Defend Your Company Against Cyber Threats

with Security Solutions

Ragy Magdy

Business Unit Executive

Security Systems – ME

ragym@ae.ibm.com

• Started my career in Security in 2003 by Joining ISS

• 2005 was named the ISS Regional Manager for the Middle East

• 2006 ISS was acquired by IBM

• Led the Security Team in GTS for the Middle East

• 2009 was tasked to build IBM Security Practice for the MEA region

• 2012, moved to SWG to lead the new Security Systems Division

• Full Portfolio on Linkedin

January 2, 2013

Nightly News | April 04, 2013

Cyber attacks … A ‘major assault’ on

financial industry

…..An ongoing series of attacks on the financial industry

has resulted in 15 of the largest U.S. banks being offline

for a total of 249 hours in the last six weeks.

Database

Breach….

2,641,350

The Average Company Faces Per Week

Security Attacks

1. Health & Social Services

2. Transportation

3. Hospitality

4. Finance & Insurance

5. Manufacturing

6. Real Estate

7. Mining, Oil & Gas

Top 7 Most ATTACKED Industries

62 Security Incidents

The Average Company

Experiences Per Week

1. End user didn’t think before clicking

2. Weak password / default password in use

3. Insecure configuration

4. Use of legacy hardware or software

5. Lack of basic network security protection or segmentation

Top 5 reasons WHY attacks were possible

Did you know...

Malicious Code

Sustained Probe or Scan

Unauthorized Access

Low-and-Slow Attack

Access/Credentials Abuse

Denial of Service

What IBM Sees

Categories of Attack

2011 : Was called the Year of Breach…

2012 Sampling of Security Incidents by Attack Type, Time and

Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

2,641,350

The Average Company Faces Per Week

Security Attacks

1. Health & Social Services

2. Transportation

3. Hospitality

4. Finance & Insurance

5. Manufacturing

6. Real Estate

7. Mining, Oil & Gas

Top 7 Most ATTACKED Industries

62 Security Incidents

The Average Company

Experiences Per Week

1. End user didn’t think before clicking

2. Weak password / default password in use

3. Insecure configuration

4. Use of legacy hardware or software

5. Lack of basic network security protection or segmentation

Top 5 reasons WHY attacks were possible

Did you know...

Malicious Code

Sustained Probe or Scan

Unauthorized Access

Low-and-Slow Attack

Access/Credentials Abuse

Denial of Service

What IBM Sees

Categories of Attack

Attackers follow a 5-Stage attack chain

1

Break-in Spear phishing and remote

exploits to gain access

Command

& Control (CnC)

2 Latch-on

Malware and backdoors

installed to establish a foothold

3

Expand Reconnaissance and

lateral movement to increase

access and maintain a presence

4 Gather

Acquisition and aggregation

of confidential data

Command

& Control (CnC)

5

Exfiltrate Data exfiltration to

external networks

IBM Security Systems: The industry’s most comprehensive Smart Security portfolio

Security Consulting

Managed Services

X-Force and IBM Research

IBM Security Portfolio

People Data Applications Infrastructure

IT Infrastructure – Operational Security Domains

IT Security and Compliance Analytics & Reporting

QRadar SIEM

QRadar Log Manager

QRadar Risk Manager

IBM Privacy, Audit and

Compliance Assessment Services

Identity & Access

Management Suite

Federated

Identity Manager

Enterprise

Single Sign-On

Identity Assessment,

Deployment and

Hosting Services

Guardium

Database Security

Optim

Data Masking

Key Lifecycle

Manager

Data Security

Assessment Service

Encryption and

DLP Deployment

AppScan

Source Edition

AppScan

Standard Edition

Security

Policy Manager

Application

Assessment Service AppScan OnDemand

Software as a

Service

Network

Intrusion Prevention

DataPower

Security Gateway

QRadar Anomaly Detection / QFlow

Managed Firewall,

Unified Threat and

Intrusion Prevention

Services

Endpoint

Manager (BigFix) zSecure, Server and

Virtualization

Security

Penetration

Testing Services

Native Server

Security (RACF, IBM

Systems)

Network Endpoint

Intgerating Security with BUSINESS Analytics

IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)

Stage 1: Break-in

Your Challenge

Employees are always vulnerable to well-executed phishing attempts

Even patched machines can be compromised by “zero-day attacks”

that leverage previously unknown vulnerabilities

Antivirus has proven to be largely ineffective against zero-day malware

How IBM Can Help

IBM Security Network IPS and IBM Security Network Protection

help block zero-day exploits using advanced behavioral analysis, and

block phishing and malware sites using a database of 13 billion URLs

IBM Endpoint Manager helps limit attack surface by auditing and

enforcing compliance with patch and configuration policies

Break-in 1

Latch-on 2

Expand 3

Gather 4

Exfiltrate 5

Stage 2: Latch-on

Your Challenge

Once the attacker has breached your perimeter, they need to establish

a communication channel back to “home” and create redundant ways

to access your network

How IBM Can Help

IBM Security QRadar continuously monitors the network and helps

identify anomalous activity in terms of location, applications accessed,

and more; logs network activity for future forensic investigations, to

help determine extent of breach

IBM Security Network IPS uses advanced behavioral analysis to

detect subtle communications with malicious destinations

Break-in 1

Latch-on 2

Expand 3

Gather 4

Exfiltrate 5

Stage 3: Expand

Your Challenge

APTs usually don’t infect the host containing target data; thus the

attacker needs to find the target data and gain access to it

They will perform reconnaissance to understand the network and

identify high-value assets

How IBM Can Help

IBM Security Privileged Identity Manager helps lock down user

accounts with access to high-value systems and data

IBM Security QRadar uses out-of-the-box analytics to look for

suspicious probing across the network – by correlating activity at big

data scale

IBM Security AppScan helps reduce the attack surface of enterprise

applications by identifying and prioritizing application vulnerabilities

Break-in 1

Latch-on 2

Expand 3

Gather 4

Exfiltrate 5

Stage 4: Gather

Your Challenge

Once the attacker has compromised your users & gained access to

sensitive data repositories, they explore what is available and begin

copying target data

How IBM Can Help

IBM InfoSphere Guardium continuously monitors databases and data

warehouses to identify suspicious access and protect sensitive data

IBM Security Network IPS helps block malicious behavior within (and

beyond) the network

IBM Security Privileged Identity Manager helps enforce access

policies

Break-in 1

Latch-on 2

Expand 3

Gather 4

Exfiltrate 5

Stage 5: Exfiltrate

Your Challenge

There are nearly unlimited ways to get acquired data off your network

How IBM Can Help

IBM X-Force Threat Intelligence identifies malicious sites, to help

block communications

IBM Security QRadar uses X-Force data to detect traffic to suspect

sites; performs activity baselining to help detect anomalous user

behavior based on type of activity, volume of data transfers, time of

day, location, etc.

IBM Security Network IPS helps stop encrypted traffic associated

with suspicious entities, and sensitive data transmission (eg, credit

card numbers)

Break-in 1

Latch-on 2

Expand 3

Gather 4

Exfiltrate 5

Security Is ……..