ibm security and cloud - td events · dns protection . server & database vulnerability...
TRANSCRIPT
© 2015 IBM Corporation
Antonio Ricci Security Architect IBM Security April 15, 2016
IBM Security and Cloud
2 © 2015 IBM Corporation
Agenda
Cloud and Security
Security for the cloud
Security from the cloud
3 © 2015 IBM Corporation
Cloud adoption requires security to evolve
External Stakeholders Traditional Enterprise IT
Public Cloud Private Cloud
PaaS Development
services
SaaS Business
applications
IaaS Infrastructure
services
100+ IBM Offerings
HR, CRM, SCM
Data archive
App development
100+ IBM Offerings
Online website
4 © 2015 IBM Corporation
From traditional security to cloud security
5 © 2015 IBM Corporation
IT security is a daily challenge with attacks becoming more frequent and aggressive
Near Daily Leaks of Sensitive Data
40% increase in reported data
breaches and incidents
Relentless Use of Multiple Methods
800,000,000+ records were leaked, while the future
shows no sign of change
“Insane” Amount of Records Breached
42% of CISOs claim the risk from external threats
increased dramatically from prior years
Size of circle estimates relative impact of incident in terms of cost to business.
Source: IBM® X-Force® Threat Intelligence Quarterly – 1Q 2015 and 2014 IBM Chief Information Security Officer Assessment
Near Daily Leaks of Sensitive Data
40% increase in reported data breaches
and incidents
Relentless Use of Multiple Methods
800,000,000+ records were leaked, while the future
shows no sign of change
“Insane” Amount of Records Breached
42% of CISOs claim the risk from external threats increased
dramatically from prior years
2012 2013 2014
1 Cross-site scripting, 2 Structured query language, 3 Distributed Denial of Service
2 1 3
© 2015 IBM Corporation
Security for the cloud
7 © 2015 IBM Corporation
Which security requirements should company address when moving to the cloud?
8 © 2015 IBM Corporation
Cloud Security Assessment
• Experience and expertise to assess applicable industry and regulatory standards and frameworks
• Tools to determine cloud application and services accessed from within your environment today
• Unified Compliance Framework’s (UCFs) Common Controls Hub (CCH) to establish controls list for robust viewing and tracking of security controls
Understand business needs and identify the cloud security gaps
Maturity ratings using well known maturity models such as Capability Maturity Model Integration (CMMI)
Cloud security strategy with prioritized roadmap and remediation plan including implementation options
Responsible, accountable, consulted, and informed (RACI) chart with new roles identified
• Assess current state of cloud security
• Develop a security strategy for cloud computing
• Clarify roles and responsibilities to support security in a hybrid cloud environment (public plus private or traditional data center)
• Create a flexible yet sustainable security program to support cloud application and services growth for the business
Objectives Features Deliverables
Cloud security services from IBM offers an assessment of your cloud environment including access and infrastructure, develop a strategy and provide a roadmap to help you achieve target security posture and clarify roles and responsibilities in the new integrated environment.
© 2015 IBM Corporation
Security from the cloud
10 © 2015 IBM Corporation
IBM managed security services provides security at every level
Software as a Service Application security testing and management
Web Defense (Web App Firewall and DDoS Protection)
Email and Content Security
Platform as a Service Identity and access management for cloud
Data security (encryption and monitoring)
Infrastructure as a Service Firewall/Unified Threat Management and Monitoring
Network intrusion detection & prevention
Security event and log management
Vulnerability scanning and management
Host-based intrusion detection & prevention for servers
Managed Security Information and Event Management
11 © 2015 IBM Corporation
Enterprise-wide security correlation
DDoS protection
Web application vulnerability management
Web application firewall (WAF)
DNS protection
Server & database vulnerability management
Email filtering
URL filtering
Web browsing Network threat protection & IDS/IPS
DDoS protection
Protect your direct web presence
Managed Web Defense
Protect your organization’s users
Managed Web Defense strategy
Protect your supporting infrastructure
IBM Managed Web Defense leverages our Managed Security Services and helps protect three core elements of web security
12 © 2015 IBM Corporation
What is E-mail Security Management?
Protects against 100% of known and unknown e-mail viruses
Reduces spam dramatically Stops pornographic e-mails Controls confidential information from leaving
your company Reports on volume of email and malicious
threats
Features 100% virus protection
99.2% spam effectiveness with 1 in 1 million false positives
90%+ effective in identifying pornographic attachments
Enforces acceptable use policy
Multiple layers of defense
Highly redundant infrastructure
Assists in stopping confidential information leaving your company
Industry-leading performance-based SLAs
Benefits Quick and easy setup
No upfront or ongoing hardware, software or support costs
Protection against known, unknown viruses
24x7 customer support
Reduces the need to apply urgent patches
Integrated solution protects against all types of threats
Frees up IT personnel for proactive, strategic initiatives
Improves network security and system uptime
Substantial bandwidth savings, by stopping malicious threats at the Internet
12
13 © 2015 IBM Corporation
Hosted Email Security Service Details
Anti-Virus Anti-virus protection scans emails and attachments for malicious content by leveraging multiple commercial scanning engines for superior accuracy and performance.
– Multiple scanners – Inbound and outbound filtering – Proactive scanning for new threats – Phishing detection – Protection for Zero-Hour outbreaks – 7-day offsite virus quarantine – 100% protection against known and
unknown viruses
Anti-Spam Anti-spam protection scans inbound emails for time wasting content and deletes or quarantines the content based on user definable policies. Leverages multiple engines.
– Multiple filters – TCP/IP traffic shaping – Highly effective with minimal false
Positives – Transparent knowledge base updates – Multiple-handling options, including end
user quarantine; confidence to “block and delete” on signature detection
– Configurable white and black lists
13
14 © 2015 IBM Corporation
Hosted Email Security Service Details
Content Control Content control allows for analysis of email content and enables user definable control over file attachment types, email text content and more.
– Protect corporate and brand reputation – Maintain confidential and intellectual
property – Advance policy setting criteria including,
group, users, sizes, types, times of day – Keyword and contextual analysis – Investigate suspicious activity – Preserve confidentiality and security and
reduce legal liability – Defend against careless & malicious
action
14
15 © 2015 IBM Corporation
Summary of Email Security Reporting
Portal Summary Report Detailed Report Other
Email Security Services
Web-based Portal PDF
Scheduled Reports (CSV)
Anti-Virus CSV Anti-Spam CSV Content Control CSV Image Control CSV Archiving Additional reports on appliance
(HTML, PDF, CSV)
15
16 © 2015 IBM Corporation
How hosted web security works
16
Internet
Employee
Inbound virus and spyware traffic
Legitimate traffic
Corporate network boundary
Antivirus
Anti-spyware
Web-based console for setup, administration
and notification Administrator
Outbound virus and spyware traffic and requests for blocked
URLs
Legitimate traffic URL filtering
Hosted web security
STOP
STOP
GO GO
17 © 2015 IBM Corporation
Our firewall management services are delivered in three distinct phases.
We can: Provide services based on best practices and proven methodology
Leverage state-of-the-art, industry-certified facilities
Offer extensive support and reporting capabilities via a virtual portal
Implement
Interact with your team to understand firewall deployment requirements
Remotely configure required technologies to your specifications
Integrate with the Virtual-Security Operations Center (SOC) platform
Transition and hand off to IBM’s experienced delivery teams
Manage
Administer technologies to documented standards and frameworks
Ensure that UTM1 devices are properly configured, patched, and secured
Backup and retain critical log and configuration data
Monitor devices for health, availability, and abnormal behavior
Support and report
Around-the-clock email, chat and telephone support
Web-based virtual SOC portal for more comprehensive reporting
Best-practices workflow for ticketing, incident handling and support
1Unified threat management (UTM)`
18 © 2015 IBM Corporation
Detect , prioritize and correlate vulnerabilities
Vulnerability management via agent-less scanning from both inside and outside the firewall
Remediation guidance and workflow to help fix vulnerabilities quickly and easily with the information provided in remediation reports
PCI compliance assistance IBM can serve as an Approved Scanning Vendor (ASV) in support of PCI compliance initiatives
Intelligent scanning to help deliver accurate scan results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positives means less time spent tracking down “potential” vulnerabilities.
Web application vulnerability detection to help identify SQL Injection, cross-site scripting, and other high risk vulnerabilities in web applications
Database vulnerability detection to help identify vulnerabilities in common databases and database configurations
Automatically populates Asset records within the Virtual SOC Portal, helping to document criticality, sensitivity and regulated status of assets
Automatic integration into correlation and analytics that (a) Identify attacks that successfully breach defenses and (b) dramatically reduce false positives by identifying attacks that unsuccessfully target patched devices.
Hosted Vulnerability Management Service
19 © 2015 IBM Corporation
Combining IBM Managed Security Services offerings can help increase your analytic capabilities.
19
Services recommended to enable these capabilities: (1) VMS5 2.0 (1) Managed IDPS
(2) Managed UTM (3) MPS4 (4) Hosted SELM
(1) Firewall management (2) Managed UTM2 (3) Hosted SELM3
(1) Hosted SELM
Firewall management
IDPS1 management
Managed protection services
Unified threat
management
Secure log
management
Hosted vulnerability management
Add firewall logs
Add IDPS
events:
Add vulnerability
scan results
Add operating system and application
logs:
Real-time identification
of connections with known attackers
Know the attacks levied
against you
Know if the attacks are Successful
Monitor suspicious
internal activities
IBM security intelligence
Good Better Enhanced Superior
1Intrusion detection and prevention system (IDPS); 2Unified threat management (UTM); 3Security event log monitor ((SELM); 4Managed protection services (MPS); 5Vulnerability management service (VMS)
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU www.ibm.com/security