© 2013 IBM Corporation
Mobily and IBMManaged Security Solutions
Tamer Aboualy, Ph.D.CTO, Security ServicesGTS Middle East and AfricaIBM
Ahmed Abdel HamidSecurity ServicesIBM Saudi Arabia
© 2013 IBM Corporation2
Introduction: Dr. Tamer Aboualy
QualificationsOver 18 years of experience in IT and Security.Previously was IBM Canada’s Security Services CTO. Responsibilities included:
• Security executives managing security at Canada’s largest governments, financial institutions, telecommunication companies, and more.
• Canada’s security architecture, strategy, and vision.
• Implementations, transitions, & operations• Innovation and applied security research.• Security Operations Center (SOC) executive sponsor and
leadExecutive sponsor and lead for MEA Security Operations Center (SOC)
Executive security sponsor for managed security services to government, financial institutions, telecommunications, energy (Oil and Gas) and othersWealth of applied knowledge in information assurance, compliance, security architectures and cryptography.Various security patents (Intrusion protection, cloud security, others) Expert speaker at security conferences (ISACA, GOVTECH, VISA, CLOUD, IDC Canadian Bankers Association, and many others).Education:
• Bachelors of Information Systems (Ryerson University Toronto Canada)
• Masters of Science in Telecommunications and Networks (Syracuse University, New York, USA)
• Ph.D. in Information Systems (Nova Southeaster University, Florida, USA)
Current Focus: CTO for MEA Security Services
Tamer Aboualy, Ph.D
CTO, IBM Security Services
Africa & Middle East
© 2013 IBM Corporation3
Agenda
• The Evolving Threat Landscape
• Managed Security Solutions (MSS)
• MSS Offerings Portfolio
© 2013 IBM Corporation4
Security Today
The Evolving Threat Landscape
© 2013 IBM Corporation5
IT Security has become a routine Board Room discussion
*Sources for all breaches shown in speaker notes
Business
Results
Systems
Availability
Legal
ExposurePersonal
Harm
Audit
Risk
Brand
Image
© 2013 IBM Corporation6
Motivations and sophistication are rapidly evolving
Adversary
JK
20
12
-04
-26
Espionage,Political Activism
Monetary Gain
Revenge
Curiosity
National Security
1995 – 2005
1st Decade of the
Commercial Internet
2005 – 2015
2nd Decade of the
Commercial InternetMotive
Script-kiddies or hackers
Insiders, using inside information
Organized criminals with sophisticated tools
Competitors, hacktivists
Nation-state actors
© 2013 IBM Corporation7
The new security landscape - Sophisticated attackers are a primary concern
Threat Profile TypeShare
of IncidentsAttack Type
Advanced
threat / mercenary
�National governments
�Terrorist cells
�Crime Cartels
23%
� Espionage
� Intellectual property theft
� Systems disruption
� Financial Crime
Malicious Insiders
�Employees
�Contractors
�Outsourcers
15%
� Financial Crime
� Intellectual Property Theft
� Unauthorized Access/
Hacktivist �Social Activists 7%
� Systems disruption
� Web defacement
� Information Disclosure
Opportunist
�Worm and virus writers
� “Script Kiddies”
49%
� Malware propagation
� Unauthorized Access
� Web defacement
Po
ten
tia
l Im
pac
t
Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure
Protection Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, September 2012
© 2013 IBM Corporation8
Each WeekEach Week The Average Company The Average Company
Experiences Experiences 2.6M2.6M Security AttacksSecurity Attacks
IBM Cybersecurity Intelligence & Response Team, Q4’ 2012 Scorecard
Which Result in approximately Which Result in approximately
6060 Security IncidentsSecurity Incidents
Companies with Mature Cyber Companies with Mature Cyber
Security Programs have Security Programs have 90% fewer 90% fewer
incidents incidents and are better prepared and are better prepared
to respond to those that do occur to respond to those that do occur
more effectivelymore effectively
IBM Cyber Intelligence Update
© 2013 IBM Corporation9
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: www.ibm.com/security
IBM X-Force Intelligence Report
© 2013 IBM Corporation10
The year of the Security Breach
- Pg 27. SQL Injection is specially formatted statements to manipulate underlining web app.-15 days after Sony announced fixed their breach, Lulsecposted 150K customer account details!- Typically used first to understand DB schema, then used to retrieve data. 2008 we seen first newer attack. Attackers wouldinject script and gain root access
When was the last time you checked
your web application?
-Pg 17. Anonymous and Lulsec were major players in the SQL tactics.-Most activity from automated scanners like LizaMoon
© 2013 IBM Corporation11
Saudi Arabia is the MOST SPAM’d Country!
© 2013 IBM Corporation12
Source: www.microsoft.com/sir
Microsoft Regional Security Intelligence Report
Security Landscape in the KingdomKSA double the global average of infected computers!
© 2013 IBM Corporation13
Catagories of Unwanted Software (malware) in Saudi Arabia
Source: www.microsoft.com/sir
Microsoft Regional Security Intelligence Report
© 2013 IBM Corporation14
Security challenges are complex and require a high level of expertise and innovation to protect against today’s threats
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
PeopleHackers Suppliers
Consultants Outsourcers
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems
Applications
Nation States
& Terrorists
Structured In motion
Customers
Mobile Applications
© 2013 IBM Corporation15
The skills shortage for security practitioners leave clients seeking a trusted partner to provide managed security solutions
81% of chief information security officer functions are re-organizing or
have been re-organized within the last six months.
Corporate Executive Board, IREC Study, July 2012
are unable to
find people with
the right skills
complain of the
inability to measure
the effectiveness
of their current
security efforts
struggle with
an understaffed
IT team
© 2013 IBM Corporation16
Clients can be confident knowing that IBM Security Services are backed by IBM’s strong market leadership and analyst recognition
IBM Security Consulting ServicesIBM Managed Security Services
“IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a
high-quality vendor that can do it all and manage it afterwards should consider IBM.”
Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012
Full report can be accessed at http://www.ibm.com
© 2013 IBM Corporation17
Security Strategy, Risk and Compliance
Cyb
ers
ecu
rityA
ssessm
en
t an
d
Resp
on
se
Security Operations Optimization
Infrastructure and Endpoint
Security
Identity and Access
Management
Data and Application
Security
Managed Security
IBM has a broad base of consulting services to provide end to end solutions. Partnered with Mobily we offer unparalleled Managed Services and Security Intelligence.
9
Managed Services
Security Consulting &
Professional Services
Expertise Intelligence Integration
•Globally available managed security services platform
•Manage security operations, detect and respond to emerging risk
•6000+ Security Consultants & Architects
•Assess security risk and compliance, evolve security program
© 2013 IBM Corporation18
IBM Managed Security Solutions provided through Mobily provide local
capability while benefiting from unmatched global security coverage
6,000 researchers, developers and subject matter experts
working security initiatives worldwide
• 11 Security Operations Centers• 3,700+ MSS clients worldwide• 20,000+ security devices
• 15B+ security events daily
• Recording over 30k incident daily• Monitoring in 133 countries• Using a grid of 725+ systems
• Maintaining 99.9+% availability
MSS Global Facts and Figures
• Fully redundant services• BC/DRP test performed annually
• SSAE-16, PCI, FFIEC, ITCS-104
BCP/DRP & Compliance
• Forrester Wave• Gartner Magic Quadrant• Frost & Sullivan
Market Leadership
• MSS business founded 1995• Employee tenure average 4.5 yrs• Embedded X-Force intelligence
Experience & Expertise
Riyadh, KSA
© 2013 IBM Corporation19
Protecting Our Clients
Managed Security Solutions
© 2013 IBM Corporation20
Security Strategy, Risk and Compliance
Cyb
ers
ecu
rityA
ssessm
en
t an
d
Resp
on
se
Security Operations Optimization
Infrastructure and Endpoint
Security
Identity and Access
Management
Data and Application
Security
Managed Security
IBM has a broad base of consulting services to provide end to end solutions. Partnered with Mobily we offer unparalleled Managed Services and Security Intelligence.
9
Managed Services
Security Consulting &
Professional Services
Expertise Intelligence Integration
•Globally available managed security services platform
•Manage security operations, detect and respond to emerging risk
•6000+ Security Consultants & Architects
•Assess security risk and compliance, evolve security program
Mobily Standard Security Portfolio
© 2013 IBM Corporation21
Our capabilities cover the wide range of specialized security functions
Security Analysis
Key Functions
•Threat Intelligence Gathering•Event and Vulnerability Analysis
•Impact Analysis
•Incident Management
•Investigations
•Enforcement Optimization•Risk Assessments, Briefings,
and Advisories
Security Operations
Key Functions
•Security Monitoring
•Incident Monitoring & Escalation
•Security Application Management
•Configuration Management•Policy Management
Security Intelligence Platform
Key Functions
•Aggregate Security Event/Log Data •Correlation, Rules & Feeds
© 2013 IBM Corporation22
Managed Security Solutions portfolio can address a wide variety of challenges and business requirements
Managed Security
Services (Cloud)
� Hosted security event and log
management services
� Hosted vulnerability management services
� Hosted IBM X-Force threat analysis service
� Managed firewall services
� Managed and monitored IPS
and IDS services
� Managed and monitored UTM services
Managed Security
Services (CPE)
Multiple device types and
vendors supported
IPS: Intrusion Protection SystemIDS: Intrusion Detection SystemUTM: Unified Threat Management
Security
Requirements
© 2013 IBM Corporation23
IBM’s Managed Security Services for Firewall, IPS and UTM are designed to reduce the operational overhead associated with the day to day management of core security technologies that provide the foundational
elements for an organization’s overall security posture. These offerings combine management, monitoring, and maintenance across a variety of leading technologies and service levels.
Customer Pain Points
� Multiple technologies create a challenge for skills management
� Proper security administration requires round the clock support,
� Compliance mandates competency beyond that of many organizations
� Security teams are needed for more strategic activities but security technologies remain complex and cumbersome to implement.
Managed Network Security Services: Firewall, IDPS, UTM
Key Features
Support for market leading technologiesCheckpoint, Cisco, IBM, Juniper, McAfee, Tipping Point, Sourcefire, Palo Alto, etc.
Support for comprehensive product featuresMost major product features are supported: Virtualization, multiple policies, traffic shaping, content security, custom signatures, etc.
Industry leading service level agreementsService level agreements that set the benchmark for the industry including incident response, change management, system monitoring, portal availability, content updates, etc.
Two offering packages to ensure flexibilityThe offerings are designed to meet the needs of less demanding to the most mission critical of environments.
Integrated service views via the IBM Virtual SOCIBM’s proprietary web based interface ensures real-time on-demand access to the latest service information including alerts, advisories, system configuration, and comprehensive workflow and reporting capability.
Faster time to deploy and reduced operational overhead within multi-vendor environments.
Provides 24x7 support for round the clock monitoring, response, and management.
Solution Overview
© 2013 IBM Corporation24
Cloud Security Services: IBM X-Force Threat Analysis Service
Solution Overview
IBM Security Services' X-FORCE Threat Analysis Service (XFTAS)
is a security intelligence service that delivers customized information about a wide array of threats that could affect your
network security. XFTAS helps you proactively protect your
networks with detailed analyses of global online threat conditions.
� A single source for up-to-the minute, customized security
information
� Expert analysis and correlation of global security threats
� Actionable data and recommendations that help you maintain
your network security
� Easily accessed 24x7x365 through the VSOC Portal
� Partner with a trusted security advisor
UniqueValue
The IBM X-FORCE Threat Analysis Service combines high-quality, real-time threat
information from an international network of Security Operations Centers with security intelligence from the X-Force research and development team to develop
comprehensive evaluations and recommendations suited to your business.
© 2013 IBM Corporation25
Cloud Security Services: Security Event and Log Management
Solution OverviewThe Security Event and Log Management Service (SELM)
enables compilation of the event and log files from network
applications, operating systems, and security technologies into
one seamless platform. The SELM offering allows for automated analysis of IPS data as well as robust query and
research capabilities against a variety of disparate log types.
Customer Pain Points
� Information and event management solutions can be overly complex
� SIM implementation can take months and hundreds of thousands of dollars
� Many solutions struggle to scale when real-time analysis is required
� Reporting requirements are often not met by off-the-shelf solutions
Improved time to value by leveraging an on-demand cloud- based platform versus cumbersome CPE deployment options.
Quickly analyze data from multiple geographies and technologies via a single web-accessible interface.
Cloud-based deployment allows for seamless off-site storage of critical log data.
Optional outsourcing of event monitoring activity to IBM experts on a shift-by-shift basis!
Key Features
Two tiers of service SELM is available in Standard and Select service levels, allowing for varying degrees of analysis and analytics to be applied to varying data types.
Integrated workflow and analysis capabilitiesWith SELM’s integrated workflow and analysis capabilities, security issues can be investigated, escalated, and recorded using IBM’s web-based tools.
Seamless blending of MSS and non-MSS dataSELM allows for data of managed and unmanaged devices to be stored in the same systems and seamlessly interacted with as though all data is part of a common data set.
Custom log parser and correlation engineEasily use regular expressions to add support for custom log sources and correlation rules. Unique IBM functionality!
Forensically sound storage and archivalSELM employs best practice processes for data in motion and at rest as suggested by IBM’s own Emergency Response Services team.
© 2013 IBM Corporation26
Cloud Security Services– Hosted Vulnerability Management overview
Solution OverviewOffers network-based vulnerability assessment from the cloud
via the VSOC web portal. Scans can be configured and
scheduled via the web, with scanning performed from the cloud
or via IBM managed scanners at the customer premises.
Results are archived in the cloud and accompanied by reporting, workflow, and remediation capabilities.
Customer Pain Points
� Vulnerabilities allowing hackers easy access to client systems
� Proper assessment and remediation are required for compliance initiatives
� Today’s solutions are difficult to use and manage
� Customers can’t prioritize remediation efforts for identified vulnerabilities
Faster time to deploy and more accurate detection of vulnerabilities, helping customers identify risks and ultimately improve their security posture
More efficient end-to-end process for remediating vulnerabilities, and better tracking for compliance purposes
Streamlined SaaS delivery model gives customers full control without the expense and distraction of owning and managing scanning infrastructure
Core Capabilities
Vulnerability managementAgentless scanning from both inside and outside the firewall to find exposures.
Remediation guidance and workflow Fix vulnerabilities quickly and easily with the information provided in remediation reports.
PCI compliance assistanceIBM can serve as an approved scanning vendor (ASV) in support of PCI compliance initiatives.
Intelligent scanningDelivers accurate scanning results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positivesmean less time spent tracking down “potential”vulnerabilities.
Web application vulnerability detectionIdentifies SQL injection, cross-site scripting, and other high-risk vulnerabilities in web applications.
Database vulnerability detection Identifies vulnerabilities in common databases and database configurations.
© 2013 IBM Corporation27
Mobily clients have full visibility into work being performed throughthe Virtual Security Operations Center portal (V-SOC)
Firewalls and IDS and IPS1
Applications
Networking devices
Vulnerability
Aggregation
Aggregation
Correlation
Archival
Reporting
Workflow
Virtual-SOC technology platform
Security Operations
Center (SOC)
NormalizeAggregateCorrelate
ArchiveEscalateRemediate
Internet
Virtual-SOC portal
Virtual Security Operations Center (V-SOC)
Anti Virus and filtering
© 2013 IBM Corporation28
Mobily-IBM Managed Security Services Customer Portal
Thank You
MerciGrazie
Gracias
Obrigado
Danke
Japanese
French
Russian
German
Italian
Spanish
Portuguese
Arabic
Swahili
Simplified Chinese
Hindi
Slovenian
Thai
Korean
KöszönömHungarian
TackSwedish
DankieAfrikaans
ευχαριστώ
Спасибо
Greek
Hvala
Asante sana