security operations and response
TRANSCRIPT
-
SECURITY OPERATIONS AND RESPONSEORCHESTRATE YOUR DEFENSES THROUGHOUT THE ENTIRE ATTACK LIFECYCLE
Ahmed Sharaf
2016
Managing Director Xband Enterprises, Inc.
-
2 IBM Security
Todays attacks require a strategic security approach
Build multiple perimeters Protect all systems Use signature-based methods Periodically scan for known threats Shut down systems
Tactical ApproachCompliance-driven, reactionary
Todays Attacks
Assume constant compromise Prioritize high-risk assets Use behavioral-based methods Continuously monitor activity Gather, preserve, retrace evidence
Strategic ApproachIntelligent, orchestrated, automated
Indiscriminate malware,spam and DDoS activity
Advanced, persistent, organized, politically or financially motivated
It takes power and precision to stop adversaries and unknown threats
Yesterdays Attacks
-
3 IBM Security
Continuously stop attacks and remediate vulnerabilities
Upgrade your defenses with a coordinated platform to outthink threats
Disrupt malware and exploits Discover and patch endpoints Automatically fix vulnerabilities
Respond to incidents quickly, with precision Hunt for indicators
using deep forensics Orchestrate and automate
incident response
Discover unknown threats with advanced analytics See attacks across the enterprise Sense abnormal behaviors Automatically prioritize threats
RESPOND
-
4 IBM Security
IBM Security offers the industrys first integrated, end-to-end Security Operations and Response Platform
Security Operations and Incident Response Services
Incident Response
Endpoint andNetwork Protection
Vulnerability and Patch Management
User BehaviorAnalytics
Security Intelligence and Analytics
SECURITY OPERATIONS AND RESPONSE
CEO CISOHR ITLEGAL
IDS | NIPS | AV | DLP | FW | DBs | Apps |
Prevent, detect, and respond to threats with an intelligent, orchestrated, automated platform
IBM BigFixFind, fix, and secure endpoint threats and vulnerabilities
IBM Security Network ProtectionPrevent network exploits and limit malware communications
IBM QRadar Security IntelligenceUse advanced analytics to discover and eliminate threats
IBM Resilient Incident Response PlatformGenerate response playbooks and coordinate activity
IBM X-Force ExchangeAutomatically update incident artifacts with threat intelligence
IBM Security ServicesDeliver operations consulting to help implement processes and response experts when something goes wrong
-
5 IBM Security
Monitor, protect, and respond quickly to endpoint threatsIBM BigFix
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
Find It.Discover unmanaged endpoints and get real-time visibility into all endpoints to identify vulnerabilities and non-compliant endpoints
Secure It.Continuously monitor and enforce compliance with security, regulatory and operational policies while proactively responding to threats
Fix It.Fix vulnerabilities and apply patches across all endpoints on and off the network in minutes regardless of endpoint type or network connectivity
-
6 IBM Security
Bridge the gap between IT operations and securityIBM BigFix
ENDPOINT SECURITY
Discoveryand Patching
Lifecycle Management
Software Compliance and Usage
ContinuousMonitoring
ThreatProtection
IncidentResponse
ENDPOINT MANAGEMENT
Shared visibility and control between
IT operations and security___________
IBM BigFix
Reduce operational costs while improving your
endpoint security posture
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
7 IBM Security
Protect against the latest attacks IBM Security Network Protection
IBM SecurityNetwork
Protection
VISIBILITYGain insight into network traffic patterns to detect anomalies
PROTECTIONDisrupt known and unknown exploits and malware attacks
CONTROLLimit the use of risky applications to reduce your attack surface
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
8 IBM Security
Protect and control your network trafficIBM Security Network Protection
Identity and Application Awareness Associates users and groups with their network activity, application usage and actions
Deep Packet InspectionClassifies network traffic, regardless of port or protocol
SSLVisibilityIdentifies encrypted threats, withouta separate appliance
400+Protocols and file formats
analyzed
2,000+Applications and actions
identified
25+ BillionURLs classified in 70 categories
Inbound Traffic
Outbound Traffic
Application A
Application B
Employee A
Employee B
Employee C
Prohibited Application
Attack Traffic
Botnet Traffic
Good Application
Clean Traffic
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
9 IBM Security
Stop threats and limit risk with the leading analytics platform for actionable security intelligence IBM QRadar
Threat Protection
Incident Forensics
Compliance Reporting
User Behavior Analytics
VulnerabilityManagement
Cloud Visibility
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
10 IBM Security
Understand deep security context across your organization in hours, not weeks
Prioritized incidents
EmbeddedIntelligence
IBM QRadarSense Analytics
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
EXTENSIVE DATA SOURCES
IBM QRadar
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
11 IBM Security
Manage vulnerabilities and analyze behaviorIBM QRadar
Quickly gain insights into the highest risk users
Out-of-the-box behavioral analytics and rules
User risk-based incidents
Streamline user investigations
Gain a unified view of all vulnerability information
Dramatically improve actionable information through rich context
Quickly find specific product vulnerabilities
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
12 IBM Security
Quickly get the answers you need to help detect and remediate attacksIBM QRadar
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
13 IBM Security
Enable rapid innovation through an online collaboration platformIBM X-Force App Exchange
Access user and business partner innovations
Extend QRadar functionality to new use cases
Download validated security apps from a single platform
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
14 IBM Security
Streamline incident response with a single hub to align people, process, and technologyIBM Resilient Incident Response Platform
Align people, process, and technology
Automate response processes and measure the ROI of security investments
Gain centralized collaboration and intelligence
Easily configure Incident Response plans in hours or days not weeks or months
RESPOND FASTER. SMARTER. BETTER.
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
15 IBM Security
Modify your response as needs and incidents evolve IBM Resilient Incident Response Platform
Security Module
Industry standard workflows (NIST, SANS)
Threat intelligence feeds Organizational SOPs Community best practices
Action Module
Automate processes Enrich incident details Gather forensics Enact mitigation
Privacy Module
Global breach regulations Contractual obligations Third-party requirements Organizational SOPs Privacy best practices
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
16 IBM Security
Gain integrated, real-time threat intelligenceIBM X-Force Exchange
Crowd-sourced information sharingbased on 700+TB of threat intelligence
https://exchange.xforce.ibmcloud.com
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
17 IBM Security
Transform and modernize your security operations IBM Security Intelligence and Operations Services
Assess, plan and develop your security maturity and operations
Assess and transform your security posture
Build next generation security operations
Deploy intelligence-driven security capabilities
Optimize your ability to react to and contain events, while reducing impact
Identify capability gaps, plan and deploy a robust strategy and roadmap to close them
Gain insight to prioritize security investments
PLAN
DEPLOY
OPTIMIZE
BUILD
DESIGN
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
18 IBM Security
Plan, prepare and respond to incidents with proven expertiseIBM X-Force Incident Response Services
Onsite expertise within 24 hours
Incident containment, handling and remediation
Forensics collection and analysis
ONSITEINCIDENTRESPONSE
Help clients build effective incident response plans
Test plans and procedures with simulated exercises
Assist with removal of known threats
Continuous monitoring and rapid response to confirmed threats
Intelligent correlation to reduce alert fatigue
Initiate proactive incident response activities
INCIDENTRESPONSEPLANNING
REMOTETHREAT RESPONSE
IBM X-ForceIncident Response Services
Find, fix, and secure endpoints
Prevent advanced network attacks
Use analytics to discover and eliminate threats
Coordinate response activity
Understand the latest threat actors
Get help from security experts
-
19 IBM Security
Example: Disrupt the attack chain in real-time
GATHERAuthorized system attempts to access resources
BREAK-INRemote employee triggers drive-by download
LATCH-ONInternal system infected as part of a botnet
EXPANDTargeted internal email sent to high-profile employees
EXFILTRATEPersistent attackers quietly siphoning out data
ATTACK CHAIN
1 2 3 4 5
QRadar Incident Forensics reconstructs abnormal user and database activity from network packets
BigFix patches the latest vulnerabilities and quarantines infected endpoints to prevent more damage
Network Protection blocks zero-day exploit traffic and sends flows to QRadar for anomaly detection
QRadar correlates network flows and security events from other security controls into a list of priority offenses
Resilient Incident Response Platform allows responders to coordinate activity before damage occurs
-
20 IBM Security
Why IBM Security Operations and Response?
Cognitive Analytics Open Ecosystem Deep Threat Intelligence
IBM Security App Exchange provides access to apps from leading security partners
Out-of-the-box integrations for 500+ third-party security products
Open APIs allow for custom integrations and apps
QRadar Sense Analytics allows you to inspect events, flows, users, and more
Speed analysis visuals, query, and auto-discovery across the platform
Get ready to augment your analysts Watson for Cyber Security
IBM X-Force Exchange helps you stay ahead of the latest threats and attacks
Powered by the X-Force Research team and 700TB+ threat data
Share data with a collaborative portal and STIX / TAXII standards
-
21 IBM Security
SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security
IBM has the worlds broadest and deepest security portfolio
SECURITYECOSYSTEM
App Exchange
MaaS360
INFORMATION RISKAND PROTECTION
Trusteer Pinpoint
Trusteer Mobile
Trusteer Rapport
Privileged Identity ManagerIdentity Governance and Access
AppScan
Guardium
Cloud SecurityEnforcer
Cloud Identity ServicezSecure
Key Manager
QRadar Vulnerability Manager Resilient Incident Response
X-Force Exchange
QRadar Incident ForensicsNetwork Protection XGSBigFix
SECURITY OPERATIONSAND RESPONSE
QRadar SIEM QRadar Risk Manager
-
22 IBM Security
COGNITIVE, CLOUD,and COLLABORATION
The next era of security
INTELLIGENCEand INTEGRATION
PERIMETER CONTROLS
-
23 IBM Security
IBM Security invests in best-of-breed solutions
Incidentresponse
Cloud-enabledidentity managementIdentity governance
Application securityRisk management Data management
Security services and network security
Database monitoringand protection Application security
SOA management and security
IBM Security is making all the right moves...Forbes
2011 2012 2013 2014 2015 20162005 2006 2007 2008 2009 20102002
IBM SecuritySystems
IBM SecurityServices
Identity managementDirectory integration
Enterprisesingle-sign-on
Endpoint managementand security
Security Intelligence
Advanced fraud protectionSecure mobile mgmt.
CyberTap
-
24 IBM Security
Industry analysts rank IBM SecurityDOMAIN SEGMENT MARKET SEGMENT / REPORT ANALYST RANKINGS
Security Operations and Response
Security Intelligence Security Information and Event Management (SIEM) LEADER
Network and Endpoint Protection
Intrusion Prevention Systems (IPS) LEADER
Endpoint: Client Management Tools LEADER
Endpoint Protection Platforms (EPP) Strong Performer
Information Riskand Protection
Identity Governance and Access Management
Federated Identity Management and Single Sign-On LEADER
Identity and Access Governance LEADER
Identity and Access Management as a Service (IDaaS) LEADER
Web Access Management (WAM) LEADER
Mobile Access Management LEADER
Identity Provisioning Management LEADER
Data Security Data Masking LEADER
Application Security Application Security Testing (dynamic and static) LEADER
Mobile Protection Enterprise Mobility Management (MaaS360) LEADER
Fraud Protection Web Fraud Detection (Trusteer) LEADER
Security Transformation Services
Consulting and Managed Services
Managed Security Services (MSS) LEADER
Information Security Consulting Services LEADER
V2016-06-16Note: This is a collective view of top analyst rankings, compiled as of July, 2016
-
25 IBM Security
Adaptive integration with ecosystem partners
100+ ecosystem partners, 500+ QRadar integrations
-
26 IBM Security
A Global Leader in Enterprise Security
#1 in enterprise security software and services*
7,500+ people
12,000+ customers
133 countries
3,500+ security patents
15 acquisitions since 2005*According to Technology Business Research, Inc. (TBR) 2016
-
Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
FOLLOW US ON:
THANK YOU
SECURITY OPERATIONS AND RESPONSETodays attacks require a strategic security approachUpgrade your defenses with a coordinated platform to outthink threatsIBM Security offers the industrys first integrated, end-to-end Security Operations and Response PlatformMonitor, protect, and respond quickly to endpoint threatsBridge the gap between IT operations and securityProtect against the latest attacks Protect and control your network trafficStop threats and limit risk with the leading analytics platform for actionable security intelligence Understand deep security context across your organization in hours, not weeksManage vulnerabilities and analyze behaviorQuickly get the answers you need to help detect and remediate attacksEnable rapid innovation through an online collaboration platformStreamline incident response with a single hub to align people, process, and technologyModify your response as needs and incidents evolve Gain integrated, real-time threat intelligenceTransform and modernize your security operations Plan, prepare and respond to incidents with proven expertiseExample: Disrupt the attack chain in real-timeWhy IBM Security Operations and Response?IBM has the worlds broadest and deepest security portfolioThe next era of securityIBM Security invests in best-of-breed solutions Industry analysts rank IBM SecurityAdaptive integration with ecosystem partnersA Global Leader in Enterprise SecuritySlide Number 27