IBM Security Services
TIE Event
Innovation in Securing the Enterprise
GTS Security Services
Carmina Lees – Security Director
Greg Davis – Associate Partner
1 2014 IBM Corporation
©
© 2013 IBM Corporation
IBM Security Services
Security challenges clients are facing
Organisations of all sizes are facing
a security storm.
“How do I grow my business while
protecting my data, assets and
reputation from the impact of
security attacks while allowing me
to safely innovate and modernise
through cloud, mobility and other
technology innovations”.
Cloud and
virtualization
1 billion mobile
workers
Bring your
own IT
Social business
models
IBM Smarter Security
Protecting the worlds most
sensitive data for over 100
years
Trusted by the worlds
largest companies and
governments
Targeted Threat
© 2014 IBM Corporation
IBM Security Services
Clients demand an End-to-End Security capability
We help our clients
Intelligence
Recover rapidly
following a
security incident
Design, build, run
secure solutions to
protect their
Mobile / BYOD
business
Integration
Prepare their
business to be
more secure
Make better
decisions using
security intelligence
Expertise
© 2014 IBM Corporation
IBM Security Services
PPC3
The mission
of X-Force
is to: is to…
The
mission
of X-Force
the
rapidly
changing
Monitor
Monitorand
and evaluate
evaluate the
rapidly
changing
threatlandscape
landscape
threat
attacktechniques
techniques
develop
protection
Research
Researchnew
new attack
and and
develop
protection
fortomorrow’s
tomorrow’s
security
challenges
for
security
challenges
customers
general
Educate
Educateour
our customers
andand
the the
general
publicpublic
distribute
Threat
Intelligence
throughtoIBM
and
Integrate
Integrateand
and distribute
Threat
Protection
and Intelligence
makeSolutions
IBM solutions
directly to our customers
smarter
© 2014 IBM Corporation
Slide 4
PPC3
This slide may be adjusted to incorporate information about the Trusteer malware research team.
Pamela Cobb, 17/03/2014
IBM Security Services
We are in an era of continuous breaches
Attackers are relentless, victims are targeted, and the damage toll is rising
Near Daily Leaks
of Sensitive Data
Relentless Use
of Multiple Methods
40% increase
500,000,000+ records
in reported data
breaches and incidents
were leaked, while the future
shows no sign of change
2012
2013
2011
Attack types
SQL
injection
Spear
phishing
DDoS
Third-party
software
Physical
access
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
IBM internal and Business Partner use only – Please do not share with customers until May 5, 2014
Malware
XSS
Watering
hole
Undisclosed
Note: Size of circle estimates relative impact of incident in terms of cost to business.
© 2014 IBM Corporation
IBM Security Services
Computer services, government and financial
markets were the most attacked industries as
attackers focused on
central strategic targets.
© 2014 IBM Corporation
IBM Security Services
Aside from hard dollar value losses in
fines and capital, breached companies
will also suffer from a
loss of intellectual
property and
customer trust.
© 2014 IBM Corporation
IBM Security Services
More than
half a billion records
of personally identifiable information (PII) were leaked in 2013.
© 2014 IBM Corporation
IBM Security Services
The top intended
consequence for
exploits was
gaining
additional or
unauthorized
access.
© 2014 IBM Corporation
IBM Security Services
Cyber security attacks on major corporations are making daily
headlines, company reputations are at stake.
Sony reported that the hack of its
PlayStation network and the
consequent loss of its network
availability will cost the business
$171 million.
White House been bombed and US
President Barack Obama injured. The
Dow Jones Industrial Average
plummeted .
Elderwood Group
launches Operation
Aurora
www.alixpartners.com
Syrian Electronic
Army hack Twitter to
post CEO – Steve
Balmer’s contact
details
Morrison, Britain's No. 4 grocer,
suffered a major theft of data
from its staff payroll system,
including bank account details.
Barclays is speaking
with regulators,
customers and British
authorities about a
possible criminal leak
of client account
information.
Both newspapers reported in January
2013 that hackers from China were
able to infiltrate the company’s
computer systems, with the aim of
gaining access to information from the
reporters covering China and other
issues.
10
© 2014 IBM Corporation
Innovation in securing
the Enterprise
11 © 2014 IBM Corporation
IBM Security Services
IBM’s 10 Essential Practices represent a practical way to approach
security across the enterprise
Program Lifecycle
1. Build a risk aware
culture and management
system
6. Control network access
and assure resilience
im
pt
O
2. Manage security
incidents with greater
intelligence
ed
is
t
etn
ciein
ffiic
roo
PPr
3. Defend the mobile and
social workplace
c
si
Ba
4. Security-rich services,
by design
5. Automate security
“hygiene”
12
In Sec
te u
lli rit
ge y
nc
e
7. Address new
complexities of cloud and
virtualization
8. Manage third-party
security compliance
9. Secure data and
protect privacy
10. Manage the identity
lifecycle
© 2014 IBM Corporation
IBM Security Services
Security Operations 2.0
Technology
Charter
Technology or service
only
Strategy
Budget based,
12 month planning cycle
Optimised Model
Build a dedicated security
operations capability
Cross-functional
Governance Self governed (IT Security)
(IT, Business, Audit, etc)
Operations
Management
Ad Hoc
Detect &
react to
threats.
Mission & Strategy
Legacy Model
3+ year cycle, priorities
set by enterprise
Tools
SIEM tool only
Use Cases
Standard rules
Minimal customisation
SIEM, ticketing, portal/
dashboard, Big Data
Tailored rules based on
risk & compliance drivers
Referential
Data
Minimal importance,
Secondary priority
Required data, used to
prioritise work
Measures
Silos, ticket/technology
driven
Reporting
Proactive.
Visible.
Anticipate
threats.
Mitigate
risks.
Cross-functional, efficiency,
quality, KPI/SLO/SLA
Metrics, analytics,
Ticket/technology driven
scorecards, & dashboards
© 2014 IBM Corporation
IBM Security Services
IBM Security Operations Operating Model
Cyber-Security
Cyber-Security Command
Command Center
Center (CSCC)
(CSCC)
SOC
SOC Service
Service Delivery
Delivery Management
Management
SOC
Operations
Emergency
Emergency
Response
Response Team
Team
Security
Security Intelligence
Intelligence
Admin
Admin
Support
Support
Services
Services
Threat
Threat
Monitoring
Monitoring
Threat
Threat
Triage
Triage
Threat
Threat
Response
Response
CSIRT
CSIRT
Management
Management
IT
IT
Operations
Operations
SOC
SOC Platform
Platform Components
Components
SOC
Platform
SIEM Tool
Ticket Tool
(e.g.
Remedy)
Portal
Integration Tools
(e.g. Web Srvcs)
Reporting /
Dashboard
Big Data
(e.g. Hadoop)
Legend
SOC/SIEM
Data
Sources
Structured
Structured (Transactional),
(Transactional), Unstructured
Unstructured (Big
(Big Data),
Data),
Reference
Data
Sources
Reference Data Sources
IT
© 2014 IBM Corporation
IBM Security Services
Our differentiators..
World Class
Expertise
Broadest
Solutions
Unique
Intelligence
Research &
Development at
Scale
+6000 Security Experts
Clients in 133 countries
Trusted by 3,700 Managed Clients
35 Security Labs globally
11 Integrated SOC’s
Fully Integrated Security Solutions
20,000 Security Devices under contract
Monitor 15 Billion Events / Day
14 Billion Web Pages monitored
20 Billion entries in IP reputation DB
$6.3 Billion in 2013
+1000 Security Patents
+$3 Billion security acquisitions
We understand our
clients security issues
and know what to do
We have integrated
solution to fix the
security problems
We are the best
informed to track and
mitigate the threats
We continue to
invest at scale to be
the best
We help our clients business grow by securing them in a digital age. Our world
class skilled people, integrated solutions and applied intelligence allows clients to
prioritise investments and move their business security decisions from not knowing
to monitoring to advanced understanding.
15
© 2014 IBM Corporation
IBM Security Services
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
16 States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
© 2014 IBM Corporation