ibm security strategy · 2/6/2014 · party software ddos consulting secureid gaming trojan...
TRANSCRIPT
© 2014 IBM Corporation
IBM Security Systems
1 © 2014 IBM Corporation
IBM Security Strategy Intelligence, Integration and Expertise
Peter Allor Security Strategist – Government IBM Security Systems February 6, 2014
© 2014 IBM Corporation
IBM Security Systems
2
M O
T I
V A
T I O
N
Motivations and sophistication are rapidly evolving
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
Hacktivists Lulzsec, Anonymous
Monetary Gain
Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack
Nuisance, Curiosity
Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red
Nation-state actors, APTs Stuxnet, Aurora, APT-1
© 2014 IBM Corporation
IBM Security Systems
3
But our traditional defenses are not keeping up
Source: IBM client example
© 2014 IBM Corporation
IBM Security Systems
4
Source: IBM X-Force® Research 2011 Trend and Risk Report
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party Software
DDoS
SecureID
Trojan Software
Unknown
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Reported attacks continue to increase
Marketing Services
Online Gaming
Online Gaming
Online Gaming
Online Gaming
Central Government
Gaming
Gaming
Internet Services
Online Gaming
Online Gaming
Online Services
Online Gaming
IT Security
Banking
IT Security
Government Consulting
IT Security
Tele-communic
ations
Enter-tainment
Consumer
Electronics
Agriculture Apparel
Insurance
Consulting
Consumer Electronics
Internet Services
Central Govt
Central Govt
Central Govt
Entertainment
Defense
Defense
Defense
Consumer Electronics
Central Government
Central Government
Central Government
Central Government
Central Government
Central Government
Central Government
Consumer Electronics
National Police
National Police
State Police
State Police
Police
Gaming
Financial Market
Online Services
Consulting
Defense
Heavy Industry
Entertainment
Banking
Size of circle estimates relative impact of
breach in terms of cost to business
Source: IBM X-Force® Research 2012 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
© 2014 IBM Corporation
IBM Security Systems
5
Attack frequency increased to record in H1 2013
Source: IBM X-Force® Research 2013 Trend and Risk Report
© 2014 IBM Corporation
IBM Security Systems
6
Low risk / high reward
Old CMS installations
CMS Plugins
Forum software
Other popular 3rd party
scripts
of tracked disclosed breaches
still reliable for breaching databases
© 2014 IBM Corporation
IBM Security Systems
7
continue to disrupt businesses
Industries affected:
Banks
Governments
DNS Providers
High traffic volume as much as
© 2014 IBM Corporation
IBM Security Systems
8
attacks compromise end user trust
Targeting Savvy Users
Tech company developers
Government Employees
Unsuspecting viewers of
trusted sites
Tainting legitimate sites with zero-day exploits
© 2014 IBM Corporation
IBM Security Systems
9
Cyber Espionage The global reach of the Internet has enabled both phenomenal business growth and unprecedented business risk at the same time.
http://www.abc.net.au/4corners/stories/2013/05/27/3766576.htm
© 2014 IBM Corporation
IBM Security Systems
10
Motivations of the Attacker
Source: IBM Security Services 2013 Cyber Security Intelligence Index
© 2014 IBM Corporation
IBM Security Systems
11
Data Explosion and Cloud Growth The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere including new platforms including cloud, virtualization. Everything is everywhere.
© 2014 IBM Corporation
IBM Security Systems
12
National Security, Economic Espionage
Press, Activism, Defamation
The End Goal
Monetary Gain
Nuisance, Curiosity
The Organization Customer lists, Intellectual property,
Financial filings, Product plans, Business process data, Administrative credentials
The User Bank Credentials, Social Logins, Ransom
The Computer Spam, Click fraud, DDoS, CPU Cycles
© 2014 IBM Corporation 13
IBM Security Systems
Collaborative IBM teams monitor and analyze the latest threats
IBM Confidential
© 2014 IBM Corporation
IBM Security Systems
14
At IBM, the world is our security lab
v13-01 6,000 IBM researchers, developers, and subject matter experts ALL focused on security
3,000 IBM security patents
More than
Security Operations Centers
Security Research and Development Labs
Institute for Advanced Security Branches
© 2014 IBM Corporation
IBM Security Systems
15
5 Most Targeted Industries
Source: IBM Security Services 2013 Cyber Security Intelligence Index
© 2014 IBM Corporation
IBM Security Systems
16
Why do Breaches Happen
Source: IBM Security Services 2013 Cyber Security Intelligence Index
© 2014 IBM Corporation
IBM Security Systems
17
2012 Major Trends
40%
Security Incidents
14%
Web Vulnerabilities
53%
Web Vulns are XSS
20%
SPAM within 2012
Source: IBM X-Force® 2012 Trend and Risk Report
© 2014 IBM Corporation
IBM Security Systems
18
ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired.
18
© 2014 IBM Corporation
IBM Security Systems
19
2012 Vulnerabilities and Exploits
8,168
864
Public Vulnerabilities
Public Exploits
Source: IBM X-Force® 2012 Trend and Risk Report
© 2012 IBM Corporation © 2014 IBM Corporation 20
© 2014 IBM Corporation
IBM Security Systems
21
Security challenges are a complex, four-dimensional puzzle…
…that requires a new approach
Applications Web
Applications Systems
Applications Web 2.0 Mobile
Applications
Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motion Unstructured Structured
People Attackers Suppliers
Consultants Partners
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0 Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
© 2014 IBM Corporation
IBM Security Systems
22
Thinking differently about security
Data Basic- control
Applications Bolt-on
Infrastructure Thicker walls
Insight
Now
People Administration
Then
Smarter defenses
Built-in
Laser- focused
Analyze to build Intelligence
© 2014 IBM Corporation
IBM Security Systems
23
Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker…
Detect, Analyze & Remediate Think like an attacker,
counter intelligence mindset
Protect high value assets
Emphasize the data
Harden targets and weakest links
Use anomaly-based detection
Baseline system behavior
Consume threat feeds
Collect everything
Automate correlation and analytics
Gather and preserve evidence
Audit, Patch & Block Think like a defender,
defense-in-depth mindset
Protect all assets
Emphasize the perimeter
Patch systems
Use signature-based detection
Scan endpoints for malware
Read the latest news
Collect logs
Conduct manual interviews
Shut down systems
Broad Targeted
© 2014 IBM Corporation
IBM Security Systems
24
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence
Integration
Expertise
© 2014 IBM Corporation
IBM Security Systems
25
IBM’s own strategy: Ten essential practices for security leaders
1. Build a Risk Aware Culture & Management System
2. Manage Incidents
3. Secure the Workplace of the Future (Endpoint)
4. Secure Services, By Design
10. Manage the Identity Lifecycle
9. Protect Structured & Unstructured Data
7. Address New Complexity of Cloud and Virtualization
6. Control Network Access 5. Take a Hygienic Approach to Managing Infrastructure
8. Assure Supply Chain Security Compliance
Ongoing series of articles: www.ibm.com/smarter/cai/security
Approach aligned with corporate initiatives – not an afterthought
© 2014 IBM Corporation
IBM Security Systems
26
Get Engaged with IBM X-Force Research and Development
Follow us at @ibmsecurity and @ibmxforce
Force Security -or X http://iss.net/rss.php Force alerts at-Subscribe to Xhttp://www.ibm.com/blogs/xforceInsights blog at
Download X-Force security trend & risk reports .ibm.com/security/xforce/03-http://www
© 2014 IBM Corporation
IBM Security Systems
27
Optimize ahead of Attackers identify critical assets, analyze behavior, spot anomalies
Defragment your Mobile posture constantly apply updates and review BYOD policies
Social Defense needs Socialization educate users and engender suspicion
Don’t forget the basics scanning, patching, configurations, passwords
Key takeaways for
© 2014 IBM Corporation
IBM Security Systems
28
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.