3 Enablers of Successful Cyber Attacks and How to Thwart Them

© 2015 IBM Corporation

3 Enablers of Successful Cyber Attacks and How to Thwart Them

Christopher Beier BigFix Product Manager for Security IBM Security

BigFix Security

2 © 2015 IBM Corporation

Agenda

!  Why bad things happen to good companies –  3 enablers to successful attacks

!  Why existing security approaches can fall short

!  Strategies that can help thwart the “enablers” of APT success


You can’t fix what you can’t see Incident response is the No. 1 factor to reduce the cost of a data breach

Despite existing tools, breaches continue to rise Lack of visibility and control contributes to security breaches and financial loss

*Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015

“Major global bank compromised and millions of depositor records stolen

due to missed server upgrade cycle”

?

global average cost of a data breach*

$3.8M

ü ü ü


The enablers of a malicious attack

Successful Attack!!

Data-theft Service Interrupt

evasive Malware

vulnerable System

careless User or =

1 2 3

or

•  Attacks constantly mutating to evade signatures

•  Increasing number of zero-day exploits

•  1-500 machines already infected

Spear Phishing

Persistence

Backdoors

Designer Malware

Today’s World of Constantly Mutating Threats

Exploit Triage

Malware Tracking

Zero-day Research

IBM X-Force Research

Catalog of 96k vulnerabilities 12+ new daily

76% of attacks attributed to lost or stolen credentials 2013 Verizon DBIR


Why existing approaches can fall short

!  Siloed process create gaps

!  Signature based solutions are designed for known threats –  Indicators of Compromise tell you that you have been compromised

!  Mobile strategies increase the attack surface –  More endpoints manage –  New security challenges –  Policies for corporate owned and employee owned devices


Siloed IT Operations and Security Teams

SECURITY

•  Scan for compliance status

•  Create security policies

•  Identify vulnerabilities

IT OPERATIONS

•  Apply patches and fixes

•  Implement security and operational policy

•  Manual process takes weeks / months

Disparate tools, manual processes, lack of integration and narrow visibility


Continuous security configuration compliance Accurate, real-time visibility and continuous security configuration enforcement

Continuous compliance “set and forget” •  No high-risk periods •  Lower total cost •  Continued improvement •  Identify and report on any configuration drift •  Library of 9,000+ compliance checks

(e.g., CIS, PCI, USGCB, DISA STIG)

Traditional compliance “out of synch” •  High-risk and cost periods •  Manual approach causes endpoints

to fall out of compliance again

Traditional versus Continuous

Time

Com

plia

nce

Continuous Traditional

RISK

SCAP


Signature based solutions are designed for known threats

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015


Mobile strategies increase the attack surface

2014 Information Security Media Group


Strategies that can help catch the “enablers” of APT success !  A unified ecosystem in which security intelligence can be seamlessly

shared and threat response automated –  Continuous monitoring for security best practices

•  Discover •  Patch

–  Shared intelligence –  Connected systems

!  Multi-layered protections that help prevent, detect, and block attacks at the endpoint –  Detect and prevent infection from both known as well as zero-day and unknown malware –  Protect users from submitting their business credentials to harmful phishing sites and reusing of credentials on legitimate

third party sites –  Disrupt the exploit chain to block exploitation of unpatched or unknown system vulnerabilities –  Stop malicious communications so that even if malware infects a device, it can’t communicate externally or exfiltrate

data from your enterprise.


IBM BigFix: Bridge the Gap between Security and IT Ops

ENDPOINT SECURITY

Discovery and Patching

Lifecycle Management

Software Compliance and Usage

Continuous Monitoring

Threat Protection

Incident Response

ENDPOINT MANAGEMENT IBM BigFix®

FIND IT. FIX IT. SECURE IT.

…FAST

Shared visibility and control between IT Operations

and Security

IT OPERATIONS SECURITY

Reduce operational costs while improving your security posture


IBM BigFix Compliance (previously IBM Endpoint Manager for Security and Compliance)

Using BigFix Compliance, clients get value from: "  Con$nuous real-‐$me enforcement of security policies, regardless of network connec$on

status significantly reduces overall security risk

"  Supports industry and regulatory compliance benchmarks for best prac$ce protec$on

"  Discovery of unmanaged endpoints and Automa$c patch and remedia$on of non-‐compliant systems reduces risk and labor costs

"  Deploy, update, and health check 3rd-‐party Endpoint Protec$on solu$ons "  Policy based quaran$ne of non-‐compliant systems

Lifecycle Inventory Patch Compliance Protection

BigFix Platform

More than 9,000 heterogeneous platform compliance checks based on best practice regulatory benchmarks from CIS, PCI DSS, DISA STIG, USGCB


Advanced Evasive Malware - Advanced endpoint protection Stop exploits before application vendors provide updates

Third-party AV Protection Protection IBMTrusteer Apex

•  Anti-virus protection and Data Loss Prevention

•  Deploy and enforce security configuration policies

X üüüü

IBM BigFix®

•  Third-party anti-virus management

•  Manage compliance, quarantine and remediate

Continuous protection from advanced persistent threats

•  Multi-layered protection designed to break the threat lifecycle in real-time


IBM BigFix Protection

BigFix Protection delivers value in multiple ways: "  Real-‐$me endpoint protec$on against viruses, Trojan horses, spyware, rootkits and

other malware on Windows and Mac systems

"  Protec$on through cloud-‐based file and web reputa$on, behavior monitoring and personal firewall

"  Virtualiza$on awareness to reduce resource conten$on issues on virtual infrastructures "  Leveraging industry-‐leading IBM® and Trend Micro™ technologies with a single-‐console

and common management infrastructure

"  Integrated Data Loss Preven$on and Device Control available as a add-‐on

Lifecycle Inventory Patch Compliance Protection

BigFix Platform


Advanced Endpoint Protection with IBM Trusteer Apex Preemptive, multi-layered protection against advanced malware and credentials theft

IBM Trusteer Apex®

Prevent Credential Misuse & Theft

Prevents credentials theft via spear-phishing & the

reuse of enterprise credentials on consumer

sites

Defend against the Unknown

Positive behavior-based modeling to protect web browsers, Java, Adobe &

MS Office etc. against zero-day exploits

Light weight, multi-layered architecture

SaaS deployment, using a single agent that supports

both managed and unmanaged endpoints

ADVANCED ENDPOINT PROTECTION

Effective, Real-Time Advanced Threat Protection


IBM BigFix and IBM Trusteer Apex

!  Before –  Hardening the systems, and ensuring

continuous compliance of your security best practices

–  Preventing user credential exposure

!  During –  Mitigating malware infections and

zero-day exploit attempts –  Quarantine any infected systems to

contain the treat !  After

–  Continuously protect the zero-day window until fix is available

–  Quickly deploy new patches to exposed endpoints

Create the most robust enterprise endpoint security solution available!

IBM Trusteer Apex

and IBM BigFix

Apex– continuously protects in the window between threat and fix

Maintenance Patch : BigFix ensures it is

quickly deployed on all endpoints

Apex identifies and mitigates malware

infections in real-time stops zero-day exploits

BigFix Incident Response quarantines

infected machines

BigFix enforces secure configurations

Everyone goes back to work on higher value

projects

Unscheduled Patch: BigFix ensures it is

quickly deployed on all endpoints


Questions??

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOU www.ibm.com/security

Technology

3 Enablers of Successful Cyber Attacks and How to Thwart Them