Smarter cyber security v8

© 2015 IBM Corporation

Smarter Cyber Security

V8; 5 Jan 15

John Palfreyman, IBM


Agenda

2

Systems of Engagement

Cyber Security Implications

Cyber Security Risk Mitigation

Future Perspective


Smarter Planet

3

Instrumented – Interconnected - Intelligent


Cloud

Drivers

Mission speed and agility

New business models – alternatives to escalating CAPEX

Sample Use Cases

Back office functions (HR, CRM, SCM) as a service

Predictive and analytics functions (e.g. for smart procurement) as a service

4


Mobile

Drivers

Inherently mobile operations

Business agility and flexibility

Rate of change of technology

Sample Use Cases

Mobile information capture, with

workflow management

Education where & when needed

Case advice to social workers

5


Big Data / Analytics

Drivers

Masses of sensor data available

Need for intelligence to help

make government / industry

“smarter”

Increasing proportion of

“unreliable” data

Sample Use Cases

Analysis of citizen group

sentiment & need based on their

Social Media usage

Sensor data processing for traffic

& utility prediction

Predictive policing operations

based on historical mission data

analysis & sensor data

6


Social Business

Drivers

Use of Social Channels by

clients / citizens / bad guys

New recruitment approach –

drive to attract “the best!”

Personnel rotation &

retirement

Sample Use Cases

Citizen (/consumer) sentiment

analysis

Terrorism detection,

investigation & prevention

Knowledge capture and

dissemination

Recruitment, rapid onboarding

& retention of key staff7



8

Collaborative

Interaction oriented

User centric

Unpredictable

Dynamic

Social

Business

Mobile

Big Data /

AnalyticsCloud


Case Study – Major European Air Force

Business Challenge

• Support Organisational Transformation

• HQ Task Distribution

• Senior Staff demanding Mobile Access

IBM Solution

• IBM Connections (including Mobile App)

• MS Sharepoint Integration (Doc

Management)

• MaaS 360 based Tablet Security

Benefits

• Improved work efficiency

• Consistent & timely information access

• Secure MODERN tablet

9


Section Summary

10

1. Cloud, Big Data / Analytics, Social Business & Mobile are all relevant

to, and increasingly used by Industry & Government

2. Most value accrues at the points of intersection = Systems of

Engagement

3. Systems of Engagement can underpin organisational transformation,

enhancing intelligence-led business


Agenda

11




Future Perspective


IBM’s Definition . . .

Cyber Security /–n 1. the protection of an

organisation and its assets from electronic attack

to minimise the risk of business disruption.

12


The Millennial Generation . . .

13

Expect:

to embrace technology for

improved productivity and

simplicity in their personal lives

tools that seem

made for and by them

freedom of choice, embracing

change and innovation

Innovate in a new way:

Actively involve a large user population

Work at Internet Scale and Speed

Discover the points of value via iteration

Engage the Millennial generation


Smart Phones (& Tablets) . . .

14

Used in the same way as a personal computer

Ever increasing functionality (app store culture) . . .

. . . and more accessible architectures

Offer “anywhere” banking, social media, e-mail . . .

Include non-PC (!) features Context, MMS, TXT

Emergence of authentication devices


. . . are harder to defend . . .

15

Anti-virus software missing, or

inadequate

Encryption / decryption drains the

battery

Battery life is always a challenge

Most users disable security features

Stolen or “found” devices information

– and very easy to loose

Malware, mobile spyware, account

impersonation

Need to extend password, encryption

policies

Extends set of attack vectors


. . . and now mainstream.

16

Bring-your-own device expected

Securing corporate data

Additional complexities

Purpose-specific endpoints

Device Management


Social Media – Lifestyle Centric Computing

17 www.theconversationprism.com

Different Channels

Web centric

Conversational

Personal

Open

Explosive growth


Social Business – Relevance for (e.g) Defence

18

Driver How social business can help . . .

Coalition operations the

norm

Find and connect with experts other coalition members

Demonstrate clear coalition value to stakeholders

Budgetary pressures Improved efficiencies through use of social media

platform

Develop critical skills by virtual training

Ever more complex

missions

Tap into mission expertise and lessons learnt

Use jams, blogs & wikis to solve problems

Cyber security threat Secure hosted social media platform

Analysis of threat social media activity

Technology driven

change

Promote technology usage through blogs, jams

Information & education on mission value of technology

Unknown asymmetric

threat

Supplement intelligence on threat by monitoring social

media usage

Collaborate cross department on specific threats


Internal Amnesia, External Ignorance – Case Study

19

Client’s Challenges• Silo’d Organisation• Lack of Consistent Methodology• External Ignorance• Internal AmnesiaMonitor bad guys • Early Warning of events / incident• Information to CommanderAlternatives to• Workflow Centric Analysis• Traditional Intelligence SourcesIBM Solution• IBM Connections• Analysis Software• GBS Integration & Configuration


Social Media - Special Security Challenges

Too much information

Online impersonation

Trust / Social

Engineering / PSYOP

Targeting

20

Source: Digital Shadows, Sophos, Facebook


Section Summary

21

1. Social Business and Mobile are underpinning organisational

transformation

2. Millennial Generation expect technologies in the workplace

3. Introduce new vulnerabilities – understand to contain


Agenda

22




Future Perspective


Balance

Technical Mitigation

Better firewalls

Improved anti-virus

Advanced Crypto

23

People Mitigation

Leadership

Education

Culture

Process


Risk Management Approach

24

Monitor threats

Understand (your) systems

Assess Impact & Probability

Design containment mechanisms

Don’t expect perfect defences

Containment & quarantine planning

Learn & improve

Maturity-based approach

Proactive

Au

tom

ate

dM

an

ua

l

Reactive


Securing a Mobile Device

Device Security

• Enrolment & access control

• Security Policy enforcement

• Secure data container

• Remote wipe

Transaction Security

• Allow transactions on individual basis

• Device monitoring & event detection

• Sever based risk engine – allow,

restrict, flag for review

Software & Application

• Endpoint management – software

• Application: secure by design

• Application scanning for vulnerabilities

Access Control

• Enforce access policies

• Approved devices and users

• Context aware authorisation

25


Secure, Social Business

26

Leadership

• More senior, most impact

• Important to leader, important to all

• Setting “tone” for culture

Culture

• Everyone knows importance AND risk

• Full but SAFEusage

• Mentoring

Process

• What’s allowed, what’s not

• Internal & external usage

• Smart, real time black listing

Education

• Online education (benefits, risks)

• Annual recertification

• For all, at all levels


Security Intelligence > Smart Analysis of too much data!

* Truthfulness, accuracy or precision, correctness

Volume Velocity Veracity*Variety

Data at Rest

Terabytes to exabytes of

existing data to process

Data in Motion

Streaming data, milliseconds to

seconds to respond

Data in Many Forms

Structured, unstructured, text,

multimedia

Data in Doubt

Uncertainty due to data inconsistency& incompleteness,

ambiguities, latency, deception, model approximations


Data ingest

Insights

IBM Security QRadar

• Hadoop-based• Enterprise-grade• Any data / volume• Data mining• Ad hoc analytics

• Data collection and enrichment

• Event correlation• Real-time analytics• Offense prioritization

Big Data Platform

Custom AnalyticsAdvanced Threat Detection

Traditional data sources

IBM InfoSphere BigInsights

Non-traditional

Security Intelligence Platform

Integrated Approach


Section Summary

29

1. Containment is possible with correct approach

2. Need for a business / mission based (not technology) viewpoint

3. Holistic, balanced, risk centric approach


Agenda

30




Future Perspective


Systems of Insight

31


Generation 3 Cloud Challenges . . .

32

Static, Perimeter Controls

Cloud 1.0 Cloud 2.0

Cloud 3.0

Static Perimeter controls

Reactive, Defence in Depth

Adaptive, Contextual Security

Attackers exploit platform shifts to launch new attacks on

high value workloads and

data

Challenge 1 Challenge 2 Challenge 3

Fragmented and complex security controls

Sophisticated threats and attackers

Increased attack surface due to agile and composablesystems


Contextual, Adaptive Security

33

Monitorand Distill

Correlate and Predict

Adapt and Pre-empt

Security 3.0

Risk Prediction and Defence Planning

Encompassing event correlation, risk prediction,

business impact assessment and defensive

strategy formulation

Multi-level monitoring &big data analytics

Ranging from Active, in device to passive monitoring

Adaptive and optimized response

Adapt network architecture, access protocols / privileges to maximize attacker

workload


Cyber Security – Fitness for Purpose?

1. Are you ready to respond to a security incident and

quickly remediate?

2. Do you have the visibility and analytics needed to

monitor threats?

3. Do you know where your corporate crown jewels are

and are they adequately protected?

4. Can you manage your endpoints from servers to

mobile devices and control network access?

5. Do you build security in and continuously test all

critical web/mobile applications?

6. Can you automatically manage and limit the

identities and access of your employees, partners

and vendors to your enterprise?

7. Do you have a risk aware culture and management

system that can ensure compliance?

34

Maturity-based approach

Proactive

Au

tom

ate

dM

an

ua

l

Reactive


Section Summary

35

1. Systems of Insight further extend business / mission value

2. Delivered on (secure) “generation 3” Cloud

3. Cyber Security must be designed in, evolving


Summary

36

1. Systems of Engagement (& Insight) help organisations transform,

maintain information advantage

2. Social Business & Mobile drive much value, but new vulnerabilities

need to be understood to be mitigated

3. Cyber security approach needs to be balanced, risk management

based and “designed in”.


Thanks!John Palfreyman

[email protected]