Upload
ibm-sverige
View
328
Download
2
Tags:
Embed Size (px)
Citation preview
© 2015 IBM Corporation
IBM Security
1© 2015 IBM Corporation
IBM IAM Security and TrendsIntelligence, Integration and Expertise
January 29, 2015
© 2015 IBM Corporation
IBM Security
2
Sophisticated attackers break through safeguards every day
SQL
injectionWatering
hole
Physical
access
MalwareThird-party
software
DDoSSpear
phishing
XSS Undisclosed
Attack types
Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
2011
Year of the breach
2012
40% increase
2013
500,000,000+ records breached
61% of organizations say
data theft and cybercrime
are their greatest threats2012 IBM Global Reputational Risk & IT Study
$3.5M+ average cost
of a data breach2014 Cost of Data Breach, Ponemon Institute
© 2015 IBM Corporation
IBM Security
3
New technologies introduce new risks…
83%
of enterprises have difficulty
finding the security skills they need2012 ESG Research
85 security tools from
45 vendorsIBM client example
…and traditional security practices are unsustainable
of security executives have
cloud and mobile concerns2013 IBM CISO Survey
70%Mobile malware growth
in just one year2012-2013 Juniper Mobile Threat Report
614%
© 2015 IBM Corporation
IBM Security
4
Security leaders are more accountable than ever before
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
Loss of market
share and
reputation
Legal exposure
Audit failure
Fines and
criminal charges
Financial loss
Loss of data
confidentiality,
integrity and/or
availability
Violation of
employee privacy
Loss of
customer trust
Loss of brand
reputation
CEO CFO/COO CIO CHRO CMO
Your board and CEO demand a strategy
© 2015 IBM Corporation
IBM Security
7
Enterprise Security is only as strong as its weakest link – Identity
of scam and phishing incidents
are campaigns enticing users
to click on malicious links55%
Criminals are
selling stolen or
fabricated accounts
Social media is fertile
ground for pre-attack
intelligence gathering
Source: IBM X-Force® Research 2013 Trend and Risk Report
Mobile and Cloud breaking down the traditional
perimeter
IAM becomes fist line of defense with Threat and
Context awareness
© 2015 IBM Corporation
IBM Security
9
ApplicationsSYSTEMS
APPLICATIONSWEB
APPLICATIONSWEB 2.0
MOBILEAPPLICATIONS
DATACENTERS PCs LAPTOPS
InfrastructureCLOUDMOBILE NON-TRADITIONALMOBILE
Enterprise Security will need to focus on Identity and Interactions
People
EMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS
CONSULTANTS PARTNES CONSUMERS
Data STRUCTURED UNSTRUCTURED AT REST IN MOTION
…a holistic approach is needed
CONSUMERS
IN MOTION
MOBILEAPPLICATIONS
MOBILE
EMPLOYEES
UNSTRUCTURED
WEB 2.0
CLOUDPCs
OUTSOURCERS
STRUCTURED
SYSTEMSAPPLICATIONS
© 2015 IBM Corporation
IBM Security
10
IBM Security strategy
Delivering intelligence, integration and expertise across a comprehensive framework
Advanced threats
Cloud
Mobile
Compliance
Skills shortage
Key Security TrendsCISO’s Changing Role
The IBM Security Framework
© 2015 IBM Corporation
IBM Security
11
IBM Security has global reach
monitored countries (MSS)
service delivery experts
devices under contract+
endpoints protected+
events managed per day+
IBM Security by the Numbers
+
+
© 2015 IBM Corporation
IBM Security
12
Client Side Attacks
Botnets
Buffer Overflow Attacks
Distributed Denial of Service (DDoS)
SQL Injection
Backdoors
Cross-site Scripting (XSS)
Malicious Content
Protocol Tunneling
Reconnaissance
Trojans
Worms
Exploit Toolkits
Peer-to-Peer Networks
IBM X-Force delivers expert analysis and threat intelligence
Cataloging, analyzing and researching vulnerabilities since 1997
Providing zero-day threat alerts and exploit triage to IBM customers worldwide
Building threat intelligence from collaborative data sharing across thousands of clients
Analyzing malware and fraud activity from 270M+ Trusteer-protected endpoints
X-Force Keeps Customers Ahead of the Threat
IBM Security Operations Centersand Security Products
Sharing real-time andanonymized threat intelligence
© 2015 IBM Corporation
IBM Security
14
1. Identity is a key security control for a multi-perimeter world
• Operational management
• Compliance driven
• Static, Trust-based
• Security risk management
• Business driven
• Dynamic, context-based
Today: Administration
Tomorrow: Assurance
IAM is centralized and internal
Enterprise
IAM
Cloud IAM
BYO-IDs
SaaS
Device-IDs
App IDs
IAM is decentralized and external
Enterprise
IAM
IaaS,
PaaS
© 2015 IBM Corporation
IBM Security
15
3. Evolving business –driven Identity Governance and Analytics
Wave 1: Administration
Cost savings
Automation
User lifecycle
Key on premise
applications and
employees
Wave 3: Analytics
Application usage
Privileged activity
Risk-based control
Baseline normal behavior
Employees, partners, consumers – anywhere
Wave 2: Governance
Role management
Access certification
Extended enterprise
and business partners
On and off-premise
applications
Identity Intelligence – Collect and Analyze Identity Data
Improved visibility into how access being utilized
Risk-based insights for prioritized compliance actions
Clear actionable dashboards for better business decision making
Identity and Governance Evolution
© 2015 IBM Corporation
IBM Security
16
IBM Security
Intelligence
Integration
Expertise
The IBM Security Framework
© 2015 IBM Corporation
IBM Security
17
www.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and
response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,
misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use
or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily
involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT
THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.