IBM Security Strategy · 2/6/2014 · Party Software DDoS Consulting SecureID Gaming Trojan Software Unknown Online

© 2014 IBM Corporation

IBM Security Systems

1 © 2014 IBM Corporation

IBM Security Strategy Intelligence, Integration and Expertise

Peter Allor Security Strategist – Government IBM Security Systems February 6, 2014



2

M O

T I

V A

T I O

N

Motivations and sophistication are rapidly evolving

S O P H I S T I C A T I O N

National Security, Economic Espionage

Notoriety, Activism, Defamation

Hacktivists Lulzsec, Anonymous

Monetary Gain

Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack

Nuisance, Curiosity

Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red

Nation-state actors, APTs Stuxnet, Aurora, APT-1



3

But our traditional defenses are not keeping up

Source: IBM client example



4

Source: IBM X-Force® Research 2011 Trend and Risk Report

Attack Type

SQL Injection

URL Tampering

Spear Phishing

3rd Party Software

DDoS

SecureID

Trojan Software

Unknown

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Reported attacks continue to increase

Marketing Services

Online Gaming

Online Gaming

Online Gaming

Online Gaming

Central Government

Gaming

Gaming

Internet Services

Online Gaming

Online Gaming

Online Services

Online Gaming

IT Security

Banking

IT Security

Government Consulting

IT Security

Tele-communic

ations

Enter-tainment

Consumer

Electronics

Agriculture Apparel

Insurance

Consulting

Consumer Electronics

Internet Services

Central Govt

Central Govt

Central Govt

Entertainment

Defense

Defense

Defense


Central Government

Central Government

Central Government

Central Government

Central Government

Central Government

Central Government


National Police

National Police

State Police

State Police

Police

Gaming

Financial Market

Online Services

Consulting

Defense

Heavy Industry

Entertainment

Banking

Size of circle estimates relative impact of

breach in terms of cost to business


2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses



5

Attack frequency increased to record in H1 2013




6

Low risk / high reward

Old CMS installations

CMS Plugins

Forum software

Other popular 3rd party

scripts

of tracked disclosed breaches

still reliable for breaching databases



7

continue to disrupt businesses

Industries affected:

Banks

Governments

DNS Providers

High traffic volume as much as



8

attacks compromise end user trust

Targeting Savvy Users

Tech company developers

Government Employees

Unsuspecting viewers of

trusted sites

Tainting legitimate sites with zero-day exploits



9

Cyber Espionage The global reach of the Internet has enabled both phenomenal business growth and unprecedented business risk at the same time.

http://www.abc.net.au/4corners/stories/2013/05/27/3766576.htm



10

Motivations of the Attacker

Source: IBM Security Services 2013 Cyber Security Intelligence Index



11

Data Explosion and Cloud Growth The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere including new platforms including cloud, virtualization. Everything is everywhere.



12

National Security, Economic Espionage

Press, Activism, Defamation

The End Goal

Monetary Gain

Nuisance, Curiosity

The Organization Customer lists, Intellectual property,

Financial filings, Product plans, Business process data, Administrative credentials

The User Bank Credentials, Social Logins, Ransom

The Computer Spam, Click fraud, DDoS, CPU Cycles

© 2014 IBM Corporation 13


Collaborative IBM teams monitor and analyze the latest threats

IBM Confidential



14

At IBM, the world is our security lab

v13-01 6,000 IBM researchers, developers, and subject matter experts ALL focused on security

3,000 IBM security patents

More than

Security Operations Centers

Security Research and Development Labs

Institute for Advanced Security Branches



15

5 Most Targeted Industries




16

Why do Breaches Happen




17

2012 Major Trends

40%

Security Incidents

14%

Web Vulnerabilities

53%

Web Vulns are XSS

20%

SPAM within 2012

Source: IBM X-Force® 2012 Trend and Risk Report



18

ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired.

18



19

2012 Vulnerabilities and Exploits

8,168

864

Public Vulnerabilities

Public Exploits

Source: IBM X-Force® 2012 Trend and Risk Report

© 2012 IBM Corporation © 2014 IBM Corporation 20



21

Security challenges are a complex, four-dimensional puzzle…

…that requires a new approach

Applications Web

Applications Systems

Applications Web 2.0 Mobile

Applications

Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motion Unstructured Structured

People Attackers Suppliers

Consultants Partners

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0 Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications



22

Thinking differently about security

Data Basic- control

Applications Bolt-on

Infrastructure Thicker walls

Insight

Now

People Administration

Then

Smarter defenses

Built-in

Laser- focused

Analyze to build Intelligence



23

Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker…

Detect, Analyze & Remediate Think like an attacker,

counter intelligence mindset

Protect high value assets

Emphasize the data

Harden targets and weakest links

Use anomaly-based detection

Baseline system behavior

Consume threat feeds

Collect everything

Automate correlation and analytics

Gather and preserve evidence

Audit, Patch & Block Think like a defender,

defense-in-depth mindset

Protect all assets

Emphasize the perimeter

Patch systems

Use signature-based detection

Scan endpoints for malware

Read the latest news

Collect logs

Conduct manual interviews

Shut down systems

Broad Targeted



24

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

Intelligence

Integration

Expertise



25

IBM’s own strategy: Ten essential practices for security leaders

1. Build a Risk Aware Culture & Management System

2. Manage Incidents

3. Secure the Workplace of the Future (Endpoint)

4. Secure Services, By Design

10. Manage the Identity Lifecycle

9. Protect Structured & Unstructured Data

7. Address New Complexity of Cloud and Virtualization

6. Control Network Access 5. Take a Hygienic Approach to Managing Infrastructure

8. Assure Supply Chain Security Compliance

Ongoing series of articles: www.ibm.com/smarter/cai/security

Approach aligned with corporate initiatives – not an afterthought



26

Get Engaged with IBM X-Force Research and Development

Follow us at @ibmsecurity and @ibmxforce

Force Security -or X http://iss.net/rss.php Force alerts at-Subscribe to Xhttp://www.ibm.com/blogs/xforceInsights blog at

Download X-Force security trend & risk reports .ibm.com/security/xforce/03-http://www

http://www.twitter.com/

http://blogs.iss.net/

http://iss.net/rss.php

http://www.ibm.com/blogs/xforce

http://www-03.ibm.com/security/xforce/






27

Optimize ahead of Attackers identify critical assets, analyze behavior, spot anomalies

Defragment your Mobile posture constantly apply updates and review BYOD policies

Social Defense needs Socialization educate users and engender suspicion

Don’t forget the basics scanning, patching, configurations, passwords

Key takeaways for



28

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

http://www.ibm.com/security

Documents

IBM Security Strategy · 2/6/2014 · Party Software DDoS Consulting SecureID Gaming Trojan Software Unknown Online