Date post: | 06-Aug-2015 |
Category: |
Technology |
Upload: | santiago-cavanna |
View: | 136 times |
Download: | 0 times |
© 2015 IBM Corporation
IBM & Security Gov. Point Of Views
Santiago Cavanna [email protected] @scavanna
© 2015 IBM Corporation
IBM Security
According to a GovLoop survey, 90% of respondents don’t think their agency is fully prepared for a cyber attack and named the ever-changing nature of threats, as well as inadequate training, as their biggest obstacles. For all levels of government, the number of cyber attacks on networks are growing in frequency, and becoming more sophisticated and aggressive. The threat of Sophisticated Attacks, Security Breaches, Phishing, and Social Media Fraud is very real for everyone, especially government. But that’s where the Continuous Diagnostics and Monitoring (CDM) program comes in.
http://www.slideshare.net/ibmsecurity/employing-cdm-how-government-can-protect-itself-from-cyber-attacks
How Government can Protect Itself from Cyber Attacks
© 2015 IBM Corporation
IBM Security
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected
objects
Innovative technology changes everything
© 2015 IBM Corporation
IBM Security
Motivations and sophistication are rapidly evolving
National Security
Nation-state actors Stuxnet
Espionage, Activism
Competitors and Hacktivists Aurora
Monetary Gain
Organized crime Zeus
Revenge, Curiosity
Insiders and Script-kiddies Code Red
© 2015 IBM Corporation
IBM Security
Security challenges are a complex, four-dimensional puzzle …
… that requires a new approach
Applications Web
Applications Systems
Applications Web 2.0 Mobile
Applications
Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motion Unstructured Structured
People Hackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0 Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
© 2015 IBM Corporation
IBM Security
IBM Confidential
1 IBM X-‐Force Threat Intelligence Quarterly 1Q 2014 2 Data Breaches in the Government Sector, Rapid7, 2012 3 Ericka Chickowski, 10 Top Government Data Breaches Of 2012,” Security Dark Reading, 29 Nov. 2012
US federal government agencies have lost more than 94 million records of citizens since 2009 2
In 2012, US federal government agencies reported 22,156 data breaches, which was an increase of 111 percent from incidents reported in 2009 3
1 1
Government clients are among the most frequently attacked industries
© 2015 IBM Corporation
IBM Security
IBM can shed light on who is attacking enterprise networks and why
IBM & Client Confidential
Observations: 1. 73% of breaches are a result of either mis-
configured systems or end-user error. 2. Almost half of the attacks are from outsiders who
are often “opportunistic”. 3. 23% of attacks are either espionage, financial
crime, or terrorism related. 4. Sustained probes and malicious code are the
primary ways companies get attacked.
Source: IBM X-Force, IBM CyberSecurity Index
© 2015 IBM Corporation
IBM Security
Security challenges >> that make clients vulnerable to attack
Lack of visibility to events across the infrastructure to identify threats and fraudulent activity to critical systems
Inability to effectively manage and monitor user access to resources
Vulnerabilities in code for online applications / web services
Inability to monitor access to sensitive / confidential data
Endpoints built on vulnerable Oss Malware proliferation into the enterprise from infected endpoints
© 2015 IBM Corporation
IBM Security
Do you have a good security program today? Ask yourself
§ Are you ready to respond to a security incident and quickly remediate?
§ Do you have the visibility and analytics needed to monitor threats?
§ Do you know where your corporate crown jewels are and are they adequately protected?
§ Can you manage your endpoints from servers to mobile devices and control network access?
§ Do you build security in and continuously test all critical web/mobile applications?
§ Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?
§ Do you have a risk aware culture and management system that can ensure compliance?
Maturity-based approach
Proactive
Aut
omat
ed
Man
ual
Reactive
Optimizing your security is essential in today’s
environment
© 2015 IBM Corporation
IBM Security
http://www.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm
© 2015 IBM Corporation
IBM Security
Strategic imperative #1 Use analytics and insights for smarter defense
Use intelligence and anomaly detection
across every domain
Build an intelligence vault around your
crown jewels
Prepare your response for the inevitable
© 2015 IBM Corporation
IBM Security
Strategic imperative #2 Employ innovation to improve security
Own the security agenda
for innovation
Embed security
on day one
Employ innovation
to improve security
© 2015 IBM Corporation
IBM Security
Strategic Imperative #3 Get help to develop an integrated approach
Develop a risk-aware
security strategy
Deploy a systematic approach
Harness the knowledge
of professionals
© 2015 IBM Corporation
IBM Security
State and Local Government The IBM Point of View
The landscape The current global financial crisis had a profound effect on government agencies at all levels forcing government agencies to do more with less. Many agencies have chosen to take transformational approaches, such as using advanced analytics, adopting shared services or moving to self-service models to address specific pain points within their districts. Analytics can make data consumable, insightful and predictive. And analytics can help identify opportunities for efficiency through shared service or self-service approaches, enabling government agencies to realize increased operational efficiency and improved customer service levels through consolidation of similar services. But as agencies transform how they do business through the use of online interaction and other innovative technologies, consumer privacy and data protection has become a major area of focus. Security challenges Cyber attacks – Government executives have an emerging awareness of security threats to the cyber systems that support government operations that can expose sensitive government information or the privacy of citizen information. Vulnerable customer facing application - Developing secure customer facing applications and services is critical to preventing breaches and access to back end data where sensitive citizen information is stored. Unauthorized user access - Establishing an information access governance strategy and solution within the organization where information could impact agency reputation and liability. Regulatory compliance - Ongoing regulations and audits cause challenges with vulnerability assessments across the infrastructure. .
© 2015 IBM Corporation
IBM Security
State and Local Government The IBM Point of View
Value statements • Reduce security costs for risk monitoring, analysis, and compliance reporting by integrating silos, automating controls, and optimizing the security investment. • Reduce operational costs while optimizing security investments by analyzing and prioritizing risks, and remediating issues cost-effectively and in order of severity. • Reduce risk for new business opportunities or services by providing a secure cloud-based delivery platform • Minimize losses by identifying and protecting the “crown jewels” and other critical data assets. • Gain the benefits of avoiding reputational risk or litigation by safeguarding citizen data Reduce application development costs associated with identifying and correcting defects early on in the software development cycle
© 2015 IBM Corporation
IBM Security
State and Local Government The IBM Point of View 1200 clientes en el mundo (Agencias de Gobierno, Gobiernos Municipales, Provinciales o Nacionales)
Casos de referencia en la región.
Publicas – Globales AGESIC (Presidencia de la Nación, Uruguay) Gestión de Identidades federadas para unificación de la identidad del empleado publico y del ciudadano.
© 2015 IBM Corporation
IBM Security
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence
Integration
Expertise
© 2015 IBM Corporation
IBM Security
IBM X-Force® Research and Development Expert analysis and data sharing on the global threat landscape
The IBM X-Force Mission § Monitor and evaluate the rapidly changing threat landscape § Research new attack techniques and develop protection for tomorrow’s security challenges § Educate our customers and the general public § Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter
Vulnerability Protection
IP Reputation
Anti-Spam
Malware Analysis
Web Application
Control
URL / Web Filtering
Zero-day Research
© 2015 IBM Corporation
IBM Security
Advanced Fraud Protection
Trusteer Rapport
Trusteer Pinpoint Malware Detection
Trusteer Pinpoint ATO Detection
Trusteer Mobile Risk Engine
Intelligence: A comprehensive portfolio of products and services
Trusteer Apex
FiberLink MaaS360
Endpoint Manager
Host Protection
zSecure
Security Intelligence and Analytics
QRadar Log Manager
QRadar SIEM
QRadar Risk Manager
QRadar Vulnerability Manager
QRadar Incident Forensics
IBM X-Force Research
People
Identity Manager
Access Manager Family
Privileged Identity Manager
Federated Identity Management
Directory Integrator / Directory Server
Data
Guardium Database Activity Monitoring
Guardium Encryption Expert
Guardium / Optim Data Masking
Key Lifecycle Manager
Applications
AppScan Source
AppScan Enterprise / Standard
DataPower Web Security Gateway
Security Policy Manager
Network Infrastructure Endpoint
Network Intrusion Prevention (GX)
Next Generation Network Protection
(XGS)
SiteProtector Threat Management
QRadar Network Anomaly Detection
© 2015 IBM Corporation
IBM Security
IBM Security Framework and IBM Security Blueprint
http://www.redbooks.ibm.com/abstracts/sg248100.html?Open
© 2015 IBM Corporation
IBM Security
X-Force database - extensive catalog of vulnerabilities
Web filter database – malicious or infected websites
IP Reputation – botnets, anonymous proxies, bad actors
Application Identification – web application information
Vulnerability Research – latest vulnerabilities and protections
Security Services – manage IPS for 3000+ Customers
X-Force Threat Intelligence: The IBM Differentiator
X-Force Threat Intelligence Cloud
© 2015 IBM Corporation
IBM Security
IBM Identity and Access Management Vision
Key Themes
Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure
Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions
Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
© 2015 IBM Corporation
IBM Security
Key Themes
Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities
Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations
Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data
Data Security Vision
Across Multiple Deployment Models
QRadar Integration
© 2015 IBM Corporation
IBM Security
Key Themes
Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing
Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features
Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform
Application Security Vision
© 2015 IBM Corporation
IBM Security
Key Themes
Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform
Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices
Security Intelligence Integration Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform
Infrastructure Protection – Endpoint Vision
© 2015 IBM Corporation
IBM Security
Key Themes
Advanced Threat Protection Platform Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence
Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions
Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats
Log Manager SIEM
Network Activity Monitor
Risk Manager
Vulnerability Data
Malicious Websites
Malware Information
Intrusion Prevention
Content and Data Security
Web Application Protection IBM Network
Security
Security Intelligence Platform
Threat Intelligence and Research
Advanced Threat Protection
Future
Future Network Anomaly Detection
IP Reputation
Application Control
Future
Infrastructure Protection – Advanced Threat
© 2015 IBM Corporation
IBM Security
Security Intelligence: Integrating across IT silos
Extensive Data Sources
Deep Intelligence
Exceptionally Accurate and
Actionable Insight + =
JK 2012-04-26
High Priority Offenses
Event Correlation
Activity Baselining & Anomaly Detection
Offense Identification
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
© 2015 IBM Corporation
IBM Security
All domains feed Security Intelligence
Endpoint Management vulnerabilities enrich QRadar’s
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security Network Intrusion Prevention System
Flow data into QRadar turns NIPS devices into activity sensors
Identity context for all security domains w/ QRadar as the dashboard
Database assets, rule logic and database activity information
Correlate new threats based on X-Force IP reputation feeds
Hundreds of 3rd party information sources
© 2015 IBM Corporation
IBM Security
Advanced Fraud Protection
Trusteer Rapport
Trusteer Pinpoint Malware Detection
Trusteer Pinpoint ATO Detection
Trusteer Mobile Risk Engine
Intelligence: A comprehensive portfolio of products and services
Trusteer Apex
FiberLink MaaS360
Endpoint Manager
Host Protection
zSecure
Security Intelligence and Analytics
QRadar Log Manager
QRadar SIEM
QRadar Risk Manager
QRadar Vulnerability Manager
QRadar Incident Forensics
IBM X-Force Research
People
Identity Manager
Access Manager Family
Privileged Identity Manager
Federated Identity Management
Directory Integrator / Directory Server
Data
Guardium Database Activity Monitoring
Guardium Encryption Expert
Guardium / Optim Data Masking
Key Lifecycle Manager
Applications
AppScan Source
AppScan Enterprise / Standard
DataPower Web Security Gateway
Security Policy Manager
Network Infrastructure Endpoint
Network Intrusion Prevention (GX)
Next Generation Network Protection
(XGS)
SiteProtector Threat Management
QRadar Network Anomaly Detection
© 2015 IBM Corporation
IBM Security
Learn more about IBM Security
Visit our website IBM Security Website
Watch our videos IBM Security YouTube Channel
Read new blog posts SecurityIntelligence.com
Follow us on Twitter @ibmsecurity
IBM Security Intelligence. Integration. Expertise.