a coordinated platform to outthink threats
• Disrupt malware and exploits• Discover and patch endpoints• Automatically fix vulnerabilities
Respond to incidents quickly, with precision
• Hunt for indicators using deep forensics
• Orchestrate and automate incident response
Discover unknown threats with advanced analytics
• See attacks across the enterprise• Sense abnormal behaviors• Automatically prioritize threats
RESPOND
15 IBM Security
Understand deep security context across your organization in hours, not weeks
Prioritized incidents
EmbeddedIntelligence
IBM QRadarSense Analytics
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
EXTENSIVE DATA SOURCES
IBM QRadar
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
16 IBM Security
User Behavior Analytics
• Compiles risk scores for every user based on activities
• Provides behavioral analysis dashboard and watch-lists for leading candidates
• Available from IBM Security App Exchange app providing insights within hours of downloading to QRadar
• Enhances existing QRadar security data with user information pulled from LDAP
• Enhances out-of-the-box content with 20 new UBA rules
17 IBM Security
SOC analysts need help sensing behavioral deviations over time
§ Account accessing more high value assets than normal
§ More data being transferred then a normal to and from servers and / or external locations
§ Privileged account accessing high-value servers from a new location for the first time
§ Account used for the first time in a long time
§ Rare privilege escalation
§ Accounts being used from peculiar locations
§ User involved in previously malicious or threatening behavior
§ User an outlier within their peer group
§ Clustering group changes
Large Window Small Window
5 Hours2% of time application was active
1 Hour4% Activity
100% increase in activity
Large Window Small Window
New activity
18 IBM Security 5 IBM Security
A tremendous amount of security knowledge is created for human consumption, but most of it is untapped
SHARED UNDER NDA UNTIL MAY 10, 2016
Examples include:
• Research documents
• Industry publications
• Forensic information
• Threat intelligence commentary
• Conference presentations
• Analyst reports
• Webpages
• Wikis
• Blogs
• News sources
• Newsletters
• Tweets
A universe of security knowledge Dark to your defenses Typical organizations leverage only 8% of this content*
Traditional Security Data
Human Generated Knowledge
• Security events and alerts • Logs and configuration data
• User and network activity • Threat and vulnerability feeds
19 IBM Security 4 IBM Security
Human Expertise
Cognitive Security
Cognitive systems bridge this gap and unlock a new partnership between security analysts and their technology
SHARED UNDER NDA UNTIL MAY 10, 2016
Security Analytics • Data correlation
• Pattern identification
• Anomaly detection
• Prioritization
• Data visualization
• Workflow
• Unstructured analysis
• Natural language
• Question and answer
• Machine learning
• Bias elimination
• Tradeoff analytics
• Common sense
• Morals
• Compassion
• Abstraction
• Dilemmas
• Generalization SECURITY ANALYSTS
SECURITY ANALYTICS
COGNITIVE SECURITY
20 IBM Security
Connecting the dots
21 IBM Security
Connecting the dots – an example
DomainName
URL
IPAddress
File
User
LockyMalware
CO
NTA
INRESOLVE CONNECT
LINK AV SIGNATURE
22 IBM Security
23 IBM Security
24 IBM Security
Cognitive: Revolutionizing how security analysts work Natural language processing with security that understands, reasons, and learns
Watson determines the specific campaign (Locky),discovers more infected endpoints, and sends results to the incident response team
25 IBM Security
Modify your response as needs and incidents evolve IBM Resilient Incident Response Platform
Security Module
• Industry standard workflows (NIST, SANS)
• Threat intelligence feeds• Organizational SOPs• Community best practices
Action Module
• Automate processes• Enrich incident details• Gather forensics• Enact mitigation
Privacy Module
• Global breach regulations• Contractual obligations• Third-party requirements• Organizational SOPs• Privacy best practices
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
26 IBM Security
Industry analysts rank IBM SecurityDOMAIN SEGMENT MARKET SEGMENT / REPORT
ANALYST RANKINGS
Security Operations and Response
Security Intelligence Security Information and Event Management (SIEM) LEADER
Network and Endpoint Protection
Intrusion Prevention Systems (IPS) LEADER
Endpoint: Client Management Tools LEADER
Endpoint Protection Platforms (EPP) Strong Performer
Information Riskand Protection
Identity Governance and Access Management
Federated Identity Management and Single Sign-On LEADER
Identity and Access Governance LEADER
Identity and Access Management as a Service (IDaaS) LEADER
Web Access Management (WAM) LEADER
Mobile Access Management LEADER
Identity Provisioning Management LEADER
Data Security Data Masking LEADER
Application Security Application Security Testing (dynamic and static) LEADER
Mobile Protection Enterprise Mobility Management (MaaS360) LEADER
Fraud Protection Web Fraud Detection (Trusteer) LEADER
Security Transformation Services
Consulting and Managed Services
Managed Security Services (MSS) LEADER
Information Security Consulting Services LEADER
V2016-06-16Note: This is a collective view of top analyst rankings, compiled as of July, 2016
27 IBM Security
A Global Leader in Enterprise Security
• #1 in enterprise security software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 15 acquisitions since 2005*According to Technology Business Research, Inc. (TBR) 2016
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
FOLLOW US ON:
THANK YOU