© 2014 IBM Corporation

IBM Security Systems

1 © 2012 IBM Corporation

IBM Security Systems

1© 2014 IBM Corporation

IBM X-Force Heartbleed3Q 2014

Thomas DahlbeckSenior Security Consultant

© 2014 IBM Corporation

IBM Security Systems

2

Agenda

§ IBM X-Force

§ An era of continuous breatches

§ Heartbleed attack activity

§ Attackers rush to exploit

§ Heartbleed and CVSS

§ Mittigations

§ A proactive approch

© 2014 IBM Corporation

IBM Security Systems

3

IBM X-Force® Research and Development

VulnerabilityProtection

IPReputation

Anti-Spam

MalwareAnalysis

WebApplication

Control

URL / WebFiltering

The IBM X-Force Mission§ Monitor and evaluate the rapidly changing threat landscape

§ Research new attack techniques and develop protection for tomorrow’s security challenges

§ Educate our customers and the general public

§ Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

Expert analysis and data sharing on the global threat landscape

Zero-dayResearch

© 2014 IBM Corporation

IBM Security Systems

4

Coverage

20,000+ devices under contract

3,700+ managed clients worldwide

15B+ events managed per day

133 monitored countries (MSS)

1,000+ security related patents

100M+ customers protected from

fraudulent transactions

Depth

22B analyzed web pages & images

7M spam & phishing attacks daily

73K documented vulnerabilities

860K malicious IP addresses

1000+ malware samples collected daily

Millions of unique malware samples

IBM X-Force:Monitors and Analyzes the changing threat landscape

© 2014 IBM Corporation

IBM Security Systems

5

We are in an era of continuous breaches.

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014

Operational Sophistication

IBM X-Force declared Year of the

Security Breach

Near Daily Leaks of Sensitive Data

40% increase in reported data

breaches and incidents

Relentless Use of Multiple Methods

500,000,000+ records were leaked, while the future

shows no sign of change

2011 2012 2013

SQL injection

Spear phishing

DDoS Third-party software

Physical access

Malware XSS Watering hole

Undisclosed

Attack types

Note: Size of circle estimates relative impact of incident in terms of cost to business.

© 2014 IBM Corporation

IBM Security Systems

6

After Heartbleed was disclosed, MSS witnessed over 300,000 attacks in 24 hrs, and average of 3.47 attacks per second for more than hundreds of customers!

© 2014 IBM Corporation

IBM Security Systems

7

And it continues to average 7.000 attacks per day – mostly from malicious hosts.

© 2014 IBM Corporation

IBM Security Systems

8

One-day attack methods demonstrate how quickly attackers rush to exploit a vulnerability such as Heartbleed.

© 2014 IBM Corporation

IBM Security Systems

9

X-Force noted this trend was similar to a 2012 disclosure of the Java vulnerability.

© 2014 IBM Corporation

IBM Security Systems

10

Plug-ins are responsible for 90% of total CMS vulnerabilities disclosed.

© 2014 IBM Corporation

IBM Security Systems

11

Disclosures decline in 2014 – could be first reduction since 2011.

Decreasing number of vendors consistently reporting vulnerabilities might be contributing to the recent decline in total overall vulnerabilities disclosed.

© 2014 IBM Corporation

IBM Security Systems

12

Does current CVSS scoring represent actual risk to networks and systems?

Heartbleed existed for two years and received a CVSS medium base score of 5.0.

© 2014 IBM Corporation

IBM Security Systems

13

What can you do to mitigate these threats?

- Apply workaroundsCheck if the vendor providesguidance for temporary workaroundor disabling modules.

- Block attacksIntrusion detection or intrusionprevention systems and anti-virussoftware can serve as first line of defense.

- Shut down systems temporarilyThis option may be the best way to help prevent the loss of customers’ personal or financial information.

© 2014 IBM Corporation

IBM Security Systems

14

A proactive approach

Threat Intelligence ahead of Attackersidentify critical assets, analyze behavior, spot anomalies

Defragment your Mobile postureconstantly apply updates and review policies

Social Defense needs Socializationeducate users and engender suspicion

And Don’t forget the basicsscanning, patching, configurations, passwords

© 2014 IBM Corporation

IBM Security Systems

15

IBM X-Force Research & Development

IBM X-Force Security Insights blog at www.SecurityIntelligence.com/topics/x-force

Download IBM X-Force Threat Intelligence Quarterly Reports

http://www.ibm.com/security/xforce/Follow us at @ibmsecurity

and @ibmxforce

© 2014 IBM Corporation

IBM Security Systems

16

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.