cybersecurity e i nuovi approcci per mitigare i rischi contenendo i … · 2017-01-23 · routing...
TRANSCRIPT
© 2015 IBM Corporation
October 13, 2015 Enterprise Resilience & Crisis Management Workshop
Desiree Riboldi – IT ConsultantBusiness Development Manager ItaliaIBM SecurityeMail: [email protected] mobile: +39 335 7446066
CyberSecurity e i nuovi approcci per mitigare i rischi contenendo i costi
2© 2015 IBM Corporation
What’s at risk?
Information Confidentiality, Integrity, and Availability
Corporate Reputation and Brand Image
Theft of business and customer data, product design IP, sales
& pricing strategies, cash, etc.
Safety—injury or loss of life
Supply chain information integrity or disruptions
3© 2015 IBM Corporation
Service disruption due to security incidents or breaches poses the greatest risk to reputation and brand value
Source: Forbes Insights in association with IBM “The reputational impact of IT Risk” (2014)
The overall Business costs related to disruptions are higher than IT costs (75% vs 25%)
The estimation of the costs in terms of business impact is crucial to building a business case
for the value of IT investments and to define the proper improvement initiatives
4© 2015 IBM Corporation
Security and Resilience affect nearly every part of an organization in the «always-on» world
The Internet was built in a way that favoured
resiliency over security (1)
(1) Source:Global Risk 2014, Ninth Edition World Economic Forum(2) Source: Forbes Insights in association with IBM “The reputational impact of IT Risk” (2014)
An attacker needs to find only one weak point in a
system’s defenses, while a system’s protectors need
to defend all vulnerable points forever (2)
5© 2015 IBM Corporation
The consequences of data breach can be positively impacted by Business Continuity Management
MTTI and MTTC for organizations that involve or fail to involve BCM in the
incident response process
Percentage difference for MTTI = 27%; percentage difference for MTTC = 41%
Consolidated view (FY 2015 = 350, FY 2014 = 315)
Source: Ponemon Institute “2015 Cost of Data breach Study: impact of Business Continuity Management” – Sponsored By IBM, June 2015 – To download the report click: here
Security & Business Continuity:
Making risk-managed decisions align with business, balancing and optimizing security efforts.
When? Continuously !
Impact of 11 factors on the per capita cost of data breach
Measured in US$ consolidated view (n = 350)
6© 2015 IBM Corporation
Ransomware has evolved to reach a broader range of attackers through service kits to provide “infection as a service”
1989 2015
2015
Tox “ransom-
ware as a
service” kit
released in the
wild
1989
1st known
ransomware
"PC
Cyborg“
created
2010
WinLock ransomware, a
non-encrypted variant,
demands premium-rate
SMS messages to unlock
target machines
2013
CryptoLock,
ZeroLocker and
CryptoWall require
ransom be paid in
anonymous crypto-
currencies
2014
Ransomweb attacks
target web applications
through vulnerable
web servers
Source: IBM X-Force Threat Intelligence Report 3Q 2015 . To download the report click : link
7© 2015 IBM Corporation
Preparedness is the key to protect against ransomware, and routine data backups are imperative
Ensure you have at least one copy of your data that is not directly mapped visibly as a drive on your computer.
Technologies thatprevent “phone home” operations can help stop earlier iterations of certain ransomware.
Do not assume that if you are infected with encryption-based ransomware you can simply pay the ransom and reliably get your data back.
• Technical defenses are not
sufficient
• They must be managed in
conjunction with people, processes
and organization Source: IBM X-Force Threat Intelligence Report 3Q 2015 . To download the report click : link
8© 2015 IBM Corporation
The Dark Web is comprised of nefarious individuals and organizations participating in host-to-host anonymous encrypted communications
Tor was originally designed, implemented and deployed in 2004 as a third-generation onion
routing project of the US Naval Research Laboratory to protect government communications.
Because it allows private, encrypted communication, it’s now used for nefarious purposes.
Encrypted link
Unencrypted link
Tor node
Requestor
Exit
Node
Relay
Node
Relay Node
Guard
Node
Destination
Server
Source: IBM X-Force Threat Intelligence Report 3Q 2015 . To download the report click : link
9© 2015 IBM Corporation
The Dark Web and Tor can disguise the geographic location of the requestor, allowing anonymity for nefarious actors
Common attacks from Tor:
• SQL injection (SQLi): SQLi makes
up by far the majority of the attacks
that originate with Tor exit nodes to
target IBM MSS customers
• Vulnerability scanning:
Vulnerability scanning often
represents the early stages of an
attack, as the adversary gets the lay
of the land cloak their origin and
spread their probes out across exit
nodes, reducing the risk of drawing
attention.
• Distributed denial of service
(DDoS): DDoS attacks combine Tor-
commanded botnets with a sheaf of
Tor exit nodes. Source: IBM X-Force Threat Intelligence Report 3Q 2015 . To download the report click : link
10© 2015 IBM Corporation
Corporate networks hosting Tor nodes open themselves to a host of issues
Running a Tor relay is a donation of bandwidth.
The owner of an exit node can become legally liable for the content issuing from that node even if he content belongs to someone else and is hosted somewhere else.
The administrator could be an unwilling facilitator of an attack on other networks or within his or her own networks.
11© 2015 IBM Corporation
Effective security programs encompass a strategic view of people, process and technology
Define Security Principles & Vision necessary to
achieve objectives
Define process model for continuously managing
security risk
Establish an organizational and operational
model to execute the process and aid in decision
support
Implement an integrated set of security
capabilities to inform, rapidly detect and enable
rapid response
1
2
3
4
12© 2015 IBM Corporation
Level 1Heightened
Awareness
Level 2Possible
Malicious
Activity
Level 3Confirmed
Malicious
Activity
Level 4Active
Defensive
Response
Level 0Business As Usual
• Reported breach within
industry
• Regional disruption (political,
…)
• Aggressive chatter in Darknet
• Threats of an impending
attack
• Suspicious activity detected
• Zero-day released
• Attack detected and
underway
• Discovery of previous breach
• “Shots Fired” on substation
• Law Enforcement informing
you of a breach
• Attack occurring and
defenses breached
• Imminent threat of a
sophisticated attack
becomes known via threat
intelligence
Severity of Threat
Level 1 Playbook
• Physical access restricted
• Monitoring increased
• User-awareness bulletins
Level 2 Playbook
• IPS/IDS Thresholds
Adjusted
• Initiate and secure backups
• SOC extended hours
Level 3 Playbook
• Physical access restricted
• SOC 2x staffing; 24x7
• More roaming security guards
Level 4 Playbook
• Admin remote access only
• Mobile devices denied
• Enterprise password change
A more elastic and agile defense capability is required
13© 2015 IBM Corporation
Security Operations Center is becoming responsible for enterprise security monitoring, coordinates threat defense, detection and response for all security domains
Analytics/Dashboards
Overall Security Posture
EP Dashboard
Crown Jewel Dashboard
LOB Dashboard
Cost of Service Quality
SOC Operational Reports
Accountability for Performance
Feedback for Improvement
Operational Outputs
Closed Security Incidents
Closed SI Research Req.
Closed CSIRT Tickets
Use Case/Rule Updates
Threat Defense,
Detection, Mitigation,
Remediation
Enterprise Security Data
Enterprise Risk Data
Crown Jewel Data
Fraud / Investigations
Enterprise Risk Data
LOB Risk Assessments
Physical Security
Enterprise Security/Risk Monitoring
IBM Security Operation Hybrid Model
Conduct Enterprise Security Monitoring
Operationalize Security Intelligence
Coordinate Enterprise threat defense
Centralize threat detection
Prioritize security incidents
Manage threat response (mitigate/remediate)
Produce dashboards on business impact/ value
Security Intelligence
X-Force Threat Analysis
IBM Advanced Cyber Intell
(CrowdStrike)
ISAC, Gov, InfoSec
14© 2015 IBM Corporation
Around-the-clock management, monitoring and protectionProtect networks, servers and endpoints from the Internet’s most critical threats
IBM Managed Security Services
Firewall Management
Unified Threat Management
Intrusion Detection and Prevention System Management
Managed Protection Services
Secure Web Gateway Management
Malware Defense Management
• Better secure informationassets from Internet attacks
• Reduce security investment and management costs
• Better manage compliance
• Improve system uptime and performance
• Simplify management of multiple security device types
Managed Web Defense (DDoSProtection)
15© 2015 IBM Corporation
Immediate access to incident response and forensics expertsProactively prepare for, and instantly respond to, cyber attacks
IBM helps clients combat a significant intrusion, sophisticated attack,
or other security incident for faster recovery and forensic analysis
24x7 Worldwide, around-the-clock coverage can enable faster recovery
and reduce business impact from incidents
Periodic
Reviews
Proactive
Preparation
Incident
Planning
Post-
Incident
Analysis
Containment,
Eradication
and Recovery
Incident
Triage
IBM Emergency Response Services
16© 2015 IBM Corporation
IBM Security QRadar and Managed Security Services
Help develop SOC that can monitor cyber
threats and manage incidents
Maturity analysis of the existing security
operations
Strategy and planning services that
create a SOC model, optimizing existing
staff skills and technologies
Design and build services that size the
SOC to the organization’s risk management
requirements and budget
Implementation of IBM QRadar® or other
security information and event
management (SIEM) technologies that
can provide leading security intelligence
capabilities
Leverages IBM’s depth of experience in
building and managing its own global SOCs
OPTIMIZE YOUR SECURITY OPERATIONS:
• protect mission-critical data and assets
• prepare for and respond to cyber emergencies
• help provide continuity and efficient recovery
• fortify the business infrastructure
monitored countries
(MSS)
service delivery
experts
endpoints protected+
events managed
per day+
IBM Security by the Numbers
+
+
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml
Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity.
IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
Legal notices and disclaimers