IBM Security Threat Management
22
1 IBM Security 1 IBM Cloud Pak® for Security: Connected security for a hybrid, multicloud world IBM Security Threat Management Mike Kehoe European Threat Management Program Director IBM Security [email protected] +353 86 237 8543
Transcript of IBM Security Threat Management
1 IBM Security1
IBM Cloud Pak® for Security: Connected security for a hybrid, multicloud world
IBM Security Threat Management
Mike KehoeEuropean Threat Management Program Director
IBM Security
+353 86 237 8543
Agenda
• Evolution of Cyber Security
• The Traditional Model
• Time for Change
• The Security Platform Model
• Ever Evolving CP4S Security Platform
Evolution of Cyber Security
2010>IaaS / PaaS / SaaS offerings driven by mobile
2000 (mid) >The birth of the cloud as a hosting option
1990>On premise servers roomsare common
1980>Remote and personal computinggoes mainstream
1960>Mainframes were the only computing option
2020>Business now built on 100% cloud & Hybrid cloud
2010…. This Shift just got real !Have the power but have it virtually
Local computingfor all
Large , expensivebuild for a purpose
Harnessing massive computing power
locally
Mix and match onownership of HW
and SW
The “Why buy when you can
rent ?” was first introduced
Run a businesswithout running
IT
Evolution of Cyber Security ……. TECHNOLOGY DRIVER
Revenue…… prevent revenue lost by the thief of valued assets
$$$$$$
$$$
Regulatory…… ensure the business remains complaint to regulations such as privacy and data breaches
Reputational…… Organisations that are known or perceived to be risky in protecting g their customers will lose reputation
Run Operations…… for organisations to be successful they must efficiently and effectively run operations
2
1
3
4
Evolution of Cyber Security……. THREAT DRIVER
The Traditional Model
SERVERSTORAGE
MOBILE
SWITCHSWITCH
SWITCH SWITCHROUTER
WWW via Proxy Server
NODES NODES
Network Packet
SERVERSTORAGE
MOBILE
SWITCH
EDR
The Traditional Model
Log Management collects and looks for
anomalies in device logs
SIEMSecurity information and
event management collects information across
all log sources to detect threats by correlation rules
engines
SOAR Security Orchestration,
Automation and Response SOAR platforms data
gathering, case management,
standardization and workflow to provide organizations the
ability to implement sophisticated responses
OSINT Open-source Threat intelligence is data collected from publicly available sources to be used in an intelligence context.
CTHCyber Threat Hunting proactively hunt for cyber threats and fight adversary dwell time
Too manyvendors
Too much to doq Meet with CIO and stakeholdersq Nail down third-party riskq Manage GDPR program with privacy officeq Respond to questions from state auditorsq Update CEO for board meetingq Update budget projectionsq Write security language for vendor's contractq Make progress on the never-ending identity projectq Review and updated project listq Edit communication calendarq Update risk rankings on security roadmapq Clarify policies governing external storage devicesq Provide testing and encryption tool directionq Provide data handling best practicesq Help with new acquisitionq Meet with senior project managerq Send new best practices to development teamsq Review logs for fraud ongoing investigationq Help with insider threat discoveryq Determine location of sensitive data in the cloudq Investigate possible infection on legacy systemq Continue pen testing of new business mobile appq Help architects understand zero-trustq Answer security policy emailsq Format security status report for executivesq Meet with recruiter to discuss staffingq Write test plan requirements for new productsq Meet regarding improving security of facilities
Too muchcomplexity
Too manyalerts
8 The Traditional Model
100%On Premise
100%On Cloud
Hybrid
Hybrid with Multi CloudMulti Cloud
Time for Change
As clients move their businesses to the cloud, data is spread across different tools, clouds, and on-premises IT environments. This creates gaps that can cause threats to be missed and
require costly, complex integrations to close the holes.
Time for Change
1. Are you sure you want to run your security via distributed on-premise HW / application SW ?
A platform hosted “wherever” moves you away for IT infrastructure ownership and connector headaches
2. Don’t constrain you SOC by your network activity, amount of analysts or threat intel sources…that’s the old way. Base your investment on the size of your protected environment.
CP4S:- Unlimited EPS and FPMUnlimited SOAR usersUnlimited SOAR actions for ingested informationUnlimited Threat Intel access
3. Flexibility in function selection is at the centre of a platform offering
Time between wanting for it and getting it leaves you vulnerable, platforms significantly reduce this wait time
FLEXIBLITY
OWNERSHIP
EXPANSION
4. As your environment has evolved to hybrid cloud so has our solution
Even with an evolving environment the ability to Gain security insights and respond faster is still 100% achievable
RELIABILITY
EDR
Data Lake
Cloud
IBM QRadar
SIEM
Data SourcesServers Cloud Paks for SecurityCapabilities
Data Explorer
SOAR( Resilient )
Threat Intelligence
(X-Force)
SIEM(Qradar)
Hybrid with Multi Cloud
Open Hybrid Multicloud Platform
Security Platform
OWNERSHIPA platform hosted “wherever” moves you away for IT infrastructure ownership and connector headaches
EXPANSIONBase your investment on the size of your protected environment. • Unlimited EPS and FPM• Unlimited SOAR users• Unlimited SOAR actions• Unlimited Threat Intel access
FLEXIBLITYTime between wanting for it and getting it leaves you vulnerable, platforms significantly reduce this wait time
RELIABILITYEven with an evolving environment the ability to Gain security insights and respond faster is still 100% achievable
Cloud Paks for Security the Perfect Security Platform
• Run anywhere. Connect security openly. IBM Cloud Pak for Security installs easily in any environment – on-premise, private cloud or public cloud.
• Gain security insights without moving your data while searching for threat indicators across any cloud, hybrid cloud or on-premise location.
• The perfect security platform that can be increased in scope and scale to align to your strategy and your progression
• Allow you focus on protecting your environment without the distraction of managing its infrastructure
Advantages that exist Right out if the gate
IBM Cloud Paks Explainedhttps://www.youtube.com/watch?v=78wvDIK5Hys&t=339s
Cloud Paks for Security the Perfect Security Platform
13
IBM Security / © 2020 IBM Corporation
Unified Security Workflows
Data Explorer: Federated search for investigation
IBM Cloud Pak for Security
Development frameworkUniversal data insights | |Security orchestration & automation
Hybrid multicloud architecture
Security capabilities
Core platform services
Case Management:Incident response and team collaboration
*Available post-GA
Threat Intelligence Insights: Prioritized, actionable threat intelligence
QRadar Event Analytics QRadar Network Analytics QRadar Data Lake
Open Hybrid Multicloud Platform
Run anywhereGain security insights Take action faster ||
Open integration with existing security tools and data sources
QRadar Guardium
13
QRadar security intelligence
Modular security capabilities
Open and integrated hybrid multicloud platform
• Automation• Risk management
• Data connection• Asset enrichment
• Case management• Orchestration
Platform services
• Detect and respond to threats with a simple, unified experience
SOARUnified case management integrated with offenses
Data ExplorerSearch and Investigationacross all security systems
DashboardsUnified dashboards and visualizations with reporting
Threat Intelligence InsightsThreat intelligence from X-Force and 3rd party sources
InvestigationDetectionVisibility Response
Detect and unify threats and reduce false positives
Automate investigations with AI and federated searches. Collaborate with integrated case management
Respond faster with automation, play books, and Ansible integration
Gain unified visibility across the enterprise, security tools and threat intelligence
Unified Security Workflows
IBM Security / © 2020 IBM Corporation 14
Cloud Paks for Security the Perfect Security Platform
Ver 1.14Q 2019
Data Explorer: Federated search
for investigation
SOARIncident response
and team collaboration
Connectors Stack
New Addition
Ever Evolving CP4S Security Platform
Ver 1.21Q 2020
Data Explorer: Federated search
for investigation
TII ( Threat Intelligence Insights )
identify threats most relevant to your
organization
SOARIncident response
and team collaboration
Stack
New Addition
TII ( Threat Intelligence Insights )I Affected capabilities
Ever Evolving CP4S Security Platform
Ver 1.32Q 2020
SOAREnhanced Case Management orchestration and automation
Data Explorer: Federated search
for investigation
SOARIncident response
and team collaboration
Stack
TII ( Threat Intelligence Insights )
identify threats most relevant to your
organization
SIEMdetect and prioritize
threats across the enterprise
Unified SOC Dashboards
View and customize unified
dashboards
New Addition
TII ( Threat Intelligence Insights )I Affected capabilities
Ever Evolving CP4S Security Platform
SOARSimplified SOAR integrations
Unified SOC Dashboards
View and customize unified
dashboards
Data Explorer: improvements for consistent and seamless user experience
Ver 1.43Q 2020
multi-tenancy roadmapLevel 1 of 4
Data Explorer: Federated search
for investigation
SOARIncident response
and team collaboration
SOAREnhanced Case Management orchestration and automation
Connectors
TII ( Threat Intelligence Insights )
identify threats most relevant to your
organization
SIEMdetect and prioritize
threats across the enterprise
TII ( Threat Intelligence Insights )I Affected capabilities
New Addition
Ever Evolving CP4S Security Platform
SOARSimplified SOAR integrations
Unified SOC Dashboards
View and customize unified
dashboards
Data Explorer: improvements for consistent and seamless user experience
Ver 1.54Q 2020
SOARKanBan process management , global artifacts and QRadar offences integration
Unified risk management risk posture presented in a business-consumable dashboard
SIEMDetecting InsiderThreats via UBA
Unified SOC DashboardsV Visualize high-level security data for management and drill into details for analysts
Data Explorer: Federated search
for investigation
SOARIncident response
and team collaboration
TII ( Threat Intelligence Insights )Infuse third-party threat intelligence feeds
SOAREnhanced Case Management orchestration and automation
Connectors
TII ( Threat Intelligence Insights )
identify threats most relevant to your
organization
SIEMdetect and prioritize
threats across the enterprise
TII ( Threat Intelligence Insights )I Affected capabilities
New Addition
multi-tenancy roadmapLevel 1 of 4
Ever Evolving CP4S Security Platform
Semantically correct data handling Data layer scalability parameters
Optimization for cost effective operations
Separation of data Separation of data Separation of data Separation of data Separation of data
Life-cycle of data Life-cycle of data Life-cycle of data Life-cycle of data
Ability to scale data handling Ability to scale data handling Ability to scale data handling
Ability to scale @ QOS Ability to scale @ QOS
Cost effective scalability
Level 1
Level 2
Level 3
Level 4
Level 5
Cloud Pak for Security multi-tenancy roadmap
20
Q3 '20
Demo accounts Trials and multi-site orgs SaaS & MSSPs
IBM Security / © 2020 IBM Corporation
Q&A
21
IBM Security / © 2020 IBM Corporation
22 IBM Security22
THANK YOU
IBM Security
