Upload
ibm-security
View
873
Download
1
Embed Size (px)
Citation preview
© 2015 IBM Corporation
3 Enablers of Successful Cyber Attacks and How to Thwart Them
Christopher Beier BigFix Product Manager for Security IBM Security
BigFix Security
2 © 2015 IBM Corporation
Agenda
! Why bad things happen to good companies – 3 enablers to successful attacks
! Why existing security approaches can fall short
! Strategies that can help thwart the “enablers” of APT success
3 © 2015 IBM Corporation
You can’t fix what you can’t see Incident response is the No. 1 factor to reduce the cost of a data breach
Despite existing tools, breaches continue to rise Lack of visibility and control contributes to security breaches and financial loss
*Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015
“Major global bank compromised and millions of depositor records stolen
due to missed server upgrade cycle”
?
global average cost of a data breach*
$3.8M
ü ü ü
4 © 2015 IBM Corporation
The enablers of a malicious attack
Successful Attack!!
Data-theft Service Interrupt
evasive Malware
vulnerable System
careless User or =
1 2 3
or
• Attacks constantly mutating to evade signatures
• Increasing number of zero-day exploits
• 1-500 machines already infected
Spear Phishing
Persistence
Backdoors
Designer Malware
Today’s World of Constantly Mutating Threats
Exploit Triage
Malware Tracking
Zero-day Research
IBM X-Force Research
Catalog of 96k vulnerabilities 12+ new daily
76% of attacks attributed to lost or stolen credentials 2013 Verizon DBIR
5 © 2015 IBM Corporation
Why existing approaches can fall short
! Siloed process create gaps
! Signature based solutions are designed for known threats – Indicators of Compromise tell you that you have been compromised
! Mobile strategies increase the attack surface – More endpoints manage – New security challenges – Policies for corporate owned and employee owned devices
6 © 2015 IBM Corporation
Siloed IT Operations and Security Teams
SECURITY
• Scan for compliance status
• Create security policies
• Identify vulnerabilities
IT OPERATIONS
• Apply patches and fixes
• Implement security and operational policy
• Manual process takes weeks / months
Disparate tools, manual processes, lack of integration and narrow visibility
7 © 2015 IBM Corporation
Continuous security configuration compliance Accurate, real-time visibility and continuous security configuration enforcement
Continuous compliance “set and forget” • No high-risk periods • Lower total cost • Continued improvement • Identify and report on any configuration drift • Library of 9,000+ compliance checks
(e.g., CIS, PCI, USGCB, DISA STIG)
Traditional compliance “out of synch” • High-risk and cost periods • Manual approach causes endpoints
to fall out of compliance again
Traditional versus Continuous
Time
Com
plia
nce
Continuous Traditional
RISK
SCAP
8 © 2015 IBM Corporation
Signature based solutions are designed for known threats
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
9 © 2015 IBM Corporation
Mobile strategies increase the attack surface
2014 Information Security Media Group
10 © 2015 IBM Corporation
Strategies that can help catch the “enablers” of APT success ! A unified ecosystem in which security intelligence can be seamlessly
shared and threat response automated – Continuous monitoring for security best practices
• Discover • Patch
– Shared intelligence – Connected systems
! Multi-layered protections that help prevent, detect, and block attacks at the endpoint – Detect and prevent infection from both known as well as zero-day and unknown malware – Protect users from submitting their business credentials to harmful phishing sites and reusing of credentials on legitimate
third party sites – Disrupt the exploit chain to block exploitation of unpatched or unknown system vulnerabilities – Stop malicious communications so that even if malware infects a device, it can’t communicate externally or exfiltrate
data from your enterprise.
11 © 2015 IBM Corporation
IBM BigFix: Bridge the Gap between Security and IT Ops
ENDPOINT SECURITY
Discovery and Patching
Lifecycle Management
Software Compliance and Usage
Continuous Monitoring
Threat Protection
Incident Response
ENDPOINT MANAGEMENT IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control between IT Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture
12 © 2015 IBM Corporation
IBM BigFix Compliance (previously IBM Endpoint Manager for Security and Compliance)
Using BigFix Compliance, clients get value from: " Con$nuous real-‐$me enforcement of security policies, regardless of network connec$on
status significantly reduces overall security risk
" Supports industry and regulatory compliance benchmarks for best prac$ce protec$on
" Discovery of unmanaged endpoints and Automa$c patch and remedia$on of non-‐compliant systems reduces risk and labor costs
" Deploy, update, and health check 3rd-‐party Endpoint Protec$on solu$ons " Policy based quaran$ne of non-‐compliant systems
Lifecycle Inventory Patch Compliance Protection
BigFix Platform
More than 9,000 heterogeneous platform compliance checks based on best practice regulatory benchmarks from CIS, PCI DSS, DISA STIG, USGCB
13 © 2015 IBM Corporation
Advanced Evasive Malware - Advanced endpoint protection Stop exploits before application vendors provide updates
Third-party AV Protection Protection IBMTrusteer Apex
• Anti-virus protection and Data Loss Prevention
• Deploy and enforce security configuration policies
X üüüü
IBM BigFix®
• Third-party anti-virus management
• Manage compliance, quarantine and remediate
Continuous protection from advanced persistent threats
• Multi-layered protection designed to break the threat lifecycle in real-time
14 © 2015 IBM Corporation
IBM BigFix Protection
BigFix Protection delivers value in multiple ways: " Real-‐$me endpoint protec$on against viruses, Trojan horses, spyware, rootkits and
other malware on Windows and Mac systems
" Protec$on through cloud-‐based file and web reputa$on, behavior monitoring and personal firewall
" Virtualiza$on awareness to reduce resource conten$on issues on virtual infrastructures " Leveraging industry-‐leading IBM® and Trend Micro™ technologies with a single-‐console
and common management infrastructure
" Integrated Data Loss Preven$on and Device Control available as a add-‐on
Lifecycle Inventory Patch Compliance Protection
BigFix Platform
15 © 2015 IBM Corporation
Advanced Endpoint Protection with IBM Trusteer Apex Preemptive, multi-layered protection against advanced malware and credentials theft
IBM Trusteer Apex®
Prevent Credential Misuse & Theft
Prevents credentials theft via spear-phishing & the
reuse of enterprise credentials on consumer
sites
Defend against the Unknown
Positive behavior-based modeling to protect web browsers, Java, Adobe &
MS Office etc. against zero-day exploits
Light weight, multi-layered architecture
SaaS deployment, using a single agent that supports
both managed and unmanaged endpoints
ADVANCED ENDPOINT PROTECTION
Effective, Real-Time Advanced Threat Protection
16 © 2015 IBM Corporation
IBM BigFix and IBM Trusteer Apex
! Before – Hardening the systems, and ensuring
continuous compliance of your security best practices
– Preventing user credential exposure
! During – Mitigating malware infections and
zero-day exploit attempts – Quarantine any infected systems to
contain the treat ! After
– Continuously protect the zero-day window until fix is available
– Quickly deploy new patches to exposed endpoints
Create the most robust enterprise endpoint security solution available!
IBM Trusteer Apex
and IBM BigFix
Apex– continuously protects in the window between threat and fix
Maintenance Patch : BigFix ensures it is
quickly deployed on all endpoints
Apex identifies and mitigates malware
infections in real-time stops zero-day exploits
BigFix Incident Response quarantines
infected machines
BigFix enforces secure configurations
Everyone goes back to work on higher value
projects
Unscheduled Patch: BigFix ensures it is
quickly deployed on all endpoints
17 © 2015 IBM Corporation
Questions??
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU www.ibm.com/security