© 2014 ibm corporation ibm security 1 © 2015 ibm corporation delivering security improvements...
TRANSCRIPT
© 2014 IBM Corporation
IBM Security
1 © 2015 IBM Corporation
Delivering Security Improvements Enterprise-wide approach to help build a stronger security posture
Kris Lovejoy
General Manager
IBM Security
20th February, 2015
© 2014 IBM Corporation
IBM Security
2
Thinking like a security expert
Security Risk Management is the application of control to detect and block the threat, to detect and fix a vulnerability, or to respond to incidents (impacts) when all else fails.
Threat
Can exploit
Vulnerability Impact
(Weakness)(Actor) (Loss)
And cause
Security risk exists when …
© 2014 IBM Corporation
IBM Security
3
While threat actors are more sophisticated, insiders are an “unwitting” accomplice in 95% of incidents
Security Principles for Leaders Source: IBM Security Services 2014 CyberSecurity Intelligence Index
Who’s attacking Who’s letting them in
95%“…over of all incidents investigated recognize “human error” as a contributing factor.”
Combination
OutsidersMalicious insiders
Inadvertent actor 5%
17%
22%
56%
© 2014 IBM Corporation
IBM Security
4
1. Double-clicking “on anything”
2. Disabling endpoint security settings when they get in the way
3. Using vulnerable, legacy software and hardware
4. Failing to install security patches
5. Disabling anti-virus
6. Failing to report lost or stolen device
7. Connecting endpoints to a network from an insecure access point (such Café Nero)
8. Using a second access point (such as AirCard), creating a bypass
9. Using a weak or default passwords, or using business passwords for personal use
10. Using anyone’s USB
Here are the top 10 reasons why insiders make compromise so easy…
End users Systems Admins/Developers
1. Connecting systems and virtual images to the Internet before hardening them
2. Connecting test systems to the Internet with default accounts or passwords
3. Failing to update or patch systems/applications on a timely basis.
4. Failing to run/update virus detection software
5. Using legacy or end-of-life software and hardware
6. Running unnecessary services
7. Using insecure back-end management software
8. Failing to remove old/unused user accounts
9. Implementing firewalls with rules that don't stop malicious incoming or outgoing traffic
10. Failing to segment network and/or adequately monitor/block malicious traffic
© 2014 IBM Corporation
IBM Security
5
Security reality – we have all been compromised
only 1out of 100
security compromises are ever detected
General Keith Alexander, Head of U.S. Cyber Command, in a speech to the American
Enterprise Institute
1,764,121Represents the number of security events the average organization of 15K employees will capture weekly
324 of these events represent actual attacks, per week
2.1 of these attacks will result in an incident, per week, – a 22% annual increase
2014 IBM Cybersecurity Intelligence Index
Security Principles for Leaders
© 2014 IBM Corporation
IBM Security
6
People
Endpoints
Applications
Infrastructure
Data
Anatomy of a targeted attack
Adversary compromises endpoint used by privileged user with undetectable malware Keystroke logger capture credentials and command & control capability is gained Adversary acts as systems administrator Data is stolen and/or production systems are compromised
Privileged user
Employees
Suppliers
Customers
Web applications Mobile apps
Unstructured At rest In motionStructured
Customer environment
System applications
Hacker/activist
© 2014 IBM Corporation
IBM Security
7
Data is bought an sold in “carding forums”
© 2014 IBM Corporation
IBM Security
8
© 2014 IBM Corporation
IBM Security
9
No country is immune from cybercrime
Security Principles for Leaders Source: IBM Security Services 2014 CyberSecurity Intelligence Index
United States
Japan
China
Canada
United Arab Emirates
Germany
India
United Kingdom
Italy
Australia
United States
Japan
Singapore
China
Canada
Australia
Italy
United Kingdom
Germany
Netherlands
589,180
119,578
86,237
29,319
25,055
23,478
16,058
15,800
14,780
11,125
1,456,577
407,644
88,819
86,824
71.585
42,783
37,404
32,991
23,787
17,905
Countries where the mostattacks originated
Countries where the mostattacks took place
© 2014 IBM Corporation
IBM Security
10
23.8%
21.7%
18.6%
6.2%
5.8%
Manufacturing
Finance andinsurance
Information andcommunication
Health andsocial services
Retail andwholesale
Incident rates across monitored industries
Finance and insurance companies tend to offer attackers the most significant potential payoff
Over 75% of incidents target the same five industries
Security Principles for Leaders Source: IBM Security Services 2014 CyberSecurity Intelligence Index
© 2015 IBM Corporation
IBM Security
11
10 Manage the digital identity lifecycle
8 Manage third-party security compliance
7 Address security complexity of cloud and virtualization
3 Secure collaboration in social and mobile workplace
6 Create a security-rich and resilient network
Based on our extensive experience, we recommend 10 essential practices for a stronger security posture
9 Assure data security and privacy
5 Manage IT hygienically
4 Develop security-rich products, by design
2 Establish intelligent security operations
and rapid threat response
1 Build a risk-aware culture and management system
Security Essentials
© 2015 IBM Corporation
IBM Security
12
Essential practice 1Build a risk-aware culture and management system
Building a risk-aware culture involves identifying the risks and goals, and spreading the word about them
Management of IT and security risk across the company
Risk process identification and remediation
Continuous communication and education
Implementation of policies, measurements and tools
IBM Security Essentials and Maturity Consulting
Security Training & Awareness Services (available soon)
Management must push this change relentlessly from the top down, while also implementing tools to track progress
What does it mean?
Key IBM offerings
1
© 2015 IBM Corporation
IBM Security
13
C
Essential practice 2 Establish intelligent security operations and rapid threat response
A company-wide effort to implement intelligent analytics and automated response capabilities is essential
Build a skilled incident management and response team with sufficient resources to conduct the forensics required
Leverage consistent tools and security intelligence for incident management and investigative forensics
Develop a unified incident handling policy and process
IBM Security Intelligence & Operations Consulting
IBM Managed SIEM
Creating an automated and unified system will enable an enterprise to monitor its operations — and respond quickly
What does it mean?
Key IBM offerings
2
Threat Insight Platform (available soon)
APT Survival Kit (available soon)
© 2014 IBM Corporation
IBM Security
14
Essential practice 3 Secure collaboration in mobile and social workplace
Securing the workforce promotes the right balance between openness and risk management
BYOD and use of social media with ability to segment business and personal data
Secure end-user computing platforms
Endpoint security across all workstations, laptops and smart devices
Business, client and personal data isolation and protection
70% of mobile professionals will conduct their work on personal smart devices by 20182
What does it mean?
Key IBM offerings
3
Smart and Embedded Device Security
Executive Protection (available soon)
Bring Your Own Device1 Gartner Report 20132
© 2014 IBM Corporation
IBM Security
15
Essential practice 4 Develop security-rich products, by design
The best solution is to build in security from the beginning, and carry out regular automated tests to track compliance
SDLC1 security policy and governance
Embedded security in the design process
Ethical hacking and penetration testing of applications
Implement secure interfaces and COTS2 solutions
IBM Secure Engineering and Application Security Services
80% of development costs are spent identifying and correcting defects!3
What does it mean?
Key IBM offerings
4
1Software development life cycle (SDLC); 3Commercial off the shelf (COTS); 3National Institute of Standards and Technology
© 2014 IBM Corporation
IBM Security
16
Essential practice 5 Manage IT hygienically
With a hygienic, security-rich system, administrators can keep track of every program that is running
Register all IT infrastructure components in centralized inventory and retire legacy components
Integrate compliance data for end-to-end visibility
Data integration compliance and patch management compliance
Routine health checks
IBM Security Strategy, Risk and Compliance Services
In a secure system, administrators have a comprehensive system in place to install updates and patches as they’re released
What does it mean?
Key IBM offerings
5
© 2014 IBM Corporation
IBM Security
17
Essential practice 6 Create a security-rich and resilient network
Companies that channel registered data through monitored access points will have a far easier time spotting and isolating malware
Network threat protection
Malicious network activity detection
Filtering, logging, monitoring and advanced analytics solutions
Network infrastructure optimization
IBM Managed Security Services
IBM Managed Network Security Services
Network security tools provide organizations with a way to control access to the “rooms” where confidential data and critical systems are stored
What does it mean?
Key IBM offerings
6
© 2014 IBM Corporation
IBM Security
18
Essential practice 7 Address security complexity of cloud and virtualization
Despite what you might have heard, it is possible to embrace cloud technology while reducing risk
Better secure cloud services
Security controls of cloud providers
Vulnerabilities of cloud architecture, policies and practices
Defined cloud security objectives
IBM Cloud Security Strategy Consulting Services
IBM Cloud Managed Security Services
To thrive in a cloud environment, organizations must have the tools andprocedures to isolate and protect themselves, and to monitor potential threats
What does it mean?
Key IBM offerings
7
© 2014 IBM Corporation
IBM Security
19
Essential practice 8 Manage third-party security compliance
An enterprise’s culture of security must establish best practices among its contractors and suppliers
Integrate security as a part of mergers and acquisitions
Education on 3rd-party compliance policies and processes
Education on incident handling and reporting
Vendor conformance with requirements and regulations
Manage vendor and contractor risk lifecycle
IBM PCI Compliance Advisory Services
Security, like excellence, should be infused in the entire partnerecosystem
What does it mean?
Key IBM offerings
8
© 2014 IBM Corporation
IBM Security
20
Essential practice 9 Assure data security and privacy
Every company has critical data, and it’s vitally important to improve the protection of your data
Identify the value of your confidential data and the business impact of loss
Assess gaps and define a data protection strategy that manages data loss risk and meets governmental and customer requirements
Design a robust data management architecture that protects sensitive information
Deploy and manage leading data protection technologies
IBM Critical Data Protection Program
Critical data should be guarded, tracked and encrypted as if the company’s survival hinged on it
What does it mean?
Key IBM offerings
9
© 2015 IBM Corporation
IBM Security
21
Essential practice 10 Manage the digital identity lifecycle
Managing who has access to critical data is essential element of security
Identity and access management
Standard, policy based control mechanisms
Intelligent monitoring
Separation of duties management
Single-sign-on
IBM Identity and Access Management Services
Companies that mismanage the identity and access of users are making themselves vulnerable to intrusions
What does it mean?
Key IBM offerings
10
IBM Cloud Identity Services
© 2015 IBM Corporation
IBM Security
22
Learn more about IBM Security
Visit our websiteIBM Security Website
Watch our videosIBM Security YouTube Channel
Read new blog postsSecurityIntelligence.com
Follow us on Twitter@ibmsecurity
IBM Security ServicesIntelligence. Integration. Expertise.
23 © 2014 IBM Corporation
Case studies
© 2015 IBM Corporation
IBM Security
24 IBM Security Essentials and Maturity Consulting
Largest Bank in Canada improves security by establishing SOC & implementing monitoring tools and processes
Cloud-delivered Identity and Access Management (IAM)
Business Challenge
Lack of any SOC model and strategy roadmap
There were no trained SOC Operations team or staff
No Security monitoring tool or processes for security incidents
IBM Security Solution Benefits Reduced risks & costs associated with security incidents and data breaches
Addressed compliance issues by establishing clear audit trails for incident response
Improved security posture with enterprise-wide security intelligence correlating events from IT & business critical systems/applications.
Clients served by this Largest Bank in Canada, 3rd largest in North
America, top 10 globally
18M 80,100Help secure access for all employees
of the bank
© 2015 IBM Corporation
IBM Security
25
A global bank enables security-rich mobile access for millions of users
Business Challenge Protect employee and contractor access to web and mobile applications Roll out new application to customers and help protect access for mobile devices
Safeguard Mobile Deployments
North American entity protects user access to mobile and web channels for
10,000internal users
IBM Security Solution Benefits Centralized user access control across web and mobile channels Reduced IT cost with self-care, single sign-on and session management Introduced risk-based access and multi-factor authentication for 10M+ customers
Mobile Users
Web and Mobile Apps
Mobile Devices
© 2015 IBM Corporation
IBM Security
26
A financial services firm teams with IBM to build its first SOCA financial services firm teams with IBM to build its first SOC
Lloyds & IBM Cyber Security Programme handouts
27 © 2014 IBM Corporation
Appendix
© 2015 IBM Corporation
IBM Security
28
IBM Security invests in best-of-breed technologies
1976 1999 2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
IBM Security Investment
• 6,000+ IBM Security experts worldwide
• 3,000+ IBM Security patents
• 4,000+ IBM Managed Security Services clients worldwide
• 25 IBM Security labs worldwide
Advancedfraud
protection
Mobile security and management
Cloud-enabled identity
management
Identity governance
Securityintelligence
IBM Securityis created
Security services
and network security
Enterprisesingle-sign-on
Mainframeand server
security
Identity management
Directory integration
Endpoint managementand security
Information and analyticsmanagement
Application security
Risk management
Data management
Database monitoring
and protection
Applicationsecurity
Access management
Service oriented architecture
(SOA) management and security
© 2015 IBM Corporation
IBM Security
29
IBM Security has global reach
monitored countries (MSS)
service delivery experts
devices under contract+
endpoints protected+
events managed per day+
IBM Security by the Numbers
+
+
© 2015 IBM Corporation
IBM Security
30
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY