mobily and ibm managed security solutions

© 2013 IBM Corporation

Mobily and IBMManaged Security Solutions

Tamer Aboualy, Ph.D.CTO, Security ServicesGTS Middle East and AfricaIBM

Ahmed Abdel HamidSecurity ServicesIBM Saudi Arabia

© 2013 IBM Corporation2

Introduction: Dr. Tamer Aboualy

QualificationsOver 18 years of experience in IT and Security.Previously was IBM Canada’s Security Services CTO. Responsibilities included:

• Security executives managing security at Canada’s largest governments, financial institutions, telecommunication companies, and more.

• Canada’s security architecture, strategy, and vision.

• Implementations, transitions, & operations• Innovation and applied security research.• Security Operations Center (SOC) executive sponsor and

leadExecutive sponsor and lead for MEA Security Operations Center (SOC)

Executive security sponsor for managed security services to government, financial institutions, telecommunications, energy (Oil and Gas) and othersWealth of applied knowledge in information assurance, compliance, security architectures and cryptography.Various security patents (Intrusion protection, cloud security, others) Expert speaker at security conferences (ISACA, GOVTECH, VISA, CLOUD, IDC Canadian Bankers Association, and many others).Education:

• Bachelors of Information Systems (Ryerson University Toronto Canada)

• Masters of Science in Telecommunications and Networks (Syracuse University, New York, USA)

• Ph.D. in Information Systems (Nova Southeaster University, Florida, USA)

Current Focus: CTO for MEA Security Services

Tamer Aboualy, Ph.D

CTO, IBM Security Services

Africa & Middle East

[email protected]


Agenda

• The Evolving Threat Landscape

• Managed Security Solutions (MSS)

• MSS Offerings Portfolio


Security Today

The Evolving Threat Landscape


IT Security has become a routine Board Room discussion

*Sources for all breaches shown in speaker notes

Business

Results

Systems

Availability

Legal

ExposurePersonal

Harm

Audit

Risk

Brand

Image


Motivations and sophistication are rapidly evolving

Adversary

JK

20

12

-04

-26

Espionage,Political Activism

Monetary Gain

Revenge

Curiosity

National Security

1995 – 2005

1st Decade of the

Commercial Internet

2005 – 2015

2nd Decade of the

Commercial InternetMotive

Script-kiddies or hackers

Insiders, using inside information

Organized criminals with sophisticated tools

Competitors, hacktivists

Nation-state actors


The new security landscape - Sophisticated attackers are a primary concern

Threat Profile TypeShare

of IncidentsAttack Type

Advanced

threat / mercenary

�National governments

�Terrorist cells

�Crime Cartels

23%

� Espionage

� Intellectual property theft

� Systems disruption

� Financial Crime

Malicious Insiders

�Employees

�Contractors

�Outsourcers

15%

� Financial Crime

� Intellectual Property Theft

� Unauthorized Access/

Hacktivist �Social Activists 7%

� Systems disruption

� Web defacement

� Information Disclosure

Opportunist

�Worm and virus writers

� “Script Kiddies”

49%

� Malware propagation

� Unauthorized Access

� Web defacement

Po

ten

tia

l Im

pac

t

Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure

Protection Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, September 2012


Each WeekEach Week The Average Company The Average Company

Experiences Experiences 2.6M2.6M Security AttacksSecurity Attacks

IBM Cybersecurity Intelligence & Response Team, Q4’ 2012 Scorecard

Which Result in approximately Which Result in approximately

6060 Security IncidentsSecurity Incidents

Companies with Mature Cyber Companies with Mature Cyber

Security Programs have Security Programs have 90% fewer 90% fewer

incidents incidents and are better prepared and are better prepared

to respond to those that do occur to respond to those that do occur

more effectivelymore effectively

IBM Cyber Intelligence Update


IBM has tracked a massive rise in advanced and other attacks

2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Source: www.ibm.com/security

IBM X-Force Intelligence Report


The year of the Security Breach

- Pg 27. SQL Injection is specially formatted statements to manipulate underlining web app.-15 days after Sony announced fixed their breach, Lulsecposted 150K customer account details!- Typically used first to understand DB schema, then used to retrieve data. 2008 we seen first newer attack. Attackers wouldinject script and gain root access

When was the last time you checked

your web application?

-Pg 17. Anonymous and Lulsec were major players in the SQL tactics.-Most activity from automated scanners like LizaMoon


Saudi Arabia is the MOST SPAM’d Country!


Source: www.microsoft.com/sir

Microsoft Regional Security Intelligence Report

Security Landscape in the KingdomKSA double the global average of infected computers!


Catagories of Unwanted Software (malware) in Saudi Arabia

Source: www.microsoft.com/sir

Microsoft Regional Security Intelligence Report


Security challenges are complex and require a high level of expertise and innovation to protect against today’s threats

ApplicationsWeb

ApplicationsSystems

ApplicationsWeb 2.0 Mobile

Applications

Infrastructure

Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motionUnstructuredStructured

PeopleHackers Suppliers

Consultants Outsourcers

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0Systems

Applications

Nation States

& Terrorists

Structured In motion

Customers

Mobile Applications


The skills shortage for security practitioners leave clients seeking a trusted partner to provide managed security solutions

81% of chief information security officer functions are re-organizing or

have been re-organized within the last six months.

Corporate Executive Board, IREC Study, July 2012

are unable to

find people with

the right skills

complain of the

inability to measure

the effectiveness

of their current

security efforts

struggle with

an understaffed

IT team


Clients can be confident knowing that IBM Security Services are backed by IBM’s strong market leadership and analyst recognition

IBM Security Consulting ServicesIBM Managed Security Services

“IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a

high-quality vendor that can do it all and manage it afterwards should consider IBM.”

Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012

Full report can be accessed at http://www.ibm.com


Security Strategy, Risk and Compliance

Cyb

ers

ecu

rityA

ssessm

en

t an

d

Resp

on

se

Security Operations Optimization

Infrastructure and Endpoint

Security

Identity and Access

Management

Data and Application

Security

Managed Security

IBM has a broad base of consulting services to provide end to end solutions. Partnered with Mobily we offer unparalleled Managed Services and Security Intelligence.

9

Managed Services

Security Consulting &

Professional Services

Expertise Intelligence Integration

•Globally available managed security services platform

•Manage security operations, detect and respond to emerging risk

•6000+ Security Consultants & Architects

•Assess security risk and compliance, evolve security program


IBM Managed Security Solutions provided through Mobily provide local

capability while benefiting from unmatched global security coverage

6,000 researchers, developers and subject matter experts

working security initiatives worldwide

• 11 Security Operations Centers• 3,700+ MSS clients worldwide• 20,000+ security devices

• 15B+ security events daily

• Recording over 30k incident daily• Monitoring in 133 countries• Using a grid of 725+ systems

• Maintaining 99.9+% availability

MSS Global Facts and Figures

• Fully redundant services• BC/DRP test performed annually

• SSAE-16, PCI, FFIEC, ITCS-104

BCP/DRP & Compliance

• Forrester Wave• Gartner Magic Quadrant• Frost & Sullivan

Market Leadership

• MSS business founded 1995• Employee tenure average 4.5 yrs• Embedded X-Force intelligence

Experience & Expertise

Riyadh, KSA


Protecting Our Clients

Managed Security Solutions


Security Strategy, Risk and Compliance

Cyb

ers

ecu

rityA

ssessm

en

t an

d

Resp

on

se

Security Operations Optimization

Infrastructure and Endpoint

Security

Identity and Access

Management

Data and Application

Security

Managed Security

IBM has a broad base of consulting services to provide end to end solutions. Partnered with Mobily we offer unparalleled Managed Services and Security Intelligence.

9

Managed Services

Security Consulting &

Professional Services

Expertise Intelligence Integration

•Globally available managed security services platform

•Manage security operations, detect and respond to emerging risk

•6000+ Security Consultants & Architects

•Assess security risk and compliance, evolve security program

Mobily Standard Security Portfolio


Our capabilities cover the wide range of specialized security functions

Security Analysis

Key Functions

•Threat Intelligence Gathering•Event and Vulnerability Analysis

•Impact Analysis

•Incident Management

•Investigations

•Enforcement Optimization•Risk Assessments, Briefings,

and Advisories

Security Operations

Key Functions

•Security Monitoring

•Incident Monitoring & Escalation

•Security Application Management

•Configuration Management•Policy Management

Security Intelligence Platform

Key Functions

•Aggregate Security Event/Log Data •Correlation, Rules & Feeds


Managed Security Solutions portfolio can address a wide variety of challenges and business requirements

Managed Security

Services (Cloud)

� Hosted security event and log

management services

� Hosted vulnerability management services

� Hosted IBM X-Force threat analysis service

� Managed firewall services

� Managed and monitored IPS

and IDS services

� Managed and monitored UTM services

Managed Security

Services (CPE)

Multiple device types and

vendors supported

IPS: Intrusion Protection SystemIDS: Intrusion Detection SystemUTM: Unified Threat Management

Security

Requirements


IBM’s Managed Security Services for Firewall, IPS and UTM are designed to reduce the operational overhead associated with the day to day management of core security technologies that provide the foundational

elements for an organization’s overall security posture. These offerings combine management, monitoring, and maintenance across a variety of leading technologies and service levels.

Customer Pain Points

� Multiple technologies create a challenge for skills management

� Proper security administration requires round the clock support,

� Compliance mandates competency beyond that of many organizations

� Security teams are needed for more strategic activities but security technologies remain complex and cumbersome to implement.

Managed Network Security Services: Firewall, IDPS, UTM

Key Features

Support for market leading technologiesCheckpoint, Cisco, IBM, Juniper, McAfee, Tipping Point, Sourcefire, Palo Alto, etc.

Support for comprehensive product featuresMost major product features are supported: Virtualization, multiple policies, traffic shaping, content security, custom signatures, etc.

Industry leading service level agreementsService level agreements that set the benchmark for the industry including incident response, change management, system monitoring, portal availability, content updates, etc.

Two offering packages to ensure flexibilityThe offerings are designed to meet the needs of less demanding to the most mission critical of environments.

Integrated service views via the IBM Virtual SOCIBM’s proprietary web based interface ensures real-time on-demand access to the latest service information including alerts, advisories, system configuration, and comprehensive workflow and reporting capability.

Faster time to deploy and reduced operational overhead within multi-vendor environments.

Provides 24x7 support for round the clock monitoring, response, and management.

Solution Overview


Cloud Security Services: IBM X-Force Threat Analysis Service

Solution Overview

IBM Security Services' X-FORCE Threat Analysis Service (XFTAS)

is a security intelligence service that delivers customized information about a wide array of threats that could affect your

network security. XFTAS helps you proactively protect your

networks with detailed analyses of global online threat conditions.

� A single source for up-to-the minute, customized security

information

� Expert analysis and correlation of global security threats

� Actionable data and recommendations that help you maintain

your network security

� Easily accessed 24x7x365 through the VSOC Portal

� Partner with a trusted security advisor

UniqueValue

The IBM X-FORCE Threat Analysis Service combines high-quality, real-time threat

information from an international network of Security Operations Centers with security intelligence from the X-Force research and development team to develop

comprehensive evaluations and recommendations suited to your business.


Cloud Security Services: Security Event and Log Management

Solution OverviewThe Security Event and Log Management Service (SELM)

enables compilation of the event and log files from network

applications, operating systems, and security technologies into

one seamless platform. The SELM offering allows for automated analysis of IPS data as well as robust query and

research capabilities against a variety of disparate log types.


� Information and event management solutions can be overly complex

� SIM implementation can take months and hundreds of thousands of dollars

� Many solutions struggle to scale when real-time analysis is required

� Reporting requirements are often not met by off-the-shelf solutions

Improved time to value by leveraging an on-demand cloud- based platform versus cumbersome CPE deployment options.

Quickly analyze data from multiple geographies and technologies via a single web-accessible interface.

Cloud-based deployment allows for seamless off-site storage of critical log data.

Optional outsourcing of event monitoring activity to IBM experts on a shift-by-shift basis!

Key Features

Two tiers of service SELM is available in Standard and Select service levels, allowing for varying degrees of analysis and analytics to be applied to varying data types.

Integrated workflow and analysis capabilitiesWith SELM’s integrated workflow and analysis capabilities, security issues can be investigated, escalated, and recorded using IBM’s web-based tools.

Seamless blending of MSS and non-MSS dataSELM allows for data of managed and unmanaged devices to be stored in the same systems and seamlessly interacted with as though all data is part of a common data set.

Custom log parser and correlation engineEasily use regular expressions to add support for custom log sources and correlation rules. Unique IBM functionality!

Forensically sound storage and archivalSELM employs best practice processes for data in motion and at rest as suggested by IBM’s own Emergency Response Services team.


Cloud Security Services– Hosted Vulnerability Management overview

Solution OverviewOffers network-based vulnerability assessment from the cloud

via the VSOC web portal. Scans can be configured and

scheduled via the web, with scanning performed from the cloud

or via IBM managed scanners at the customer premises.

Results are archived in the cloud and accompanied by reporting, workflow, and remediation capabilities.


� Vulnerabilities allowing hackers easy access to client systems

� Proper assessment and remediation are required for compliance initiatives

� Today’s solutions are difficult to use and manage

� Customers can’t prioritize remediation efforts for identified vulnerabilities

Faster time to deploy and more accurate detection of vulnerabilities, helping customers identify risks and ultimately improve their security posture

More efficient end-to-end process for remediating vulnerabilities, and better tracking for compliance purposes

Streamlined SaaS delivery model gives customers full control without the expense and distraction of owning and managing scanning infrastructure

Core Capabilities

Vulnerability managementAgentless scanning from both inside and outside the firewall to find exposures.

Remediation guidance and workflow Fix vulnerabilities quickly and easily with the information provided in remediation reports.

PCI compliance assistanceIBM can serve as an approved scanning vendor (ASV) in support of PCI compliance initiatives.

Intelligent scanningDelivers accurate scanning results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positivesmean less time spent tracking down “potential”vulnerabilities.

Web application vulnerability detectionIdentifies SQL injection, cross-site scripting, and other high-risk vulnerabilities in web applications.

Database vulnerability detection Identifies vulnerabilities in common databases and database configurations.


Mobily clients have full visibility into work being performed throughthe Virtual Security Operations Center portal (V-SOC)

Firewalls and IDS and IPS1

Applications

Networking devices

Vulnerability

Aggregation

Aggregation

Correlation

Archival

Reporting

Workflow

Virtual-SOC technology platform

Security Operations

Center (SOC)

NormalizeAggregateCorrelate

ArchiveEscalateRemediate

Internet

Virtual-SOC portal

Virtual Security Operations Center (V-SOC)

Anti Virus and filtering


Mobily-IBM Managed Security Services Customer Portal

Thank You

MerciGrazie

Gracias

Obrigado

Danke

Japanese

French

Russian

German

Italian

Spanish

Portuguese

Arabic

Swahili

Simplified Chinese

Hindi

Slovenian

Thai

Korean

KöszönömHungarian

TackSwedish

DankieAfrikaans

ευχαριστώ

Спасибо

Greek

Hvala

Asante sana

mobily and ibm managed security solutions

Documents