SlideShare uma empresa Scribd logo

Reducing IT Costs and Improving Security with Purpose Built Network Appliances

IBMGovernmentCA
IBMGovernmentCA

IBM is well qualified to provide security services due to its experience managing one of the largest internal IT infrastructures in the world. It operates security operations centers, research centers, and solution development centers around the world. IBM analyzes vast amounts of security data daily and has deep expertise in managing security incidents gained from its work securing over 3,300 clients globally.

Tecnologia
1 de 27
Baixar para ler offline
IBM Security Services Essential Practice: Managing Incidents with Intelligence Stewart Cawthray Chief Security Architect – GTS Security Services IBM Canada Ltd. October 2012 IBM Defense Summit – Ottawa © 2011 IBM Corporation
IBM Security Services IBM is well qualified to secure the enterprise One of the largest and most complex internal IT infrastructures in the world 2,000+ major 400,000+ employees 1M+ traditional sites Approx. 200,000+ endpoints 170+ contractors ~50% of employees countries are mobile Major Employee Sites Customer Fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers 2 © 2012 IBM Corporation
IBM Security Services IBM developed 10 essential practices required to achieve security intelligence Essential Practices 1. Build a risk aware 6. Control network culture and access and management assure resilience system Maturity based 7. Address new 2. Manage security approach S complexity of incidents with e in cur cloud and te ity intelligence llig en virtualization ce Automated O pt im 3. Defend the mobile 8. Manage third ize and social d party security Pr of workplace compliance ic ie n t Manual Ba 9. Secure data si 4. Secure services, c and protect by design Reactiv Proactiv privacy e e 5. Automate security 10. Manage the “hygiene” identity lifecycle 3 © 2012 IBM Corporation
IBM Security Services What problems are incidents causing and how do they happen? 4 4 © 2012 IBM Corporation
IBM Security Services Attacks are inevitable. Are you prepared? How well are they handled? Source: IBM X-Force ® Research and Development 5 © 2012 IBM Corporation
IBM Security Services A major security incident can significantly affect an organization’s data, business continuity and reputation LinkedIn sued for $5 Sony Pegs PSN Attack million over data breach Costs at $170 Million An Illinois woman has filed a $5 The Sony attacks in 2011 will million lawsuit against cost it 14 billion yen ($170 LinkedIn Corp, saying the million dollars) in increased social network violated customer support costs, promises to consumers by not welcome-back packages, having better security in place legal fees, lower sales and when more than 6 million measures to strengthen customer passwords were security, part of a $3.1B total stolen loss in 2011. In the event of a security breach, organizations need expert guidance Source: Reuters, June 2012 Source: Forbes, May 2011 to protect the availability of critical business systems, and to find and solve the root causes of the problem quickly. Vectors for attack are most often well-known vulnerabilities that should be addressed given a unified incident identification and management process These issues and their resulting impact were preventable should organizations have brought on a knowledgeable security partner early on Business + Technology = Incident 6 © 2012 IBM Corporation
IBM Security Services You can’t stop the attackers, but majority of incidents can be easily avoided through proactive measurements and intelligence TARGETED ATTACK DENIAL OF SERVICE INCIDENT INCIDENT INTELLIGENCE INCIDENT INCIDENT BREACH SYSTEM COMPROMISE APPLICATION CRASH DATA LEAGAGE SYSTEM OVERLOAD 7 © 2012 IBM Corporation
IBM Security Services Know thy self, know thy enemy. A thousand battles, a thousand victories. Security Intelligence is the gathering of information to identify and understand Threats, Risks and Opportunities. The data needed for actionable, quality intelligence is all round you. It is a good bet what you don’t know is what your attackers will use against you. 8 © 2012 IBM Corporation 8
IBM Security Services Security Intelligence Which of my systems is most vulnerable? What gets attacked the most? Are these targeted attacks, or automated attacks? Who is attacking me? Which department has the most security violations? Is my security awareness program effective? 9 © 2012 IBM Corporation 9
IBM Security Services Intelligence examples 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Normal Slammer Virus 14:55:20 accept gw.foobar.com >eth1 product VPN-1 & Firewall-1 src 10.5.5.1 s_port 4523 dst xxx.xxx.10.2 service http proto tcp xlatesrc xxx.xxx.146.12 rule 15 Code Red or Abnormal Nimba Virus 10 © 2012 IBM Corporation 10
IBM Security Services Organizations face four major challenges in operations around incident management Assumption Assumption Assumption #1: #2: #3: I am under Attackers No endpoint attack are device is right now. already in. secure. Organizations typically lack: Unified, cross-company policy and process for incident response Actionable insight and information upon which to act Incident management and forensic analysis tooling for remote system capture and analysis Resources or skills to actively respond to and investigate security incidents “Information is the new worldwide currency. Every piece of data is valuable to someone, somewhere, somehow” (IDC, Worldwide and U.S. Security Services Threat Intelligence 2011- 2014 Forecast) 11 © 2012 IBM Corporation
IBM Security Services Sources of Security Intelligence Log Files – Network (firewalls, routers, etc.) – System (event logs, access logs, syslogs) Network – Netflows (IP statistics from device interfaces) – Activity (bandwidth, utilization) – Togography People – Help Desk calls/tickets Services – Commercial feeds (X- Force, Secunia, etc.) 12 © 2012 IBM Corporation 12
IBM Security Services IBM help organizations define a roadmap and implement solutions to address these challenges and reach an optimized state S In ec te ur lli ity ge automated nc e O pt im iz ed Pr of ic ie nt manual Ba s ic reactive proactive 13 © 2012 IBM Corporation
IBM Security Services What should be done to address these challenges? 14 1 © 2012 IBM Corporation 4
IBM Security Services But I have logs Turning data into intelligence. 15 © 2012 IBM Corporation 15
IBM Security Services Which one of these steps should we take first? • Incident Response 4 Strategic Approach 1 Program Development Tactical Approach • Security Information & 3 2 Event Management • Forensic 2 Solution 3 Implementation • Emergency response 1 4 services with XFTAS 16 © 2012 IBM Corporation
IBM Security Services IBM is a provider of end-to-end services both proactively and reactively, helping clients achieve proficiency and optimization Challenge Recommendation Lack of unified incident Incident Response Program response policy and BASIC Development process Lack of resources or Emergency response services skills to respond to X-Force Threat Analysis PROFICIENT incidents Service Investment in forensic Forensic Solution tools for automation Implementation and analysis OPTIMIZED Need for actionable Security Information & Event insight and intelligence Management (SIEM) 17 © 2012 IBM Corporation
IBM Security Services Incident Response Program Development When an incident occurs, businesses need the right process, tools, and resources to respond and minimize impact Being prepared to minimize the impact of a security incident and to recover faster Protecting critical systems and data from downtime and/or information theft Analyzing the root cause of an incident and preventing its spread Restoring affected systems to normal operations Preventing similar incidents from causing future damage Meeting regulatory compliance requirements for incident response 18 © 2012 IBM Corporation
IBM Security Services Incident Response Program Development – continued The Incident Response Plan is the foundation on which all incident response and recovery activities are based • It specifically defines the organization, roles and responsibilities of the Computer Security Incident Response Team (CSIRT) • It should have criteria to assist an organization determine what is considered an incident versus an event • It defines escalation procedures to management, executive, legal, law enforcement, and media depending on incident conditions and severity • The plan and process should be fully tested via dry runs and incident mock tests A well-developed plan provides a framework for effectively responding to any number of potential security incidents 19 © 2012 IBM Corporation
IBM Security Services Emergency response services Without the need of in-house expertise, IBM emergency response subscription service can provide real-time, on-site support – Clients retain expert security consultants prior to an incident in order to better prepare, manage and respond; subscription includes: • Incident response • Incident management • Basic data acquisition • In-depth data analysis – Subscription includes activities designed to manage incident response from an end to end perspective • Prevention • Intelligence gathering • Containment • Eradication • Recovery • Compliance 20 © 2012 IBM Corporation
IBM Security Services X-Force Threat Analysis Service (XFTAS) X-Force Threat Analysis Service provides customized security intelligence about a wide array of threats with global insight – Offers detailed analyses of global online threat conditions and includes: • Up-to-the minute, customized security information about threats and vulnerabilities • Expert analysis and correlation of global security threats • Actionable data and recommendations that help clients maintain their network security 21 © 2012 IBM Corporation
IBM Security Services Forensic Solution Implementation Examples of tools that can be deployed to improve defense and automate the incident response and forensic analysis process DDoS Prevention Malware / APT Forensics Defense Analysis 22 © 2012 IBM Corporation
IBM Security Services Security Information & Event Management (SIEM) Are we What are the What is configured What was the external and happening right to protect against impact? internal threats? now? these threats? Prediction & Reaction & Prevention Risk Management. Vulnerability Management. Remediation SIEM. Log Management. Incident Configuration Monitoring. Patch Response. Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Compliance Management. Reporting and Forensics. Scorecards. Database Activity Monitoring. Data Loss Prevention. 23 © 2012 IBM Corporation
IBM Security Services With great power comes great responsibility “ A fool with a tool is still a fool” Security Intelligence still requires experienced, knowledgeable professionals – Understand the log data formats – Understand the risks presented by the gathered intelligence – Present the intelligence to decision makers Managed Security Intelligence – In house managed solutions – Outsourced managed solutions 24 © 2012 IBM Corporation 24
IBM Security Services ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change 25 at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended © 2012 IBM Corporation to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
IBM Security Services Trademarks and notes IBM Corporation 2012 IBM, the IBM logo, the IBM Business Partner emblem, ibm.com, Rational, AppScan, smarter planet and X-Force are registered trademarks, and other company, product or service names may be trademarks or service marks of International Business Machines Corporation in the United States, other countries, or both. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Adobe, the Adobe logo, PostScript, the PostScript logo, Cell Broadband Engine, Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, IT Infrastructure Library, ITIL, Java and all Java-based trademarks, Linux, Microsoft, Windows, Windows NT, the Windows logo, and UNIX are trademarks or service marks of others as described under “Special attributions” at: http://www.ibm.com/legal/copytrade.shtml#section-special Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. 26 © 2012 IBM Corporation
IBM Security Services Why IBM? Research and Operations Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches World Wide Managed IBM 10B analyzed Web Security Services Coverage Research pages & images 150M intrusion attempts 20,000+ devices under contract daily 3,300 GTS service delivery 40M spam & phishing experts attacks 3,700+ MSS clients 46K documented worldwide vulnerabilities 15B+ events managed per day 27 Millions of unique malware © 2012 IBM Corporation 1,000+ security patents samples

Recomendados

Surveillance Of Objects
Surveillance Of ObjectsSurveillance Of Objects
Surveillance Of Objectseduardlemmens
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Dmitry Tseitlin
 
The METISfiles - Data Centers and the Cloud
The METISfiles - Data Centers and the CloudThe METISfiles - Data Centers and the Cloud
The METISfiles - Data Centers and the CloudPim Bilderbeek
 
Presentatie peter vink back to the future, TASS technology solutions
Presentatie peter vink back to the future, TASS technology solutionsPresentatie peter vink back to the future, TASS technology solutions
Presentatie peter vink back to the future, TASS technology solutions#devdate
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 
Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
What Apache Stanbol Can Do for You
What Apache Stanbol Can Do for YouWhat Apache Stanbol Can Do for You
What Apache Stanbol Can Do for YouFabian Christ
 
Secura Security India Overview
Secura Security India OverviewSecura Security India Overview
Secura Security India OverviewSecura Security Guard Services
 

Recomendados

Surveillance Of Objects
Surveillance Of ObjectsSurveillance Of Objects
Surveillance Of Objectseduardlemmens
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Dmitry Tseitlin
 
The METISfiles - Data Centers and the Cloud
The METISfiles - Data Centers and the CloudThe METISfiles - Data Centers and the Cloud
The METISfiles - Data Centers and the CloudPim Bilderbeek
 
Presentatie peter vink back to the future, TASS technology solutions
Presentatie peter vink back to the future, TASS technology solutionsPresentatie peter vink back to the future, TASS technology solutions
Presentatie peter vink back to the future, TASS technology solutions#devdate
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 
Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
What Apache Stanbol Can Do for You
What Apache Stanbol Can Do for YouWhat Apache Stanbol Can Do for You
What Apache Stanbol Can Do for YouFabian Christ
 
Secura Security India Overview
Secura Security India OverviewSecura Security India Overview
Secura Security India OverviewSecura Security Guard Services
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
IBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the CloudIBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the CloudVincent Kwon
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
EMC & Techno Vision
EMC & Techno VisionEMC & Techno Vision
EMC & Techno VisionRuud van Zutphen ⛅️
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Centervsarathy
 
04812167
0481216704812167
04812167ankushsawarkar
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.[x]cube LABS
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...owaspindia
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
IBM Virtual Desktop Virtualization
IBM Virtual Desktop VirtualizationIBM Virtual Desktop Virtualization
IBM Virtual Desktop VirtualizationIBM Sverige
 
Bridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmBridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmMarketing Network marcus evans
 
Hacking case-studies
Hacking case-studiesHacking case-studies
Hacking case-studiesvenkadesh Prasath
 
Symantec Solutions
Symantec SolutionsSymantec Solutions
Symantec Solutionstwelling
 
Dynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideDynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideClear Technologies
 
Cge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsCge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsIBMGovernmentCA
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 

Mais conteúdo relacionado

Semelhante a Reducing IT Costs and Improving Security with Purpose Built Network Appliances

eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
IBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the CloudIBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the CloudVincent Kwon
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Arrow ECS UK
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Centervsarathy
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.[x]cube LABS
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...owaspindia
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
IBM Virtual Desktop Virtualization
IBM Virtual Desktop VirtualizationIBM Virtual Desktop Virtualization
IBM Virtual Desktop VirtualizationIBM Sverige
 
Symantec Solutions
Symantec SolutionsSymantec Solutions
Symantec Solutionstwelling
 
Dynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideDynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideClear Technologies
 

Semelhante a Reducing IT Costs and Improving Security with Purpose Built Network Appliances (20)

eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
IBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the CloudIBM Tivoli - Security Solutions for the Cloud
IBM Tivoli - Security Solutions for the Cloud
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
EMC & Techno Vision
EMC & Techno VisionEMC & Techno Vision
EMC & Techno Vision
 
Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4Security brochure 2012_ibm_v1_a4
Security brochure 2012_ibm_v1_a4
 
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data CenterCloud Computing through FCAPS Managed Services in a Virtualized Data Center
Cloud Computing through FCAPS Managed Services in a Virtualized Data Center
 
04812167
0481216704812167
04812167
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.
 
International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...International approaches to critical information infrastructure protection ...
International approaches to critical information infrastructure protection ...
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric Approach
 
IBM Virtual Desktop Virtualization
IBM Virtual Desktop VirtualizationIBM Virtual Desktop Virtualization
IBM Virtual Desktop Virtualization
 
Bridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasmBridging the Marketing-Sales chasm
Bridging the Marketing-Sales chasm
 
Hacking case-studies
Hacking case-studiesHacking case-studies
Hacking case-studies
 
Symantec Solutions
Symantec SolutionsSymantec Solutions
Symantec Solutions
 
Dynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideDynamic Log Analysis Product Guide
Dynamic Log Analysis Product Guide
 

Mais de IBMGovernmentCA

Cge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsCge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsIBMGovernmentCA
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsInvestigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsIBMGovernmentCA
 
CEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeCEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeIBMGovernmentCA
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM CapabilitiesIBMGovernmentCA
 
Business Process Management
Business Process ManagementBusiness Process Management
Business Process ManagementIBMGovernmentCA
 
Information Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsInformation Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsIBMGovernmentCA
 
Smarter Computing Integrated Systems
Smarter Computing Integrated SystemsSmarter Computing Integrated Systems
Smarter Computing Integrated SystemsIBMGovernmentCA
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsIBMGovernmentCA
 
Perspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementPerspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementIBMGovernmentCA
 
Improving Defence Program Execution
Improving Defence Program ExecutionImproving Defence Program Execution
Improving Defence Program ExecutionIBMGovernmentCA
 
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsA Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsIBMGovernmentCA
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...IBMGovernmentCA
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeIBMGovernmentCA
 
Analytics for Smarter Defence
Analytics for Smarter DefenceAnalytics for Smarter Defence
Analytics for Smarter DefenceIBMGovernmentCA
 
Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...IBMGovernmentCA
 

Mais de IBMGovernmentCA (20)

Cge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analyticsCge leadership summit ibm presentation public sector analytics
Cge leadership summit ibm presentation public sector analytics
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsInvestigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
 
CEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of ChangeCEO Study Insights; Career Resiliency In Time of Change
CEO Study Insights; Career Resiliency In Time of Change
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM Capabilities
 
Business Process Management
Business Process ManagementBusiness Process Management
Business Process Management
 
Information Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and SolutionsInformation Governance for Smarter Government Strategy and Solutions
Information Governance for Smarter Government Strategy and Solutions
 
Smarter Computing Integrated Systems
Smarter Computing Integrated SystemsSmarter Computing Integrated Systems
Smarter Computing Integrated Systems
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter Governments
 
Perspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service ManagementPerspectives and Case Studies on Effective Theatre Base Service Management
Perspectives and Case Studies on Effective Theatre Base Service Management
 
Improving Defence Program Execution
Improving Defence Program ExecutionImproving Defence Program Execution
Improving Defence Program Execution
 
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational AnalyticsA Hybrid Technology Platform for Increasing the Speed of Operational Analytics
A Hybrid Technology Platform for Increasing the Speed of Operational Analytics
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information Challenge
 
Analytics for Smarter Defence
Analytics for Smarter DefenceAnalytics for Smarter Defence
Analytics for Smarter Defence
 
Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...Keynote phaedra boinodiris serious games beyond training from process optim...
Keynote phaedra boinodiris serious games beyond training from process optim...
 
Where Ideas Come From
Where Ideas Come FromWhere Ideas Come From
Where Ideas Come From
 
What Are The Chances
What Are The ChancesWhat Are The Chances
What Are The Chances
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Reducing IT Costs and Improving Security with Purpose Built Network Appliances

  • 1. IBM Security Services Essential Practice: Managing Incidents with Intelligence Stewart Cawthray Chief Security Architect – GTS Security Services IBM Canada Ltd. October 2012 IBM Defense Summit – Ottawa © 2011 IBM Corporation
  • 2. IBM Security Services IBM is well qualified to secure the enterprise One of the largest and most complex internal IT infrastructures in the world 2,000+ major 400,000+ employees 1M+ traditional sites Approx. 200,000+ endpoints 170+ contractors ~50% of employees countries are mobile Major Employee Sites Customer Fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers 2 © 2012 IBM Corporation
  • 3. IBM Security Services IBM developed 10 essential practices required to achieve security intelligence Essential Practices 1. Build a risk aware 6. Control network culture and access and management assure resilience system Maturity based 7. Address new 2. Manage security approach S complexity of incidents with e in cur cloud and te ity intelligence llig en virtualization ce Automated O pt im 3. Defend the mobile 8. Manage third ize and social d party security Pr of workplace compliance ic ie n t Manual Ba 9. Secure data si 4. Secure services, c and protect by design Reactiv Proactiv privacy e e 5. Automate security 10. Manage the “hygiene” identity lifecycle 3 © 2012 IBM Corporation
  • 4. IBM Security Services What problems are incidents causing and how do they happen? 4 4 © 2012 IBM Corporation
  • 5. IBM Security Services Attacks are inevitable. Are you prepared? How well are they handled? Source: IBM X-Force ® Research and Development 5 © 2012 IBM Corporation
  • 6. IBM Security Services A major security incident can significantly affect an organization’s data, business continuity and reputation LinkedIn sued for $5 Sony Pegs PSN Attack million over data breach Costs at $170 Million An Illinois woman has filed a $5 The Sony attacks in 2011 will million lawsuit against cost it 14 billion yen ($170 LinkedIn Corp, saying the million dollars) in increased social network violated customer support costs, promises to consumers by not welcome-back packages, having better security in place legal fees, lower sales and when more than 6 million measures to strengthen customer passwords were security, part of a $3.1B total stolen loss in 2011. In the event of a security breach, organizations need expert guidance Source: Reuters, June 2012 Source: Forbes, May 2011 to protect the availability of critical business systems, and to find and solve the root causes of the problem quickly. Vectors for attack are most often well-known vulnerabilities that should be addressed given a unified incident identification and management process These issues and their resulting impact were preventable should organizations have brought on a knowledgeable security partner early on Business + Technology = Incident 6 © 2012 IBM Corporation
  • 7. IBM Security Services You can’t stop the attackers, but majority of incidents can be easily avoided through proactive measurements and intelligence TARGETED ATTACK DENIAL OF SERVICE INCIDENT INCIDENT INTELLIGENCE INCIDENT INCIDENT BREACH SYSTEM COMPROMISE APPLICATION CRASH DATA LEAGAGE SYSTEM OVERLOAD 7 © 2012 IBM Corporation
  • 8. IBM Security Services Know thy self, know thy enemy. A thousand battles, a thousand victories. Security Intelligence is the gathering of information to identify and understand Threats, Risks and Opportunities. The data needed for actionable, quality intelligence is all round you. It is a good bet what you don’t know is what your attackers will use against you. 8 © 2012 IBM Corporation 8
  • 9. IBM Security Services Security Intelligence Which of my systems is most vulnerable? What gets attacked the most? Are these targeted attacks, or automated attacks? Who is attacking me? Which department has the most security violations? Is my security awareness program effective? 9 © 2012 IBM Corporation 9
  • 10. IBM Security Services Intelligence examples 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Normal Slammer Virus 14:55:20 accept gw.foobar.com >eth1 product VPN-1 & Firewall-1 src 10.5.5.1 s_port 4523 dst xxx.xxx.10.2 service http proto tcp xlatesrc xxx.xxx.146.12 rule 15 Code Red or Abnormal Nimba Virus 10 © 2012 IBM Corporation 10
  • 11. IBM Security Services Organizations face four major challenges in operations around incident management Assumption Assumption Assumption #1: #2: #3: I am under Attackers No endpoint attack are device is right now. already in. secure. Organizations typically lack: Unified, cross-company policy and process for incident response Actionable insight and information upon which to act Incident management and forensic analysis tooling for remote system capture and analysis Resources or skills to actively respond to and investigate security incidents “Information is the new worldwide currency. Every piece of data is valuable to someone, somewhere, somehow” (IDC, Worldwide and U.S. Security Services Threat Intelligence 2011- 2014 Forecast) 11 © 2012 IBM Corporation
  • 12. IBM Security Services Sources of Security Intelligence Log Files – Network (firewalls, routers, etc.) – System (event logs, access logs, syslogs) Network – Netflows (IP statistics from device interfaces) – Activity (bandwidth, utilization) – Togography People – Help Desk calls/tickets Services – Commercial feeds (X- Force, Secunia, etc.) 12 © 2012 IBM Corporation 12
  • 13. IBM Security Services IBM help organizations define a roadmap and implement solutions to address these challenges and reach an optimized state S In ec te ur lli ity ge automated nc e O pt im iz ed Pr of ic ie nt manual Ba s ic reactive proactive 13 © 2012 IBM Corporation
  • 14. IBM Security Services What should be done to address these challenges? 14 1 © 2012 IBM Corporation 4
  • 15. IBM Security Services But I have logs Turning data into intelligence. 15 © 2012 IBM Corporation 15
  • 16. IBM Security Services Which one of these steps should we take first? • Incident Response 4 Strategic Approach 1 Program Development Tactical Approach • Security Information & 3 2 Event Management • Forensic 2 Solution 3 Implementation • Emergency response 1 4 services with XFTAS 16 © 2012 IBM Corporation
  • 17. IBM Security Services IBM is a provider of end-to-end services both proactively and reactively, helping clients achieve proficiency and optimization Challenge Recommendation Lack of unified incident Incident Response Program response policy and BASIC Development process Lack of resources or Emergency response services skills to respond to X-Force Threat Analysis PROFICIENT incidents Service Investment in forensic Forensic Solution tools for automation Implementation and analysis OPTIMIZED Need for actionable Security Information & Event insight and intelligence Management (SIEM) 17 © 2012 IBM Corporation
  • 18. IBM Security Services Incident Response Program Development When an incident occurs, businesses need the right process, tools, and resources to respond and minimize impact Being prepared to minimize the impact of a security incident and to recover faster Protecting critical systems and data from downtime and/or information theft Analyzing the root cause of an incident and preventing its spread Restoring affected systems to normal operations Preventing similar incidents from causing future damage Meeting regulatory compliance requirements for incident response 18 © 2012 IBM Corporation
  • 19. IBM Security Services Incident Response Program Development – continued The Incident Response Plan is the foundation on which all incident response and recovery activities are based • It specifically defines the organization, roles and responsibilities of the Computer Security Incident Response Team (CSIRT) • It should have criteria to assist an organization determine what is considered an incident versus an event • It defines escalation procedures to management, executive, legal, law enforcement, and media depending on incident conditions and severity • The plan and process should be fully tested via dry runs and incident mock tests A well-developed plan provides a framework for effectively responding to any number of potential security incidents 19 © 2012 IBM Corporation
  • 20. IBM Security Services Emergency response services Without the need of in-house expertise, IBM emergency response subscription service can provide real-time, on-site support – Clients retain expert security consultants prior to an incident in order to better prepare, manage and respond; subscription includes: • Incident response • Incident management • Basic data acquisition • In-depth data analysis – Subscription includes activities designed to manage incident response from an end to end perspective • Prevention • Intelligence gathering • Containment • Eradication • Recovery • Compliance 20 © 2012 IBM Corporation
  • 21. IBM Security Services X-Force Threat Analysis Service (XFTAS) X-Force Threat Analysis Service provides customized security intelligence about a wide array of threats with global insight – Offers detailed analyses of global online threat conditions and includes: • Up-to-the minute, customized security information about threats and vulnerabilities • Expert analysis and correlation of global security threats • Actionable data and recommendations that help clients maintain their network security 21 © 2012 IBM Corporation
  • 22. IBM Security Services Forensic Solution Implementation Examples of tools that can be deployed to improve defense and automate the incident response and forensic analysis process DDoS Prevention Malware / APT Forensics Defense Analysis 22 © 2012 IBM Corporation
  • 23. IBM Security Services Security Information & Event Management (SIEM) Are we What are the What is configured What was the external and happening right to protect against impact? internal threats? now? these threats? Prediction & Reaction & Prevention Risk Management. Vulnerability Management. Remediation SIEM. Log Management. Incident Configuration Monitoring. Patch Response. Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Compliance Management. Reporting and Forensics. Scorecards. Database Activity Monitoring. Data Loss Prevention. 23 © 2012 IBM Corporation
  • 24. IBM Security Services With great power comes great responsibility “ A fool with a tool is still a fool” Security Intelligence still requires experienced, knowledgeable professionals – Understand the log data formats – Understand the risks presented by the gathered intelligence – Present the intelligence to decision makers Managed Security Intelligence – In house managed solutions – Outsourced managed solutions 24 © 2012 IBM Corporation 24
  • 25. IBM Security Services ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change 25 at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended © 2012 IBM Corporation to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
  • 26. IBM Security Services Trademarks and notes IBM Corporation 2012 IBM, the IBM logo, the IBM Business Partner emblem, ibm.com, Rational, AppScan, smarter planet and X-Force are registered trademarks, and other company, product or service names may be trademarks or service marks of International Business Machines Corporation in the United States, other countries, or both. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Adobe, the Adobe logo, PostScript, the PostScript logo, Cell Broadband Engine, Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, IT Infrastructure Library, ITIL, Java and all Java-based trademarks, Linux, Microsoft, Windows, Windows NT, the Windows logo, and UNIX are trademarks or service marks of others as described under “Special attributions” at: http://www.ibm.com/legal/copytrade.shtml#section-special Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. 26 © 2012 IBM Corporation
  • 27. IBM Security Services Why IBM? Research and Operations Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches World Wide Managed IBM 10B analyzed Web Security Services Coverage Research pages & images 150M intrusion attempts 20,000+ devices under contract daily 3,300 GTS service delivery 40M spam & phishing experts attacks 3,700+ MSS clients 46K documented worldwide vulnerabilities 15B+ events managed per day 27 Millions of unique malware © 2012 IBM Corporation 1,000+ security patents samples