© 2014 IBM Corporation
2
Agenda
• Cloud security: Le sfide attuali
• L’approccio IBM
• Perché IBM ?
• Questions & Answers
© 2014 IBM Corporation
4
Cyber security – I nuovi scenari
data theft and cybercrime are the
greatest threats to their reputation
of organizations say
us$5.9million
2013 Cost of Cyber Crime Study Ponemon Institute
2012 IBM Global Reputational Risk & IT Study
Average cost of a U.S.
security breach
Sophisticated attackers break through conventional safeguards every day
Cloud, mobile, social and big data drive unprecedented change
Yesterday’s security practices are unsustainable
2013 IBM CISO Survey
Of security executives
have cloud and mobile security
concerns
614%
2013 Juniper Mobile Threat Report
Mobile malware grew
in just one year
83%
of enterprises have
difficulty finding the security
skills they need
Security tools from
vendors
85
45IBM client example
2012 ESG Research
© 2014 IBM Corporation
5
Attacchi sempre più sofisticati. . .
Near Daily Leaks of Sensitive Data
40% increase in reported data
breaches and incidents
Relentless Use of Multiple Methods
500,000,000+ records were leaked, while the future
shows no sign of change
2011 2012 2013
Note: Size of circle estimates relative impact of incident in terms of cost to business.
SQL injection
Spear phishing
DDoS Third-party software
Physical access
Malware XSS Watering hole
Undisclosed
Attack types
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
© 2014 IBM Corporation
6
Threats & Vulnerabilities
� Placement (co-tenancy) –exposure to data breach/loss
� Cloud resource exhaustion or unavailability – outages
� Configuration
� Malicious insider
� New business opportunities for bad guys
� Software vulnerabilities
. . . E il cloud non è immune
© 2014 IBM Corporation
7
Le sfide dei risk e security leader. . .
We can’t afford the business risk of
adopting Cloud solutions without
some kind of assurance that they
will be secure!
We need to be protected from
advance threats, both physical
and virtual, whether they are in the
public cloud or part of our cloud.
With the serious shortage of security
skills in the job market, how can we
discover and be aware of the dangers in
cloud technology and, what can we do
to reduce the risk/impact?
We have to meet regulatory compliance
and audit goals both in our own IT
environments and also in all the cloud
solutions we develop.
“ ““ “ “ “
“
“
© 2014 IBM Corporation
8
L’approccio corretto deve essere:
Comprehensive – spanning all aspects
of technology, process and people
Proactive – discover vulnerabilities and strive
to remediate and mitigate ahead of the
threat
Intelligent – driven by integrating security
data, threat intelligence and analysis
Robust – managed 24 x 7 by qualified experts
© 2014 IBM Corporation
9
Tipica architettura ibrida
Current Data Center
Softlayer
Amazon/Microsoft/GoogleVirtual Private Computing
Hybrid Monitoring and Intelligence
Public Cloud SaaS
© 2014 IBM Corporation
11
SoftLayer e MSS forniscono soluzioni di security per ognitipologia di cliente
SoftLayer Security Features & Options
� Physical DC Security
� Logical Segregation
� GeoTrust SSL Certificates
� Two-Factor Authentication
for Portal Administrators
� McAfee Host Protection
IBM MSS - Fully Managed Cloud Security Services� Hosted Web Defense
(DDoS+WAF)
� Hosted Application Security
Management Services
� Hosted Security Event and Log
Management
� Hosted Vulnerability Management
� Managed FW, IDPS and UTM
� Managed Email and Web Security
Comprehensive security for IT assets deployed in
SoftLayer
VALUE
© 2014 IBM Corporation
12
IBM Managed Security Services per il Cloud
Protecting the cloud data center, and next-gen business and application platforms
IBM Managed Security Services
Software as a Service
� Hosted Application Security Management (AppScan)
� Managed Web Defense (Akamai)
� Web Content Protection (bluecoat)
� Email Security (proofpoint)
Platform as a Service
� Managed Identity and Access Services
� Data security (Guardium)
Infrastructure as a Service
� Managed firewall, intrusion detection & prevention
� Hosted security event and log management
� Hosted vulnerability management
� Managed SIEM
� Managed HIDS
“Bare Metal”Public
Private
© 2014 IBM Corporation
13
Control
SoftLayer Transparency
With other cloud providers,you may only know:
� Zone
� Maybe the data center
With SoftLayer,
you know:
� Data center
� Pod
� Rack
� Rack unit
� Power port
� Network port
� Server
� NIC controllers
� Firmware
� Serial numbers
Plus
� Audit trail of all actions and
access to resources
The resulting
visibility means
you can have more
control over your
application and its
performance—as
well as security
and compliance
management
© 2014 IBM Corporation
14
SDLC, binary analysis, scanners,
webapp firewalls, transactional sec.
DLP, CMR, database activity monitoring, encryption
GRC, IAM, VA/VM, patch management, configuration management, monitoring
NIDS/NIPS, firewalls, DPI, anti-DDoS, QoS, DNSSEC, OAuth
Hardware & Software RoT & API’s
Host-based firewalls, HIDS/HIPS, integrity & file/log management, encryption, masking
Physical plant security, CCTV, guards
� Firewalls� Code review� WAF� Encryption� Unique user IDs� Anti-virus� Monitoring/IDS/IPS� Patch/vulnerability management� Physical access control� Two-factor authentication
Source: The Cloud Security Alliance
Example: PCI Compliance
© 2014 IBM Corporation
15
Benefit
� Fully integrated into SoftLayer
� Covers both virtual and bare metal
environments
� Provides managed security and
proactive threat monitoring and
mitigation for cloud workloads
� Compliance – SELM helps meet
compliance log storage needs
Managed Security
Services
IBM MSS – Threat mitigation
© 2014 IBM Corporation
16
IBM MSS – Vulnerability scanning
e application testing
� Fully managed scanning and testing
services
� Access to SME expertise – help
remediate infrastructure and
application vulnerabilities in the
cloud
Benefit
Managed Security
Services
© 2014 IBM Corporation
17
Email Security, Privacy e Compliance
**No appliance required for protection or privacy services
Proofpoint /IBM
Co-branded Web
Portal
Cloud Email Security Services
�Protection for inbound customer
email (security threats)
�Privacy for outbound customer email
(data loss)
�Compliance for encryption
and archival of email
Email Servers hosted in
SoftLayer
MX Record points to IBM Cloud
Email Security Services
Customer Location(s)
© 2014 IBM Corporation
19
IBM Security Services & Akamai Kona: Anti DDoS multi-
layered security solution
The Akamai Kona platform is a leading Internet cloud platform
that can enable security-rich, high-performing user experiences on
virtually any device, anytime and anywhere.
Resulting in traffic of:
� 500 billion hits per day
� 19-plus million hits per second
� 100 million page views per second
� 1,000,000-plus concurrent streams
� 6-plus terabits per second average
� Approximately 23 percent of all web traffic
Source: Based on data provided by Akamai Cloud Services.
© 2014 IBM Corporation
20
Esempio: Il traffico di attacco viene deviato
With Akamai’s Kona Site Defender
�SoftLayer origin servers are “cloaked”
�Attackers are blocked, AWAY from the
origin SoftLayer infrastructure
Result
�Sustained performance and availability
Benefit
� Protect websites and web
applications on SoftLayer from DDoS
attacks
� Maintain website availability and
performance during DDoS attacks
� Reduce risk of breach with high
performance web application
firewall
Akamai Intelligent Platform
�100,000-plus servers
�1,900-plus data centers
�1,000-plus ISPs1
�800-plus cities
1Internet Service Providers (ISPs)
© 2014 IBM Corporation
21
IBM Virtual Security Operations Center (vSOC)
Virtual-SOC portalVirtual Security Operations
Center (V-SOC)
1Intrusion detection system and intrusion prevent system (IDS and IPS)
� Enables companies to see the global state of their cloud security around the clock
� Provides near-continuous threat profile, security posture and attack status, everywhere
� Provides more robust query tools for custom searches
Anti Virus and filtering
Vulnerability
Networking devices
Applications
Firewalls and
IDS and IPS1
© 2014 IBM Corporation
22
Esempio: Virtual Security Operations Center (vSOC) Portal
� Dashboards
� Interaction with SOC
Analysts
� Event Details
� Investigation Tools
� Reports
22
© 2014 IBM Corporation
24
Security intelligence con una visione globale delle
minacce
Coverage
20,000+ devices under
contract
3,700+ managed clients
worldwide
13B+ events managed per
day
133 monitored countries
(MSS)
1,000+ security related
patents
Depth
14B analyzed web pages &
images
40M spam & phishing
attacks
64K documented
vulnerabilities
Billions of intrusion
attempts daily
Millions of unique malware
samples
You benefit from everything we learn world wide…
Security Operations Center - Background
© 2014 IBM Corporation
25
10 Security Operations Centers e 9 Security
Research Centers
The world is our test lab...
Security Operations Center – Background (cont.)
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only,
and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or
otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or
representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in
which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion
based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,
the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other
countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.