29
© 2013 IBM Corporation IBM Security Strategy Tom Turner, Vice President of Marketing 7. Mai 2013
| Date post: | 19-Oct-2014 |
| Category: |
Technology |
| View: | 478 times |
| Download: | 0 times |
© 2013 IBM Corporation
IBM Security Strategy
Tom Turner, Vice President of Marketing
7. Mai 2013
© 2013 IBM Corporation
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected objects
Innovative technology changes everything
© 2013 IBM Corporation
Motivations and sophistication are rapidly evolving
National
Security
Nation-state actorsStuxnet
Espionage,
Activism
Competitors and HacktivistsAurora
Monetary
Gain
Organized crimeZeus
Revenge,
Curiosity
Insiders and Script-kiddiesCode Red
© 2013 IBM Corporation
© 2013 IBM Corporation
Security challenges are a complex, four-dimensional puzzle
,
, that requires a new approach
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
PeopleHackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems Applications
Outsourcers
Structured In motion
Customers
Mobile
Applications
© 2013 IBM Corporation
Thinking differently about security
Then Now
Collect and Analyze Everything
People
Data
Applications
Infrastructure
Administration
Basic-
control
Bolt-on
Thicker
walls
Insight
Laser-
focused
Built-in
Smarter
defenses
© 2013 IBM Corporation
c69d172078b439545dfff28f3d3aacc1
51e65e6c798b03452ef7ae3d03343d8f
6bb6b9ce713a00d3773cfcecef515e02
c5907f5e2b715bb66b7d4b87ba6e91e7
bf30759c3b0e482813f0d1c324698ae8
6391908ec103847c69646dcbc667df42
23c4dc14d14c5d54e14ea38db2da7115
208066ea6c0c4e875d777276a111543e
00b3bd8d75afd437c1939d8617edc22f
01e22cce71206cf01f9e863dcbf0fd3f
117.0.178.252
83.14.12.218
94.23.71.55
103.23.244.254
62.28.6.52
202.231.248.207
175.106.81.66
217.112.94.236
119.252.46.32
180.214.243.243
dogpile.com
kewww.com.cn
ynnsuue.com
wpoellk.com
moveinent.com
moptesoft.com
varygas.com
earexcept.com
fullrow.com
colonytop.com
ynnsuue.com
117.0.178.252
51e65e6c798b03452ef7ae3d03343d8f
6bb6b9ce713a00d3773cfcecef515e02
Domain IP Address File Checksum
IBM Security Systems
Now: Situational Awareness
• Consume real-time intelligence about the latest threats
• Correlate alerts against external behavior and reputation
• Proactively block bad domains, IP address and malware
Then: Reaction
• Read about the latest threats fromblogs and news
• Match against known signatures and bad actors
Monitor Everything
Advanced Research
© 2013 IBM Corporation
ADPStrengthens security with identity management initiative
Business need:
Manual identity management processes made it time-consuming and costly to
track when and if access rights are revoked.
Solution:
With a view to becoming “identity aware”, ADP worked with IBM Business Partner
Pontis Research and IBM to automate processes for user account provisioning,
de-provisioning and access management in its Active Directory, remote access
and facility management systems.
© 2013 IBM Corporation
ADPStrengthens security with identity management initiative
Benefits:
�Vastly increases security by reducing time to revoke
access from weeks to seconds
�Reduces administration and help-desk costs while
enhancing visibility of user access
�Provides zero-day and zero-based provisioning and
federated access to resources
�Enables identity awareness
“IBM separated itself from the crowd. IBM Security Identity Manager was up and running within two days even though we gave each vendor a week to complete the Proof of Concept.“
Kyle F. Kennedy, Director of Global Directory and Identity Services, ADP
© 2013 IBM Corporation10
CiscoScaling application vulnerability management across a large enterprise
Business need:
With a small security team and an application portfolio of nearly 2,500 applications,
security staff worried they were becoming a “bottleneck” in application security
testing.
Solution:
Using IBM® Security AppScan® Enterprise, Cisco empowered its developers and
QA personnel to test applications and address security issues before deployment.
© 2013 IBM Corporation11
CiscoScaling application vulnerability management across a large enterprise
Benefits:
�Drove a 33 percent decrease in number of security
issues found; reduced post-deployment remediation
costs significantly; freed security experts to focus on
deep application vulnerability assessments
�Scaling application vulnerability scanning across a large
enterprise
"AppScan helped us create a self-service model. We could take the product and put it in the hands of the developers and QA testers so that they could identify and fix security vulnerabilities before production."
Sujata Ramamoorthy, Director, Information Security, Cisco
© 2013 IBM Corporation
Logs
Events Alerts
Configuration
information
System
audit trails
External
threat feeds
E-mail and
social activity
Network flows
and anomalies
Identity
context
Business
process data
Malware
information
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly detection
•Automated correlation and analytics
Then: Collection
•Log collection
•Signature-based detection
Security Intelligence
© 2013 IBM Corporation
Business challenge:
� Detect wide range of security threats affecting public-
facing Web applications
� Help identify subtle changes in user behavior that
could indicate fraud or misuse
Solution: (QRadar SIEM, QFlow, X-Force, Network IPS)
Real-time correlation of hundreds of data sources, anomaly
detection to help identify “low and slow” threats, flexibility for easy
customization and expansion
Saved 50-80% on
staffing vs. alternative
solutions
Reduces one billion
incidents per day to
20-30 investigations
Optimize risk management
EquifaxHardening defenses against threats and fraud
© 2013 IBM Corporation
© 2013 IBM Corporation
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
© 2013 IBM CorporationProducts Services
Intelligence: A comprehensive portfolio of products and services
New in 2012
© 2013 IBM Corporation
� Customize protection capabili-
ties to block specific vulner-
abilities using scan results
� Converge access management
with web service gateways
� Link identity information with
database security
� Stay ahead of the changing
threat landscape
� Designed to help detect the
latest vulnerabilities, exploits
and malware
� Add security intelligence to
non-intelligent systems
� Consolidate and correlate siloed
information from hundreds of
sources
� Designed to help detect, notify
and respond to threats missed
by other security solutions
� Automate compliance tasks and
assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK
201
2-0
4-2
6
© 2013 IBM Corporation
Expertise: At IBM, the world is our Security lab
6,000 researchers, developers and subject matter experts
working security initiatives worldwide
© 2013 IBM Corporation
IBM Security Research
Dr. Andreas Wespi
CTO Office, IBM SWG Europe
7. Mai 2013
© 2013 IBM Corporation20
IBM Security Research
Watson
Cryptography Virtualization, Cloud
Biometrics Information Security
Security Analytics Ethical Hacking
Security Engineering Secure Hardware
Zurich
Cryptography Authentication Solutions
Virtualization, Cloud Key Management
Security Analytics Storage Security
Privacy Business Processes
Haifa
Information Security
Tokyo
Security Services
China
Internet of Things
© 2013 IBM Corporation21
Sophisticated attackers are bypassing traditional
security defenses
• Attack related to article about
Wen Jiabao, China’s prime minister
• Attack was not detected for 4 months
• 45 pieces of malware used, only one
detected by anti-virus system
• All employee passwords stolen
• Computers of 53 employees accessed
• University computers used as proxies
© 2013 IBM Corporation
Break-inSpoofed email with malicious file
attachment sent to users
Latch-onAnomalous system behavior
and network communications
ExpandDevice contacting internal hosts in
strange patterns
GatherAbnormal user behavior and data
access patterns
ExfiltrateMovement of data in chunks or
streams to unknown hosts
The anatomy of an Advanced Persistent Threat
Command
& Control (CnC)
Command
& Control (CnC)
1
2
3
4
5
© 2013 IBM Corporation
Initiatives Differentiating Capabilities
1. Identify mission-critical enterprise assets and very sensitive data
Automate the discovery of high value assets: Enterprise Information Security Management (EISM)
2. Build fine-grained perimeters Security Technologies for Converged Infrastructure (Pure Systems) and Software Defined Environments
3. Monitor access paths to high value assets to develop situational awareness and close the loop
Cybersecurity Analytics for Networks, Devices, Usage and Entitlements, Social Networks, Applications and Business Processes
4. End-to-end Security Mobile Security and Data-centric Security for the Contextual Enterprise
5. Secure by Design Fully Homomorphic Encryption, Privacy, and Security Engineering
23
Evolution and Demonstration of Differentiating Capabilities
Enterprise Data Center Network Cloud Operating Environment Smarter Planet
IBM Research’s Cybersecurity Agenda
© 2013 IBM Corporation24
1. Enterprise Information Security Management (EISM)
Identifying very sensitive data in the enterprise
SPISPI Patent
Confidential
Create Taxonomy
based on data business value
Interview subject matter experts
to prioritize data classes
(Semi-) automatically classify
data across all storage
instances
Objective
Apply the same protection level irrespective of the data location
© 2013 IBM Corporation25
3. Cybersecurity Analytics PlatformDash-boarding,
Visualizing and Reporting
Stored Data &Threat ProfilesStreaming Threats
Real-timeSecurity Software
+
10-40-100
Gb/S 100% packet Inspection
Real-time
Analytics
Massive (pbyte)
Scale Analytics Engine
© 2013 IBM Corporation26
Security Analytics is becoming a Big Data problem
© 2013 IBM Corporation27
Monitor system behavior across multiple layers
Real-Time Operation
� Behavior Classification
� Reputation Propagation
� Risk Scoring
� Data Aggregation
Historical Analysis / Model Building
� Predictive Models
� Benign & Malicious
Behavior Models
� Forensic Analysis
Social
User
NetDev
Assets
Fraud
Data in motion
Data
Data at rest
© 2013 IBM Corporation28
5. Secure by Design
Fully homomorphic encryption
• Fully homomorphic encryption is a privacy
enabling technology
• Allows encrypted user data to be processed
without the server knowing or reading the content
• Results returned to authorized user for decryption
• Privacy-enhanced cloud services, privacy
preserving aggregation for smarter planetCraig Gentry
a 35-year-old IBM researcher,
solved this 30-year cryptographic problem
2010 ACM Distinguished Dissertation Award
2010 Best Paper Award – IACR Crypto
2010 Privacy Enhancing Technology Award
2009 Privacy Innovation Award from the Intl. Association of Privacy Professionals
© 2013 IBM Corporation
Customer projects
� Creating an impact for our clients
� Advanced Security Solutions
� First-Of-A-Kind Projects
Collaborative Research
� Collaborating to change the way the world works
� EU FP7 Projects
� Standardization
Academic Research
� Discovering the answers to our greatest challenges
� Security Foundations(Cryptography, Distributed Systems, ,)
IBM Security Research
From theory to practice , or vice versa
29
IBM Research � Impact for IBM’s products and services
