Threats in the Digital AgeMartin BorrettDirector of the IBM Institute for Advanced Security Europe
© 2012 IBM Corporation
Optimizing the World’s InfrastructureOctober 2012 , Moscow
1
2
IBM’s Definition of Cyber Security
•Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
3
The planet is getting more instrumented, interconnected, and intelligent creating new Cyber Security challenges
SmartSupply Chains
SmartCountries
SmartRetail
Smart WaterManagement
SmartWeather
SmartEnergy Grids
Smart Oil FieldTechnologies
SmartRegions
SmartHealthcare
Smart TrafficSystems
SmartCities
SmartFood Systems
INSTRUMENTED INTERCONNECTED INTELLIGENT
4
Threats becoming increasingly sophisticated
1. Reconnaissance
2. Initial Infection
3. Lateral Expansion
4. Subversion of Mission Critical Assets, Exfiltration of Very Sensitive Data
5. Clean up
Advanced Persistent Threat (APT)Lifecycle
Recent Cyber Security Attacks Implications Given the sophistication of the
attacks, all 5 phases of APT are relevant from a defence perspective and offer opportunities to detect an attack; the earlier an APT is detected, the better
Persistence of APT requires continuous monitoring of critical assets in order to detect deviations from normal behaviour
Fine-grained, multi-tier containment (“defence in depth”) is key; network boundaries as well as critical assets within the network have to be protected
Aurora Stuxnet
5
Expertise: Unmatched global coverage and security awareness
20,000+ devices under contract 4,000+ MSS clients worldwide 13B+ events managed per day 3,000+ security patents 133 monitored countries (MSS)
20,000+ devices under contract 4,000+ MSS clients worldwide 13B+ events managed per day 3,000+ security patents 133 monitored countries (MSS)
World Wide Managed Security Services Coverage
Security Operations Centers
Security Research Centers
Security Solution Development Centers
Institute for Advanced Security Branches
IBM Research
6
Use the IBM Cyber Security Lifecycle to detect and respond at a faster pace than attackers
• Layers• Risk
– Balance threat and response
• Service management– Process
• Technology– Security, network,
systems
Maturity
Threat Tempo
Response Tempo
Understand and baseline the IT and security landscape
IBM Cloud SecuritySecuring the cloud with intelligence, visibility and control
© 2012 IBM Corporation
8
Minimizing the risks of cloud computing requires a strategic approachDefine a cloud strategy with security in mind
Identify the different workloads and how they need to interact. Which models are appropriate based on their security and trust requirements and the
systems they need to interface to?
Identify the security measures needed Using a methodology such as the IBM Security Framework allows teams to measure what is
needed in areas such as governance, architecture, applications and assurance.
Enabling security for the cloud Define the upfront set of assurance measures that must be taken. Assess that the applications, infrastructure and other elements meet the security
requirements, as well as operational security measures.
9
Our focus is in two areas of cloud securitySecurity from the Cloud Security for the Cloud
Public cloud Off premise
Private cloud On premise
Cloud-based Security Services
Securing the Private Cloud stack – focusing on building security into the cloud infrastructure and its workloads
Use cloud to deliver security as-a-Service - focusing on services such as vulnerability scanning, web and email security, etc.
Secure usage of Public Cloud applications – focusing on Audit, Access and Secure Connectivity
1 2
10
Security Services delivered from the CloudDelivering high-value services for cloud and traditional compute environments with little or no security device investment or maintenance
Security Event and Log Management
Offsite management of logs and events from intrusion
protection services, firewalls and operating systems
Vulnerability Management Service
Helps provide proactive discovery and remediation
of vulnerabilities
Managed Web and Email Security
Helps protect against spam, worms, viruses, spyware,
adware and offensive content
Monitoring and managementCloud basedSubscription service
IBM X-Force® Threat Analysis Service
Customized security intelligence based on threat information from
IBM X-Force® research and development
Application Security Management
Supports improved web application security to help reduce data loss,
financial loss and website downtime with advanced security testing
Mobile Device Security
Management
Helps protect against malware and other threats while enabling mobile access
1
11
IBM QRadar Security Intelligence
Total visibility into virtual and cloud
environments IBM AppScan SuiteScan cloud deployed
web services and applications for
vulnerabilities
IBM Endpoint ManagerPatch and configuration
management of VMs
IBM Virtual Server Protection for VMware
Protect VMs from advanced threats
IBM InfoSphere Guardium Suite
Protect and monitor access to shared
databases
IBM Identity and Access Management Suite
Identity integration, provision users to SaaS applications
Desktop single sign on supporting desktop
virtualization
IBM Network IPS
Defend cloud users and apps from network attacks
Securing Cloud with IBM Security Systems
Security Intelligence ● People ● Data ● Apps ● Infrastructure
Leading, end-to-end IBM products for securing the cloud
2
12
And services designed to help clients design, deploy and consume secure clouds
Cloud Security Strategy Roadmap
Understand how to leverage cloud capabilities while
considering business needs and governance requirements
Cloud Security Assessment
Helps cloud providers (public / private / hybrid) assess the
security of a cloud against best practices and mandates.
For cloud providers or enterprisesAssess or secure the cloudConsultative services
Penetration Testing
Validates the security of components of the cloud through
active exploitation and system penetration
Identity and Access Management
Assesses the authentication strategy of a cloud environment and provides a plan
for optimizing the approach against established business goals
Application Security Assessment
Assesses web-based cloud applications via automated
scanning and manual source code review
IBM MOBILEMANAGEMENT & SECURITYDELIVERING CONFIDENCE FOR THEMOBILE ENTERPRISE
14
It’s a (Smarter) Mobile World
In 2011 sales of smartphonessurpassed that of PCs, soon they will dwarf the sales of PCs
- Business Insider
Users are increasingly adopting smartphones over feature phones – as of this year there is a greater percentage of smartphone users in the US than feature phone users. This trend is accelerating worldwide
15
Your Mobile Device is Your…
16
Users Bringing Smart Mobile Devices to Work
By 2015 40% of Enterprise devices will be mobile devices
- IBM Projection
Bring Your Own Device (BYOD)The trajectory of adoption is coming from the consumer space into the enterprise.
Organizations must enable or become uncompetitive because BYOD can potentially increase employee productivity, develop interactive relationships with customers and enhance collaboration with partners.
17
Uniqueness of Mobile…
Mobile Devices are Used in More LocationsSmartphones and tablets are frequently used in challenging wireless situations that contrast with laptop friendly remote access centers. Laptops are used in a limited number of trusted locations
Mobile Devices are Shared More Often
Smartphones and tablets are multi-purpose personal devices. Therefore, users share them with friends, and family more often than traditional computing devices – laptops and desktops. Social norms on privacy are different when accessing file-systems vs. mobile apps
Mobile Devices prioritize User ExperienceSmartphones and tablets place a premium on user experience and any security protocol that diminishes the experiences will not be adopted or will be circumvented. Workstation level security cannot be assumed unless they are dedicated devices
Mobile Devices have multiple personasSmartphones and tablets may have multiple personas –entertainment device, work tool, etc. Each persona is used in a different context. Users may want to employ a different security model for each persona without affecting another.
Mobile Devices are Diverse
Smartphones and tablets employ a variety of different platforms and have numerous applications aimed at pushing the boundaries of collaboration. The standard interaction paradigms used on laptops and desktops cannot be assumed.
18© 2012 IBM Corporation18
DELIVERING CONFIDENCE
19
IBM Integrated Mobile Software Security Solutions
Internet
IBM WorkLightRuntime for safe mobile apps• Encrypted data cache• App validation
IBM Endpoint Manager for MobileConfigure, Provision, Monitor• Set appropriate security
policies• Enable endpoint access• Ensure compliance
Secure Data & the Device
IBM Security Access Manager for MobileAuthenticate & Authorize users and devices• Standards Support: OAuth,
SAML, OpenID• Single Sign-On & Identity
Mediation
IBM Mobile ConnectSecure Connectivity • App level VPN
Protect Access to Enterprise Apps & Data
Achieve Visibility & Enable Adaptive Security Posture
IBM QRadarSystem-wide Mobile Security Awareness• Risk Assessment• Threat Detection
Build & Run Safe Mobile AppsIBM WorkLightDevelop safe mobile apps• Direct Updates
IBM AppScan for MobileVulnerability testing• Dynamic & Static analysis of
Hybrid and Mobile web apps
IBM DataPowerProtect enterprise applications• XML security & message
protection• Protocol Transformation &
Mediation
20
Deliver and Manage Safe Mobile Apps
WorkLight: Develop, deliver and deploy security-rich mobile apps to streamline business activities while also delivering a rich user experience
Efficiently and securely, create and run HTML5, hybrid and native mobile apps for a broad set of mobile devices
Client Challenge
Key Capabilities• Integrated secure access to backend
application resources• Secured by design - develop secure
mobile apps using corporate best practices, code obfuscation
• Protect mobile app data with encrypted local storage for data, offline user access, app authenticity validation, and enforcement of organizational security policies
• Maximize mobile app performance with analytics, remote disabling of apps
21
Deliver Security-Rich Apps
AppScan: application security testing and risk management
Applying patches and resolving application vulnerabilities after apps are Delivered and Deployed is a very costly and time consuming exercise
Client Challenge
Key Capabilities• Leverage AppScan for vulnerability
testing of mobile web apps and web elements (JavaScript, HTML5) of hybrid mobile apps
• Vulnerabilities and coding errors can be addressed in software development and testing
• Code vulnerable to known threat models can be identified in testing
• Security designed in vs. bolted on
22
User Management & Access
IBM Security Access Manager for Mobile: Delivers user security by authenticating and authorizing the user and their device
Ensuring users and devices are authorized to access enterprise resources from that specific device.
Client Challenge
Key Capabilities• Satisfy complex context-aware
authentication requirements• Reverse proxy, authentication,
authorization, and federated identity• Mobile native, hybrid, and web apps• Flexibility in authentication: user
id/password, basic auth, certificate, or custom
• Supports open standards applicable to mobile such as OAuth
• Advanced Session Management
VPN or HTTPS
IBM Access Manager
Application Servers (WebSphere, WorkLight)
Web Apps
User registries (i.e. LDAP)
External Authentication Provider
Federated ID Mgr
Web Services
Access Manager Servers
23
Security-rich Mobile Connectivity
IBM Lotus® Mobile Connect: Provides features that help deliver a security-rich connection to enterprise resources from mobile devices.
• Need to protect enterprise data in transit from mobile devices to back-end systems
Client Challenge Key Capabilities• Clientless app-level Virtual Public Network
(VPN) with a SSL-secured tunnel to specific HTTP application servers
• Strong authentication and encryption of data in transit
24
Device Lifecycle, Data ProtectionIBM Endpoint Manager for Mobile Devices: A highly-scalable, unified solution that delivers device management and security across device types and operating systems for superior visibility and control
•Managing and securing enterprise and BYOD mobile devices without additional resources
Client Challenge
Key CapabilitiesSecuritymanagement
Systemsmanagement
Managed = Secure
Common agentUnified console
Common infrastructureSingle server
IBM Endpoint Manager
Desktop / laptop / server endpoint
Mobile endpoint
Purpose-specific endpoint
• A unified systems and security management solution for all enterprise devices
• Near-instant deployment of new features and reports in to customer’s environments
• Platform to extend integrations with Service Desk, CMDB, SIEM, and other information-gathering systems to mobile devices
• Advanced mobile device management capabilities for iOS, Android, Symbian, and Windows Mobile, Windows Phone
• Security threat detection and automated remediation
25
Deliver Visibility & an Adaptive Security Posture
Visibility of security events across the enterprise, to stay ahead of the threat, show compliance and reduce enterprise risk
Client Challenge
Key Capabilities• Integrated intelligent actionable
platform for • Searching• Filtering• Rule writing• Reporting functions
• A single user interface for• Log management• Risk modeling• Vulnerability prioritization• Incident detection• Impact analysis tasks
QRadar: Deliver mobile security intelligence by monitoring data collected from other mobile security solutions – visibility, reporting and threat detection
26© 2012 IBM Corporation26
CUSTOMER CASE STUDIES
27
IBM Case Study
Extending Corporate Access
Support BYOD for a variety of mobile platforms securely for a highly mobile population
Scale to hundreds of thousands of devices
120,000 mobile devices, 80,000 personally owned, supported in months
Integrated Lotus Traveler, IBM Connections, IBM Sametime, and IBM Endpoint Manager
“IBM's BYOD program “really is about supporting employees in the way they want to work. They will find the most appropriate tool to get their job done. I want to make sure I can enable them to do that, but in a way that safeguards the integrity of our business.”
Jeanette Horan, IBM CIO
Customer Needs Key Features & Outcomes
28
Acknowledgements, disclaimers and trademarks© Copyright IBM Corporation 2012. All rights reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBMproducts and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services.
All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography.
IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml