CONFIDENTIAL | www.mobily.com.sa

Security Strategies

Security Operation Optimization

www.mobily.com.sa

2 01-May-14

Agenda

Security Outlook

Security Importance & Challenges

Security Indexing

Why Mobily-IBM?

Security Solutions

3 01-May-14

Security Outlook

All websites had at least one

serious vulnerability

Organizations perform some amount of application testing

193 days for resolving serious

vulnerabilities from first notification

organizations have a Web Application Firewall (WAF)

Organizations perform amount software security training for programmers

11% more

vulnerabilities

8% Resolved

Slower

7% Lower

Remediation

Rate

#1 driver for resolving vulnerabilities

was “COMPLIANCE”, narrowly ahead

of "RISK REDUCTION"

Source: White Hat Report, May 2013

4 01-May-14

Brand

Reputation

& Business

Results

Board Discussion Attacks Become More Sophisticated & Targeted

CEO

Business

Continuity &

Audit Risk

COO

Improve

Security

Posture &

Systems

Availability

CTO/CIO

Cost

Reduction

CFO

Maintaining

Skilled

Personnel

CHRO

5 01-May-14

Security Challenges

Compliance

Expenses Addressing Risk Skilled Personnel

Complexity of

Controlling Agile Operation

Mobility Cloud / Virtualization Social Business

Impacting Speed to Innovation

Business Intelligence

6 01-May-14

Do You Think, You Are Secured?! Bad-Good Real Life Example

MANAGE, MONITOR, CORRELATE, REPORT, & REMEDIATE

REVISIT YOUR SECURITY ENVIRONMENT

PEOPLE PROCESSES TECHNOLOGY

7 01-May-14

Do You Think, You Are Secured?! Security Breaches

7th April Attacks “On April 7, 2014, we call upon our brothers and sisters to hack, deface, hijack, database leak, admin takeover, and DNS terminate Israeli cyberspace by any means necessary,” … following this threaten statement in March-2014, many warnings were executed, and many websites went down for sometime The first cyber-attacks under the name OpIsrael were launched by Anonymous during and Israeli assault on Gaza in November 2012. Around 700 Israeli websites, including high-profile government setups such as the Foreign Ministry and the Israeli President's official website, were taken down. Following the attack, Anonymous posted the personal data of 5,000 Israeli officials online. The websites of the Israeli parliament, ministries and other government organizations stopped operating for some time on April 7, 2013.

8 01-May-14

Do You Think, You Are Secured?! Security Attacks

2012 2013 2014 2011

9 01-May-14

Respond Faster and Smarter

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows anyone on the Internet stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

10 01-May-14

1. Most comprehensive Vulnerability Database in the world • Over 68,000 unique vulnerabilities

cataloged • Entries date back to the 1990’s

2. Updated daily by a dedicated research team 3. The X-Force database currently tracks over…

• 8000 Vendors • 17,000 Products • 40,000 Versions

Security Intelligence Service

IBM X-Force® Threat Analysis Service (XFTAS) is a security intelligence service that delivers customized information about a wide array of threats that could affect your

network security.

11 01-May-14

World-Class Security Technology Services Provider Leader in the market

Security Consulting Services Managed Security Services

Provider (MSSP)

Source: Gartner & Forrester

SIEM Solution

12 01-May-14

State of Art SOC

• 10 Security Operations Centers • 3,700+ MSS clients worldwide • 20,000+ security devices • 15B+ security events daily

• Recording over 30k incident daily • Monitoring in 133 countries • Using a grid of 725+ systems • Maintaining 99.9+% availability

MSS Global Facts and Figures

Riyadh, KSA

Riyadh Malga 2 Data Center

13 01-May-14

Cloud Security Services

Hosted vulnerability management services

Hosted security event and log management services

X-Force® Threat Analysis System

Security

Requirements

Managed and monitored firewall services

Managed Intrusion Protection System (IPS) and Intrusion Detection System (IDS) services

Managed Unified Threat Management (UTM) services

Managed Security Services

The Managed Security Services (MSS) provide 24/7/365 monitoring and management of security technologies and threat analysis, and single management console of the client’s

entire security infrastructure

Managed Security Services

Professional Security Services

14 01-May-14

Vulnerability Management

Service

Security Information

& Event Management

(SIEM)

Security Event & Log

Management (SELM)

Source Code Review

Managed Network Security Service

(FW, IPS/IDS, UTM)

Penetration Testing

SOC Assessment

Data Classification

and DLP

Identity & Access

Management

ISO 27001

Certification

Fortify Your Business

Turnkey Security Solutions

15 01-May-14

360o Security

Protection

People

Applications

Data

Infrastructure

Threat Intelligence

Intelligent Security Monitoring

"Managed Security Services

(MSS) will allow MoE to turn an in-house security daily operations management into hybrid turnkey security solution. In addition, MSS will improve the security posture, and keep MoE updated with the worldwide security landscape; so we can respond proactively to potential

threats." Mr. Abdullah Aleid,

GM information Security, Ministry of Education (MoE), KSA

CONFIDENTIAL | www.mobily.com.sa

THANK YOU

CONFIDENTIAL | www.mobily.com.sa