SlideShare uma empresa Scribd logo

Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence

Transferir como PPTX, PDF
IBM Security
IBM Security

Although the majority of organizations subscribe to threat intelligence feeds to enhance their security decision making, it's difficult to take full advantage of true insights due to the overwhelming amounts of information available. Even with an integrated security operations portfolio to identify and respond to threats, many companies don't take full advantage of the benefits of external context that threat intelligence brings to identify true indicators of compromise. By taking advantage of both machine- and human-generated indicators within a collaborative threat intelligence platform, security analysts can streamline investigations and speed the time to action. Join this webinar to hear from the IBM Security Chief Technology Officer for Threat Intelligence to learn: How the IBM Security Operations and Response architecture can help you identify and response to threats faster Why threat intelligence is a fundamental component of security investigations How to seamlessly integrate threat intelligence into existing security solutions for immediate action

Tecnologia
1 de 30
Orchestrating Your Security Defenses with Threat Intelligence August 15, 2017 Sam Dillingham Senior Offering Manager IBM X-Force Pamela Cobb Portfolio Manager IBM X-Force
2 IBM Security Today’s agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
3 IBM Security It takes too long to make information actionable Analysts can’t separate the signal from the noise Data is gathered from untrusted sources 1 Source: ESG Global 65% of enterprise firms use external threat intelligence to enhance their security decision making 1 Security teams often lack critical support to make the most of these resources.
4 IBM Security More companies are sharing and consuming threat intelligence 1. Timely and early warning of relevant threats to stay a step ahead 2. Increased visibility to emerging threats as more organizations benefit from other organization’s detections 3. Validation and prioritization of threats based on context of suspicious activity 4. Faster and more orchestrated response through enrichment of incidents with IoCs 5. More awareness of targets and tactics to help plan, build and evolve your security strategy How to Collect, Refine, Utilize and Create Threat Intelligence Gartner, Oct 2016 IBM and Business Partner Use Only
5 IBM Security IBM X-Force Exchange is a threat intelligence sharing platform designed to help security teams research, collaborate and integrate. xforce.ibmcloud.com IBM and Business Partner Use Only
6 IBM Security Collections streamline security investigations with research from curated content Groups allow public or private collaboration to validate threats and develop response plans Integrations strengthen security solutions and provide additional threat intelligence • Validate findings • Aid in forensic investigations • Provide tactical / strategic intelligence • Address investigations • Enable research workflow • Interact with X-Force research community • X-Force Exchange SDK / API / STIX / TAXII • Threat Feed Manager • Free / commercial usage IBM and Business Partner Use Only
7 IBM Security Today’s agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
8 IBM Security for threat intelligence use cases Real-time blocking Security operations Threat research & hunting
9 IBM Security Use Case 1: Real-time blocking Usage • Blocking access to known malicious actors • Can include IPs, domains, URLs, etc. • Implemented by firewalls, IPSes, proxies, and other security devices Critical Factors • Speed in making blocking decisions • Scoring flexibility to set a threshold of what to block • Frequent incremental updates to minimize performance impact Delivery Route • Software development kits (SDKs) • Block lists
10 IBM Security In IBM X-Force Exchange, classification and scoring for URLs and IP addresses combines results of multiple analyses.
11 IBM Security Web applications are scored on several risk factors
12 IBM Security Use Case 2: Security Operations Usage • Maps threat intelligence to data observed in your environment • Includes intelligence that can be mapped to network and host- based indicators • Integration with operational tools, such as SIEM and incident response Critical Factors • Support for open standards for easy integration into existing solutions • Pivotability among indicators to aid in rapid investigation • Completeness of data Delivery Route • STIX/TAXII feeds • Cybox
13 IBM Security The use of open standards maximizes interoperability with existing systems  API queries based on query/response model for threat intelligence  Leverages basic authentication  Load balanced to support traffic loads  Node SDK module available  TAXII services provided to access threat intelligence  Supports STIX/Cybox objects JSON RESTful API STIX / TAXII Standards Support
14 IBM Security Use Threat Intelligence through open STIX/TAXII format Use reference sets for correlation, searching, reporting • Load threat indicators in Collections into QRadar Reference sets • Create custom rule response to post IOCs to Collection • Bring Watchlists of IP addresses from X-Force Exchange and create a rule to raise the magnitude of any offense that includes the IP Watchlist IBM and Business Partner Use Only
15 IBM Security Use Case 3: Threat Research and Hunting Usage • Research of potential threats that may or may not yet be affecting your organization • Can be done via a web-based UI or API Critical Factors • Scriptable access of data in an easy-to-use manner • Aggregation of multiple intelligence sources (from different vendors) into a single stream • Flexible search Delivery Route • REST-based API • Research platforms with web interfaces
16 IBM Security X-Force global threat intelligence delivers a wide range of benefits Higher Order Intelligence Observables and Indicators Actors Campaigns Incidents TTPs Vulnerabilities MalwareAnti-SpamWeb App Control IP ReputationURL / Web Filtering
17 IBM Security Correlation of indicators and higher-order intelligence is critical 173.242.117.120 is a malware C&C server djs14.com is a malware C&C server CVE-2013-3029 is an Excel vulnerability abc@xyz.com sends SPAM Organization Y is a threat actor Indicator Feeds Correlated Threat Intelligence 173.242.117.120 is a malware C&C server … which is associated with PoSeidon malware family targeted against retailers used by attackers in country X, Y and Z to steal credit card information from PoS systems Communicates with C&C servers: 173.242.117.120, 203.19.201.20 C&C domains: djs14.com, jdjnci.net Twitter feed @malwarecommander Infects via drive-by download exploiting CVE-2015-2093 malicious Excel file exploiting CVE-2013-3029 email attachment from abc@xyz.com Host indicators Registry keys A, B, C Processes D, E, F Event log entries G, H Memory fingerprint J, K vs.
18 IBM Security Correlation provides pivotability to accelerate threat investigation Network traffic to C&C IP observed Malware associated with C&C server Other C&C IPs for the malware Host IoCs for the malware Actor/ campaign details Infection method details What does this communication mean? What is the attacker after? How did they get in? Where else are they? How do I verify infections? Send indicators to EDR tool Correlate CVEs to SIEM vuln scansCorrelate IPs to flow data in SIEM Understand motivations, report to exec mgt Initiate patchingInvestigate exfiltration Quarantine infected endpoints
19 IBM Security X-Force Exchange Collections streamline security investigations Higher Order Intelligence Free text area of the Collection is used to organize Identifiers, Campaigns, TTPs, TLP status, and other pertinent details. Observables & Indicators Related reports on URL / IP reputation, malware, vulnerabilities, and related attachments
20 IBM Security Agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
21 IBM Security 20,000+ devices under contract 20B events managed per day 133 monitored countries 3,700+ security-related patents 270M endpoints monitored for malware 38B analyzed web pages and images 8M spam and phishing attacks daily 850K malicious IP addresses 113K documented vulnerabilities Millions of unique malware samples As of May 2017 The scale of IBM Security brings unique breadth and depth to X-Force threat intelligence
22 IBM Security SDK X-Force Threat Intelligence can be integrated into security solutions via multiple methods IBM CONFIDENTIAL - LIMIT DISTRIBUTION UNTIL MAY 16 Data & intelligence sources Analytics Engine IBM Security Products OEM SDK Platform Users Open API Com- mercial API APIPortal Threat Intelligence Content pDNS Whois information Collections Higher Order Intelligence Vulnerabilities Malware Sandbox Malware Families IP Reputation URL Reputation Web Applications Delivery Layer Threat integration Threat consumers Platform Layer XFMA XGS Platform Users
23 IBM Security There is a comprehensive range of Threat Intelligence available via API Indicators/Content Details Vulnerabilities Risk score (CVSS), Exploit characteristics, Exploit consequences, Remedy information, Affected Products, Protection information (e.g. references for IPS, Vulnerability Assessment content), and External references Malware Disposition, Hash value, First observed, Malware family, Vendors covering (%), Download sources, Command and Control Servers, Email sources, and Email subjects Malware Families First/Last Observance, and Associated hash values (MD5) / IP Reputation Risk score (1-10), Geolocation, Applications associated, Malware associated, Categorization – current and historical with confidence value (1-100%), Passive DNS information, Subnet reputation URL Reputation Risk score (1-10), Applications associated, Categorization – current and historical, DNS information Web Applications Risk score, Categorization, Base URL, Vulnerabilities, Hosting URLs, and Hosting IPs pDNS Passive DNS information Whois information Registrant information – name, organization, country, and e-mail. IBM Network Protection Monthly XPU Content, as well as each signature, date of its release, and the vulnerability for which it provides coverage Collections Curated content on specific security investigations, including both structured and unstructured content. Higher Order Intelligence Cybox objects such as campaign, threat actor, tools, tactics, procedures, course of action, and indicator information, as part of the collections.
24 IBM Security IBM Security App Exchange Driving the evolution of collaborative defense  Access user and business partner innovations  Extend IBM Security solution functionality to new use cases  Download validated security apps from a single platform A platform for security collaboration https://apps.xforce.ibmcloud.com
25 IBM Security React faster, coordinate better, respond smarter to incidents Single Hub Provides Easy Workflow Customization and Process Automation • Helps cyber security teams orchestrate IR process and manage and respond to incidents faster, better and more intelligently • Drives down response times by streamlining the process of escalating and managing incidents • Ensures consistency and adherence to regulatory requirements and legal obligations • Automates time-consuming tasks • Leverages staff more effectively
26 IBM Security IBM X-Force Malware Analysis Submit suspicious files directly into IBM X-Force Exchange Automate suspicious file investigation Act on in-depth intelligence reports Access anywhere, anytime with a scalable cloud architecture IBM and Business Partner Use Only
27 IBM Security A diversified financial services company greatly improved their threat research capabilities and collaboration workflows “I didn’t realize I was on X-Force Exchange that much. The collaboration capabilities and threat intelligence are highly valuable to me and a great help to my challenges and activities throughout each day.” -Network Security Analyst II Business challenge  Need for curated threat research to complement their SIEM  Lack of internal collaboration in the threat investigation process IBM X-Force Exchange with IBM QRadar Helped better defend the organization’s network from attacks, scans and phishing attempts on a daily basis, using IP / URL reputation data, geo-location status of IPs, vulnerability data, md5 detail and shared collections from X-Force Exchange in conjunction with IBM QRadar. Research, collaborate and integrate
28 IBM Security Agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
29 IBM Security Helpful Resources X-Force Exchange • Try it: xforce.ibmcloud.com • API: https://api.xforce.ibmcloud.com/doc/ General X-Force information: • X-Force blogs on SecurityIntelligence.com • IBM X-Force Threat Intelligence Report for 2017 • IBM Interactive Security Incidents website to stay up to date on latest verified breaches IBM/BUSINESS PARTNER USE Contact Us! Sam Dillingham, sam.dillingham@us.ibm.com, Sr Offering Manager Pamela Cobb, pcobb@us.ibm.com, Portfolio Manager
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. FOLLOW US ON: THANK YOU

Recomendados

Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 

Recomendados

Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security StrategyCamilo Fandiño Gómez
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...IBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 

Mais procurados (20)

Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 

Semelhante a Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...IBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxDmitry718707
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorFMA Summits
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
Splunk für Security
Splunk für SecuritySplunk für Security
Splunk für SecuritySplunk
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 

Semelhante a Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence (20)

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptx
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security Session
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Splunk für Security
Splunk für SecuritySplunk für Security
Splunk für Security
 
IBM X-Force Research
IBM X-Force ResearchIBM X-Force Research
IBM X-Force Research
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 

Mais de IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 

Mais de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
 

Último

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence

  • 1. Orchestrating Your Security Defenses with Threat Intelligence August 15, 2017 Sam Dillingham Senior Offering Manager IBM X-Force Pamela Cobb Portfolio Manager IBM X-Force
  • 2. 2 IBM Security Today’s agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
  • 3. 3 IBM Security It takes too long to make information actionable Analysts can’t separate the signal from the noise Data is gathered from untrusted sources 1 Source: ESG Global 65% of enterprise firms use external threat intelligence to enhance their security decision making 1 Security teams often lack critical support to make the most of these resources.
  • 4. 4 IBM Security More companies are sharing and consuming threat intelligence 1. Timely and early warning of relevant threats to stay a step ahead 2. Increased visibility to emerging threats as more organizations benefit from other organization’s detections 3. Validation and prioritization of threats based on context of suspicious activity 4. Faster and more orchestrated response through enrichment of incidents with IoCs 5. More awareness of targets and tactics to help plan, build and evolve your security strategy How to Collect, Refine, Utilize and Create Threat Intelligence Gartner, Oct 2016 IBM and Business Partner Use Only
  • 5. 5 IBM Security IBM X-Force Exchange is a threat intelligence sharing platform designed to help security teams research, collaborate and integrate. xforce.ibmcloud.com IBM and Business Partner Use Only
  • 6. 6 IBM Security Collections streamline security investigations with research from curated content Groups allow public or private collaboration to validate threats and develop response plans Integrations strengthen security solutions and provide additional threat intelligence • Validate findings • Aid in forensic investigations • Provide tactical / strategic intelligence • Address investigations • Enable research workflow • Interact with X-Force research community • X-Force Exchange SDK / API / STIX / TAXII • Threat Feed Manager • Free / commercial usage IBM and Business Partner Use Only
  • 7. 7 IBM Security Today’s agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
  • 8. 8 IBM Security for threat intelligence use cases Real-time blocking Security operations Threat research & hunting
  • 9. 9 IBM Security Use Case 1: Real-time blocking Usage • Blocking access to known malicious actors • Can include IPs, domains, URLs, etc. • Implemented by firewalls, IPSes, proxies, and other security devices Critical Factors • Speed in making blocking decisions • Scoring flexibility to set a threshold of what to block • Frequent incremental updates to minimize performance impact Delivery Route • Software development kits (SDKs) • Block lists
  • 10. 10 IBM Security In IBM X-Force Exchange, classification and scoring for URLs and IP addresses combines results of multiple analyses.
  • 11. 11 IBM Security Web applications are scored on several risk factors
  • 12. 12 IBM Security Use Case 2: Security Operations Usage • Maps threat intelligence to data observed in your environment • Includes intelligence that can be mapped to network and host- based indicators • Integration with operational tools, such as SIEM and incident response Critical Factors • Support for open standards for easy integration into existing solutions • Pivotability among indicators to aid in rapid investigation • Completeness of data Delivery Route • STIX/TAXII feeds • Cybox
  • 13. 13 IBM Security The use of open standards maximizes interoperability with existing systems  API queries based on query/response model for threat intelligence  Leverages basic authentication  Load balanced to support traffic loads  Node SDK module available  TAXII services provided to access threat intelligence  Supports STIX/Cybox objects JSON RESTful API STIX / TAXII Standards Support
  • 14. 14 IBM Security Use Threat Intelligence through open STIX/TAXII format Use reference sets for correlation, searching, reporting • Load threat indicators in Collections into QRadar Reference sets • Create custom rule response to post IOCs to Collection • Bring Watchlists of IP addresses from X-Force Exchange and create a rule to raise the magnitude of any offense that includes the IP Watchlist IBM and Business Partner Use Only
  • 15. 15 IBM Security Use Case 3: Threat Research and Hunting Usage • Research of potential threats that may or may not yet be affecting your organization • Can be done via a web-based UI or API Critical Factors • Scriptable access of data in an easy-to-use manner • Aggregation of multiple intelligence sources (from different vendors) into a single stream • Flexible search Delivery Route • REST-based API • Research platforms with web interfaces
  • 16. 16 IBM Security X-Force global threat intelligence delivers a wide range of benefits Higher Order Intelligence Observables and Indicators Actors Campaigns Incidents TTPs Vulnerabilities MalwareAnti-SpamWeb App Control IP ReputationURL / Web Filtering
  • 17. 17 IBM Security Correlation of indicators and higher-order intelligence is critical 173.242.117.120 is a malware C&C server djs14.com is a malware C&C server CVE-2013-3029 is an Excel vulnerability abc@xyz.com sends SPAM Organization Y is a threat actor Indicator Feeds Correlated Threat Intelligence 173.242.117.120 is a malware C&C server … which is associated with PoSeidon malware family targeted against retailers used by attackers in country X, Y and Z to steal credit card information from PoS systems Communicates with C&C servers: 173.242.117.120, 203.19.201.20 C&C domains: djs14.com, jdjnci.net Twitter feed @malwarecommander Infects via drive-by download exploiting CVE-2015-2093 malicious Excel file exploiting CVE-2013-3029 email attachment from abc@xyz.com Host indicators Registry keys A, B, C Processes D, E, F Event log entries G, H Memory fingerprint J, K vs.
  • 18. 18 IBM Security Correlation provides pivotability to accelerate threat investigation Network traffic to C&C IP observed Malware associated with C&C server Other C&C IPs for the malware Host IoCs for the malware Actor/ campaign details Infection method details What does this communication mean? What is the attacker after? How did they get in? Where else are they? How do I verify infections? Send indicators to EDR tool Correlate CVEs to SIEM vuln scansCorrelate IPs to flow data in SIEM Understand motivations, report to exec mgt Initiate patchingInvestigate exfiltration Quarantine infected endpoints
  • 19. 19 IBM Security X-Force Exchange Collections streamline security investigations Higher Order Intelligence Free text area of the Collection is used to organize Identifiers, Campaigns, TTPs, TLP status, and other pertinent details. Observables & Indicators Related reports on URL / IP reputation, malware, vulnerabilities, and related attachments
  • 20. 20 IBM Security Agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
  • 21. 21 IBM Security 20,000+ devices under contract 20B events managed per day 133 monitored countries 3,700+ security-related patents 270M endpoints monitored for malware 38B analyzed web pages and images 8M spam and phishing attacks daily 850K malicious IP addresses 113K documented vulnerabilities Millions of unique malware samples As of May 2017 The scale of IBM Security brings unique breadth and depth to X-Force threat intelligence
  • 22. 22 IBM Security SDK X-Force Threat Intelligence can be integrated into security solutions via multiple methods IBM CONFIDENTIAL - LIMIT DISTRIBUTION UNTIL MAY 16 Data & intelligence sources Analytics Engine IBM Security Products OEM SDK Platform Users Open API Com- mercial API APIPortal Threat Intelligence Content pDNS Whois information Collections Higher Order Intelligence Vulnerabilities Malware Sandbox Malware Families IP Reputation URL Reputation Web Applications Delivery Layer Threat integration Threat consumers Platform Layer XFMA XGS Platform Users
  • 23. 23 IBM Security There is a comprehensive range of Threat Intelligence available via API Indicators/Content Details Vulnerabilities Risk score (CVSS), Exploit characteristics, Exploit consequences, Remedy information, Affected Products, Protection information (e.g. references for IPS, Vulnerability Assessment content), and External references Malware Disposition, Hash value, First observed, Malware family, Vendors covering (%), Download sources, Command and Control Servers, Email sources, and Email subjects Malware Families First/Last Observance, and Associated hash values (MD5) / IP Reputation Risk score (1-10), Geolocation, Applications associated, Malware associated, Categorization – current and historical with confidence value (1-100%), Passive DNS information, Subnet reputation URL Reputation Risk score (1-10), Applications associated, Categorization – current and historical, DNS information Web Applications Risk score, Categorization, Base URL, Vulnerabilities, Hosting URLs, and Hosting IPs pDNS Passive DNS information Whois information Registrant information – name, organization, country, and e-mail. IBM Network Protection Monthly XPU Content, as well as each signature, date of its release, and the vulnerability for which it provides coverage Collections Curated content on specific security investigations, including both structured and unstructured content. Higher Order Intelligence Cybox objects such as campaign, threat actor, tools, tactics, procedures, course of action, and indicator information, as part of the collections.
  • 24. 24 IBM Security IBM Security App Exchange Driving the evolution of collaborative defense  Access user and business partner innovations  Extend IBM Security solution functionality to new use cases  Download validated security apps from a single platform A platform for security collaboration https://apps.xforce.ibmcloud.com
  • 25. 25 IBM Security React faster, coordinate better, respond smarter to incidents Single Hub Provides Easy Workflow Customization and Process Automation • Helps cyber security teams orchestrate IR process and manage and respond to incidents faster, better and more intelligently • Drives down response times by streamlining the process of escalating and managing incidents • Ensures consistency and adherence to regulatory requirements and legal obligations • Automates time-consuming tasks • Leverages staff more effectively
  • 26. 26 IBM Security IBM X-Force Malware Analysis Submit suspicious files directly into IBM X-Force Exchange Automate suspicious file investigation Act on in-depth intelligence reports Access anywhere, anytime with a scalable cloud architecture IBM and Business Partner Use Only
  • 27. 27 IBM Security A diversified financial services company greatly improved their threat research capabilities and collaboration workflows “I didn’t realize I was on X-Force Exchange that much. The collaboration capabilities and threat intelligence are highly valuable to me and a great help to my challenges and activities throughout each day.” -Network Security Analyst II Business challenge  Need for curated threat research to complement their SIEM  Lack of internal collaboration in the threat investigation process IBM X-Force Exchange with IBM QRadar Helped better defend the organization’s network from attacks, scans and phishing attempts on a daily basis, using IP / URL reputation data, geo-location status of IPs, vulnerability data, md5 detail and shared collections from X-Force Exchange in conjunction with IBM QRadar. Research, collaborate and integrate
  • 28. 28 IBM Security Agenda Intro to Threat Intelligence Threat Intelligence use cases Taking action with integrations Get started today!
  • 29. 29 IBM Security Helpful Resources X-Force Exchange • Try it: xforce.ibmcloud.com • API: https://api.xforce.ibmcloud.com/doc/ General X-Force information: • X-Force blogs on SecurityIntelligence.com • IBM X-Force Threat Intelligence Report for 2017 • IBM Interactive Security Incidents website to stay up to date on latest verified breaches IBM/BUSINESS PARTNER USE Contact Us! Sam Dillingham, sam.dillingham@us.ibm.com, Sr Offering Manager Pamela Cobb, pcobb@us.ibm.com, Portfolio Manager
  • 30. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. FOLLOW US ON: THANK YOU