IBM Security Framework - AskCypert Security...Send audit reports from Guardium to QRadar to enhance...
Transcript of IBM Security Framework - AskCypert Security...Send audit reports from Guardium to QRadar to enhance...
© 2013 IBM Corporation
IBM Security Systems
1© 2013 IBM Corporation
IBM Security FrameworkIntelligence, Integration and Expertise
Sadu Bajekal,
Senior Technical Staff Member
Principal Security Architect
IBM Security Systems
January 28, 2014
© 2013 IBM Corporation
IBM Security Systems
2
Agenda
Introduction: The evolving threat landscape
A new approach to security is needed
How the IBM Security Framework is positioned to help
© 2013 IBM Corporation
IBM Security Systems
3
M O
T I
V A
T I
O N
Motivations and sophistication are rapidly evolving
S O P H I S T I C A T I O N
National Security,
Economic Espionage
Notoriety, Activism,
Defamation
HacktivistsLulzsec, Anonymous
Monetary
Gain
Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack
Nuisance,
Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-state actors, APTsStuxnet, Aurora, APT-1
© 2013 IBM Corporation
IBM Security Systems
4
Evolving threats and increasing payoffs
INTERNAL EXTERNAL PAYOFFS
© 2013 IBM Corporation
IBM Security Systems
5
X-Force Research: Attackers are taking advantage of the human factor
Source: IBM X-Force® Research 2013 Trend and Risk Report
© 2013 IBM Corporation
IBM Security Systems
6
IT Security is a board room discussion
Increasingly, companies are appointing CROs and CISOs
with a direct line to the Audit Committee
Loss of market
share and
reputation
Legal exposure
Audit failure
Fines and criminal
charges
Financial loss
Loss of data
confidentiality,
integrity and/or
availability
Violation of
employee privacy
Loss of customer
trust
Loss of brand
reputation
CEO CFO/COO CIO CHRO CMO
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
© 2012 IBM Corporation© 2013 IBM Corporation8
© 2013 IBM Corporation
IBM Security Systems
9
Security challenges are a complex, four-dimensional puzzle…
…that requires a new approach
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
PeopleAttackers Suppliers
Consultants Partners
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems Applications
Outsourcers
Structured In motion
Customers
Mobile
Applications
© 2013 IBM Corporation
IBM Security Systems
10
Thinking differently about security
Collect and Analyze Everything
DataBasic-
control
Applications Bolt-on
InfrastructureThicker
walls
Insight
Now
People Administration
Then
Smarter
defenses
Built-in
Laser-
focused
© 2013 IBM Corporation
IBM Security Systems
11
Customers have a growing need to identify and protect against threats by building insights from broader data sets
Logs
Events Alerts
Configuration
information
System
audit trails
External threat
intelligence feeds
Network flows
and anomalies
Identity
context
Web page
text
Full packet and
DNS captures
E-mail and
social activity
Business
process data
Customer
transactions
Traditional Security
Operations and
Technology
Big Data
Analytics
New Considerations
Collection, Storage
and Processing
Collection and integration
Size and speed
Enrichment and correlation
Analytics and Workflow
Visualization
Unstructured analysis
Learning and prediction
Customization
Sharing and export
© 2013 IBM Corporation
IBM Security Systems
12
Reaching security maturity
13
-09
-17
Security Intelligence
Predictive Analytics, Big Data Workbench, Flow Analytics
SIEM and Vulnerability Management
Log Management
Advanced Fraud Protection
People Data Applications Infrastructure
Identity governance
Fine-grained entitlements
Privileged user management
Data governance
Encryption key management
Fraud detection
Hybrid scanning and correlation
Multi-facetednetwork protection
Anomaly detection
Hardened systems
User provisioning
Access management
Strong authentication
Data masking / redaction
Database activity monitoring
Data loss prevention
Web application protection
Source code scanning
Virtualization security
Asset management
Endpoint / network security management
Directorymanagement
Encryption
Database access control
Applicationscanning
Perimeter security
Host security
Anti-virus
Optimized
Proficient
Basic
© 2013 IBM Corporation
IBM Security Systems
13
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence
Integration
Expertise
© 2013 IBM Corporation
IBM Security Systems
14
IBM Security Investment
• 6,000+ IBM Security experts worldwide
• 3,000+ IBM security patents
• 4,000+ IBM managed security
services clients worldwide
• 25 IBM Security labs worldwide
IBM Security: Market-changing milestones
Mainframeand Server
Security
SOA Managementand Security
Network Intrusion Prevention
DatabaseMonitoring
Access Management
ApplicationSecurity
ComplianceManagement
1976
Resource Access Control Facility(RACF) is created, eliminating the need for each application to imbed security
1999
Dascom is acquired for access management capabilities
2006
Internet Security Systems, Inc. is acquired for security research and network protection capabilities
2007
Watchfire is acquired for security and compliance capabilities
Consul is acquired for risk management capabilities
Princeton Softech is acquired for data management capabilities
2008
Encentuateis acquired for enterprise single-sign-on capabilities
2009
Ounce Labs is acquired for application security capabilities
Guardium
is acquired
for enterprise
database
monitoring
and protection
capabilities
2010
Big Fix is acquired for endpoint security management capabilities
NISC is acquired for informationand analytics management capabilities
2005
DataPoweris acquired for SOA management and security capabilities
2013
Intent to
acquire
Trusteer for
mobile and
application
security,
counter-fraud
and malware
detection
2002
Access360is acquired for identity management capabilities
MetaMergeis acquired for directory integration capabilities
Identity Management
AdvancedFraud Protection
Security Analytics
Security Intelligence
IBM Security
Systems
division is
created
2011
Q1 Labs is
acquired for
security
intelligence
capabilities
2012
© 2013 IBM Corporation
IBM Security Systems
15
IBM Security Systems Portfolio
People Data Applications Network Infrastructure Endpoint
Identity
ManagementGuardium Data Security
and Compliance
AppScan
Source
Network
Intrusion PreventionTrusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile and Endpoint
Management
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Virtualization and
Server Security
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
IBM X-Force Research
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
IBM offers a comprehensive portfolio of security products
© 2013 IBM Corporation
IBM Security Systems
16
Increase security, collapse silos, and reduce complexity
JK
2013-0
4-2
65
Consolidate and
correlate siloed
information from
hundreds of sources
Stay ahead of
the changing
threat
landscape
Link security and
vulnerability
information
across domains
Integrated Intelligence. Integrated Research. Integrated Protection.
© 2013 IBM Corporation
IBM Security Systems
17
Intelligent Security for the Cloud
13-04-02
Data and Application
Protection
Secure enterprise databases
Build, test and maintain secure
cloud applications
Threat
Protection
Prevent advanced threats
with layered protection
and analytics
Identity
Protection
Administer, secure, and extend
identity and access to and
from the cloud
Security Intelligence
Provide visibility, auditability and control for the cloud
© 2013 IBM Corporation
IBM Security Systems
18
Device
Management
Network, Data,
and Access Security
Application Layer
Security
Security for endpoint
device and data
Achieve visibility and
adaptive security policies
Develop and test
applications
Securing the Mobile Enterprise
© 2013 IBM Corporation
IBM Security Systems
19
Driving Compliance with Enhanced Visibility and Controls
IBM Confidential
Preventing insider
threat
Accessing Applications
on a need-to-know basis
Monitoring Data and
PII concerns
Managing end users and
Privacy concerns
Security Intelligence
Activity Monitoring, Anomaly Detection, Reporting
© 2013 IBM Corporation
IBM Security Systems
20
Security Intelligence: Integrating across IT silos
Extensive data sources
Deep intelligence
Exceptionally accurate and actionable insight+ =
V13-03
Data activity
Servers and mainframes
Users and identities
Vulnerabilities and threats
Configuration information
Security devices
Network and virtual activity
Application activity
Correlation• Logs/events
• Flows
• IP reputation
• Geographic location
Activity baselining
and anomaly detection• User activity
• Database activity
• Application activity
• Network activity
True offense
Suspected
incidents
Security Intelligence
and Analytics
Offense identification• Credibility
• Severity
• Relevance
Key Themes
Increased Data Sources
Data from 450+ security collectors and
Integration with X-Force intelligence
and other external feeds to use in analysis
for determining relevant vulnerabilities
and potential threats
Integrated Vulnerability Management
Comprehensive understanding of the
configuration and exposure of systems
in the environment, enabling contextual
analysis to determine vulnerabilities
against particular threats
Enhanced Identity Context
Integrated understanding of users, their roles,
level of privilege, geographical location and
their typical behaviors to enable enterprises
to identify abnormal activity that might indicate
insider threat
© 2013 IBM Corporation
IBM Security Systems
21
Integration: A unified architecture delivered in a single console Designed from scratch to deliver massive log management scale without any compromise on SIEM “Intelligence”
Log
Management
NextGenSIEM
ActivityMonitoring
RiskManagement
Vulnerability Management
NetworkForensics
© 2013 IBM Corporation
IBM Security Systems
22
PeopleIdentity and Access Management: Helping to extend secure user access across the enterprise
Key Themes
Standardized IAM
and Compliance ManagementExpand IAM vertically to provide identity and
access intelligence to the business; Integrate
horizontally to enforce user access to data, app,
and infrastructure
Secure Cloud, Mobile, Social
InteractionEnhance context-based access control for
cloud, mobile and SaaS access, as well as
integration with proofing, validation and
authentication solutions
Insider Threat
and IAM GovernanceContinue to develop Privileged Identity
Management (PIM) capabilities and enhanced
Identity and Role management
© 2013 IBM Corporation
IBM Security Systems
23
Deliver intelligentidentity and access
assurance
Safeguard mobile,cloud and social
interactions
Simplify identitysilos and cloud
integrations
Prevent insider threat and
identity fraud
• Validate “who is who” when users connect from outside the enterprise
• Enforce proactive access policies on cloud, social and mobile collaboration channels
• Manage shared accessinside the enterprise
• Defend applications and access against targeted web attacks and vulnerabilities
• Provide visibility into all available identities within the enterprise
• Unify “Universe of Identities” for security management
• Enable identity management for the line of business
• Enhance user activity monitoring and security intelligence across security domains
Announcing: Threat-Aware Identity and Access ManagementNew capabilities to help organizations secure enterprise identity as a new perimeter
© 2013 IBM Corporation
IBM Security Systems
24
Helping achieve secure transactions and graded trust Safeguard mobile, cloud
and social interactions
Eliminate use of passwords
to secure mobile application
access
Implement Risk Based access
posture for BYOD
Validate Customer Identity
interacting via Mobile and
Social channels
Enforce Identity context for
Mobile, SaaS and Cloud access
Eliminate use of passwords
to secure mobile app access
ISAM for Mobile
© 2013 IBM Corporation
IBM Security Systems
25
Prevent insider threatand identity fraud
Prevent insider breaches caused by privilegedidentity misuse
Audit privileged user activity
and sensitive data access
Address compliance, regulatory
and privacy requirements
Secure user access and content
against targeted attacks
Integrated security intelligence
Target Systems
Credential Vault
Administrative ID
Session Recording
© 2013 IBM Corporation
IBM Security Systems
26
Data
Key Themes
Expand to new platformsExpand beyond supporting databases to all
relevant data sources, including data
warehouses, file shares, file systems,
enterprise content managers, and Big Data
(Hadoop, NoSQL, in-memory DB),
wherever data is stored
Introduce new data protection
capabilitiesComplement discovery, classification, monitoring,
auditing, and blocking with though leadership
capabilities like cloud encryption/tokenization,
dynamic data masking, and fraud detection
Lead on scalability and lower
TCOContinue to improve on solution deployability
with improvements to scalability, performance,
simplification, automation, serviceability, and
ease of use
Data Security: Helping to secure structured, unstructured, online and offline data across the enterprise
Governance, Security Intelligence, Analytics
Data Discovery and Classification
Policy-based Access and Entitlements
Audit, Reporting, and Monitoring
Enforcement
Data in Motion
Network Loss
Prevention
Data at Rest
Protection &
Encryption
Data in Use
Endpoint Loss
Prevention
at Endpoint(workstations, laptops,
mobile,…)
over Network(SQL, HTTP, SSH, FTP,
email,. …)
Stored(Databases, File Servers, Big
Data, Data Warehouses,
Application Servers, Cloud/Virtual
..)
Se
curity
So
lution
s
IT &
Bu
sin
ess P
rocess
in
te
gr
at
e
in
te
gr
at
e
• Protect data in any form,
anywhere, from internal or
external threats
• Streamline regulation
compliance process
• Reduce operational costs
around data protection
© 2013 IBM Corporation
IBM Security Systems
28
Send security alerts from Guardium to QRadar
Send audit reports from Guardium to QRadar to enhance analytics
Send database vulnerability assessment status from Guardium to QRadar
InfoSphere Guardium integration with QRadar opens up new opportunities
Extensive Data SourcesDeep
IntelligenceExceptionally Accurate and
Actionable Insight+ =
Event
Correlation
Activity Baselining
& Anomaly Detection
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Offense
Identification
Security Devices
Network & Virtual Activity
Application Activity
Data Activity
In-depth data activity monitoring
and security insights from
InfoSphere Guardium
Vulnerability Information
Databases
Data warehouses
Big Data environments
File shares
Applications
NEW
© 2013 IBM Corporation
IBM Security Systems
29
Applications
Build Systems
improve scan
efficiencies
Integrated
Defect Tracking
Systems
track remediation
IDEs
remediation assistance
Security Intelligence
raise threat level
Application Security: Helping to protect against the threat of attacks and data breaches
Key Themes
Coverage for Mobile
applications and new threatsContinue to identify and reduce risk by
expanding scanning capabilities to new
platforms such as mobile, as well as introducing
next generation dynamic analysis scanning and
glass box testing
Simplified interface and
accelerated ROINew capabilities to improve customer time to
value and consumability with out-of-the-box
scanning, static analysis templates and ease
of use features
Security Intelligence
IntegrationAutomatically adjust threat levels based on
knowledge of application vulnerabilities by
integrating and analyzing scan results with
SiteProtector and the QRadar Security
Intelligence Platform
Scanning
Techniques
Applications
Governance
and
Collaboration
Audience Development teams Security teams Penetration Testers
CODING BUILD QA SECURITY PRODUCTION
Static analysis
(white box)
Software
Development
LifecycleDynamic analysis
(black box)
Web Applications
Web Services
Mobile
Applications
Programming
Languages
Purchased
Applications
• Test policies, test templates and access control
• Dashboards, detailed reports and trending
• Manage regulatory requirements such as PCI, GLBA and HIPAA (40+ out-of-the-box compliance reports)
© 2013 IBM Corporation
IBM Security Systems
30
Future
Future
Intrusion
Prevention
Content
and Data
Security
Web
Application
Protection IBM Network
Security
Security
Intelligence
Platform
Threat Intelligence
and Research
Advanced
Threat
Platform
Network
Anomaly
Detection
Application
Control
Infrastructure Protection: Network
Key Themes
Advanced Threat Protection
PlatformHelps to prevent sophisticated threats and
detect abnormal network behavior by using an
extensible set of network security capabilities -
in conjunction with real-time threat information
and Security Intelligence
Expanded X-Force
Threat IntelligenceIncreased coverage of world-wide threat
intelligence harvested by X-Force and the
consumption of this data to make smarter and
more accurate security decisions
Security Intelligence
IntegrationTight integration between the Advanced Threat
Protection Platform and QRadar Security
Intelligence platform to provide unique and
meaningful ways to detect, investigate and
remediate threats
LogManager
SIEMNetwork Activity Monitor
Risk Manager
Vulnerability Manager
FutureVulnerability
Data
Malicious
Websites
Malware
Information
IP
Reputation
Infrastructure
© 2013 IBM Corporation
IBM Security Systems
31
X-Force Threat Intelligence: The IBM Differentiator
IBM Confidential
URL/Web Filtering• Provides access to one of the world’s largest URL filter databases containing
more than 20 billion evaluated Web pages and images
Anti-Spam• Detect spam using known signatures, discover new spam types
automatically, 99.9% accurate, near 0% overblocking
IP Reputation• Categorize malicious websites via their IP address into different threat
segments, including malware hosts, spam sources, and anonymous proxies
Web Application Control• Identifying and providing actions for application traffic, both web-based,
such as Gmail, and client based, such as Skype
The mission of X-Force is to:
Monitor and evaluate the rapidly changing
threat landscape
Research new attack techniques and develop protection
for tomorrow’s security challenges
Educate our customers and the general public
Advanced Security
and Threat Research
© 2013 IBM Corporation
IBM Security Systems
32
Infrastructure Protection: EndpointProvides in-depth security across your network, servers, virtual servers, mainframes and endpoints
Key Themes
Security for
Mobile DevicesProvide security for and manage traditional
endpoints alongside mobile devices such as
Apple iOS, Google Android, Symbian, and
Microsoft Windows Phone - using a single
platform
Expansion of
Security ContentContinued expansion of security configuration
and vulnerability content to increase coverage
for applications, operating systems, and
industry best practices
Security Intelligence IntegrationImproved usage of analytics - providing valuable
insights to meet compliance and IT security
objectives, as well as further integration with
SiteProtector and the QRadar Security
Intelligence Platform
Infrastructure
© 2013 IBM Corporation
IBM Security Systems
33
IBM Security: Helping clients optimize IT security
Integrated Portfolio
Managed and Professional Services
Extensive Partner Ecosystem
IBM Research
© 2013 IBM Corporation
IBM Security Systems
34
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
© 2013 IBM Corporation
IBM Security Systems
35
Disclaimer
Please Note:
IBM’s statements regarding its plans, directions, and intent are subject to change
or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality. Information
about potential future products may not be incorporated into any contract. The
development, release, and timing of any future features or functionality described
for our products remains at our sole discretion.
© 2013 IBM Corporation
IBM Security Systems
36
Customer successes across domains
Advanced Fraud
Protection
PeopleManage user access securely
and cost-effectively
DataEnsure privacy and integrity
of data
ApplicationsAutomate security testing
on web-based applications
InfrastructureProactively alert, simplify
monitoring and management
Protect against financial fraud
and advanced security threats
Security Intelligence
and Analytics
Improve overall security
and compliance
Major South American bank health reduced
the number of help desk calls by 30%,
resulting in annual savings of $450,000+
Major global bank saved $1.5 USD / year
on storage costs and reduced compliance
costs by $20M USD
Client added 225 new applications per year
to handle US$1 quadrillion in securities
transactions per year
Client monitored all devices and networks
across all sites with zero false positives
without blocking revenue-based traffic
Banking clients reduced online banking fraud
to near zero while complying with regulatory
compliance mandates for layered security
Global office products supplier achieved
greater visibility to potential security threats
and PCI compliance with $0 cost increase