Changing the Enterprise Security Landscape · have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress

© 2013 IBM Corporation

IBM Security Systems

1 © 2013 IBM Corporation

Changing the Enterprise Security Landscape

Glen Gooding Director – IBM Institute for Advanced Security

gg00ding



2

How do Mobile Applications Treat You?



3

Threat Landscape is Growing Fast



4

And…. Becoming Mobile



5

Other stats to be aware of…



6

Reported incidents continue to rise



7

Reported incidents continue to rise

2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses



8

Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed

Cloud Computing IBM is investing in solutions to key trends

Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures

Regulation and Compliance

Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence

Advanced Threats

Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility

Mobile Computing

Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days

Enterprise Customers



9

Security challenges are a complex, four-dimensional puzzle …

… that requires a new approach

Applications Web

Applications Systems

Applications Web 2.0 Mobile Applications

Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motion Unstructured Structured

People Hackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0 Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications



10

Applying Security Intelligence to advanced threats

Extensive Data Sources

Deep Intelligence

Exceptionally Accurate and Actionable Insight + =

JK 2012-04-26

High Priority Offenses

Event Correlation

Activity Baselining & Anomaly Detection

Offense Identification

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity

A credit card firm simplifies complexity, reduces costs and optimizes resources

50% reduction in cost of deployment, tuning and maintenance vs. competitor



11

Device Management

Network, Data, and Access Security

Application Layer Security

Security for endpoint device and data

Achieve visibility and adaptive security policies Develop and test applications

A Japanese car manufacturer provides secure mobile access to their “AutoCloud” from any device using Federated Access, Security Intelligence, and Web Service Gateways



12

Australian Signals Directorate

http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm

85% Targeted intrusions could be mitigated by.. 1.  Application whitelisting 2.  OS patching 3.  Application patching – PDF, MS Office, Java, Flash, Browsers 4.  Minimise Privileged Users

..Top 4 Strategies to Mitigate Targeted Cyber Intrusions are mandatory for

Australian Government agencies.



13

Recent data breach

Telco Western Europe •  Customer Names, Addresses, Bank

Account Numbers, Birth dates Don’t worry – phone numbers, CC, Pin’s and passwords are safe….. "This attack could only be carried out with high criminal intent and

insider knowledge and was launched deep inside the IT infrastructure

of the company”

“What can be stated….. is that most if not all security controls have failed at the victim organization,”

“These controls include perimeter security, internal network security, endpoint security, data security and

possibly physical security, based on the comment made regarding possible ‘insider knowledge.”



14

Influencers •  Confident / prepared •  Strategic focus Protectors •  Less confident •  Somewhat strategic •  Lack necessary structural

elements Responders •  Least confident •  Focus on protection and

compliance

have a dedicated CISO

have a security/risk committee

have information security as a board topic use a standard set of security metrics to track their progress

focused on improving enterprise communication/ collaboration

focused on providing education and awareness

How they differ

Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012

2012 IBM Study revealed the changing role of the CISO



15

Topics to consider for panel conversation

Defending your infrastructure – Start simple (SPT), back to basics, Security 101 CIA – Confidentiality (Mobile data) Integrity (Cloud based access) Availability (DDOS) Business plans for ongoing security projects Is Compliance a contributing factor, or will a new business initiative provide funding Skill shortage, how well are you hiring expert staff? Social media, is it driving enterprise security trends? Cyber Insurance, how/who would consume?



16

ibm.com/security

Documents

Changing the Enterprise Security Landscape · have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress