SlideShare uma empresa Scribd logo

Secure by design knowledge of threats and vulnerabilities

A
Arun Gopinath
Tecnologia
1 de 4
Baixar para ler offline
IBM Software September 2010 IBM Security Solutions Secure by Design: Knowledge of threats and vulnerabilities Historically, the design of IT infrastructure did not always account for the importance of security. System qualities such as “fast, cost-efficient Contents or highly scalable” were prized ahead of “secure”. However, as our 2 Understanding threats and world has become increasingly more instrumented and interconnected, vulnerabilities the incidence of cyber crime and data theft have only increased. Now, customer trust has intangible business value, and as soon as an IT envi- 3 Implementing ronment is exploited, or revealed to have problems protecting informa- knowledge of threats and vulnerabilities tion, that trust can vanish. When customers begin to lose confidence in a business’s ability to protect personal data, the speed, efficiency and 3 Making IT infrastructure scalability of a system no longer matters. Secure by Design 4 For more information Businesses and governments need a smarter approach to IT security. The costs (both financially and otherwise) of trying to apply security as an afterthought are simply too great. For a more efficient, protected and streamlined IT environment, security needs to be an integral part of system design. That is why IBM Security Solutions are built on the philosophy of Secure by Design, a philosophy which states that IT infrastructure should be designed, created and operated with security constantly in mind. IBM cites three primary components to creating, and maintaining, a secure infrastructure: ● Knowledge of threats and vulnerabilities ● Structural elements ● Ongoing validation The first of a three-part series, this executive summary whitepaper reveals how IBM helps clients understand threats and vulnerabilities so that they can more effectively apply the Secure by Design philosophy to their IT environments.
IBM Software September 2010 IBM Security Solutions Understanding threats and vulnerabilities origins of computing, ISS was a key player in the early years For an organization to understand the level of risk that a of Internet security, with a team of world-renowned security system or component will face once it is deployed, that researchers called X-Force. organization needs to first understand the threats that exist in the world the system or component is being deployed into. The IBM X-Force security research and development team IT security risks are constantly evolving and maintaining a The IBM X-Force team is one of the best known, and most current understanding of their potential impact, likelihood well-respected commercial security research groups in the and mitigation requires a significant level of both commit- world. X-Force security experts are dedicated to the ongoing ment and knowledge. IBM’s understanding of threats and vul- research, documentation and evaluation of vulnerabilities and nerabilities is supported by a broad portfolio of offerings and Internet security issues. Not only does the X-Force team this paper will look at the following three interconnected discover and report vulnerabilities in software and systems, examples: they also partner closely with development teams to ensure that security research becomes reliable security technology. ● IBM experience in computing and addressing security chal- With the rapid rate of new vulnerabilities and exploits, the lenges for clients X-Force team is an integral part of IBM’s understanding of ● The IBM X-Force® security research and development the security landscape. It is this knowledge that empowers team IBM to educate clients, and the media, about the nature of ● The IBM Rational® AppScan® product family for web security weaknesses in IT systems. application security testing IBM experience in computing systems and security IBM X-Force maintains the most comprehensive threat and challenges vulnerability database in the world—dating back to the early With more than a century of experience designing and 1990s. It represents thousands of hours of research by the implementing computing systems, IBM has helped shape the X-Force team, and much of the data is used to power pre- technological world. This experience translates to a deep emptive protection delivered by IBM Security Solutions. knowledge of IT systems and the business processes they The X-Force team regularly and automatically infuses new support—how they work, how they interact and where inher- security intelligence into IBM security offerings—on average ent weaknesses lie. In nearly every industry, IBM has experi- 341 days ahead of the latest threats. With X-Force security ence working with the underlying technology systems that intelligence applied to its products, IBM clients are less likely support business. Through the course of its history, IBM has to have their systems and services interrupted by malicious worked through a wide variety of technology security chal- threats. To further educate clients, governments and the pub- lenges. As a result, when a business faces a new security lic at large, the X-Force team produces Internet security concern, it is likely a concern that IBM has not only seen reports throughout the year. elsewhere but also already understands. IBM Rational AppScan solutions for web application security testing IBM’s commitment to understanding threats and vulnerabili- As reported by the X-Force team, more than half of all new ties is also reflected in the company’s acquisition strategy. vulnerabilities occur in web applications, creating one of In 2007, IBM acquired Internet Security Systems (ISS), a the largest attacks surfaces for cyber criminals. Many company at the forefront of Internet security, cyber threats organizations depend on web-based software to run their and vulnerability research. Just as IBM was involved in the business processes, conduct transactions and deliver increas- ingly sophisticated services to customers. Unfortunately, 2
IBM Software September 2010 IBM Security Solutions in the race to meet deadlines and stay ahead of the competi- offers everything from device management to a web-based tion, some businesses fail to perform adequate security operation portal, this section will continue to focus on how testing. IBM is helping our clients understand the evolving threat landscape. As a result, companies unwittingly expose corporate or cus- tomer data to cyber criminals through existing vulnerabilities By partnering with the X-Force team, MSS is able to take the that could have been mitigated. And since many regulatory most up-to-date information on the emerging threats and requirements mandate a degree of application security, these vulnerabilities and bring that content to clients in a way that organizations risk non-compliance with audit requirements, is meaningful to them. MSS offers customized threat and vul- which can result in fines and customer backlash. To help nerability reporting based on individual client needs. Their protect valuable information assets, it’s important to test web daily assessment features a quick glance at what’s going on in applications throughout their entire life cycle—during devel- the world today along with information on the current alert opment and once in production. Organizations should also level. When the alert level is at its lowest, it means that encourage security awareness among development and testing what MSS is monitoring (a combination of X-Force input teams. Identifying the privacy and security characteristics of and external resources) is showing everyday compromises. the data/application and assessing the value of the data will However, when the alert level rises, it signifies that drive the priorities for mitigating risk. something is happening that requires increased vigilance. MSS not only then reports these issues to clients, but works To be most effective, Rational AppScan should be used in the closely with them to say, “this is what is going on and here is pre-production stage of application development. Numerous how we can protect you.” cases document companies spending millions of dollars to recover from a cyber-attack. Finding vulnerabilities in the Making IT infrastructure Secure by production environment can cost 100 times more than fixing Design issues during development. By applying Rational AppScan The Secure by Design philosophy encompasses knowledge, web application security testing during the beginning stages tools and processes to generate components and systems that of application development, clients can detect and correct will perform reliably and securely throughout their life cycles. vulnerabilities sooner than ever before. Secure by Design can also refer to a responsibility, or mind- set, on the part of businesses and governments to make Rational AppScan developers engage constantly with X-Force systems more inherently secure. Knowledge of threats and researchers to understand which web application security vulnerabilities is critical to both understandings of Secure threats and vulnerabilities are most significant. As a result, by Design. IBM is committed to educating clients on the Rational AppScan solutions enable IBM clients to take a importance of security, and to delivering the cost savings and smarter, more secure approach to application design and benefits of secure development. Through its nearly 100 years development. of computing and IT experience, its world renowned IT security research, and the collaboration between research, Implementing knowledge of threats and products and service delivery, IBM is helping to make vulnerabilities “secure” as natural a characteristic of the Smarter Planet as IBM Managed Security Services (MSS) provides “fast, stable or easy-to-use.” 24/7/365 monitoring and management of security technolo- gies housed in the client’s environment. While IBM MSS 3
For more information To learn more about Secure by Design: Knowledge of threats and vulnerabilities, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/security © Copyright IBM Corporation 2010 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America September 2010 All Rights Reserved IBM, the IBM logo and ibm.com, X-Force, Rational and AppScan are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. Please Recycle WGE03001-USEN-00

Recomendados

Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch managementArun Gopinath
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environmentsArun Gopinath
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockIbm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockArun Gopinath
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trustArun Gopinath
 

Recomendados

Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch managementArun Gopinath
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environmentsArun Gopinath
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockIbm xiv storage your ideal cloud building block
Ibm xiv storage your ideal cloud building blockArun Gopinath
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trustArun Gopinath
 
Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iamArun Gopinath
 
Secure by design
Secure by designSecure by design
Secure by designArun Gopinath
 
Open stack@netease
Open stack@neteaseOpen stack@netease
Open stack@neteaseOpenCity Community
 
Globalizationofsport version 2
Globalizationofsport version 2Globalizationofsport version 2
Globalizationofsport version 2teamhumanities
 
Kkp sce 3106
Kkp sce 3106Kkp sce 3106
Kkp sce 3106Dina Ganya
 
ทวีปอาฟริกา
ทวีปอาฟริกาทวีปอาฟริกา
ทวีปอาฟริกานายสมหมาย ฉิมมาลี
 
How are drugs developed?
How are drugs developed?How are drugs developed?
How are drugs developed?Xplore Health
 
Multimedia05
Multimedia05Multimedia05
Multimedia05Les Davy
 
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016Giorgio Cassarà
 
Introduction to OSGi
Introduction to OSGiIntroduction to OSGi
Introduction to OSGiAlexandre de Castro Alves
 
Overview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in AfricaOverview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in Africafutureagricultures
 
Anti Hypertensives- pharmacology
Anti Hypertensives- pharmacologyAnti Hypertensives- pharmacology
Anti Hypertensives- pharmacologyBeenish Bhutta
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Mais conteúdo relacionado

Destaque

Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iamArun Gopinath
 
Globalizationofsport version 2
Globalizationofsport version 2Globalizationofsport version 2
Globalizationofsport version 2teamhumanities
 
How are drugs developed?
How are drugs developed?How are drugs developed?
How are drugs developed?Xplore Health
 
Multimedia05
Multimedia05Multimedia05
Multimedia05Les Davy
 
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016Giorgio Cassarà
 
Overview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in AfricaOverview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in Africafutureagricultures
 
Anti Hypertensives- pharmacology
Anti Hypertensives- pharmacologyAnti Hypertensives- pharmacology
Anti Hypertensives- pharmacologyBeenish Bhutta
 

Destaque (12)

Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iam
 
Secure by design
Secure by designSecure by design
Secure by design
 
Open stack@netease
Open stack@neteaseOpen stack@netease
Open stack@netease
 
Globalizationofsport version 2
Globalizationofsport version 2Globalizationofsport version 2
Globalizationofsport version 2
 
Kkp sce 3106
Kkp sce 3106Kkp sce 3106
Kkp sce 3106
 
ทวีปอาฟริกา
ทวีปอาฟริกาทวีปอาฟริกา
ทวีปอาฟริกา
 
How are drugs developed?
How are drugs developed?How are drugs developed?
How are drugs developed?
 
Multimedia05
Multimedia05Multimedia05
Multimedia05
 
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
MONTEFARMACO_INTERNO_Position_Paper_Lactoflorene_DEF_10112016
 
Introduction to OSGi
Introduction to OSGiIntroduction to OSGi
Introduction to OSGi
 
Overview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in AfricaOverview - Political economy of agricultural policy processes in Africa
Overview - Political economy of agricultural policy processes in Africa
 
Anti Hypertensives- pharmacology
Anti Hypertensives- pharmacologyAnti Hypertensives- pharmacology
Anti Hypertensives- pharmacology
 

Último

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Último (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Secure by design knowledge of threats and vulnerabilities

  • 1. IBM Software September 2010 IBM Security Solutions Secure by Design: Knowledge of threats and vulnerabilities Historically, the design of IT infrastructure did not always account for the importance of security. System qualities such as “fast, cost-efficient Contents or highly scalable” were prized ahead of “secure”. However, as our 2 Understanding threats and world has become increasingly more instrumented and interconnected, vulnerabilities the incidence of cyber crime and data theft have only increased. Now, customer trust has intangible business value, and as soon as an IT envi- 3 Implementing ronment is exploited, or revealed to have problems protecting informa- knowledge of threats and vulnerabilities tion, that trust can vanish. When customers begin to lose confidence in a business’s ability to protect personal data, the speed, efficiency and 3 Making IT infrastructure scalability of a system no longer matters. Secure by Design 4 For more information Businesses and governments need a smarter approach to IT security. The costs (both financially and otherwise) of trying to apply security as an afterthought are simply too great. For a more efficient, protected and streamlined IT environment, security needs to be an integral part of system design. That is why IBM Security Solutions are built on the philosophy of Secure by Design, a philosophy which states that IT infrastructure should be designed, created and operated with security constantly in mind. IBM cites three primary components to creating, and maintaining, a secure infrastructure: ● Knowledge of threats and vulnerabilities ● Structural elements ● Ongoing validation The first of a three-part series, this executive summary whitepaper reveals how IBM helps clients understand threats and vulnerabilities so that they can more effectively apply the Secure by Design philosophy to their IT environments.
  • 2. IBM Software September 2010 IBM Security Solutions Understanding threats and vulnerabilities origins of computing, ISS was a key player in the early years For an organization to understand the level of risk that a of Internet security, with a team of world-renowned security system or component will face once it is deployed, that researchers called X-Force. organization needs to first understand the threats that exist in the world the system or component is being deployed into. The IBM X-Force security research and development team IT security risks are constantly evolving and maintaining a The IBM X-Force team is one of the best known, and most current understanding of their potential impact, likelihood well-respected commercial security research groups in the and mitigation requires a significant level of both commit- world. X-Force security experts are dedicated to the ongoing ment and knowledge. IBM’s understanding of threats and vul- research, documentation and evaluation of vulnerabilities and nerabilities is supported by a broad portfolio of offerings and Internet security issues. Not only does the X-Force team this paper will look at the following three interconnected discover and report vulnerabilities in software and systems, examples: they also partner closely with development teams to ensure that security research becomes reliable security technology. ● IBM experience in computing and addressing security chal- With the rapid rate of new vulnerabilities and exploits, the lenges for clients X-Force team is an integral part of IBM’s understanding of ● The IBM X-Force® security research and development the security landscape. It is this knowledge that empowers team IBM to educate clients, and the media, about the nature of ● The IBM Rational® AppScan® product family for web security weaknesses in IT systems. application security testing IBM experience in computing systems and security IBM X-Force maintains the most comprehensive threat and challenges vulnerability database in the world—dating back to the early With more than a century of experience designing and 1990s. It represents thousands of hours of research by the implementing computing systems, IBM has helped shape the X-Force team, and much of the data is used to power pre- technological world. This experience translates to a deep emptive protection delivered by IBM Security Solutions. knowledge of IT systems and the business processes they The X-Force team regularly and automatically infuses new support—how they work, how they interact and where inher- security intelligence into IBM security offerings—on average ent weaknesses lie. In nearly every industry, IBM has experi- 341 days ahead of the latest threats. With X-Force security ence working with the underlying technology systems that intelligence applied to its products, IBM clients are less likely support business. Through the course of its history, IBM has to have their systems and services interrupted by malicious worked through a wide variety of technology security chal- threats. To further educate clients, governments and the pub- lenges. As a result, when a business faces a new security lic at large, the X-Force team produces Internet security concern, it is likely a concern that IBM has not only seen reports throughout the year. elsewhere but also already understands. IBM Rational AppScan solutions for web application security testing IBM’s commitment to understanding threats and vulnerabili- As reported by the X-Force team, more than half of all new ties is also reflected in the company’s acquisition strategy. vulnerabilities occur in web applications, creating one of In 2007, IBM acquired Internet Security Systems (ISS), a the largest attacks surfaces for cyber criminals. Many company at the forefront of Internet security, cyber threats organizations depend on web-based software to run their and vulnerability research. Just as IBM was involved in the business processes, conduct transactions and deliver increas- ingly sophisticated services to customers. Unfortunately, 2
  • 3. IBM Software September 2010 IBM Security Solutions in the race to meet deadlines and stay ahead of the competi- offers everything from device management to a web-based tion, some businesses fail to perform adequate security operation portal, this section will continue to focus on how testing. IBM is helping our clients understand the evolving threat landscape. As a result, companies unwittingly expose corporate or cus- tomer data to cyber criminals through existing vulnerabilities By partnering with the X-Force team, MSS is able to take the that could have been mitigated. And since many regulatory most up-to-date information on the emerging threats and requirements mandate a degree of application security, these vulnerabilities and bring that content to clients in a way that organizations risk non-compliance with audit requirements, is meaningful to them. MSS offers customized threat and vul- which can result in fines and customer backlash. To help nerability reporting based on individual client needs. Their protect valuable information assets, it’s important to test web daily assessment features a quick glance at what’s going on in applications throughout their entire life cycle—during devel- the world today along with information on the current alert opment and once in production. Organizations should also level. When the alert level is at its lowest, it means that encourage security awareness among development and testing what MSS is monitoring (a combination of X-Force input teams. Identifying the privacy and security characteristics of and external resources) is showing everyday compromises. the data/application and assessing the value of the data will However, when the alert level rises, it signifies that drive the priorities for mitigating risk. something is happening that requires increased vigilance. MSS not only then reports these issues to clients, but works To be most effective, Rational AppScan should be used in the closely with them to say, “this is what is going on and here is pre-production stage of application development. Numerous how we can protect you.” cases document companies spending millions of dollars to recover from a cyber-attack. Finding vulnerabilities in the Making IT infrastructure Secure by production environment can cost 100 times more than fixing Design issues during development. By applying Rational AppScan The Secure by Design philosophy encompasses knowledge, web application security testing during the beginning stages tools and processes to generate components and systems that of application development, clients can detect and correct will perform reliably and securely throughout their life cycles. vulnerabilities sooner than ever before. Secure by Design can also refer to a responsibility, or mind- set, on the part of businesses and governments to make Rational AppScan developers engage constantly with X-Force systems more inherently secure. Knowledge of threats and researchers to understand which web application security vulnerabilities is critical to both understandings of Secure threats and vulnerabilities are most significant. As a result, by Design. IBM is committed to educating clients on the Rational AppScan solutions enable IBM clients to take a importance of security, and to delivering the cost savings and smarter, more secure approach to application design and benefits of secure development. Through its nearly 100 years development. of computing and IT experience, its world renowned IT security research, and the collaboration between research, Implementing knowledge of threats and products and service delivery, IBM is helping to make vulnerabilities “secure” as natural a characteristic of the Smarter Planet as IBM Managed Security Services (MSS) provides “fast, stable or easy-to-use.” 24/7/365 monitoring and management of security technolo- gies housed in the client’s environment. While IBM MSS 3
  • 4. For more information To learn more about Secure by Design: Knowledge of threats and vulnerabilities, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/security © Copyright IBM Corporation 2010 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America September 2010 All Rights Reserved IBM, the IBM logo and ibm.com, X-Force, Rational and AppScan are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. Please Recycle WGE03001-USEN-00