• No results found

IBM Security Services

N/A
N/A
Protected

Academic year: 2021

Share "IBM Security Services"

Copied!
21
0
0

Loading.... (view fulltext now)

Full text

(1)

© 2014 IBM Corporation 1

© 2014 IBM Corporation

IBM Security Services

- Penetration Testing -

(2)

© 2014 IBM Corporation 2

THE EVOLVING THREAT

LANDSCAPE

(3)

© 2014 IBM Corporation 3

Success in today’s dynamic, data driven global marketplace

requires effective enterprise IT security management

(4)

© 2014 IBM Corporation 4 M O T I V A T I O N

Motivations and sophistication are rapidly evolving

S O P H I S T I C A T I O N

National Security,

Economic Espionage

Notoriety, Activism,

Defamation

Hacktivists Lulzsec, Anonymous

Monetary

Gain

Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack

Nuisance,

Curiosity

Insiders, Spammers, Script-kiddies

Nigerian 419 Scams, Code Red

Nation-state actors, APTs

Stuxnet, Aurora, APT-1

(5)

© 2014 IBM Corporation 5

Monthly

7,647,121

Security events

Annual

16,857

Monthly

1,405

Security attacks

Annual

109

Monthly

9

Security incidents

Security Intelligence

Correlation and analytics

tools

Security Intelligence

Human security analysts

Security Incidents are rising: Data from the IBM 2014 Cyber Security

Index

Weekly

1,764,121

Weekly

324

Weekly

2

Annual

91,765,453

Attacks: Increased

efficiencies achieved

More efficiency in security

processing to help clients

focus on identified

malicious events

Events: up 12% year

on year to 91m

Observable

occurrences in a

system or network

Incidents: up 22% year

on year

Attacks deemed

worthy of deeper

investigation

(6)

© 2014 IBM Corporation 6

At the same time, according to Ponemon Institute, the cost of a

data breach to global organizations is on the rise

NEW DATA from the

2014 Ponemon Institute Cost of Data Breach

Study: United States, sponsored by IBM

www.ibm.com/services/costofbreach

$145

Average cost per

record compromised

15% increase

up 9%

year-to-year in rate of

customer churn

up 15%

$3.5 million

Average total cost

per data breach

(7)

© 2014 IBM Corporation 7 IBM Confidential

According to 2014 Ponemon Institute the average cost of a data

breach per record varies from country to country

Source 2014 Ponemon Institute Cost of Data Breach Study: Italy

In

Italy

the cost of data breach

increased from €95 in 2013 to €102 in

2014 for one compromised record

In

Italy

the total organizational cost of

data breach increased from €1.73

(8)

© 2014 IBM Corporation 8 IBM Confidential

What happens in Italy?

- Data from latest Clusit Report -

Hacktivism

: Hacktivism is the act of hacking a website or computer

network in an effort to convey a social or political message. The person

who carries out the act of hacktivism is known as a hacktivist.

(9)

© 2014 IBM Corporation 9

IT Security is a board-room discussion

Increasingly, companies are appointing CROs and CISOs

with a direct line to the Audit Committee

Loss of market share and reputation Legal exposure

Audit failure

Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation

CEO

CFO/COO

CIO

CHRO

CMO

(10)

© 2014 IBM Corporation 10

(11)

© 2014 IBM Corporation 11

IBM has a commitment to security research, development,

monitoring & analysis

4,300

strategic

outsourcing security

delivery resources

1,200

professional

services security

consultants

650

field security

specialists

400

security operations

analysts

10

security research

centers

10

security operations

centers (SOCs)

14

security development

labs

IBM X-Force Expertise

150M intrusion attempts monitored daily

46,000 documented vulnerabilities

40M unique phishing/spam attacks

Millions of unique malware samples

Billions of analyzed web pages

1000+ security patents

Managed Services Excellence

Tens of thousands of devices under

management

Thousands of MSS clients worldwide

Billions of events managed per day

Countries monitored in all geographies

Industry-leading research and reports

(12)

© 2014 IBM Corporation 12

Sources:

Forrester Research Inc. Forrester WaveTM: Information Security Consulting Services, Q1 2013 Forester Wave: Managed Security Services providers Q1, 2012.

IBM is widely recognized as a leader in this market

“IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations

looking for a high-quality vendor that can do it all and manage it afterwards should consider IBM.”

(13)

© 2014 IBM Corporation 13

(14)

© 2014 IBM Corporation 14

IBM Security Services Portfolio

People Data Applications Infrastructure

Identity

Assessment & Strategy Crown Jewels Discovery & Protection SDLC Program Development Security Optimization User Provisioning/Access Mgmt Database Security Dynamic and Static Testing Design, Deployment & Migration

Total Authentication Solution Encryption and Data Loss Prevention

Embedded Device Testing

Staff Augmentation Managed/Cloud Identity Mobile Application Testing

Strategy, Risk & Compliance

Security Maturity Benchmarking

Security Strategy & Roadmap Development

Security Risk Assessment & Program Design

Industrial Controls

(NIST, SCADA) PCI Advisory

Firewall / Unified Threat Management

Intrusion Detection & Prevention

Web Protection & Managed DDoS

Hosted E-Mail & Web Vulnerability Mgmt

Managed SIEM & Log Management

Powered by IBM’s Next Generation Threat Monitoring and Analytics Platform

Security Operations

Security Intelligence Operations Center Design & Build Out Services

Cloud and Managed Services

Cybersecurity Assessment & Response

Threat Intelligence Advisory X-Force Threat Analysis Penetration Testing Incident Preparation Emergency Response

IBM Secuity Services Portfolio Overview

Built to address the Security Essentials, within context of the

integrated Security Framework

(15)

© 2014 IBM Corporation 15

Questo servizio effettua prove che mostrano le tecniche di attacco e

identificano i sistemi vulnerabili

I servizi di penetration test dimostrano, per mezzo di scenari reali, il modo in

cui gli attaccanti possono impattare significativamente sul business.

Durante delle prove controllate, i consulenti degli IBM Professional Security

Services (PSS) tentano di penetrare remotamente i dispositivi di rete e di

fornire l’evidenza che i sistemi e i dati critici possono essere compromessi.

Si documentano le scoperture di sicurezza insieme alle soluzioni

raccomandate per eliminarle o contenerle.

Al di là di un semplice assessment di vulnerabilità (scan), un penetration test

può mostrare l’impatto reale delle vulnerabilità piuttosto che indicare delle

debolezze teoriche.

Descrizione dei servizi:

Requisiti dei clienti

Soddisfare i requisiti normativi

Validare l’efficacia dei controlli

di sicurezza implementati

Aiutare a definire le priorità

degli investimenti di sicurezza

(16)

© 2014 IBM Corporation 16

I clienti comprendono meglio l’impatto di un attacco sul proprio

business e possono decidere di conseguenza le azioni a rimedio

La dimostrazione di come degli attaccanti possano

impattare in modo significativo sul business del Cliente

La validazione dell’efficacia della attuali contromisure di

sicurezza del Cliente

Estendere e approfondire la prospettiva sulle tecniche e le

motivazioni degli hacker

Incoraggiare il supporto del top management alla strategia

e alle risorse di sicurezza

Identificare la azioni raccomandate per ridurre

efficacemente il rischio

Facilitare la gestione della conformità alle normative

industriali e statali

(17)

© 2014 IBM Corporation 17

Project Initiation

– The purpose of this activity is to finalize the project team members, develop a common understanding of the project objectives, roles and responsibilities, and assess your readiness to implement the Services by confirming that the appropriate information is documented.

Network Discovery and Assessment

– The purpose of this activity is to identify active hosts and services within the target network range(s) and assess the security posture of those systems.

Network Attack and Exploitation

– The purpose of this activity is to attempt to exploit identified vulnerabilities and demonstrate the impact of those vulnerabilities in terms of successful attack scenarios for the target network range(s), IP addresses, and in-scope active Devices specified in the Schedule.

Web Application Testing (Add-on)

– The purpose of this activity is to attempt to identify and exploit web application vulnerabilities and demonstrate the impact of those vulnerabilities in terms of successful attack scenarios against in-scope websites.

Internal Network Exploitation (Add-on)

– The purpose of this activity is to utilize discovered successful attacks to initiate mutually agreed upon breach scenarios for the target network range(s).

Network Vulnerability Assessment (Add-on)

– The purpose of this activity is to identify active host systems and associated services within the targeted network range, assess such systems for known vulnerabilities, and evaluate the identified vulnerabilities.

Onsite Internal Penetration Test (Add-on)

– The purpose of this activity is to attempt to investigate weaknesses in the internal network by mimicking malicious behaviors that could be exhibited by a trusted user with access to the network.

(18)

© 2014 IBM Corporation 18

Penetration Test – Scope and Methodology

Scope

– Identify active services, their nature and the published services

– Identify the current vulnerabilities

– Analyze Web security exposures

– Leverage the identified vulnerabilities to access the Client’s

systems and provide actual risks entity and evidence

– Document the possible countermeasures and exposures

resolutions

Phases*

Discovery:

get an overview of the tested systems and their

usage

Vulnerabilities

assessment:

perform network, host and port

mapping, run vulnerability scanners to identify any existing

network, operating system or service vulnerabilities, manual

vulnerability mapping, application testing.

Penetration (or exploiting):

exploit vulnerabilities found

Keep access:

ensure constant access to exploited systems

Cover tracks:

hide presence on exploited systems

Final reports:

Executive summary, Main Observations,

Vulnerabilities technical details, Recommendations

(19)

© 2014 IBM Corporation 19

4) Next:

- crack passwords of domain users

- Attack other domains

Penetration Test - Typical Exploit Sequence

1) Exploit

2) Crack local passwords

Vulnerable Server Domain Systems DOMAIN COMPROMISED Domain Controller 3) Exploit

(20)

© 2014 IBM Corporation 20

Penetration Testing Summary

IBM Penetration testing services perform safe and controlled exercises that demonstrate covert and hostile attack techniques designed to identity vulnerable systems. It validates existing security controls and quantifies real-world risks, providing clients with a detailed security roadmap that prioritizes the weaknesses in the network environment.

Helps to prevent network compromise and downtime by identifying

vulnerabilities, validating current safeguards and outlining steps for remediation

Raises executive awareness of corporate liability to emphasize the importance of IT security efforts

Validates effectiveness of the security measures currently in place

Quantifies system and business critical data risk

Provides recommendations to resolve identified security vulnerabilities to prevent network downtime.

Helps to protect integrity of online assets

Supports efforts and investiments to reach and maintain compliancy with security regulations and industry standards

Key Features

Provides a detailed analysis of your network security, including

demonstrated attacks and their effects on your online operations

Delivers a quality service designed to be safely conducted by expert security professionals, through manual

penetration techniques and automated scanning

Conducts real-life simulations of covert and hostile activities typical of malicious attackers’ attempts to compromise perimeter devices and security controls

Final reports show, for priorities,

identified risks and set out the elements for immediate action to resolve identified vulnerabilities

Customer Pain Points

 Address and maintain security needs satisfying regulatory compliance

 Lack of skill and resources to build an efficient and effective security program

 Needs to protect business critical data

 Maintain network and application availability during hostile activities typical of malicious attackers

(21)

© 2014 IBM Corporation 21

References

Related documents

In contrast to other fruits, the mature fruit of the mamey sapote has never been seen to be damaged by the disease.. To prolong the effect of this treatment, a

Trend Following: Empirical Findings of Diversification by Less Liquid Markets Abstract: In this paper, we highlight a specific factor of capital allocation: inclusion

Because medically underserved communities heavily depend on the use of health care teams that include a full range of health care professionals (a practice encouraged under

Of course there are many exceptions to these generalities, and many DCS manufacturers have produced systems to deal with COSs (both by producing event driven base systems

The NYSIF states that the Debtor would not receive additional workers’ compensation payments or have eligible medical bills paid by the NYSIF until the Debtor exhausts the credit

Pemilihan media video animasi pembelajaran dengan subtema pembentukan karakter diharapkan dapat membantu proses mengajar. Media pembelajaran dapat dimanfaatkan sebagai

Se logró el objetivo del estudio al deter- minar la huella hídrica azul de los cultivos forrajeros de la Comarca Lagunera, encon- trándose que la eficiencia y productividad del agua

In comparison of the four (4) selected markets in the study area, the result shows that the maximum average selling price and as well as the average profit were obtained in