1. IBM Security Systems
MENA Cyber Security - targeted attacks, expanding risks, and the changing threat landscape
Tamer Aboualy, Ph.D.
IBM MEA Security Services CTO
April, 9, 2013
Findings from XF 2012 Annual Trend and Risk Report
Covers latest security threats that have occurred so far this year as well as trends that we track over time in our different research groups
Provides information in the areas of safe security practices when it comes to operating network infrastructures and in writing secure software
And we cover what we think are new and emerging technologies that press into the current enterprise infrastructure that demands attention either due to adoption rates – or sheer overloads as is the case we are seeing with the adoption of mobile technology
The report helps the reader better understand areas of risk, and provides education for areas of focus and improvement

2. Introduction: Dr. Tamer Aboualy
Tamer Aboualy, Ph.D
CTO, IBM Security Services
Africa & Middle East
About Me
Previous IBM Canada’s Security Services CTO.
Executive sponsor and lead for MEA Security Operations Center (SOC)
Previous technical lead for the development and implementation of
Previous technical lead for Canada’s crypto and security methods for
financial payment systems.
Various security patents (Intrusion protection, cloud security, others)
Expert speaker at security conferences (ISACA, GOVTECH, VISA, CLOUD,
IDC Canadian Bankers Association, and many others).
Education:
Bachelors of Information Systems (Ryerson University Toronto Canada)
Masters of Science in Telecommunications and Networks (Syracuse University, New York, USA)
Ph.D. in Information Systems (Nova Southeaster University, Florida, USA)

3. The Evolving Threat Landscape
Agenda
The Evolving Threat Landscape
IBM X-Force 2012 Threat Research Report & Middle East Threat Research
Security Intelligence
Offerings Portfolio

4. The Evolving Threat Landscape
Security Today
The Evolving Threat Landscape

5. IT Security has become a routine Board Room discussion
Business Results
Brand
Image
Systems
Availability
Legal Exposure
Personal
Harm
Audit
Risk
Sources
Sony breach:
HSBC breach:
Epsilon breach:
TJX breach: TJX Companies, Inc. press release, 8/14/2007,
Lulzec breach:
Zurich Insurance breach: (Financial Services Authority of Britain)
*Sources for all breaches shown in speaker notes

6. Motivations and sophistication are rapidly evolving
1995 – 2005
1st Decade of the Commercial Internet
2005 – 2015
2nd Decade of the Commercial Internet
Motive
Nation-state actors
National Security
Espionage, Political Activism
Competitors, hacktivists
Monetary Gain
Organized criminals with sophisticated tools
Revenge
Insiders, using inside information
Curiosity
Script-kiddies or hackers
Adversary JK

7. The new security landscape - Sophisticated attackers are a primary concern
Threat
Profile Type
Share
of Incidents
Attack Type
Advanced threat / mercenary
National governments
Terrorist cells
Crime Cartels
23%
Espionage
Intellectual property theft
Systems disruption
Financial Crime
Malicious Insiders
Employees
Contractors
Outsourcers
15%
Intellectual Property Theft
Unauthorized Access/
Hacktivist
Social Activists 7%
Web defacement
Information Disclosure
Opportunist
Worm and virus writers
“Script Kiddies”
49%
Malware propagation
Unauthorized Access
Potential Impact
Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure Protection Cybersecurity, GAO ; IBM CyberSecurity Intelligence & Response Team, September 2012 7

8. IBM Cyber Intelligence Update
Pulse 2013
6/3/2018
IBM Cyber Intelligence Update
Each Week The Average Company Experiences 2.6M Security Attacks
Which Result in approximately 60 Security Incidents
Companies with Mature Cyber Security Programs have 90% fewer incidents and are better prepared to respond to those that do occur more effectively
IBM Cybersecurity Intelligence & Response Team, Q4’ 2012 Scorecard
SK4_Security_Kristin_Lovejoy

9. IBM X-Force 2012 Threat Research & Middle East Threat Research

10. The mission of X-Force is to:
X-Force is the foundation for advanced security and threat research across the IBM Security Framework
The mission of X-Force is to:
Monitor and evaluate the rapidly changing threat landscape
Research new attack techniques and develop protection for tomorrow’s security challenges
Educate our customers and the general public
Advanced Security and Threat Research, which includes the X-Force team, is the foundation for many of the pillars in the security product portfolio.
As the team tasked with staying on top of the latest threats and vulnerabilities, the information it provides is a critical aspect of providing protection to the other parts of the framework. The rest of this deck will talk to the specific capabilities of this team, as well as some specific integration points between the X-Force research and the products to which they add value. 10

11. IBM’s global security resources span the globe
Security Research Centers
Security Operations Centers
11 Security operations centers
9 Security research centers
11 Security solution development labs
400+ Security operations analysts
500+ Field security sales / tech specialists
4, Security and Compliance professionals
IBM has security consultancy practices and dedicated security research capabilities across the globe
20,000+ devices under contract
3,700+ MSS clients worldwide
9B+ events managed per day
1,000+ security patents*
133 monitored countries (MSS)

12. What are we seeing? Key Findings from the 2012 Trend Report
Threats and Activity
40% increase in breach events for 2012
Sophistication is not always about technology
SQL Injection, DDoS, Phishing activity increased from 2011
Java means to infect as many systems as possible
Operational Security
Software vulnerability disclosures up in 2012
Web application vulnerabilities surge upward
XSS vulnerabilities highest ever seen at 53%
Content Management Systems plug-ins provide soft target
Saudi Arabia sent most SPAM in Q3 2012, and remains most SPAM’d country in the world
Emerging Trends
Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering
Mobile Security should be more secure than traditional user computing devices by 2014

13. 2011: “The year of the targeted attack”
2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party Software
DDoS
SecureID
Trojan Software
Unknown
Online Gaming
Gaming
Central Government
IT Security
Online Gaming
Enter-tainment
Defense
Central Govt
Consumer Electronics
Central Government
Online Services
Banking
Consulting
Online Services
Banking
Online Gaming
Online Gaming
Marketing Services
National Police
Gaming
Heavy Industry
Consulting
Internet Services
Entertainment
Consumer Electronics
Defense
Online Gaming
Online Gaming
IT Security
Police
Insurance
Entertainment
Central Government
Agriculture
Apparel
State Police
Central Government
This chart is from the 2011 report – which we called the Year of the Targeted Attack
Highlights the activity that was covered in the press last year
Color of circles represent tech means used by attackers to breach these customers
The size of the circle is a very rough estimate of the possible financial impact that might have occurred based on what was reported publically
This chart is meant to represent the volume of activity that is happening out there – you can see it is quite heavy considering this is a mere sampling of what was probably actually going on
This attack activity is driving discussions at the board level of organizations and its asking executives in companies to determine where they are prepared for these types of events where one to occur on their networks
In 2012 the attack trend continues
Most recent example announced publically last week by Adobe – an APT to their network
As we move forward we’ll discuss we’ll discuss some of the specific attack activity and the methods used by attackers to breach systems and networks
Financial Market
Government Consulting
IT Security
Defense
Gaming
Central Govt
Tele-communications
Central Govt
Consumer Electronics
Internet Services
Central Government
Central Government
State Police
Size of circle estimates relative impact of breach in terms of cost to business
Online Gaming
Defense
National Police
Central Government
Central Government
Consumer Electronics
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Source: IBM X-Force® Research 2011 Trend and Risk Report 13

14. 2012: The explosion of breaches continues!
2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source:
IBM X-Force Intelligence Report

15. MSS 2012 - Breakout of Security Incidents by Country

16. Web application vulnerabilities surge upward
1616
Web application vulnerabilities surge upward
14% In 2011 there were 2921 web vulnerabilities, 2012 there were 3551
Web Application Vulnerabilities Represented 43%
Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities
in Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in Not surprisingly, the alternating year of total vulnerabilities rising and falling coincides with the amount of web application vulnerabilities 16 16

17. MSS 2012 - Ranking Security Incidents

18. Tried and true techniques - Distributed Denial of Service (DDoS)
1818
Threats
Operational Security
Emerging Trends
Tried and true techniques - Distributed Denial of Service (DDoS)
High profile DDoS attacks marked by a significant increase in traffic volume
Implementation of botnets on compromised web servers in high bandwidth data centers
Denial of Service (DoS or DDoS) is another approach where attackers modified their tactics to increase sophistication saw an enormous increase in DoS traffic volumes using up to 60 – 70 Gbps of data driven by compromised 24X7 higher bandwidth web servers instead of PCs. In recent weeks, attackers are now generating as much as 300Gbs of DDoS traffic. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists.
An interesting twist to banking DDoS attacks was implementation of botnets on compromised web servers residing in high bandwidth data centers. Outdated CMS installations and plugins allowed attackers shell access to many vulnerable web servers.
This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks.
Attackers are now generating as much as 300Gbs of DDoS traffic by compromising high bandwith servers. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists 18 18

19. Tried and true techniques - SQL and Command Injection attacks
1919
Tried and true techniques - SQL and Command Injection attacks
Dramatic and sustained rise in SQL injection-based traffic
Alerts came from all industry sectors, with a bias toward banking and finance targets
Denial of Service (DoS or DDoS) is another approach where attackers modified their tactics to increase sophistication saw an enormous increase in DoS traffic volumes using up to 60 – 70 Gbps of data driven by compromised 24X7 higher bandwidth web servers instead of PCs. Hacktivists including Anonymous and LulzSec selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as ‘itsnoproblembro’ provided upgraded technology to even the rank-and-file antagonists.
IBM MSS noted a dramatic and sustained rise in SQL injection-based traffic
Alerts came from all industry sectors, with a bias toward banking and finance targets.
Anonymous and Lulsec were major players in the SQL tactics.
Most activity from automated scanners like LizaMoon
SQL Injection is specially formatted statements to manipulate underlining web app.
15 days after Sony announced fixed their breach, Lulsec posted 150K customer account details!
Typically used first to understand DB schema, then used to retrieve data we seen first newer attack. Attackers would inject script and gain root access
When was the last time you checked your web application? 19 19

20. IBM Security MSS – Top Volume Signatures for 2011 and 1H 2012 (based on MSS global volumes)
SQL Slammer. Most durable Internet Malware. But levels decreasing significantly
Microsoft sw part of Windows SysInternals. Command-line based on remote admin tools. Like light weight Telnet
HTTP Unix Password
- Attempts to access the password ( /etc/password and /etc/shadow file) on UNIX systems through HTTP

21. Shell Command Injection attacks
2121
Shell Command Injection attacks
This year, we have seen an uptake in a different kind of web application attack activity and this called Shell Command Injections. Instead of injecting database commands through the web application, attackers inject command line commands that run on the operating system that the web application is running on. You can see in this chart a pretty significant increase in this activity at the end of – so we are starting to see some automated Shell Command Inject attacks that work largely the same way as the SQL injection attack activity worked but this is a vulnerability that has probably received less focus over that last few years although as a consequence of the increased activity we’ve seen, we think organizations should start paying more attention to it.
Executing of system shell commands. Typically involves server download of a remote script an storing it in tmp directory. Then executing it.
Script designed to maintain remote control, gather intel, and establish command and control back to attacker computer.
Also used as lunch pad to infiltrate other servers.
Mitigated by proper configuration and sanitization of ALL INPUTS and eliminating or restricting server software access to shell commands like wget,passwd, dir, ls. 21

22. Seems to have reached a plateau
2222
SSH brute force activity
Seems to have reached a plateau
We also saw this spike in volume at the end of the year in SSH brute forcing. This is one of the most common types of attacks we see on the internet where people are scanning for computers running SSH and they will try to brute-force user names and passwords on those computers. We’re not sure if this huge spike is an anomaly or if this will continue to be a problem in 2012 but it certainly is alarming and again, if you have SSH running on a computer it is important to be sure you have good passwords because if you don’t those passwords will quickly be automatically compromised.
Brute force attempts to access a system by attempting large number of password possibilities.
Attack can allow hacker to view, copy, delete, import, or execute code/files.
Many organizations still use weak or default SSH user ID and passwords.
Organizations should use strong passwords or authentication methods. 22

23. Anonymous proxies on the rise
Approximately 4 times more anonymous proxies than seen 3 years ago
Some used to hide attacks, others to evade censorship
Signature detects situations where clients are attempting to access websites through a chain of HTTP proxies
Could represent
legitimate (paranoid) web surfing
attackers obfuscating the source address of launched attacks against web servers
Another area where we have seen a lot of activity is anonymous proxies. In fact, In the first half of 2011, there were about four times as many anonymous proxies registered as there were three years ago. Although this activity appears to have tapered off a little in the second half of the year, over all the trend is up over 2010 numbers. Anonymous proxies are a critical type of website to track because of the ease that proxies provide in allowing people to hide potentially malicious intent.

24. January 2013 SPAM Report
Saudi Arabia and Qatar MOST Spammed countries!
Source: Symantec Intelligence Report

25. January 2012
February 2012
May 2012
Source: Symantec Intelligence Report

26. June 2012
July 2012
August
Source: Symantec Intelligence Report

27. 2012 Summary of SPAM for GCC Receiving Countries
November 2012
September 2012
October 2012
December 2012
2012 Summary of SPAM for GCC Receiving Countries
Saudi Arabia: Number 1 SPAM receiving country except for 1 month was #2.
Qatar: 6 months
Oman: 3 months
Kuwait: 2 months
Source: Symantec Intelligence Report

28. Saudi Arabia Top SPAM Producing Country in Q3 2012
The Trend report reported that Saudi Arabia was the top SPAM Producing country in Q (see trend micro graphic). However others IBM, Symantec, and others reported that Saudi Arabia was the top SPAM producing country for a few weeks or a month.
According to SpamRankings.net the FESTI botnet used SaudiNet for spamming activities, making Saudi Arabia, a newcomer, the top spam-sending country in Q3 2012
Spammers were probably taking advantage of the fact that Saudi Arabia-hosted IP addresses will not raise red flags.
Source: Trend Intelligence Report

29. X-Force MSS 2012 – SPAM Volumes vs SPAM Sent From Saudi Arabia, India, Peru, and Spain
Saudi Arabia overtook India as top SPAM producing country for a short period.

30. Security Landscape in the Kingdom
Security Landscape in the Kingdom KSA double the global average of infected computers!
Source:
Microsoft Regional Security Intelligence Report

31. Categories of Unwanted Software (malware) in Saudi Arabia
Source:
Microsoft Regional Security Intelligence Report

32. Comparing the Middle East and Gulf Countries
Palestine
Iraq
Egypt
UAE
Saudi Arabia
Kuwait
Qatar
Oman
Global Average

33. Protecting Our Clients
Managed Security Solutions
Consulting Security solutions

34. IBM Managed Security Services Are Provided Locally in Saudi Arabia
MSS business founded 1995
Employee tenure average 4.5 yrs
Embedded X-Force intelligence
Experience & Expertise
Forrester Wave
Gartner Magic Quadrant
Frost & Sullivan
Market Leadership
Riyadh, KSA
Fully redundant services
BC/DRP test performed annually
SSAE-16, PCI, FFIEC, ITCS-104
BCP/DRP & Compliance
MSS Global Facts and Figures
11 Security Operations Centers
3,700+ MSS clients worldwide
20,000+ security devices
15B+ security events daily
Recording over 30k incident daily
Monitoring in 133 countries
Using a grid of 725+ systems
Maintaining 99.9+% availability
6,000 researchers, developers and subject matter experts working security initiatives worldwide

35. Clients can be confident knowing that IBM Security Services are backed by IBM’s strong market leadership and analyst recognition
IBM Managed Security Services
IBM Security Consulting Services
“IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a high-quality vendor that can do it all and manage it afterwards should consider IBM.”
Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012
Full report can be accessed at

36. IBM has a broad base of consulting services to provide end to end solutions.
Security Consulting & Professional Services
6000+ Security Consultants & Architects
Assess security risk and compliance, evolve security program
Managed Services
Globally available managed security services platform
Manage security operations, detect and respond to emerging risk 9

37. Detailed Portfolio View
Security Strategy, Risk and Compliance
Cybersecurity Assessment and Response
Security Risk Assessment
Security HealthCheck
Information Security Assessment
Policy Development
Cloud Security Consulting
PCI, SCADA, Compliance
Emergency Response Services
Penetration Testing
Application Security Assessment
Application Source Code Assessment
Security Operations Optimization
Identity & Access Management
Strategy and assessment
Design and deployment
SIEM Design
Identity Assessment and Strategy
User Provisioning and Access Mgmt
Total Authentication Solution
Managed / Cloud Identity
Infrastructure and Endpoint
Data and Application Security
Deployment and migration
Staff augmentation
Data Security Strategy and Assessment
Encryption
Endpoint and Network Data Loss Prevention
Managed Security
Managed SIEM
Intrusion Detection and Prevention
Firewall
Unified Threat Mgmt
Managed Protection
X-Force Threat Analysis
Hosted and Wed
Hosted Vulnerability Mgmt
Hosted Security Event and Log Mgmt
Hosted Application Sec Mgmt
IBM Confidential

38. Security Requirements
Managed Security Solutions portfolio can address a wide variety of challenges and business requirements
Managed Security Services
Cloud security services
Managed firewall services
Managed IPS1 and IDS2 services
Managed UTM3 services
Managed Security Information and Event Management
Hosted vulnerability management services
Hosted security event and log management services
Hosted IBM X-Force® threat analysis services
Security Requirements
Multiple device types and vendors supported
1Intrusion Protection System
2Intrusion Detection System
3Unified threat management

39. Managed Network Security Services: Firewall, IDPS, UTM
Solution Overview
IBM’s Managed Security Services for Firewall, IPS and UTM are designed to reduce the operational overhead associated with the day to day management of core security technologies that provide the foundational elements for an organization’s overall security posture. These offerings combine management, monitoring, and maintenance across a variety of leading technologies and service levels.
Key Features
Support for market leading technologies
Checkpoint, Cisco, IBM, Juniper, McAfee, Tipping Point, Sourcefire, Palo Alto, etc.
Support for comprehensive product features
Most major product features are supported: Virtualization, multiple policies, traffic shaping, content security, custom signatures, etc.
Industry leading service level agreements
Service level agreements that set the benchmark for the industry including incident response, change management, system monitoring, portal availability, content updates, etc.
Two offering packages to ensure flexibility
The offerings are designed to meet the needs of less demanding to the most mission critical of environments.
Integrated service views via the IBM Virtual SOC
IBM’s proprietary web based interface ensures real-time on-demand access to the latest service information including alerts, advisories, system configuration, and comprehensive workflow and reporting capability.
Customer Pain Points
Multiple technologies create a challenge for skills management
Proper security administration requires round the clock support,
Compliance mandates competency beyond that of many organizations
Security teams are needed for more strategic activities but security technologies remain complex and cumbersome to implement.
Largest segment of MSS revenue comes from MSS services
Solutions for new device role out (green field) or existing device take over from customer – take overs require a bit more planning
We provide policy management, device health and availability monitoring, security event monitoring
Faster time to deploy and reduced operational overhead within multi-vendor environments.
Provides 24x7 support for round the clock monitoring, response, and management. 39 39

40. Cloud Security Services: Security Event and Log Management
Solution Overview
The Security Event and Log Management Service (SELM) enables compilation of the event and log files from network applications, operating systems, and security technologies into one seamless platform. The SELM offering allows for automated analysis of IPS data as well as robust query and research capabilities against a variety of disparate log types.
Key Features
Two tiers of service
SELM is available in Standard and Select service levels, allowing for varying degrees of analysis and analytics to be applied to varying data types.
Integrated workflow and analysis capabilities
With SELM’s integrated workflow and analysis capabilities, security issues can be investigated, escalated, and recorded using IBM’s web-based tools.
Seamless blending of MSS and non-MSS data SELM allows for data of managed and unmanaged devices to be stored in the same systems and seamlessly interacted with as though all data is part of a common data set.
Custom log parser and correlation engine
Easily use regular expressions to add support for custom log sources and correlation rules. Unique IBM functionality!
Forensically sound storage and archival
SELM employs best practice processes for data in motion and at rest as suggested by IBM’s own Emergency Response Services team.
Customer Pain Points
Information and event management solutions can be overly complex
SIM implementation can take months and hundreds of thousands of dollars
Many solutions struggle to scale when real-time analysis is required
Reporting requirements are often not met by off-the-shelf solutions
Improved time to value by leveraging an on-demand cloud- based platform versus cumbersome CPE deployment options.
Quickly analyze data from multiple geographies and technologies via a single web-accessible interface.
Cloud-based deployment allows for seamless off-site storage of critical log data.
Optional outsourcing of event monitoring activity to IBM experts on a shift-by-shift basis!
The Hosted Security Event and Log Management solution is designed to provide a cloud-based offering around log and event management and collection for our customers. The general idea is to collect data from operating systems, applications, network infrastructure, and security devices, and bring that information into the cloud in a secure and streamlined fashion. Then, that data can be properly archived and stored for long-term purposes so that the information can be queried and analyzed for potential security issues and can actually be run through a variety of intelligent rules to identify potential problems or events of interest that a customer might wish to explore more deeply.
This service can be used in a standalone capacity by customers who are looking to simplify the process of security, information, and event management by leveraging our low-cost cloud-based solution, or it can also be used in conjunction with the rest of our managed services for customers who are looking to complete the picture, customers who are looking to bring together data from devices that they manage on their own with devices that IBM might also be managing for them under other Managed Security Services offerings. So, think for a moment about a customer who has some intrusion prevention devices under management from IBM and also has some intrusion prevention devices they manage on their own.
By leveraging the Security Event and Log Management solution, they could actually bring all of that data into one place to more quickly complete security incident investigations, to more effectively understand the impact of a potential security attack and also to get more visualization into what might be occurring across the overall security deployment. 40

41. Cloud Security Services– Hosted Vulnerability Management overview
Solution Overview
Offers network-based vulnerability assessment from the cloud via the VSOC web portal. Scans can be configured and scheduled via the web, with scanning performed from the cloud or via IBM managed scanners at the customer premises. Results are archived in the cloud and accompanied by reporting, workflow, and remediation capabilities.
Core Capabilities
Vulnerability management Agentless scanning from both inside and outside the firewall to find exposures.
Remediation guidance and workflow Fix vulnerabilities quickly and easily with the information provided in remediation reports.
PCI compliance assistance IBM can serve as an approved scanning vendor (ASV) in support of PCI compliance initiatives.
Intelligent scanning Delivers accurate scanning results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positives mean less time spent tracking down “potential” vulnerabilities.
Web application vulnerability detection Identifies SQL injection, cross-site scripting, and other high-risk vulnerabilities in web applications.
Database vulnerability detection Identifies vulnerabilities in common databases and database configurations.
Customer Pain Points
Vulnerabilities allowing hackers easy access to client systems
Proper assessment and remediation are required for compliance initiatives
Today’s solutions are difficult to use and manage
Customers can’t prioritize remediation efforts for identified vulnerabilities
Faster time to deploy and more accurate detection of vulnerabilities, helping customers identify risks and ultimately improve their security posture
More efficient end-to-end process for remediating vulnerabilities, and better tracking for compliance purposes
Streamlined SaaS delivery model gives customers full control without the expense and distraction of owning and managing scanning infrastructure
The Hosted Vulnerability Management Service (or VMS) was recently updated in late 2010 to create an entirely new experience for our customers. And, this update essentially included a complete overhaul of the offering, brand-new scanning technologies, and an entirely new web-based interface that is designed to help improve manageability of the overall data set and improve the scalability of our solution, supporting larger implementations and more efficient and effective management of the vulnerability remediation process.
Vulnerability management, as a service, is important to customers because the vulnerability management process itself is complex and challenging. It requires workflow management so that not only are we scanning and assessing for vulnerabilities but we are also tracking the efforts toward closing those vulnerabilities in a programmatic fashion. Doing this can be difficult because there are not a lot of technology solutions out there to accomplish this and many organizations often resort to open source or homegrown solutions to meet this need, and those solutions generally are not optimized and result in more time being spent on the process than necessary. IBM recommends solving that problem through our web-based, Software-as-a-Service vulnerability management solution.
This solution provides external scanners that are located in IBM data centers that can be controlled by the customer through IBM’s Virtual SOC Portal interface. There, they can request scans to be run against specific IP addresses, mandate the actual policies, and have IBM’s external scanners reach across the Internet and scan their network perimeter to provide a hacker’s-eye view of potential vulnerability exposure within their network. Also, by deploying a managed scanner inside of the customer’s environment, and connecting that scanner into the Virtual SOC Portal, the customer can also initiate internal scans to get visibility of vulnerability exposures that would be representative of a potential insider threat. These types of scanning capabilities are complimented by detailed logs and scan result reviews inside of the web portal, as well as comprehensive dashboarding and reporting capabilities, as well. 41

42. Cloud Security Services: IBM X-Force Threat Analysis Service
Solution Overview
IBM Security Services' X-FORCE Threat Analysis Service (XFTAS) is a security intelligence service that delivers customized information about a wide array of threats that could affect your network security. XFTAS helps you proactively protect your networks with detailed analyses of global online threat conditions.
A single source for up-to-the minute, customized security information
Expert analysis and correlation of global security threats
Actionable data and recommendations that help you maintain your network security
Easily accessed 24x7x365 through the VSOC Portal
Partner with a trusted security advisor
The Hosted X-FORCE Threat Analysis Service is designed to provide customers with a subscription-based security intelligence capability that helps keep organizations abreast of all of the latest security threats. It is populated on a regular basis by information from IBM’s X-FORCE, and it is designed to help organizations keep their finger on the pulse of the threat landscape.
With the X-FORCE Threat Analysis Service, organizations know what the most current threats are, what those threats mean to their organization, whether or not those threats are worthy of potentially changing staffing or a security process or procedure within their operations center.
This is a great way to aggregate information from many different sources and give customers’ security teams a single place to look to understand truly what is going on in the threat landscape. Threat Analysis Service is included as a bundled component with every Managed Security Service that we offer. This means that customers receive this service if they purchase any of the offerings that we have discussed today. However, for customers who are not subscribers to the rest of our Managed Security Services portfolio, they can also purchase this solution directly from IBM or one of our Business Partners. So, they can have a login to our Virtual SOC Portal to access all of the threat intelligence information even if they are not subscribers to the rest of our managed services.
We also offer this service with a special remarketing license, and the remarketing license allows organizations to take information out of this service and actually distribute it to end users, to host it on intranet sites, and to use the information in other security research initiatives that they might have ongoing internally.
Unique Value
The IBM X-FORCE Threat Analysis Service combines high-quality, real-time threat information from an international network of Security Operations Centers with security intelligence from the X-Force research and development team to develop comprehensive evaluations and recommendations suited to your business.

43. Customers have full visibility into work being performed through
Customers have full visibility into work being performed through the Virtual Security Operations Center portal (V-SOC)
Firewalls and IDS and IPS1
Applications
Networking devices
Vulnerability
Aggregation
Correlation
Archival
Reporting
Workflow
Virtual-SOC technology platform
Security Operations Center (SOC)
Normalize
Aggregate
Correlate
Archive
Escalate
Remediate
Internet
Virtual-SOC portal
Virtual Security Operations Center (V-SOC)
Anti Virus and filtering

44. Thank You Gracias Danke Tack Asante sana Obrigado Dankie Merci Grazie
ευχαριστώ
Tack
Greek
Hindi
Swedish
Спасибо
Asante sana
Thai
Gracias
Russian
Swahili
Spanish
Thank You
Obrigado
Arabic
Portuguese
Danke
Dankie
Grazie
Merci
German
Afrikaans
Italian
French
Hvala
Slovenian
Simplified Chinese
Korean
Köszönöm
Hungarian
Japanese 44 44