IBM InterConnect 2013 Security Keynote

© 2013 IBM Corporation

IBM Security Intelligence Less Threat. More Intelligence. Brendan Hannigan General Manager, IBM Security Systems


3

Evolving Threat Landscape

Evolving CISO Landscape

4

CISO Challenge: Competing priorities

83% of enterprises have difficulty filling security roles

increase in Web application vulnerabilities from 2011 to 2012

14%

Increase in compliance mandates

Common Vulnerabilities and Exposures

5

CISO Challenge: Inadequate tools

85 tools from

0 out of 46 vendors detected

malware

45 vendors

Source: IBM client example

6

CISO Challenge: Business pressures

of CISOs are concerned about Cloud and mobile security

of organizations are using at least one cloud platform

70%

75%+

7

stolen from bank accounts in Operation High Roller

of C-level execs say that negligent insiders are their biggest concern

increase in critical

web browser vulnerabilities

59%

43%

INTERNAL EXTERNAL PAYOFFS

$78M

CISO Challenge: Evolving Threats

8

Advantage: Attacker

9

1 2 3

Innovation Intelligence Focus

10

Focus

USERS

ASSETS TRANSACTIONS

11

USERS

60,000 employees Provisioning took up to 2 weeks No monitoring of privileged users

Focus on users, not devices

Implement identity intelligence

Pay special attention to trusted insiders

Privilege Identity Management

Monitoring and same-day de-provisioning

for 100+ privileged users Source: IBM client example

12

ASSETS

critical databases $21M Saved

2,000 Secured

in compliance costs

Database Access and Monitoring

Thousands of databases containing HR, ERP, credit card, and other PII

in a world where 98% of breaches hit databases

Discover critical business data

Harden and secure repositories

Monitor and prevent unauthorized access


13

30 Million customers in an industry where $3.4B industry losses from online fraud

85% of breaches go undetected

TRANSACTIONS

Identify most critical transactions

Monitor sessions, access, and devices

Look for anomalies and attacks

Advanced Fraud Protection

Zero instances of fraud on over 1 million customer endpoints

reported Source: IBM client example

14

Intelligence

ANALYTICS

VISIBILITY INTEGRATION

15

Context, clustering, baselining, machine learning, and heuristics

Identify entire classes of Mutated threats

by analyzing 250+ protocols and file types ANALYTICS

Pattern matching

Don’t rely on signature detection

Use baselines and reputation

Identify outliers

16

Reduce 2 Billion logs and events per day

to 25 high priority offenses

Get full coverage, No more blind spots

Reduce and prioritize alerts

Continuous monitoring

VISIBILITY


17

Integrated Platforms

Eliminate silos and point solutions

Build upon a common platform

Share information between controls

Monitor threats across 8 Million subscribers

with an integrated Platform INTEGRATION

Siloed Point Products


18

CLOUD

MOBILE

Innovation

19

Cloud-enhanced Security Automated, customizable,

and elastic

Cloud is an opportunity for enhanced security

Traditional Security Manual

and static

20

Mobility is the opportunity to get security right

Network and Access

Control

Fraud Protection

Application and Data Security

Endpoint Management

21

Intelligence

Integration

Expertise

IBM Security Framework

Professional, Managed, and Cloud Services

22

Advanced Threat Protection Staying ahead of sophisticated attacks

Defense Strategy Attack Chain IBM Capabilities and Services

QRadar Security Intelligence X-Force Threat Intelligence

Emergency Response Services

Network Protection InfoSphere Guardium Trusteer Apex

QRadar Vulnerability Manager Endpoint Manager AppScan

23

CISO: Checkmate!

Analytics-powered security Leaning forward.

Felix Mohan Bharti Airtel Limited


25

Align. Make intelligent.

Third-party risk

Advanced attacks Regulatory compliance

Voice to data shift Competitive pressure

Disruptive technologies

Automation

Optimization

Culture

Competency

Communication

Intelligence

Aggravators

Concerns

Align. Make

intelligent.

Business-aligned

Analytics-driven

26

Airtel intelligence structure.

Technology Interaction

Information Integration

Analytics

Context Security devices

Network devices

Events

Flows

Contextual assessments Better risk management Prioritized and actionable intelligence

Broader and deeper vulnerability insight Better protection from advanced attacks

Quicker response

QFlow and VFlow Collector Vulnerability Manager

Risk Manager

SIEM QRadar

X-Force external threat feed

Trusteer* (2014) Openpages*, BigInsights* (2015-16)

27

Understand. Prioritize. Act. Advanced threat protection

Risk management

Compliance Resource optimization

Fraud protection

Simulate “what ifs” for risk impact Remediate zero-days and new security threats Monitor asset profiles & behaviour continuously Visualize traffic patterns and connections Comply with regulatory mandates and policies Prioritize vulnerability remediation Protect transactions Carry out advanced incident analysis & forensics Optimize resources and efforts

We are moving from dousing fires to ensuring they don’t happen in the first place!

Vulnerability scan data

Configuration data

Event data Activity

data Context

Network topology

#IBMINTERCONNECT


Thank You

29

10+ demos 5 appliances

•  Visit the Security Intelligence area in the Solution Center

•  Meet experts from the IBM Security Singapore Lab

•  Solution Center Sessions: Enhancing IBM Security solutions with Trusteer fraud detection capabilities

•  Technical Session: Dedicated Security track featuring Identity and Access Management, Security Intelligence, Mobile Security, and more

Don’t miss partner & client speakers including YaData and Asian Paints

Don’t miss…

All

Day 2

Day 3
