Embed Size (px)
DESCRIPTION
Attackers are using increasingly sophisticated methods to access your most sensitive data, and at the same time cloud, mobile and other innovations expand the perimeter you need to protect. This keynote discusses how to build a more secure enterprise with real-time analytics and behavior-based activity monitoring. Advanced Security Intelligence tools store, correlate and analyze millions of events and flows daily to identify critical incidents your security team needs to investigate. The volume, variety and velocity involved clearly defines Security as a “Big Data challenge.” Learn how advanced predictive analytics and incident forensics help defend against advanced attacks and respond to and remediate incidents quickly and effectively.
Citation preview
1
2
3
Sandy BirdIBM Fellow
Chief Technology Officer
IBM Security Systems
4
Amplifying Security Intelligence with
Big Data and Advanced AnalyticsIBM Security
We are in an era of continuous breaches
5
SQL injection
Watering hole
Physical access
MalwareThird-party software
DDoSSpear phishing
XSS UndisclosedAttack types
Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
2011Year of the breach
201240% increase
2013500,000,000+ records breached
Yesterday’s practices are not working
6
$3.5M+45 vendors
85 tools fromAverage cost
of a data breach
Sources: 2014 Cost of Data Breach, Ponemon Institute, IBM client example
Your security team sees noise
7
Anatomy of a Retail Breach
Attacker phishes third-party contractor
Attacker finds and infects Windows file server
Attacker finds and infects POS systems with malware1 3 4
Malware scrapes RAM for clear text credit card data5
Malware sends card data to internal server; sends custom notification ping6
Stolen data is exfiltrated to the attacker’s FTP servers7
Attacker accesses contractor portal with stolen credentials2
9
Why a new approach is needed
Criminals will not relentand every business
is a target
New technologies create opportunities
to transform IT security
Security leadersare more accountable
than ever before
INTELLIGENCE
Use insightsand analytics
to identifyoutliers
INNOVATION
Use cloudand mobilefor better security
INTEGRATIONDevelop an integrated
approach tostay ahead
of the threat
10
INTELLIGENCE
Use insightsand analytics
to identifyoutliers
11
Security insights from broader data sets
12
Logs Events Alerts
Configuration information
System audit trails
Externalthreat feeds
Network flows and anomalies
Identity context
Malware information
Full packet and DNS captures
E-mail and social activityBusiness
process data
Traditional Security Operations and Technology
Big DataAnalytics
Incident forensics extends incident clarity
13
SuspectedIncidents
Prioritized Incidents• Mine data for attacks in progress
• Review incident evidence
• Reconstruct incident activity
• Determine root cause
• Prevent re-occurrences
Embedded Intelligence
Incident Forensics
• Real-timeanalytics
• Automated offenseidentification
• Anomalydetection
14
Provide real-time indexing and searchData nodes balance real-time analysis and alerting with longer-term storage, search performance and cost
100%dedicated to storage and search workload
100TBuncompressed data
search threads20+
Event / Flow Processors D
ata No
des
Snap on clusteringfor increased
scale / capacity
Centralized orglobally distributed
processing
IBM X-Force® threat intelligence
15
Coverage20,000+ devices
under contract
3,700+ managed clients worldwide
15B+ daily events managed
133 monitored countries (MSS)
1,700+ security related patents
100M+ customers protected from fraudulent transactions
Depth22B+ analyzed web pages and images
7M+ daily spam and phishing attacks
73K+ documented vulnerabilities
860K+ malicious IP addresses
1,000+ malware samples collected daily
Millions of unique malware samples
16
Gain insights to prioritize critical events
Reduced
2 Billionlogs and events
per day to
Source: IBM client example
QRadar SecurityIntelligence Platform
QRadar SIEM, QFlow, X-Force, Network IPS
A Fortune FiveEnergy Company
A Financial Information Provider
50–80%
on staffing
A Global Bank
Identified and blocked
650+ suspicious incidents
in the first
QRadar SIEM, QFlow,Risk Manager
6 monthsof SOC operations
25high priority offenses
Tracked
250activity baselines
and saved
17
IBM analytics capabilities for security
IBM QRadarSecurity
IntelligenceAnalyze security
related data
1
IBM SPSSCapture,
predict, anddiscover trends
4
2 IBM Big Data PlatformBigInsights, Streams,
and NetezzaCustomized unstructured data analysis
3 IBM i2 Analyst NotebookInvestigate fraud
INTEGRATION
Develop an integrated approach tostay ahead
of the threat
18
Use integrated defenses against attacks
19
Discover anomalous activity and stop exfiltration
Use the cloud to identify suspicious activity
Prevent unknown and mutating threats
Integrate to optimize your investment
20
Integrated intelligenceCorrelate and analyze siloed information from hundreds of sources to automatically detect and respond to threats
Integrated protectionEnhance security with security solutions that interact across domains to provide cohesive, easy to manage protection
Integrated researchIncorporate the latest information on exploits, vulnerabilities, and malware into intelligent security solutions across domains
INNOVATION
Use cloudand mobilefor bettersecurity
21
Employ cloud to improve security
22
Maintain cloud visibility and control
A global electronics firm helps protect
access to cloud-based applications for
10,000employees
Protect the enterprise
A global bank enables security-rich mobile
access and multi-factor authentication for
millionsof users
Get security from the cloud
One of the world’s largest banks reduced
phishing attacks by
90%and reduced phone fraud to almost $0
23
Build security into mobile from day one Enterprise Applications
and Cloud Services
Identity, Fraud,and Data Protection
Discovered and enrolled
36,000 devices in the first
60 minutes with ability to wipe the device if lost
70,000+ users migrated in the first month
<500 Help Desk calls (< .5%)
IBM CorporationChemical company
Cloud-based Threat, Malware and Fraud Intelligence
Get help from security experts
24
Cloud-based Managed Security
Existing Resources
Managed Security, Augmentation,and Forensics Services
3 Takeaways
25
More data analyzed reduces the required incident investigations 1
Look for automated big data security solutions2
Deploy integrated solutions to help stop advanced threats3
26
Visit the IBM Security Category booth in the Solution EXPO• See the latest demos• Talk to our experts• Download our latest materials
Last 3 Fast Track Sessions• How the QRadar platform is being used by IBM!
Mariners B, today at 3:00 p.m.• Securing your “Crown Jewels”
Islander E, tomorrow at 3:00 p.m.• Security tips for protecting your business in the social world
Mariners A, tomorrow at 4:30 p.m.
Security Birds-of-a-Feather with dev@Insight• Insightful and interactive discussion on security’s key topics with Chris Poulin
Shorelines A (second floor), starting in 5 minutes!
Don’t miss…
Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
© Copyright IBM Corporation 2014. All rights reserved.
— U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM, the IBM logo, ibm.com and QRadar, Infosphere, SPSS, BigInsights, Netezza, i2 and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at
“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml
Other company, product, or service names may be trademarks or service marks of others.
27
28
