IBMSecurity Gov_PoV Ar_MDQ_2015 - pdf

© 2015 IBM Corporation

IBM & Security Gov. Point Of Views

Santiago Cavanna [email protected] @scavanna


IBM Security

Point of View: Info Security situation


IBM Security

According to a GovLoop survey, 90% of respondents don’t think their agency is fully prepared for a cyber attack and named the ever-changing nature of threats, as well as inadequate training, as their biggest obstacles. For all levels of government, the number of cyber attacks on networks are growing in frequency, and becoming more sophisticated and aggressive. The threat of Sophisticated Attacks, Security Breaches, Phishing, and Social Media Fraud is very real for everyone, especially government. But that’s where the Continuous Diagnostics and Monitoring (CDM) program comes in.

http://www.slideshare.net/ibmsecurity/employing-cdm-how-government-can-protect-itself-from-cyber-attacks

How Government can Protect Itself from Cyber Attacks


IBM Security

Bring your own IT

Social business

Cloud and virtualization

1 billion mobile workers

1 trillion connected

objects

Innovative technology changes everything


IBM Security

Motivations and sophistication are rapidly evolving

National Security

Nation-state actors Stuxnet

Espionage, Activism

Competitors and Hacktivists Aurora

Monetary Gain

Organized crime Zeus

Revenge, Curiosity

Insiders and Script-kiddies Code Red


IBM Security

Security challenges are a complex, four-dimensional puzzle …

… that requires a new approach

Applications Web

Applications Systems

Applications Web 2.0 Mobile

Applications

Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motion Unstructured Structured

People Hackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0 Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications


IBM Security

IBM Confidential

1 IBM X-‐Force Threat Intelligence Quarterly 1Q 2014 2 Data Breaches in the Government Sector, Rapid7, 2012 3 Ericka Chickowski, 10 Top Government Data Breaches Of 2012,” Security Dark Reading, 29 Nov. 2012

US federal government agencies have lost more than 94 million records of citizens since 2009 2

In 2012, US federal government agencies reported 22,156 data breaches, which was an increase of 111 percent from incidents reported in 2009 3

1 1

Government clients are among the most frequently attacked industries


IBM Security

IBM can shed light on who is attacking enterprise networks and why

IBM & Client Confidential

Observations: 1.  73% of breaches are a result of either mis-

configured systems or end-user error. 2.  Almost half of the attacks are from outsiders who

are often “opportunistic”. 3.  23% of attacks are either espionage, financial

crime, or terrorism related. 4.  Sustained probes and malicious code are the

primary ways companies get attacked.

Source: IBM X-Force, IBM CyberSecurity Index


IBM Security

Security challenges >> that make clients vulnerable to attack

Lack of visibility to events across the infrastructure to identify threats and fraudulent activity to critical systems

Inability to effectively manage and monitor user access to resources

Vulnerabilities in code for online applications / web services

Inability to monitor access to sensitive / confidential data

Endpoints built on vulnerable Oss Malware proliferation into the enterprise from infected endpoints


IBM Security

Do you have a good security program today? Ask yourself

§  Are you ready to respond to a security incident and quickly remediate?

§  Do you have the visibility and analytics needed to monitor threats?

§  Do you know where your corporate crown jewels are and are they adequately protected?

§  Can you manage your endpoints from servers to mobile devices and control network access?

§  Do you build security in and continuously test all critical web/mobile applications?

§  Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?

§  Do you have a risk aware culture and management system that can ensure compliance?

Maturity-based approach

Proactive

Aut

omat

ed

Man

ual

Reactive

Optimizing your security is essential in today’s

environment


IBM Security

http://www.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm


IBM Security IBM Security Systems - IBM Security Framework


IBM Security

The security maturity model


IBM Security

Strategic imperative #1 Use analytics and insights for smarter defense

Use intelligence and anomaly detection

across every domain

Build an intelligence vault around your

crown jewels

Prepare your response for the inevitable


IBM Security

Strategic imperative #2 Employ innovation to improve security

Own the security agenda

for innovation

Embed security

on day one

Employ innovation

to improve security


IBM Security

Strategic Imperative #3 Get help to develop an integrated approach

Develop a risk-aware

security strategy

Deploy a systematic approach

Harness the knowledge

of professionals


IBM Security

Point of View: What we believe


IBM Security

State and Local Government The IBM Point of View

The landscape The current global financial crisis had a profound effect on government agencies at all levels forcing government agencies to do more with less. Many agencies have chosen to take transformational approaches, such as using advanced analytics, adopting shared services or moving to self-service models to address specific pain points within their districts. Analytics can make data consumable, insightful and predictive. And analytics can help identify opportunities for efficiency through shared service or self-service approaches, enabling government agencies to realize increased operational efficiency and improved customer service levels through consolidation of similar services. But as agencies transform how they do business through the use of online interaction and other innovative technologies, consumer privacy and data protection has become a major area of focus. Security challenges Cyber attacks – Government executives have an emerging awareness of security threats to the cyber systems that support government operations that can expose sensitive government information or the privacy of citizen information. Vulnerable customer facing application - Developing secure customer facing applications and services is critical to preventing breaches and access to back end data where sensitive citizen information is stored. Unauthorized user access - Establishing an information access governance strategy and solution within the organization where information could impact agency reputation and liability. Regulatory compliance - Ongoing regulations and audits cause challenges with vulnerability assessments across the infrastructure. .


IBM Security

State and Local Government The IBM Point of View

Value statements • Reduce security costs for risk monitoring, analysis, and compliance reporting by integrating silos, automating controls, and optimizing the security investment. • Reduce operational costs while optimizing security investments by analyzing and prioritizing risks, and remediating issues cost-effectively and in order of severity. • Reduce risk for new business opportunities or services by providing a secure cloud-based delivery platform • Minimize losses by identifying and protecting the “crown jewels” and other critical data assets. • Gain the benefits of avoiding reputational risk or litigation by safeguarding citizen data Reduce application development costs associated with identifying and correcting defects early on in the software development cycle


IBM Security

State and Local Government The IBM Point of View 1200 clientes en el mundo (Agencias de Gobierno, Gobiernos Municipales, Provinciales o Nacionales)

Casos de referencia en la región.

Publicas – Globales AGESIC (Presidencia de la Nación, Uruguay) Gestión de Identidades federadas para unificación de la identidad del empleado publico y del ciudadano.


IBM Security


IBM Security

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

Intelligence

Integration

Expertise


IBM Security

At IBM, the world is our security lab


IBM Security

IBM X-Force® Research and Development Expert analysis and data sharing on the global threat landscape

The IBM X-Force Mission §  Monitor and evaluate the rapidly changing threat landscape §  Research new attack techniques and develop protection for tomorrow’s security challenges §  Educate our customers and the general public §  Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

Vulnerability Protection

IP Reputation

Anti-Spam

Malware Analysis

Web Application

Control

URL / Web Filtering

Zero-day Research


IBM Security

Advanced Fraud Protection

Trusteer Rapport

Trusteer Pinpoint Malware Detection

Trusteer Pinpoint ATO Detection

Trusteer Mobile Risk Engine

Intelligence: A comprehensive portfolio of products and services

Trusteer Apex

FiberLink MaaS360

Endpoint Manager

Host Protection

zSecure

Security Intelligence and Analytics

QRadar Log Manager

QRadar SIEM

QRadar Risk Manager

QRadar Vulnerability Manager

QRadar Incident Forensics

IBM X-Force Research

People

Identity Manager

Access Manager Family

Privileged Identity Manager

Federated Identity Management

Directory Integrator / Directory Server

Data

Guardium Database Activity Monitoring

Guardium Encryption Expert

Guardium / Optim Data Masking

Key Lifecycle Manager

Applications

AppScan Source

AppScan Enterprise / Standard

DataPower Web Security Gateway

Security Policy Manager

Network Infrastructure Endpoint

Network Intrusion Prevention (GX)

Next Generation Network Protection

(XGS)

SiteProtector Threat Management

QRadar Network Anomaly Detection


IBM Security

IBM Security latest industry rankings


IBM Security

IBM Security Framework and IBM Security Blueprint

http://www.redbooks.ibm.com/abstracts/sg248100.html?Open


IBM Security IBM Security Systems - IBM Security Framework


IBM Security

The IBM Security Blueprint


IBM Security

IBM Security Framework


IBM Security


IBM Security

X-Force database - extensive catalog of vulnerabilities

Web filter database – malicious or infected websites

IP Reputation – botnets, anonymous proxies, bad actors

Application Identification – web application information

Vulnerability Research – latest vulnerabilities and protections

Security Services – manage IPS for 3000+ Customers

X-Force Threat Intelligence: The IBM Differentiator

X-Force Threat Intelligence Cloud


IBM Security


IBM Security

IBM Identity and Access Management Vision

Key Themes

Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure

Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions

Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management


IBM Security


IBM Security

Key Themes

Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities

Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations

Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data

Data Security Vision

Across Multiple Deployment Models

QRadar Integration


IBM Security


IBM Security

Key Themes

Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing

Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features

Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform

Application Security Vision


IBM Security


IBM Security

Key Themes

Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform

Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices

Security Intelligence Integration Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform

Infrastructure Protection – Endpoint Vision


IBM Security

Key Themes

Advanced Threat Protection Platform Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence

Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions

Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

Log Manager SIEM

Network Activity Monitor

Risk Manager

Vulnerability Data

Malicious Websites

Malware Information

Intrusion Prevention

Content and Data Security

Web Application Protection IBM Network

Security

Security Intelligence Platform

Threat Intelligence and Research

Advanced Threat Protection

Future

Future Network Anomaly Detection

IP Reputation

Application Control

Future

Infrastructure Protection – Advanced Threat


IBM Security


IBM Security

Security Intelligence: Integrating across IT silos

Extensive Data Sources

Deep Intelligence

Exceptionally Accurate and

Actionable Insight + =

JK 2012-04-26

High Priority Offenses

Event Correlation

Activity Baselining & Anomaly Detection

Offense Identification

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity


IBM Security

All domains feed Security Intelligence

Endpoint Management vulnerabilities enrich QRadar’s

vulnerability database

AppScan Enterprise

AppScan vulnerability results feed QRadar SIEM for improved

asset risk assessment

Tivoli Endpoint Manager

Guardium Identity and Access Management

IBM Security Network Intrusion Prevention System

Flow data into QRadar turns NIPS devices into activity sensors

Identity context for all security domains w/ QRadar as the dashboard

Database assets, rule logic and database activity information

Correlate new threats based on X-Force IP reputation feeds

Hundreds of 3rd party information sources


IBM Security

The security maturity model


IBM Security

Advanced Fraud Protection

Trusteer Rapport

Trusteer Pinpoint Malware Detection

Trusteer Pinpoint ATO Detection

Trusteer Mobile Risk Engine

Intelligence: A comprehensive portfolio of products and services

Trusteer Apex

FiberLink MaaS360

Endpoint Manager

Host Protection

zSecure

Security Intelligence and Analytics

QRadar Log Manager

QRadar SIEM

QRadar Risk Manager

QRadar Vulnerability Manager

QRadar Incident Forensics

IBM X-Force Research

People

Identity Manager

Access Manager Family

Privileged Identity Manager

Federated Identity Management

Directory Integrator / Directory Server

Data

Guardium Database Activity Monitoring

Guardium Encryption Expert

Guardium / Optim Data Masking

Key Lifecycle Manager

Applications

AppScan Source

AppScan Enterprise / Standard

DataPower Web Security Gateway

Security Policy Manager

Network Infrastructure Endpoint

Network Intrusion Prevention (GX)

Next Generation Network Protection

(XGS)

SiteProtector Threat Management

QRadar Network Anomaly Detection


IBM Security

Learn more about IBM Security

Visit our website IBM Security Website

Watch our videos IBM Security YouTube Channel

Read new blog posts SecurityIntelligence.com

Follow us on Twitter @ibmsecurity

IBM Security Intelligence. Integration. Expertise.


IBM Security

Date post:	06-Aug-2015
Category:	Technology
Upload:	santiago-cavanna
View:	136 times
Download:	0 times

IBMSecurity Gov_PoV Ar_MDQ_2015 - pdf

Technology