Cio ciso security_strategyv1.1
-
Upload
anindya-ghosh -
Category
Documents
-
view
298 -
download
6
Transcript of Cio ciso security_strategyv1.1
© 2011 IBM Corporation
IBM Security Systems
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
Agenda
© 2011 IBM Corporation
IBM Security Systems
Solving a security issue is a complex, four-dimensional puzzle
People
Data
Applications
Infrastructure
Hackers Outsourcers Suppliers
Systems applications
Web Applications Web 2.0 Mobile apps
Structured Unstructured At rest In motion
Attempting to protect the perimeter is not enough – siloed point products and traditional defenses cannot adequately secure the enterprise
Consultants Terrorists Customers
JK 2012-04-26
In motion
Employees
Systems Applications
Outsourcers
Unstructured
Web 2.0
Customers
Mobile Applications
Structured
© 2011 IBM Corporation
IBM Security Systems
Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker…
Detect, Analyze & RemediateThink like an attacker,
counter intelligence mindset
Protect high value assets
Emphasize the data
Harden targets and weakest links
Use anomaly-based detection
Baseline system behavior
Consume threat feeds
Collect everything
Automate correlation and analytics
Gather and preserve evidence
Audit, Patch & BlockThink like a defender,
defense-in-depth mindset
Protect all assets
Emphasize the perimeter
Patch systems
Use signature-based detection
Scan endpoints for malware
Read the latest news
Collect logs
Conduct manual interviews
Shut down systems
Broad Targeted
© 2011 IBM Corporation
IBM Security Systems
Spear phishing and 0-day attack
User behaves in risky manner Receives enterprise e-mail from
personal social network
Backdoor or malware is installed
Anomalous device and network behavior
DNS query to known malicious hosts
Abnormal traffic patterns
Lateral movement Anomalous user behavior Device is contacting new hosts Anomalous network pattern
Data acquisition and aggregation
Anomalous user behavior Data access patterns abnormal Data rapidly aggregating
Data exfiltration
Movement of valuable data Users accessing too many
resources Device contacting unknown hosts
Command & Control (CnC)
Command & Control (CnC)
1
2
3
4
5
…By identifying and combining subtle indicators of targeted attacks
© 2011 IBM Corporation
IBM Security Systems
IBM Security Systems
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
IBM Security Framework built on the foundation of COBIT and ISO standards
End-to-end coverage of the security domains
Managed and Professional Services to help clients secure the enterprise
© 2011 IBM Corporation
IBM Security Systems
Intelligence: A comprehensive portfolio of products and services across all domains
© 2011 IBM Corporation
IBM Security Systems
Customize protection capabilities to block specific vulnerabilities using scan results
Converge access management with web service gateways
Link identity information with database security
Stay ahead of the changing threat landscape
Designed to help detect the latest vulnerabilities, exploits and malware
Add security intelligence to non-intelligent systems
Consolidate and correlate siloed information from hundreds of sources
Designed to help detect, notify and respond to threats missed by other security solutions
Automate compliance tasks and assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK 2012-04-26
© 2011 IBM Corporation
IBM Security Systems
IBM Identity and Access Management Vision
Key Themes
Standardized IAM and Compliance ManagementExpand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure
Secure Cloud, Mobile, Social InteractionEnhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions
Insider Threat and IAM GovernanceContinue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
© 2011 IBM Corporation
IBM Security Systems
Across MultipleDeployment Models
Key Themes
Reduced Total Cost of OwnershipExpanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities
Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations
Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data
Data Security Vision
© 2011 IBM Corporation
IBM Security Systems
Key Themes
Coverage for Mobile applications and new threatsContinue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing
Simplified interface and accelerated ROINew capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features
Security IntelligenceIntegrationAutomatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform
Application Security Vision
© 2011 IBM Corporation
IBM Security Systems
Advanced Threat Protection PlatformHelps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence
Expanded X-Force Threat IntelligenceIncreased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions
Security Intelligence IntegrationTight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats
Log Manager SIEMNetwork Activity Monitor
Risk Manager
Vulnerability Data Malicious Websites Malware Information
Intrusion Prevention
Content and DataSecurity
Web ApplicationProtection
IBM Network Security
SecurityIntelligencePlatform
Threat Intelligenceand Research
Advanced Threat ProtectionPlatform
Future
FutureNetwork Anomaly Detection
IP Reputation
Threat Protection Vision
© 2011 IBM Corporation
IBM Security Systems
Key Themes
Security for Mobile DevicesProvide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform
Expansion of Security ContentContinued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices
Security Intelligence IntegrationImproved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform
Infrastructure Protection – Endpoint and Server Vision
© 2011 IBM Corporation
IBM Security Systems
The 10 Security Essentials for the CIO are customer on-ramps building a more optimized security posture
Expertise: New services organization designed to help the CISO
Essential Practices
Managed and Professional Services to help clients assess their security maturity, identify areas of vulnerability, and
design and deploy internal and/or managed security solutions
© 2011 IBM Corporation
IBM Security Systems
Prediction & Prevention Reaction & RemediationNetwork and Host Intrusion Prevention.
Network Anomaly Detection. Packet Forensics. Database Activity Monitoring. Data Leak Prevention.
SIEM. Log Management. Incident Response.
Risk Management. Vulnerability Management. Configuration and Patch Management.
X-Force Research and Threat Intelligence. Compliance Management. Reporting and Scorecards.
What are the external and internal threats?
Are we configuredto protect against
these threats?
What is happening right now? What was the impact?
Solutions for the full Security Intelligence timeline
© 2011 IBM Corporation
IBM Security Systems
Security Intelligence: Integrating across IT silos withSecurity Intelligence solutions
Extensive Data Sources
Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
Event Correlation
Activity Baselining & Anomaly Detection
• Logs• Flows
• IP Reputation• Geo Location
• User Activity• Database Activity• Application Activity• Network Activity
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Suspected Incidents
Offense Identification• Credibility• Severity• Relevance
Security Devices
Network & Virtual Activity
Application Activity
JK 2012-04-26
© 2011 IBM Corporation
IBM Security Systems
IBM X-Force® ThreatInformation Center
Real-time Security Overvieww/ IP Reputation Correlation
Identity and User Context
Real-time Network Visualizationand Application Statistics Inbound
Security Events
Security Intelligence: QRadar provides security visibility
© 2011 IBM Corporation
IBM Security Systems
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
Agenda
© 2011 IBM Corporation
IBM Security Systems
Advanced Persistent Threat (APT) is different
Advanced
– Exploiting unreported vulnerabilities
– Advanced, custom malware is not detected by antivirus products
– Coordinated, researched attacks using multiple vectors
Persistent
– Attacks lasting for months or years
– Attackers are dedicated to the target – they will get in
Threat
– Targeted at specific individuals and groups within an organization, aimed at compromising confidential information
– Not random attacks – they are “out to get you”
Responding is different too – Watch, Wait, Plan … and call the FBI
1
2
3
4
© 2011 IBM Corporation
IBM Security Systems
Advanced Threat: The challenging state of network security
Social media sites present productivity, privacy and security risks including new threat vectors
SOCIAL NETWORKING
Streaming media sites are consuming large amounts of bandwidth
STREAMING MEDIA
Point solutions are siloed with minimal integration or data sharing
POINT SOLUTIONSURL Filtering • IDS / IPS
IM / P2P • Web App Protection Vulnerability Management
Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure
SOPHISTICATED ATTACKS
Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware
© 2011 IBM Corporation
IBM Security Systems
Network Defenses: Not up to today’s challenges
Internet
Firewall/VPN – port and protocol filtering
Web Gateway – securing web traffic only, port 80 / 443
Email Gateway – message and attachment security only
Threats continue to evolve and standard methods of detection are not enough
Streaming media sites and Web applications introduce new security challenges
Basic “Block Only” mode limits innovative use of streaming and new Web apps
Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity
Requirement: Multi-faceted Protection 0-day threat protection tightly integrated with
other technologies i.e. network anomaly detection
Ability to reduce costs associated with non-business use of applications
Controls to restrict access to social media sites by a user’s role and business need
Eliminate point solutions to reduce overall cost and complexity
Stealth Bots
Worms, Trojans
Targeted Attacks
Designer Malware
Current Limitations
Everything Else
Multi-faceted Network Protection– security for all traffic, applications and users
© 2011 IBM Corporation
IBM Security Systems
IBM Advanced Threat Protection
InfrastructureUsers
1
3
2
Our strategy is to protect our customers with advanced threat protection at the network layer - by strengthening and integrating network security, analytics and threat Intelligence capabilities
1. Advanced Threat Protection PlatformEvolves Intrusion Prevention to become a Threat Protection Platform – providing packet, content, file and session inspection to stop threats from entering the network
2. QRadar Security Intelligence Platform Builds tight integration between the Network Security products, X-Force intelligence feeds and QRadar Security Intelligence products with purpose-built analytics and reporting for threat detection and remediation
3. X-Force Threat IntelligenceIncreases aperture of threat intelligence information and feedback loops for our products. Leverages the existing X-Force web and email filtering data, but also expands into additional IP Reputation data sets
© 2011 IBM Corporation
IBM Security Systems
Advanced Threat Protection Platform• Leverage extensible set of
network security capabilities
• Granular application control
• Combine with real-time threat information and Security Intelligence
Expanded X-Force Threat Intelligence• World-wide threat intelligence
harvested by X-Force®
• Consumption of this data to make smarter and more accurate security decisions
Security Intelligence Integration• Tight integration between the
Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to help detect, investigate and remediate threats
VulnerabilityData
Malicious Websites
Malware Information
IP Reputation
Intrusion Prevention
Content and DataSecurity
Web ApplicationProtection
Network Anomaly Detection IBM Network
Security
Threat Intelligenceand Research
Advanced Threat ProtectionPlatform
Application Control
Advanced Threats: IBM’s vision for Threat
Log Manager SIEM Network Activity Monitor Risk Manager
SecurityIntelligencePlatform
© 2011 IBM Corporation
IBM Security Systems
Ultimate Visibility: Understanding Who, What and When
Immediately discover which applications and web sites are being accessed
Identify misuse by application, website, and user
Understand who and what are consuming bandwidth
SIEM integration for anomaly detection and event correlation
Netw
ork Tra
ffic
and F
lows
Em
ployee B
Em
ployee C
Em
ployee A
Good Application
Good Application
Bad Application
“We were able to detect the Trojan “Poison Ivy” within the first three hours of deploying IBM Security Network Protection”
– Australian Hospital
Network flows can be sent to QRadar for enhanced analysis, correlation and anomaly detection
Identity context ties users and groups with their network activity - going beyond IP address only policies
Application context fully classifies network traffic, regardless of port, protocol or evasion techniques
Increase Security Reduce Costs Enable Innovation
© 2011 IBM Corporation
IBM Security Systems
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
Agenda
© 2011 IBM Corporation
IBM Security Systems
Mobile OS Vulnerabilities and Exploits
Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place
Attackers finally warming to the opportunities
these devices represent
© 2011 IBM Corporation
IBM Security Systems
Enterprises face mobile security challenges
Enabling secure transactions to enterprise applications and data
Identity of user and devices Authentication, authorization and federation User policies Secure connectivity
Developing secure applications
Application life-cycle Vulnerability and penetration testing Application management Application policies
Designing and instituting an adaptive security posture
Policy management: location, geo, roles, response, time policies
Security Intelligence Reporting
Adapting to BYOD and the consumerization of IT
Multiple device platforms and variants Managed devices (B2E) Data separation and protection Threat protection
© 2011 IBM Corporation
IBM Security Systems
A simplified view of mobile device lifecycle management
Build Secure Mobile AppsIBM WorklightIBM Security
AppScan
ApplicationDevelopers
Develop Mobile Apps
Mobile User
Signs Up for On-line
Access
Register the Device
Tivoli Endpoint Manager for Mobile
Monitor / Patchthe Device
Tivoli Endpoint Manager for Mobile
Mobile User
Accesses Corporate
Securely Connectthe DeviceIBM Mobile
Lotus Connect
Mobile User Loses
Device
Lock / Wipe the Device
Tivoli EndpointManager for Mobile
Mobile Client Gets
Updates
© 2011 IBM Corporation
IBM Security Systems
Manage deviceSet appropriate security policies • Register • Compliance • Wipe • Lock
Secure DataData separation • Leakage • Encryption
Application SecurityOffline authentication • Application level controls
Mobility: Thinking through mobile security
Secure AccessProperly identify mobile users and devices • Allow or deny access • Connectivity
Monitor & ProtectIdentify and stop mobile threats • Log network access, events, and anomalies
Secure ConnectivitySecure Connectivity from devices
Secure ApplicationUtilize secure coding practices • Identify application vulnerabilities • Update applications
Integrate SecurelySecure connectivity to enterprise applications and services
Manage ApplicationsManage applications and enterprise app store
At the Device Over the Network and Enterprise For the Mobile App
Corporate Intranet
Internet
Safe usage of smartphones and tablets in the enterprise Secure transactions enabling customer confidence Visibility and security of enterprise mobile platformIB
M
Mo
bil
e S
ecu
rity
an
d
Man
ag
em
ent
Str
ateg
y
© 2011 IBM Corporation
IBM Security Systems
Securing the Mobile Enterprise with IBM Solutions
© 2011 IBM Corporation
IBM Security Systems
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
Agenda
© 2011 IBM Corporation
IBM Security Systems
Cloud: Clients are concerned about changes that cloud adoption brings to their visibility and risk posture
Private cloud Public cloudHybrid IT
Network & workload isolation
Virtual infrastructure protection & integrity
Identity integration & privileged access
Vulnerability management & compliance
Auditing & logging
Compliance & certifications
Data jurisdiction & data security
Visibility & transparency into security posture
Identity federation & access
Need for Service Level Agreements (SLAs)
In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases
– affecting all aspects of security
Clients want more visibility, confidence in their compliance posture, and integration with existing security infrastructure
© 2011 IBM Corporation
IBM Security Systems
Capabilities provided to consumers for using a provider’s applications
Integrated service management, automation, provisioning, self service
Pre-built, pre-integrated IT infrastructures tuned to application-specific needs
Advanced platform for creating, managing, and monetizing cloud services
Cloud: Each pattern has its own set of key security concerns
Cloud Enabled Data Center
Cloud Platform Services
Cloud Service Provider
Business Solutions on Cloud
Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers
Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services
Innovate business models by becoming a cloud service provider
Software as a Service (SaaS): Gain immediate access with business solutions on cloud
Security Intelligence – threat intelligence, user activity monitoring, real time insights
Key security focus:Infrastructure & Identity
Manage identities Secure virtual machines Patch default images Monitor all logs Network isolation
Key security focus:Applications & Data
Secure shared databases Encrypt private information Build secure applications Keep an audit trail Integrate existing security
Key security focus:Data & Compliance
Isolate cloud tenants Policy and regulations Manage operations Build secure data
centers Offer backup and
resiliency
Key security focus:Compliance & Auditing
Harden applications Securely federate identity Deploy access controls Encrypt communications Manage app policies
© 2011 IBM Corporation
IBM Security Systems
Cloud: Our focus is in two areas of cloud security
Security from the Cloud Security for the Cloud
Public cloud Off premise
Private cloud On premise
Cloud-based Security Services
Securing the Private Cloud stack – focusing on building security into the cloud infrastructure and its workloads
Use cloud to deliver security
as-a-Service – focusing on services such as vulnerability scanning, web and email security, etc.
Secure usage of Public Cloud applications – focusing on Audit, Access and Secure Connectivity
1 2
© 2011 IBM Corporation
IBM Security Systems
IBM QRadar Security Intelligence
Total visibility into virtual and cloud
environmentsIBM AppScan SuiteScan cloud deployed
web services and applications for
vulnerabilities
IBM Endpoint ManagerPatch and configuration
management of VMs
IBM Virtual Server Protection for VMware
Protect VMs from advanced threats
IBM InfoSphere Guardium Suite
Protect and monitor access to shared
databases
IBM Identity and Access Management Suite
Identity integration, provision users to SaaS applications
Desktop single sign on supporting desktop
virtualization
IBM Network IPS
Protect and monitor access to shared
databases
Securing Cloud with IBM Security Systems
People ● Data ● Apps ● InfrastructureSecurity Intelligence
Cloud: Leverage solutions in each area of cloud risk
© 2012 IBM Corporation
IBM Security Systems
Security Intelligence is enabling progress to optimized security
Optimized
Security Intelligence:Information and event management
Advanced correlation and deep analyticsExternal threat research
Role based analytics
Identity governance
Privileged user controls
Data flow analytics
Data governance
Secure app engineering processes
Fraud detection
Advanced network monitoring
Forensics / data mining
Secure systems
Proficient
User provisioning
Access mgmt
Strong authentication
Database vulnerability monitoring
Access monitoring
Data loss prevention
Application firewall
Source code scanning
Virtualization security
Asset mgmt
Endpoint / network security management
Basic Centralized directoryEncryption
Access controlApplication scanning
Perimeter security
Anti-virus
People Data Applications Infrastructure
SecurityIntelligence
© 2012 IBM Corporation
IBM Security Systems
Security Intelligence
People
Data
Applications
Infrastructure
Intelligent solutions provide the DNA to secure a Smarter Planet
© 2011 IBM Corporation
IBM Security Systems
© 2012 IBM Corporation
Thank You