breaking down the cyber security framework closing critical it security gaps
DESCRIPTION
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.TRANSCRIPT
© 2012 IBM Corporation11© 2013 IBM Corporation
IBM & Deloitte Joint Webinar Breaking Down the Cyber Security Framework: Closing Critical IT Security Gaps
Oct 22, 2013
© 2013 IBM Corporation
IBM Security Systems
2 2
Speakers: IBM & Deloitte Joint Webinar
Harry D. Raduege, Jr., Lt. General (USAF, Ret) Chairman, Deloitte Center for Cyber Innovation
Topic of discussion: Breaking down the Cyber SecurityFramework
Tom Turner , VP, Marketing & Business Development, IBM Security Division
Topic of discussion: Closing Critical IT Security Gaps
Breaking Down the Cyber Security Framework
Copyright © 2013 Deloitte Development LLC. All rights reserved.4
Cyber – A phenomenon that changed the world
Cyberpower
Cyber-Alert
Cyber Insurance
Cyber Attack
Cyber Communication
CyberattackCyber WarCyber Bullying
Cyber-Commerce
Cyberspace
CybersecurityCyber-ethics Cyber crime
Cyber FININT
Cyber Espionage
Cyber Law
Copyright © 2013 Deloitte Development LLC. All rights reserved.5
The world of cybersecurity
Threats
• Identity theft• Information manipulation
(e.g. Malware)• Cyber Assaults/Bullying• Advanced Persistent
Threats (APTs)• Information theft• Crime
(e.g., Credit card fraud)• Insider• Espionage• Cyber attack• Transnational• Attack of software
“boomerangs”• Terrorism
Targets
• Government (Federal, State, and Local); e.g.,
– E-Government– E-Commerce• Industry; e.g., – Aerospace & Defense– Banking & finance– Health care– Insurance– Manufacturing– Oil & Gas– Power Grid– Retail– Telecommunications– Utilities• Universities/Colleges• Individuals
Counters
• Cyber workforce• Advanced network and
resilience controls• Outbound traffic monitoring• Dynamic situational
awareness• Open source Information• Risk intelligence &
management− Forensic analysis− Data analytics
• Financial intelligence (FININT)
• Tighter laws & enforcement • Expanded diplomacy• Legislation?
You should assume that your information network has been or will be compromised.
Copyright © 2013 Deloitte Development LLC. All rights reserved.6
Cybersecurity – Key points and impacts of the U.S. President’s Executive Order (February 2013)
• Mandates strong privacy and civil liberties protections
• Directs regular assessments of agency activities
• Identifies critical infrastructure at greatest risk
• Changes the definition of critical infrastructure
• Requires development of a Cybersecurity Framework
• Develops voluntary critical infrastructure cybersecurity program and adoption incentives
• Identifies regulatory gaps
• Opens up information-sharing program to other sectors
• Requires Federal government information-sharing programs with private sector
Privacy
Cybersecurity Standards
Critical Infrastructure
Review
Information Sharing
Copyright © 2013 Deloitte Development LLC. All rights reserved.7
85% of critical infrastructure is in private sector hands1
Trends exposing industry to increased risk
• Interconnectedness of sectors
• Proliferation of exposure points
• Concentration of assets
Currently, there are 16 U.S. industry sectors defined as critical infrastructure
Critical infrastructure sectors
Agriculture and Food Dams Information Technology
Banking and Financial Services
Defense Industrial Base
Nuclear Reactors, Materials and Waste
Chemical Emergency ServicesTransportation Systems
Commercial Facilities EnergyWater and Wastewater Systems
Communications Government Facilities Critical Manufacturing
Healthcare and Public Health
1 GAO Report, Critical Infrastructure Protection: Sector Plans and Sector Councils Continue to Evolve. July 2007, http://www.gao.gov/assets/100/95010.pdf
Helping the CISO respond to Cyber Security: Closing Critical IT SecurityGaps
© 2013 IBM Corporation
IBM Security Systems
9 9
Evolving CISO Landscape
© 2013 IBM Corporation
IBM Security Systems
10 10
CISO Challenge: Competing priorities
83% of
enterprises have difficulty filling security roles
increase in Web application vulnerabilities from 2011 to 2012
14%
Increase in compliance mandates
Common Vulnerabilitiesand Exposures
© 2013 IBM Corporation
IBM Security Systems
11 11
CISO Challenge: Inadequate tools
85 tools from
Only 1 out of 45malware samples detected
45 vendors
© 2013 IBM Corporation
IBM Security Systems
12 12
CISO Challenge: Business pressures
of CISOs are concerned about Cloud and mobile security
of organizations are using at least one cloud platform
70%
75%+
© 2013 IBM Corporation
IBM Security Systems
13 13
stolen from bank accounts in Operation High Roller
of C-level execs say that negligent insiders are their biggest concern
increasein critical
web browser vulnerabilities
59%
43%
INTERNAL EXTERNAL PAYOFFS
$78M
CISO Challenge: Evolving Threats
© 2013 IBM Corporation
IBM Security Systems
14 14
Don’t know21%
• Not collecting right security data
• Don’t have context
• Don’t have baseline for normal
• Lack vulnerability awareness
Why is this happening?
Q: Have you had an attack that was difficult to detect?
Yes45%
+
66% Don’t have visibility needed to stop advanced attacks
A:
© 2013 IBM Corporation
IBM Security Systems
15 15
Advantage: Attacker
© 2013 IBM Corporation
IBM Security Systems
16 16
CISO: Your move
© 2013 IBM Corporation
IBM Security Systems
17 17
InnovationIntelligenceFocus
© 2013 IBM Corporation
IBM Security Systems
18 18
Focus
USERS
ASSETSTRANSACTIONS
© 2013 IBM Corporation
IBM Security Systems
19 19
USERS
60,000 employeesProvisioning took up to 2 weeksNo monitoring of privileged users
Focus on users,not devices
Implement identity intelligence
Pay special attentionto trusted insiders
Privileged Identity Management
Monitoring and same-day
de-provisioningfor 100+ privileged users
© 2013 IBM Corporation
IBM Security Systems
20 20
ASSETS
critical databases
$21MSaved
2,000Secured
in compliance costs
Database Access and Monitoring
Thousands of databases containingHR, ERP, credit card, and other PIIin a world where 98%of breaches hit databases
Discover critical business data
Harden and secure repositories
Monitor and prevent unauthorized access
© 2013 IBM Corporation
IBM Security Systems
21 21
30 Million customers in an industry where$3.4B industry losses from online fraud85% of breaches go undetected
TRANSACTIONS
Identify most critical transactions
Monitor sessions, users, and devices
Look for anomalies and attacks
Advanced Fraud Protection
Zero instances of fraudon over 1 million customer endpoints
occurred
© 2013 IBM Corporation
IBM Security Systems
22 22
Intelligence
ANALYTICS
VISIBILITYINTEGRATION
© 2013 IBM Corporation
IBM Security Systems
23 23
Context, clustering, baselining,machine learning, and heuristics
Identify entire classes of Mutated threats
by analyzing 250+ protocols and file types ANALYTICS
Patternmatching
Don’t rely on signature detection
Use baselines and reputation
Fully inspect content and communications
© 2013 IBM Corporation
IBM Security Systems
24 24
Reduce 2 Million logs and events per day
to 25 high priority offenses
Get full coverage,No more blind spots
Reduce and prioritize alerts
Produce detailed activity reports
VISIBILITY
© 2013 IBM Corporation
IBM Security Systems
25 25
IntegratedPlatforms
Eliminate silos and point solutions
Build upon a common platform
Share informationbetween controls
Monitor threats across 8 Million subscribers
with an integrated PlatformINTEGRATION
SiloedPoint Products
© 2013 IBM Corporation
IBM Security Systems
26 26
Intelligence
Integration
Expertise
IBM Security Framework
Professional, Managed,and Cloud Services
© 2013 IBM Corporation
IBM Security Systems
27 27
CISO: Checkmate!
Smart apart. Smarter together.Copyright© 2013+
Thank you.For more information, you can contact:Paul Avallone – [email protected] Kenney – [email protected]
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
Copyright © 2011 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited
This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation.