Download - Rochester Security Event
2013 Information Security Risks Year-End Review Caleb Barlow Director – IBM Application, Data, Mobile, Critical Infrastructure Security
www.facebook.com/barlow.caleb
www.youtube.com/calebbarlow
© 2013 IBM Corporation 2
© 2013 IBM Corporation
Threat landscape is growing fast
3
361 million people using the Internet
5.8%
of the world’s population
In 2000 In 2012
2.67 billion people using the Internet
33%
of the world’s population
© 2013 IBM Corporation
…. and becoming Mobile
4
In 2000 In 2012
6 billion mobile subscribers worldwide
87% of the world’s population
720 million mobile subscribers worldwide
12%
of the world’s population
© 2013 IBM Corporation
Innovative technology changes everything
Bring your own IT
Social business Cloud and virtualization
1 billion mobile workers
1 trillion connected objects
5
© 2013 IBM Corporation
QR Codes
§ QR Code can contain a URL to download malware
§ The malware can then send SMS messages to a premium rate number (US $6 per message)
• Samsung Galaxy S3 can be reset from a QR Code wiping all data
• Google Glass vulnerability identified by Lookout Security
6
http://www.zdnet.com/samsung-galaxy-s3-vulnerable-to-remote-malicious-reset-7000004771/ http://siliconangle.com/blog/2011/10/21/infected-qr-malware-surfaces-on-smartphones-apps/ http://www.forbes.com/sites/andygreenberg/2013/07/17/google-glass-hacked-with-qr-code-photobombs/
© 2013 IBM Corporation
How do Mobile Applications treat you?
7
© 2013 IBM Corporation 8
© 2013 IBM Corporation
Motivation and sophistication is evolving rapidly M
O T
I V
A T
I O
N
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
Hacktivists Lulzsec, Anonymous
Monetary Gain
Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack
Nuisance, Curiosity
Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red
Nation-state actors, APTs Stuxnet, Aurora, APT-1
9
© 2013 IBM Corporation 10
Crawler • Over 1000 CPUs scanning the Internet 24x7 Darknet and Honeypots • Capturing information from virgin IP addresses SpamTrap • Obtains Spam IPs and samples Managed Services • 15B security events a day across 133 countries
and over 20,000 devices under contract
X-Force Trend and Risk Report
© 2013 IBM Corporation 11 Source: IBM X-Force® Research 2013 Trend and Risk Report
© 2013 IBM Corporation 12 Source: IBM X-Force® Research 2013 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
© 2013 IBM Corporation
Security Incidents in the first half of
© 2013 IBM Corporation
Low risk / high reward § Old CMS installations
§ CMS Plugins
§ Forum software
§ Other popular 3rd party
scripts
of tracked disclosed breaches
still reliable for breaching databases
© 2013 IBM Corporation
continue to disrupt businesses
Industries affected: § Banks
§ Governments
§ DNS Providers
High traffic volume as much as
© 2013 IBM Corporation
attacks compromise end user trust
Targeting Savvy Users § Tech company developers
§ Government Employees
§ Unsuspecting viewers of
trusted sites
Tainting legitimate sites with zero-day exploits
© 2013 IBM Corporation
foreign branch or local language sites tarnish brands
Global brands targeted in foreign countries outside of home office
Attackers rely on § Lower security on local
language sites
§ Temporary micro-sites which gather user data
§ Tarnish brands with path of least resistance
© 2013 IBM Corporation
countries most impacted by security incidents
The United States most reported breach target location
Taiwan was targeted in several foreign branch security incidents
© 2013 IBM Corporation
has become a new playground for attackers
Social Media top target for attacks and mobile devices are expanding those targets - Pre-attack intelligence gathering
- Criminals selling accounts
- Campaigns enticing user to click on malicious links
© 2013 IBM Corporation 20
© 2013 IBM Corporation
Time
Prod
ucts
21
© 2013 IBM Corporation
Time
Prod
ucts
Complexity
Cost
Agility
Effectiveness
22
© 2013 IBM Corporation
Your security team sees noise
23
© 2013 IBM Corporation
Security challenges are a complex, four-dimensional puzzle
…that requires a new approach
Applications Web
Applications Systems
Applications Web 2.0 Mobile Applications
Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motion Unstructured Structured
People Attackers Suppliers
Consultants Partners
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0 Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
© 2013 IBM Corporation
…that requires a new approach
Collect and Analyze Everything
Data Basic- control
Applications Bolt-on
Infrastructure Thicker walls
Insight
Now
People Administration
Then
Smarter defenses
Built-in
Laser- focused
25
© 2013 IBM Corporation
A change in mindset is already happening
26
© 2013 IBM Corporation
Monitor Everything 27
© 2013 IBM Corporation
Consume Threat Intelligence 28
© 2013 IBM Corporation
Integrate Across Domains 29
© 2013 IBM Corporation
Security Intelligence 30
© 2013 IBM Corporation
Intelligence
Integration
Expertise
IBM Security Framework
© 2013 IBM Corporation
A comprehensive portfolio of products and services across all domains
32
© 2013 IBM Corporation 33
With Fiberlink, only IBM will provide the full spectrum of mobile management and security needs
Business Span of Control
High Corporate Owned
Assets Employees w/BYOD Task/Temp Workers Business Partners Consumer Transactions
Mobile Device Management
Containers – App Wrapping and SDKs
Secure Transactions
Low
IBM / Fiberlink Offerings:
Planned Integration Points: • SDKs will be packaged in Worklight IDE so all apps can be secured (IBM Worklight) • Security information and events will feed into QRadar for analysis and actions will return to mobile tools
(IBM QRadar) • Code scans will be integrated into the process before apps are deployed into app store/catalog (IBM AppScan)
Solution Approaches:
Requirements for Mobile Management and Security:
IBM Security Access Manager for Mobile
Secure the Device Enroll w Configurew Monitor
Provision w Wipe w Fingerprint
Secure the Application iOS / Android Static Scanning
Worklight Mobile IDE Experience Management Tamper Proofing *partner
Trusted Transactions Mobile Access Mgmt Identity Federation
Application Level VPN Secure API Connectivity
Malware & Fraud Detection Device & Location Risk
Account Takeover Jailbreak w Device Rooted
Enterprise Applications
Enterprise Container
Personal
Cloud Services
Security Intelligence SIEM
Threat Research
Mobile Security Framework
© 2013 IBM Corporation
§ Founded in 1991, Fiberlink has built expertise in delivering mobile management and security services
as a service
§ Headquartered in Blue Bell, PA
Who is Fiberlink?
35
§ Provides Mobile Device Management, Mobile Application Management, Enterprise Container with SDK and App-Wrapping, Secure Document Sharing and Mobile Expense Management as a Service helping enterprises connect, control and secure mobile devices to gain competitive advantage, increase employee productivity, and implement proper security measures
§ Industry leading and award winning
§ Cloud-based mobility management platform
§ Seamless integration with existing enterprise systems
§ Broad range of mobile OS support
§ Robust policies for Bring Your Own Device (BYOD) security and privacy
§ 3500+ clients
§ Marquee financial, healthcare, public sector, education, and retail customers
§ Delivering value to enterprises of all sizes: small to large
© 2013 IBM Corporation
Industry analysts rank IBM Security as leading the market Domain Market Segment / Report
Security Analyst Report Rankings Gartner Magic
Quadrant Forrester
Wave IDC Market
Share
Security Intelligence Security Information and Event Management (SIEM) Leader 2013
Leader 2011
People
Identity and Access Governance Challenger 2013
Leader 2013
Identity and Access Management Suites Strong Performer 2013
User Provisioning and Administration Leader 2013
Role Management and Access Recertification Contender 2011
Web Access Management (WAM) Leader 2013 MarketScope
Data Database Auditing and Real-Time Protection Leader
2011
Data Masking Leader 2013
Applications Application Security Testing (dynamic and static) Leader 2013
Leader 2013
Infrastructure Network Intrusion Prevention Systems (NIPS) Challenger
2012
EndPoint Protection Platforms (EPP) Visionary 2013
Strong Performer 2013
Services Managed Security Services (MSS) Leader
2012 Leader
2012
Information Security Consulting Services Leader 2013
No report available Note: Rankings compiled from latest available analyst reports as of September, 2013
36
© 2013 IBM Corporation
Chief Information Security Officers: 2013 IBM CISO Study
37
“Strategic vision… Global consistency… Lots of communication… speak business value, understand risk… minimize the impact… be on the bleeding edge…”
IBM Confidential
Formalize your role as a CISO
Establish a security strategy
Focus on overall risk
Develop effective business relations - build trust, share information, meet with the C-suite and board
Invest in advanced technology when it meets a business need
Fortify your mobile security
Track risk to brand reputation and customer satisfaction
Integrate metrics
© 2013 IBM Corporation
Trusteer Advanced Fraud and Malware Protection Helping to protect against financial fraud and advanced security threats Among the capabilities Trusteer brings to IBMs security portfolio:
Web Fraud Protection Leading web fraud capabilities for financial services and web commerce
Secure Mobile Transactions Embedded security for mobile devices and applications helps enables secure transactions from devices to the back office
Extended Advanced Threat Protection Unique endpoint solution for identifying and protecting against Advanced Persistent Threats
Security-as-a-Service Cloud based deployment enabling rapid and real-time updates
38
© Trusteer 2013
About Trusteer
39
Global
Hundreds of Customers
100,000,000 Endpoints
Solu;ons
Financial Fraud Preven;on
Advanced Threat Protec;on
Leader
Intelligence
Technology
Exper;se
Leading Global Organiza;ons Put Their TRUST In Us
7/10 Top US Banks
9/10 Top UK Banks
4/5 Top Canadian Banks
Major European Banks
© Trusteer 2013
• Humans will always make mistakes
• System and application vulnerabilities continue to emerge
• Malware detection will always lag
Malware and Phishing Common threat to online channels & internal systems
Three Losing Battles
1JPMorgan: 2012 Online Fraud Report , 2Gartner: 2290415, 3Ponemon Institute: 2012 Cost of Cybercrime Report: US
Widespread Fraud • $3.4B est lost to online fraud in 20121
Advanced Threats and Breaches • 85% of breaches go undetected2 • $8.9M average cost of cyber-‐aDacks3
Two Major Impacts
Fraud Scheme Execu;on
Money Loss
Data Exfiltra;on Enterprise
Breach
Vulnerability Exploit
Social Engineering (Phishing)
Malware Infec;on
© Trusteer 2013
The Specific Problems Trusteer Solves
WWW
Phishing and Malware Fraud
Advanced Threats (Employees)
Online Banking
Wire, ACH, Internal Apps
Account Takeover, New Account Fraud
Mobile Fraud Risk
© Trusteer 2013
Trusteer Solu;ons
WWW
Phishing and Malware Fraud
Advanced Threats (Employees)
Online Banking
Wire, ACH, Internal Apps
Account Takeover, New Account Fraud
Mobile Fraud Risk
Trusteer Pinpoint Account Takeover (ATO) Detec;on
Trusteer Apex
Trusteer Rapport
Trusteer Pinpoint Malware Detec;on
Trusteer Mobile SDK/
APP
Trusteer Mobile Risk Engine
© 2013 IBM Corporation
Your security team sees…
© 2013 IBM Corporation
Clarity…
© 2013 IBM Corporation
Insights…
© 2013 IBM Corporation
Everything
© 2013 IBM Corporation
Thank You www.facebook.com/barlow.caleb
www.youtube.com/calebbarlow
© 2013 IBM Corporation
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.