Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | ibmgovernmentca |
View: | 2,665 times |
Download: | 2 times |
© 2013 IBM Corporation
Cyber Security Briefing: Security Trends and Risk Mitigation for the Public Sector
Ottawa – June 12, 2013
© 2013 IBM Corporation 2
IBM Security Systems
Agenda
8:30 am - Registration & Breakfast
9:00 am – Opening Remarks Rodney Helal, Sales Executive, Software, Canadian Federal Accounts
9:15 am - Keynote: Security Trends and Risk Mitigation for the Public Sector Sandy Bird, CTO - Security Division, IBM Canada Ltd.
9:45 am - Application Security for mobile and web applications Patrick Vandenberg, Program Director, IBM Security Segment Marketing
10:15 am - Detect threat and mitigate risk using Security Intelligence Sandy Bird, CTO - Security Division, IBM Canada Ltd.
10:45 am - Investigating, Mitigating, and Preventing Cyber Attacks with Security Analytics and Visualization Orion Suydam, Director of Product Management, 21CT
© 2012 IBM Corporation
IBM Security Systems
3 © 2013 IBM Corporation
IBM X-Force 2012 Annual Trend & Risk Report
Sandy Bird CTO IBM Security Systems
May 2013
© 2013 IBM Corporation
IBM Security Systems
4
Oct 2011 Acquired
Update on IBM Security
Oct Controlling privileged user access
Aug NextGen network security
March Enhanced identity management
May Integration across domains
Jan 2012 Formed IBM Security Systems division
10 Leader in virtually all of the markets we target, according to Gartner, IDC and Forrester
IBM X-Force Award-winning X-Force® security research with one of the industry s largest vulnerability databases
25 New organic product releases in 2012 focused on integrations
15% Year-to-year growth of Security Systems
Market leadership
Enrich capabilities
Jan 2013 Big data security analytics
Mar iOS Mobile App Security
18 Product development labs WW
4 Rank by revenue in security software
© 2013 IBM Corporation
IBM Security Systems
5
Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed
Cloud Computing
Shaping our strategy – the megatrends
Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures
Regulation and Compliance
Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence
Advanced Threats
Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility
Mobile Computing
Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days
Enterprise Customers
GLBA
© 2013 IBM Corporation
IBM Security Systems
6
X-Force is the foundation for advanced security and threat research across the IBM Security Framework
© 2013 IBM Corporation
IBM Security Systems
7
Collaborative IBM teams monitor and analyze the latest threats
20,000+ devices under contract
3,700+ managed clients worldwide
13B+ events managed per day
133 monitored countries (MSS)
1,000+ security related patents
20B analyzed web pages & images
45M spam & phishing attacks
73K documented vulnerabilities
Billions of intrusion attempts daily
Millions of unique malware samples
© 2013 IBM Corporation
IBM Security Systems
8
The Global IBM Security Community
15,000 researchers, developers and subject matter experts working security initiatives worldwide
Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches
© 2012 IBM Corporation
IBM Security Systems
9 IBM Security Systems
What are we seeing?
Annual Trend Report gives an X-Force view of the changing threat landscape
© 2013 IBM Corporation
IBM Security Systems
10
2011: “The year of the targeted attack”
Source: IBM X-Force® Research 2011 Trend and Risk Report
Marketing Services
Online Gaming
Online Gaming
Online Gaming
Online Gaming
Central Government
Gaming
Gaming
Internet Services
Online Gaming
Online Gaming
Online Services
Online Gaming
IT Security
Banking
IT Security
Government Consulting
IT Security
Tele-communic
ations
Enter-tainment
Consumer Electronics
Agriculture Apparel
Insurance
Consulting
Consumer Electronics
Internet Services
Central Govt
Central Govt
Central Govt
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party Software
DDoS
SecureID
Trojan Software
Unknown
Size of circle estimates relative impact of breach in terms of cost to business
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Entertainment
Defense
Defense
Defense
Consumer Electronics
Central Government
Central Government
Central Government
Central Government
Central Government
Central Government
Central Government
Consumer Electronics
National Police
National Police
State Police
State Police
Police
Gaming
Financial Market
Online Services
Consulting
Defense
Heavy Industry
Entertainment
Banking
2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
11
2012: The explosion of breaches continues!
Source: IBM X-Force® Research 2012 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
12
Attacker motivations remain similar, although methods evolve
Many security incidents disclosed in 2012 were carried out by attackers going after a broad target base while using off-the-shelf tools and techniques (top left)
SQL injection and DDoS continue to be tried-and-true methods of attack
Attackers are opportunistic; not all advanced adversaries use exotic malware and zero-day vulnerabilities
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
13
Operational sophistication, not always technical sophistication
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
14
Tried and true techniques - SQL and Command Injection attacks
Dramatic and sustained rise in SQL injection-based traffic
Alerts came from all industry sectors, with a bias toward banking and finance targets
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
15
Tried and true techniques - Distributed Denial of Service (DDoS)
High profile DDoS attacks marked by a significant increase in traffic volume
Implementation of botnets on compromised web servers in high bandwidth data centers
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
16
Tried and true techniques - Spear-phishing using social networks
Threats Operational Security Emerging Trends
Overall spam volume continues to decline, but spam containing malicious attachments is on the rise
Scammers rotate the “carousel” of their targets – focusing on social networks in 2012
© 2013 IBM Corporation
IBM Security Systems
17
Botnet Command & Control Server resiliency
Operational sophistication: When botnet command and control servers are taken down, other readily available networks can be put into action
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
18
Why was Java one of 2012’s hottest software targets?
Threats Operational Security Emerging Trends
1. Java is cross-platform
2. Exploits written for Java vulnerabilities are very reliable and do not need to circumvent mitigations in modern OSes
3. The Java plugin runs without a sandbox – making it easier to install persistent malware on the system
http://java-0day.com/
© 2013 IBM Corporation
IBM Security Systems
19
As a result, exploit authors and toolkits favor Java
Threats Operational Security Emerging Trends
Web browser exploit kits - aka “exploit packs” - are built for one particular purpose: to install malware on end-user systems
In 2012 we observed an upsurge in web browser exploit kit development and activity -the primary target of which are Java vulnerabilities
© 2013 IBM Corporation
IBM Security Systems
20
And more…
Threats Operational Security Emerging Trends
http://www.kahusecurity.com
© 2013 IBM Corporation
IBM Security Systems
21
Blackhole Crimeware
Blackhole Exploit Kit – First appeared in August 2007 – Advertised as a “Systems for Network Testing” – Protects itself with blacklists and integrated antivirus – Comes in Russian or English – Currently the most purchased exploit pack
Flexible Pricing Plan • Purchase
• $1500/annual • $1000/semi-annual • $700/quarterly
• Lease • $50/24 hours • $200/1 week • $300/2 weeks • $400/3 weeks • $500/month
*($35 domain name change fee if necessary)
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
22
Software vulnerabilities - disclosures up in 2012
8,168 publicly disclosed vulnerabilities
An increase of over 14% from 2011
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
23
Public exploit disclosures – not as many “true exploits”
Continued downward trend in percentage of public exploit disclosures to vulnerabilities
Slightly up in actual numbers compared to 2011
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
24
Web application vulnerabilities surge upward
14% increase in web application vulnerabilities
Cross-site scripting represented
53%
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
25
Content Management Systems plug-ins provide soft target
Threats Operational Security Emerging Trends
Attackers know that CMS vendors more readily address and patch their exposures
Compared to smaller organizations and individuals producing the add-ons and plug-ins
© 2013 IBM Corporation
IBM Security Systems
26
Impact on Risk
Risk = Threat x Vulnerability
Risk is growing as threats become more hostile and vulnerabilities continue to grow
Better understanding helps to focus strategies
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
27
Social Media and Intelligence Gathering
50% of all websites connected to social media
Enhanced spear-phishing seemingly originating from trusted friends and co-workers
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
28
Mobile devices should be more secure in 2014
- Separation of Personas & Roles - Ability to Remotely Wipe Data - Biocontextual Authentication - Secure Mobile App Development - Mobile Enterprise App Platform
(MEAP)
Threats Operational Security Emerging Trends
Mobile computing is becoming increasingly secure, based on technical controls occurring with security professionals and software development
© 2013 IBM Corporation
IBM Security Systems
29
What are we seeing? Key Findings from the 2012 Trend Report
Software vulnerability disclosures up in 2012 Web application vulnerabilities surge upward XSS vulnerabilities highest ever seen at 53% Content Management Systems plug-ins provide soft target
Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering
Mobile Security should be more secure than traditional user computing devices by 2014
40% increase in breach events for 2012 Sophistication is not always about technology SQL Injection, DDoS, Phishing activity increased from 2011 Java means to infect as many systems as possible
Threats and Activity
Operational Security
Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
30
Get Engaged with IBM X-Force Research and Development
Follow us at @ibmsecurity and @ibmxforce
Subscribe to X-Force alerts at iss.net/rss.php or X-Force Security Insights blog at www.ibm.com/blogs/xforce
Download IBM X-Force 2012 Annual Trend & Risk Report ibm.com/security/xforce
© 2013 IBM Corporation
IBM Security Systems
31
ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
© 2013 IBM Corporation
IBM Security Systems Application Security Overview
Patrick Vandenberg Program Director, IBM Security Segment Marketing
© 2013 IBM Corporation 33
IBM Security Systems
Securing Applications is a Challenge
Your Application Portfolio Different Types & Sources
Financial
In-house Outsource
HR Logistics Intranet
Legacy Open Src
Your Policies Data Privacy Regulatory Compliance Accountability
Your SDLC Processes
Large and diverse application portfolios
Mobile applications
In-house and outsource development
External & internal regulatory pressure
Pockets of security expertise
Yet another task for developers
Need an efficient, scalable, automated way to develop and deliver secure applications…
© 2013 IBM Corporation 34
IBM Security Systems
X-Force is the foundation for advanced security and threat research across the IBM Security Framework
© 2013 IBM Corporation 35
IBM Security Systems
What are we seeing? Key Findings from the 2012 Trend Report
Software vulnerability disclosures up in 2012 Web application vulnerabilities surge upward XSS vulnerabilities highest ever seen at 53% Content Management Systems plug-ins provide soft target
Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering
Mobile Security should be more secure than traditional user computing devices by 2014
40% increase in breach events for 2012 Sophistication is not always about technology SQL Injection, DDoS, Phishing activity increased from 2011 Java means to infect as many systems as possible
Threats and Activity
Operational Security
Emerging Trends
© 2013 IBM Corporation 36
IBM Security Systems
Tried and true techniques - SQL and Command Injection attacks
Dramatic and sustained rise in SQL injection-based traffic
Alerts came from all industry sectors, with a bias toward banking and finance targets
© 2013 IBM Corporation 37
IBM Security Systems
Web application vulnerabilities surge upward
14% increase in web application vulnerabilities
Cross-site scripting represented
53%
© 2013 IBM Corporation 38
IBM Security Systems
Both Paid and Free Apps are Targeted
Source: Arxan State of Security in the App Economy – 2012
Mobile increases risk of applications as attack vector
© 2013 IBM Corporation 39
IBM Security Systems
SQL injection continues to be one of the most popular points of entry for extracting data from a website
Web app vulnerabilities also allow attackers to inject malicious scripts and files onto legitimate websites
The high rate of vulnerable web applications and their plugins allow attackers to use automated scripts to scan the web for targets
Application Threats
Analyze applications before deployment, to identify security vulnerabilities
Scan applications as early as possible in the development cycle, to reduce costs
Remediate critical vulnerabilities, and validate by re-scanning
Integrate scanning results with intrusion prevention, to block attacks before apps are updated
Continuously monitor database activities to detect suspicious activity and respond in real-time
Detect database vulnerabilities to prevent threats
© 2013 IBM Corporation 40
IBM Security Systems
Adopt a Secure by Design approach to enable you to design, deliver and manage smarter software and services
Build security into your application development process
Efficiently and effectively address security defects before deployment
Collaborate effectively between Security and Development
Provide Management visibility
Deliver New Services Faster
Reduce Costs
Innovate Securely
Proactively address vulnerabilities early in the development process
© 2013 IBM Corporation 41
IBM Security Systems
When it comes to risk, all applications are not created equal
© 2013 IBM Corporation 42
IBM Security Systems
Application Security Testing
• Training – Applications Security & Product ( Instructor led , self paced – classroom & web based) • Test policies, test templates and access control • Dashboards, detailed reports & trending • Manage regulatory requirements such as DIACAP, PCI, GLBA and HIPAA (40+ out-of-the-box compliance reports)
Scanning Techniques
Applications
Governance & Collaboration
Build Systems improve scan
efficiencies Integrated
Audience Development teams Security teams Penetration Testers
CODING BUILD QA SECURITY PRODUCTION
Static analysis (white box)
SDLC
(Rational Build Forge, Rational Team Concert,
Hudson, Maven)
Defect Tracking Systems
track remediation
(Rational Team Concert, Rational ClearQuest,
HP QC, MS Team Foundation Server)
IDEs remediation assistance
(RAD, Rational Team Concert,
Eclipse, Visual Studio
Security Intelligence raise threat level
(SiteProtector, QRadar, Guardium)
Source code vulnerabilities & code quality risks Data & Call Flow analysis tracks tainted data
Dynamic analysis (black box)
Live Web Application Web crawling & Manual testing
Hybrid Glass Box analysis
© 2013 IBM Corporation 43
IBM Security Systems
Finding more vulnerabilities using advanced techniques
Static Analysis - Analyze Source Code - Use during development - Uses Taint Analysis /
Pattern Matching
Dynamic Analysis
- Correlate Dynamic and Static results
- Assists remediation by identification of line of code
Hybrid Analysis
43
- Analyze Live Web Application - Use during testing - Uses HTTP tampering
Client-Side Analysis - Analyze downloaded Javascript
code which runs in client - Unique in the industry
Run-Time Analysis - Combines Dynamic Analysis with
run-time agent - More results, better accuracy
© 2013 IBM Corporation 44
IBM Security Systems
Bridging the Security/Development gap
Dashboard of application risk
Enable compliance with regulation-specific reporting
Security experts establish security testing policies
Development teams test early in the cycle Treat vulnerabilities as development
defects
“… we wanted to go to a multiuser web-based solution that enabled us to do concurrent scans and provide our customers with a web-based portal for accessing and sharing information on identified issues.”
Alex Jalso, Asst Dir, Office of InfoSecurity, WVU
Provide Management Visibility Break down organizational silos
Architect
Developer
Quality Professional
Security Auditor
Enables Collaboration
© 2013 IBM Corporation 45
IBM Security Systems
Reducing Costs Through a Secure by Design Approach
Find during Development $80 / defect
*$8,000 / application
Find during Build
$240 / defect
*$24,000 / application
Find during QA/Test
$960 / defect
*$96,000 / application
Find in Production
$7,600 / defect
*$760,000 / application
80% of development costs are spent identifying and
correcting defects!***
** Source: Ponemon Institute 2009-10 *** Source: National Institute of Standards and Technology
Average Cost of a Data Breach $7.2M** from law suits, loss of customer
trust, damage to brand
*Based on X-Force analysis of 100 vulnerabilities per application
© 2013 IBM Corporation 46
IBM Security Systems
Server Side LogicSAST (source code) DAST (web interfaces)
Mobile Web Apps
JavaScript / HTML5 hybrid analysis
Native AppsAndroid applications
iOS applications
JavaScript
Static Analysis
N EW Static Analysis
IMPROVED Static Analysis
AppScan Mobile Support: Server and Native
© 2013 IBM Corporation 47
IBM Security Systems
Support for Native iOS apps Mac OS platform support
Security SDK research & risk assessment of over 20k iOS APIs
Xcode interoperability & build automation support Full call and data flow analysis of
Objective-C JavaScript Java
Identify where sensitive data is being leaked
AppScan Source V8.7 – What’s New
IBM formally launched a major initiative to help tighten the security of mobile apps developed for business use on iPhones handsets. -- USA Today
AppScan provides developers with an unmatched view into where vulnerabilities appear in their mobile apps due its deep cognizance of platform APIs. -- eWeek
The real power of AppScan arises from how it performs vulnerability analysis - by using the full trace technique. -- SecurityWeek
iPhone users will benefit from the IBM AppScan update. -- IT PRO
© 2013 IBM Corporation 48
IBM Security Systems
AppScan Components
© 2012 IBM Corporation
IBM Security Systems Using Big Data and Analytics to Think Like an Attacker Sandy Bird, CTO IBM Security Systems
50 50
Now, for something you’ve never seen before
51
52 52
53 53
54 54
55 55
56 56
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected
objects
Innovative technology changes everything
57 57
Attacker motivations are rapidly escalating
National Security
Nation-state actors Stuxnet
Espionage, Activism
Sponsored groups and Hacktivists Aurora
Monetary Gain
Organized crime Zeus
Revenge, Curiosity
Insiders and Script-kiddies Code Red
58 58
Organized groups are using multiple techniques
Using social networking and social engineering to perform reconnaissance on spear-phishing targets, leading to compromised hosts and accounts
Infiltrating a trusted partner and then loading malware onto the target’s network
Creating designer malware tailored to only infect the target organization, preventing positive identification by security vendors
Exploiting zero-day vulnerabilities to gain access to data, applications, systems, and endpoints
Communicating over accepted channels such as port 80 to exfiltrate data from the organization
59 59
dogpile.com kewww.com.cn ynnsuue.com wpoellk.com moveinent.com moptesoft.com varygas.com earexcept.com fullrow.com colonytop.com
117.0.178.252 83.14.12.218 94.23.71.55 103.23.244.254 62.28.6.52 202.231.248.207 175.106.81.66 217.112.94.236 119.252.46.32 180.214.243.243
c69d172078b439545dfff28f3d3aacc1 51e65e6c798b03452ef7ae3d03343d8f 6bb6b9ce713a00d3773cfcecef515e02 c5907f5e2b715bb66b7d4b87ba6e91e7 bf30759c3b0e482813f0d1c324698ae8 6391908ec103847c69646dcbc667df42 23c4dc14d14c5d54e14ea38db2da7115 208066ea6c0c4e875d777276a111543e 00b3bd8d75afd437c1939d8617edc22f 01e22cce71206cf01f9e863dcbf0fd3f
ynnsuue.com
117.0.178.252 51e65e6c798b03452ef7ae3d03343d8f 6bb6b9ce713a00d3773cfcecef515e02
Permutations of malicious identifiers are limitless
60 60
61
Image retrieved from http://melroseedcd.com/?p=1
62 62
A change in mindset is already happening
63 63
By monitoring for subtle indicators across all fronts
Break-in Spoofed email with malicious file attachment sent to users
Command & Control (CnC)
Latch-on Anomalous system behavior and network communications
Expand Device contacting internal hosts in strange patterns
Gather Abnormal user behavior and data access patterns
Command & Control (CnC)
Exfiltrate Movement of data in chunks or streams to unknown hosts
64 64
Big Data Analytics
Traditional Security Operations and Technology
65
66 66
Security Intelligence Platform
Real-time Processing • Real-time data correlation
• Anomaly detection • Event and flow normalization
• Security context & enrichment • Distributed architecture
Security Operations • Pre-defined rules and reports
• Offense scoring & prioritization • Activity and event graphing
• Compliance reporting • Workflow management
Big Data Warehouse • Long-term, multi-PB storage • Unstructured and structured
• Distributed infrastructure • Preservation of raw data • Hadoop-based backend
Big Data Platform
Analytics and Forensics • Advanced visuals and interaction
• Predictive & decision modeling • Ad hoc queries
• Spreadsheet UI for analysts • Collaborative sharing tools
• Pluggable UI
Complementary analytics and workflow from IBM
IBM Security
Intelligence with
Big Data
67 67
QRadar leverages Big Data to identify security threats
Appliances with massive scale
Intelligent data policy management
Payload indexing leveraging a purpose-built data store
Advanced threat visualization and impact analysis
Google-like search of large data sets
Enrichment with X-Force and external intelligence
68 68
Example QRadar uses cases
Irrefutable Botnet Communication Layer 7 flow data shows botnet command and control instructions
Improved Breach Detection360-degree visibility helps distinguish true breaches from benign activity, in real-time
Network Traffic Doesn’t Lie Attackers can stop logging and erase their tracks, but can’t cut off the network (flow data)
69 69
Extending Security Intelligence with additional Big Data analytics capabilities
1. Analyze a variety of non-traditional and unstructured datasets
2. Significantly increase the volume of data stored for forensics and historic analysis
3. Visualize and query data in new ways
4. Integrate with my current operations
IBM Security QRadar • Data collection and
enrichment • Event correlation • Real-time analytics • Offense prioritization
Advanced Threat Detection
Traditional data sources
Security Intelligence Platform
70 70
By integrating QRadar with IBM’s Enterprise Hadoop-based offering
Real-time Streaming
Insights
IBM Security QRadar • Hadoop-based • Enterprise-grade • Any data / volume • Data mining • Ad hoc analytics
• Data collection and enrichment
• Event correlation • Real-time analytics • Offense prioritization
Big Data Platform
Custom Analytics
Traditional data sources
IBM InfoSphere BigInsights
Non-traditional
Security Intelligence Platform
Advanced Threat Detection
71 71
72
ATTACKER
User receives risky email from personal social network
TARGET
Drive-by exploit is used to install malware on target PC
User is redirected to a malicious website
73 73
Using Big Data to mine for trends within email
Use BigInsights to identify phishing targets and redirects
Build visualizations, such as heat maps, to view top targets
74 74
Loading phishing data and corresponding redirects to QRadar
75
ATTACKER
Attacker registers or acquires a domain Compromised hosts
“phone home” to attacker C&C servers
Attacker changes the location of servers, but domains stay the same
Internal attacks lead to more infections
Hosts and servers phone home and exfiltrate data
76 76
Analyze historical DNS activity within organization
77 77
Automate correlation against DNS registries
78 78
Advanced analytics identify suspicious domains
Why only a few hits across the entire organization to these domains?
Correlating to public DNS registry information increases suspicions
79 79
Importing results to QRadar for real-time analysis
Correlate against network activity and visualize
View real-time data and look for active connections
80 80
1 IBM QRadar Security Intelligence unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and risk related data
2 IBM Big Data Platform (Streams, Big Insights, Netezza) addresses the speed and flexibility required for customized data exploration, discovery and unstructured analysis
3 IBM i2 Analyst Notebook helps analysts investigate fraud by discovering patterns and trends across volumes of data
4 IBM SPSS unified product family to help capture, predict, discover trends, and automatically deliver high-volume, optimized decisions
Additional IBM analytics capabilities for security
81
1. Traditional defenses are insufficient
2. Security has become a Big Data problem
3. Security Intelligence is a Big Data solution
4. New analysis can lead to new insights
© 2013 IBM Corporation 82
IBM Security Systems
IBM Contacts
Rodney Helal, Software Sales Manager, Canadian Federal Government Accounts – Phone: 613-222-6691 / e-mail: [email protected]
Eliane Guindon, IBM Security Systems Account Manager – Phone: 613-249-2284 / Mobile 613-292-0125 / e-mail: [email protected]
Anita Bowness, Software Client Lead, Canadian Federal Government – Phone: 613-249-2099 / e-mail: [email protected]
© 2013 IBM Corporation 83
IBM Security Systems
ibm.com/security