Cloud Security

Vaughan Harper IBM Security Architect

A new security reality is here

Sophisticated attackers break through conventional

safeguards every day

of organisations say data theft and cybercrime are

their greatest threats

Average cost of a data breach

61%

3.5M$

2014 Cost of Data Breach, Ponemon Institute

2012 IBM Global Reputational Risk & IT Study

Cloud, mobile, social and big data drive

unprecedented change

of security executives have cloud and mobile security

concerns

Mobile malware growth in just one year

70%

614%

2012 - 2013 Juniper Mobile Threat Report

2013 IBM CISO Survey

Yesterday’s security practices are unsustainable

of enterprises have difficulty finding the security skill

they need

security tools from !vendors

83%

8545

IBM client example

2012 ESG Research

We are in an era of continuous breaches

Operational Sophistication

IBM X-Force declared Year of the

Security Breach

Near Daily Leaks of Sensitive Data

40% increase in reported data

breaches and incidents

Relentless Use of Multiple Methods

500,000,000+ records were leaked, while the future

shows no sign of change

2011 2012 2013

Attack Types SQL Injection

Spear Phishing DDos Third-party

softwarePhysical access Malware XSS Watering

Hole Undisclosed

Note: Size of circle estimates relative impact of incident in terms of cost to business. Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014

We are faced with the challenge of balancing innovation and risk

Cloud and mobile create opportunities for enhanced security

Cloud security scenarios include Security for the Cloud and Security from the cloud

IBM cloud security portfolio enables clients to secure workloads on cloud and securely use SaaS applications

1

2

3

INNOVATION RISK

Cloud is an opportunity for enhanced security

Managed your risk across cloud apps, services !

1. Establish your risk posture 2. Protect your data 3. Know your user 4. Gain assurance of your apps 5. Protect against threats and fraud

Professional, Managed, and Cloud Services

IBM Point of View - Cloud can be made secure for business

As with most new technology paradigms, security concerns surrounding cloud computing have become the most widely talked about inhibitor of widespread usage. !To gain the trust of organizations, cloud services must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments. !The same way transformational technologies of the past overcame concerns – PCs, outsourcing, the Internet.

Security and Privacy Expectations

Traditional IT In the Cloud

Trust

Minimizing the risks of cloud computing requires a strategic approach

▪Define a cloud strategy with security in mind – Identify the different workloads and how they need to interact. – Which models are appropriate based on their security and trust requirements and the systems they need to interface to? !

▪ Identify the security measures needed – Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as

governance, architecture, applications and assurance. !

▪ Enabling security for the cloud – Define the up front set of assurance measures that must be taken. – Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational

security measures.

Governance Data Architecture Applications Assurance

Achieving compliance and management in the

cloud

Information shared inside and outside the

organisation New web, architecture,

infrastructure and threats Applications on the

phone, internet and in a virtualised cloud

Audit and monitoring in a virtualised/cloud

environment

IBM Security offers a comprehensive product portfolio

Advanced Fraud Protection

Trusteer Rapport

Trusteer PinpointMalware Detection

Trusteer PinpointATO Detection

Trusteer Mobile Risk Engine

Trusteer Apex

FiberLink MaaS360

Endpoint Manager

Host Protection

zSecure

Security Intelligence and Analytics

QRadar Log Manager

QRadar SIEM

QRadar Risk Manager

QRadar Vulnerability Manager

QRadar Incident Forensics

IBM X-Force Research

People

Identity Manager

Access ManagerFamily

Privileged Identity Manager

Federated Identity Management

Directory Integrator / Directory Server

Data

Guardium DatabaseActivity Monitoring 

Guardium Encryption Expert

Guardium / Optim Data Masking

Key Lifecycle Manager

Applications

AppScan Source

AppScanEnterprise / Standard 

DataPower WebSecurity Gateway

Security PolicyManager

Network Infrastructure Endpoint

Network Intrusion Prevention (GX)

Next Generation Network Protection (XGS)

SiteProtectorThreat Management

QRadar Network Anomaly Detection

At IBM, the world is our security lab

Security Operations Centres

Security Research Centres

Security Solutions Development Centres

Institute for Advanced Security Breaches

IBM security patents3,000+IBM researchers, developers, and subject matter experts focused on security6,000+

Hortolandia, BR

Heredia, CR

Atlanta, US

Boulder, US

Brussels, BE

Wroclaw, PL

Riyadh, SA

Bangalore, IN

Brisbane, AU

Tokyo, JP

Taipei, TW

Singapore, SG

Gold Coast, AUPerth, AU

Pune, IN

Belfast, N IR Delft, NL

Costa Mesa, USAustin, US

Raleigh, US

Waltham, US

Fredericton, CAAlmaden, US

Ottawa, CA

TJ Watson, US Zurich, CH

Nairobi, KE

Haifa, ILHerzliya, IL

New Delhi, IN

IAS Asia Pacific

IAS EuropeIAS Americas

IBM X-Force Research and Development Expert analysis and data sharing on the global threat landscape

VulnerabilityProtection

IPReputation

Anti-Spam

MalwareAnalysis

WebApplication

Control

URL / WebFiltering

Zero-dayResearch

The IBM X-Force Mission • Monitor and evaluate the rapidly changing threat landscape • Research new attack techniques and develop protection for tomorrow’s security challenges • Educate our customers and the general public • Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

We see three sets of security capabilities to help enterprise clients to adopt cloud with confidence

Cloud Security Capabilities

Identity

Protection

Insight

Protect infrastructure, applications, and data from threats

Auditable intelligence on cloud access, activity, cost and compliance

Manage identities and govern user access

Bluemix

IaaS: Securing infrastructure and workloads

SaaS: Secure usage of business applications

PaaS: Secure service composition and apps

“Threat Aware” Identity and Access ManagementCapabilities to help organisations secure the enterprise identity as a new perimeter

Safeguard mobile, cloud and social access

Deliver actionable identity intelligence

Simplify cloud integrations and identity

silos

Prevent advance insider threats

•Access Manager for Web •Access Manager for Mobile •Federated Identity Manager

• Identity Manager •Privileged Identity Manager •zSecure Suite

IBM Security Solutions

Client SuccessA large Asian paint company governed user access and compliance in 17

countries forEmployees, interns, contractors, and privileged adminstrators8,500

25,000 Business parners and service providers.

AppScan Suite - Find Application Vulnerabilities

80% of development costs are spent identifying and correcting defects!

Average Cost of a Data Breach $7.2M from law suits, loss of customer

trust, damage to brand

Find during Development $80/defect

Find during build $240/defect

Find during QA/Test $960/defect

Find in production $7,600/defect

AppScan Source - Analyze Code - “White box” - Ounce Labs

AppScan Standard - Analyze running Web Apps (desktops) - “black box” - Watchfire

AppScan Enterprise Analyze running Web Apps (server/concurrent), pull in source analysis from App Scan Source, reporting/compliance

IBM Security Solutions

• Guardium Database Activity Monitoring

• Guardium Encryption Expert

• Guardium / Optim Data Masking

• Key Lifecycle Manager

Client Success

Data Security - Discover and harden your most valuable assets while enabling access

A global financial services company secured

2,000 critical databases and saved

in compliance costs

21M$Protect data at rest,in motion, and in use

Assess Vulnerabilities

Record EventsIdentify and Classify Data

Monitor Privileged Users

Protect Sensitive Data

Advanced Fraud ProtectionHelping protect against financial fraud and advanced security threats

Customer Protection

Clientless Fraud Prevention

Employee Protection

Endpoint Security

Account Takeover Detection

Malware Detection

MobileRisk Engine

CybercrimeIntelligence

Customer Protection

Real-time threat datafrom millions of endpoints

IBM Security Solutions

• Trusteer Apex • Trusteer Rapport • Trusteer Mobile

• Trusteer Pinpoint • Trusteer Mobile Risk Engine

Client Success

A large North American bank reduced financial malware fraud

incidents from

in less than 3 months, moving the security border out to the customer

500

0to

InfrastructureIn-depth security across network, servers, virtual servers, mainframes, endpoints, and mobile devices

Threat Management

Host Protection Endpoint Protection

Network Protection

Anomaly Detection

IBM Security Solutions• Next Generation Network Protection (XGS)

• Network Intrusion Prevention (GX)

• SiteProtector Threat Mgmt • QRadar Network Anomaly Detection

• Trusteer Apex • Fiberlink MaaS360 • Endpoint Manager • Host Protection • zSecure

Client Success

An international commodities exchange maintains system uptime’s

of over

reported breaches in 3 years

99.9%

0with

SuspectedIncidents

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

AutomatedOffense Identification

Embedded Intelligence

• Unlimited data collection, storage and analysis

• Built in data classification

• Automatic asset, service and user discovery and profiling

• Real-time correlation and threat intelligence

• Activity baselining and anomaly detection

• Detects incidentsout of the box

Embedded intelligence offers automated offense identification

Extensive Data Sources

Prioritized Incidents

Securing Intelligence and AnalyticsVisibility into security posture and clarity around incident investigation

Embedded Intelligence

IntegratedDashboard

Extensive Data Sources

Prioritized Incidents

Log Management & Compliance Reporting

Vulnerability & Risk Management

Real-time Analytics & Anomaly Detection

Incident Evidence & Forensics

IBM Security Solutions• QRadar Log Manager • QRadar SIEM • QRadar Risk Manager

• QRadar Vulnerability Manager

• QRadar Incident Forensics

Client Success

A Canadian financial services firm analyses

prioritised security offences

30,000,000

30security events per day to find

SIEM Incident Forensics

• Full packet capture • Detailed incident meta-

data / evidence • Reconstruction of content

and user activity

PhDs not required

Evidence Gathering

Quicker Investigations

Leverages intuition

Reduce Blind Spots, Quickly Investigate Attacks

Prioritized Incidents

SIEM

IBM Security capabilities to help reach security maturity

Advanced Threat Cloud Mobile Compliance

ADVANCED

BASIC

• Protocol analysis • Anomaly detection • Virtualization security • App state awareness

• Endpoint / network security management

• Perimeter security • Host security • Anti-virus

• Hybrid scanning and correlation

• Mobile app scanning

• Web application protection • Source code scanning • Application scanning

• Predictive analytics • Flow analysis • Big data workbench • Threat modelling

• SIEM • Vulnerability

management • Log management

• Crown Jewel protection • Data governance

• Data masking • DB activity monitoring • Data loss prevention • Encryption / key

management

• Prevent transactions from malware infected endpoints

• Identity governance • Fine-grained entitlements • Privileged user management

• Login challenge questions • Device ID rules

• User provisioning • Access management • Directory management

Disclaimer

Please Note: !IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. !Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. !The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

© 2014 IBM Corporation

IBM Security

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.