Embed Size (px)
Citation preview
Compete to winDON’T JUST BE COMPLIANT – BE SECURE!
Leslie Wiggins
August 30, 2016
WW Portfolio MarketingStephanie BestWW Portfolio Marketing, Security Services
2 IBM Security
Where does your organization invest the most?
3 IBM Security
Data is challenging to control, making it hard to support compliance and security initiatives
DYNAMICData multiplies
continuously andmoves quickly
DISTRIBUTEDData is everywhere,across applicationsand infrastructure
IN DEMANDUsers need to constantly access
and share data to do their jobs
4 IBM Security
Regulations often begin the data security conversation
CommonCompliance
Requirements
PCIFor the
safety of cardholder
data
SOXTo safeguard
financial data
HIPAATo ensure
patient privacy
GDPRProtects personal
privacy and data
$5K per month to $500K per month
$1M - $5Mwith possible imprisonment
Up to $1.5Mper year
Up to €20M or 4% annual WW turnover
5 IBM Security
Stopping at compliance leaves sensitive data – and your business - exposed
70%Customer data, product designs, sales information, proprietary algorithms, communications, etc.
Source: TechRadar
of your company’svalue likely lies in intellectual property
Damaging security incidents involve loss, illicit modification, or destruction of sensitive dataYet many security programs forget to protect the data
6 IBM Security
Attackers break through everyday to get at sensitive data
2013800+ Million
records breached
20141+ Billion
records breached
2015Unprecedented
high-value targets breached
7 IBM Security
Many organizations stop at compliance. Why?
1. State of confusion: They don’t know where to start or what security capabilities can help
2. Only have funding for compliance, not data security
3. The organization’s security funding is earmarked for known issues (ie., perimeter security, antivirus, etc.)
4. Trying to leverage a home-grown solution, attempting to use DB logs to meet compliance mandates
5. Selecting a technology that doesn’t solve the problem
8 IBM Security
Spot the issues Understand the issues Take action
Identify potential risks to sensitive data, understand the value of that data and the level of risk
Understand how they are at risk; get guidance on an action plan
Put the right preventative or real-time protective measure into place
Refocus: Know your hot spots and swing into action
9 IBM Security
Start moving in the right direction
Jumpstart compliance with 3 key capabilities
1) Discover – find and classify the relevant data
2) Monitor – know who is reading / changing data and create an audit-worthy record without slowing performance
3) Harden – secure specific data repositories
AUTOMATE! It will make it easier and more cost efficient to do everything.
10 IBM Security
Easily expand and springboard from compliance to data security
DATAAT
RESTDATA
IN MOTION
HARDEN
MONITOR PROTECT
DISCOVER
11 IBM Security
Where is your sensitive data?
• Find it – in an automated way, so discovery isn’t an all-consuming exercise
• Assess risk – determine how sensitive it is
• Classify it – so you can keep tabs on its risk level and know how to handle it
What do you need to do?
Why? • Sensitive data exists beyond the scope of ‘Compliance’ requirements
• It’s the sensitive stuff that has value – and is a prime target
DISCOVER HARDEN MONITOR PROTECT
Consider: What if you find dormant sensitive data?
12 IBM Security
Automate the process of finding uncatalogued sensitive data sources and identifying and classifying sensitive data
• Crawl network
• Leverage algorithms to identify sensitive data - wherever it’s hiding
• Take (policy-based) action: ̶HAlerts̶HAdd to group of sensitive objects
13 IBM Security
Can your environment help repel a breach?
• Find the gaps – perform vulnerability assessment
• Fix them – apply patches, fix packs, etc., to harden your data perimeter
• Determine entitlement – review entitlements and take control
What do you need to do?
Why? • 60% of breaches are due to unpatched or otherwise vulnerable sensitive data repositories
• 70% of organizations do not have a data security solution that supports entitlement reporting
DISCOVER HARDEN MONITOR PROTECT
14 IBM Security
Know your users Know your repositories
• Who is looking at sensitive data?
• Who is changing/deleting sensitive data?
• Should those users have (full) access?
• Are there dormant user accounts?
• Does data need to be protected from different types of users?
• Where is your sensitive data?
• Do you know where your dormant data is?
• Are all sensitive data repositories secure?
• What needs to happen to secure them?
• Can you protect your data within that repository?
15 IBM Security
Do you know what’s happening to your sensitive data?
DISCOVER HARDEN MONITOR PROTECT
• Watch your data – in real time
• Know where sensitive data lives – everywhere
• Track your progress – to know what’s happening
What do you need to do?
Why? • You can’t protect against it
if you don’t know it’s happening
16 IBM Security
1. Policy-based, real-time monitoring* reveals behavior patterns over time
2. Analytics run and anomaliesare surfaced
3. Anomalies are sent for manual review or triggers action
*Includes actions by privileged users
Walk before you can run: Monitor before you can protect
Apply machine learning and intelligence to uncover behavioral changes and risks
17 IBM Security
Specialized threat detection analytics can spot and stop attack symptoms early
• Scan and analyze data to detect symptoms of data repository attacks
• Look for specific patterns of events and behaviors that indicate trouble
• SQL injections and malicious stored procedures are two of the most common attack vectors
• Do not rely on attack signature dictionary comparisons (they go out of date quickly)
Drill down on any aspect of a threat
18 IBM Security
Can you secure sensitive data against internal and external risk?
DISCOVER HARDEN MONITOR PROTECT
• Protect data at rest – via redaction, encryption, or masking
• Protect data in motion – via alerting, quarantining, dynamic blocking, etc.
What do you need to do?
Why? • Protect your customers, your IP, your business, and your brand
• Avoid creating the wrong kinds of headlines
• Empower employees with the right level of access to the right kinds of data
19 IBM Security
Examples of ways to protect sensitive data
MASKING REDACTION TRANSFORMATION
Structured sensitive data is replaced with realistic but fake data
Unstructured sensitive data is covered over
Unstructured sensitive data is transformed into unreadable without key
• Names
• Geography
• Credit card numbers
• Telephone numbers
• Email addresses
• Social security numbers
• Account numbers
• URLs
• IP addresses
20 IBM Security
• Relational architecture to aggregate datafor real-time analytics
• Cognitive and specialized threat detectionanalytics help fill the security analyst role
• Real-time data protection capabilities, (e.g., encryption, masking, blocking, etc.)
Go for Gold! Put it all together and dramatically reduce risk
• Proactively spot and flag user and data risk
• Find and stop threats early
• Safeguard sensitive data from end-to-end
Comprehensivedata protection
Discover&
classify
Harden the environment
Monitor for compliance
Monitor for security
Why take this step?
Requirements:
21 IBM Security
PROTECTComplete protection for sensitive
data, including compliance automation
ADAPTSeamlessly handle
changes within your IT environment
ANALYZEAutomatically
discover critical data and uncover risk
Guardium supports compliance and also uses intelligence and automation to safeguard data
22 IBM Security
IBM Security Guardium capabilities support the complete journey from compliance to security
ANALYZE. PROTECT. ADAPT
Databases andData Warehouses
File Systems
Applications
Big Data Platforms
Cloud Environments
Discovery, classification,vulnerability assessment, entitlement reporting
Encryption, masking, and redaction
Data and file activity monitoring
Dynamic blocking and masking, alerts, and quarantine
Compliance automation and auditing
ANALYTICS
23 IBM Security
Guardium makes it easier to expand your coverage
24 IBM Security
Guardium supports an intelligent and integrated environment to help stop threats more aggressively
Set up user access
Detect and correct
Integrated Value
Work with vetted privileged user information
Detect unusual activity from privileged users; make corrections
to block/prevent breaches
Monitor database activity
Understand who is behind privileged credentials accessing
sensitive data
Data
Data activity monitoring
Risk detection and threat analytics
Data protection
Identityand
Access
Access management
Identitymanagement
Privileged users management
Security Intelligence
SIEM
Provide visibility into illicit data activity
Data activity events and alerts
Leverage perimeter alerts
Block suspicious insiders
Provide identity context aware security intelligence
Identity attributes and privileged user activity
Assess and reconcile privileged user access
and activity
Credential data and identity context
25 IBM Security
A smart approach to compliance can carry you further, helping you transform this risk landscape
2013800+ Million
records breached
20141+ Billion
records breached
2015Unprecedented
high-value targets breached
26 IBM Security
2013800+ Million
records breached
20141+ Billion
records breached
2015Unprecedented
high-value targets breached
Transforming into something that’s more manageable and secure
TAP INTO THE TALENT YOU NEED TO EFFECTIVELY MANAGE YOUR DATA SECURITY
IBM Managed Data Protection Services for Guardium
28 IBM Security
Your security solution may be able to offer robust data protection, but are you making the most of it?
29 IBM Security
Address the people, process and technology aspects of your data security program and help improve your data security maturity
Managed data protection services for Guardium is an integrated consulting and managed security services solution that can elevate your database security maturity with proven methods and clear transition into steady state, delivered by IBM security operation centers worldwide. We can:
Provide access to certified, specialized IBM resources
and security operation centers around the globe,
24x7 for robust data protection
Help optimize your security program and
avoid the costs of in-house management
Enable security maturity through IBM
X-Force® Threat Intelligence and
security integrations
30 IBM Security
IBM was recognized as a leader in Gartner’s 2015 Magic Quadrant for Managed Security Services, Worldwide
Published on December 28, 2015
IBM positioned among Leaders in the Magic Quadrant report by analysts Kelly Kavanagh and Toby Bussa
Key criteria:– Ability to execute – IBM positioned furthest for
execution– Completeness of vision
Vendors evaluated:– AT&T– BAE Systems – BT – CenturyLink – CSC – Dell SecureWorks – HPE Download the report HERE.
Gartner disclaimer: This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from IBM Security Services. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
– IBM – NTT – Orange Business Services – Symantec – Trustwave – Verizon – Wipro
31 IBM Security
IBM Security Services has a global presence.
monitored countries (managed security services)
service delivery experts
endpoints protected+
events managed per day+
IBM Security Services, by the numbers+
+
Security operations centersSecurity research centersSecurity solution development centers
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
