IBM Security Systems Trends and IBM Framework

(1)

IBM Security Systems

1

IBM Security Systems – Trends and IBM

Framework

Alex Kioni

CISSP, CISM, CEH, ITILv3

Security Systems Lead Technical Consultant Central, East & West Africa Region

(2)

IBM X-Force 2013 Mid Year Trend and

Risk Report

Region Trends

Trusteer Acquisition – Advanced Fraud

Protection

Regional Challenges

Solutions

(3)

3

Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more

EVERYTHING IS EVERYWHERE

With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared

CONSUMERIZATION OF IT

The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere

DATA

EXPLOSION

The speed and dexterity of attacks has increased coupled with new actors with new motivations from cyber crime to terrorism to state-sponsored intrusions

ATTACK

SOPHISTICATION

Increased risk environment has elevated the role and importance of the

security function

(4)

The impact on business and innovation is real and growing …

  Cyber attacks   Organized crime   Corporate espionage   State-sponsored attacks   Social engineering

External threats

Sharp rise in external attacks from non-traditional sources

  Administrative mistakes

  Careless inside behavior

  Internal breaches

  Disgruntled employee actions

  Mix of private / corporate data

Internal threats

Ongoing risk of careless and malicious insider behavior

  National regulations

  Industry standards

  Local mandates

Compliance

Growing need to address an increasing number of mandates

(5)

5

(6)

Economic and reputational impact -

Hacked Associated Press twitter

account.

April of 2013, sixty characters cost the U.S. stock market $200,000,000,000. Yes, that’s two hundred billion. From a single tweet! - tweet said there were explosions at the White House

(7)

7

(8)

IBM X-Force 2013 Mid-Year Trend and Risk Report

•

IBM X-Force

Trend & Risk report is regarded as

one of the most comprehensive

and highly

anticipated reports in the industry

(9)

9

X-Force is the foundation for advanced security and threat research

across the IBM Security Framework

The mission of X-Force is to:

 Monitor and evaluate the

rapidly changing threat landscape

 Research new attack techniques

and develop protection for

tomorrow’s security challenges

 Educate our customers and

(10)

IBM has unmatched global and local presence and expertise to help you manage the cost and complexity of security

9 Security Research Centers 9 Security Operations Centers 11 Security Solution Development Centers 133 Monitored Countries 3 Institutes for Advanced Security (IAS) IAS

Americas Europe IAS

IAS Asia Pacific

  ~4,000+ clients

  9+ billion events per day

We manage security for thousands of customers across the world,

giving us a unique and current picture of threats and attacks

Kenya, Tanzania, Rwanda, Ethiopia Nigeria,

(11)

11

A perspective in numbers

Mobile

Mobile devices are a lucrative target for malware authors. 470 million Android devices shipped in 2012 alone.

2013 witnessed the release of a Trojan named Obad, which is notable for some new and technically sophisticated features.

Obad was spread primarily through short message service (SMS) spam, and gained attention in June 2013 when it was dubbed “The most sophisticated Android Trojan.”3

Source: IBM X-Force®_{Research 2013 Trend and Risk Report}

In the first six months of 2013, IBM X-Force:

• Analyzed 4,100 new security vulnerabilities

• Analyzed 900 million new web pages and images

• Created 27 million new or updated entries in the IBM web filter database

• Created 180 million new, updated, or deleted signatures in the IBM spam filter database

(12)

IBM X-Force 2013 Mid-Year Trend and Risk Report – Highlights

Some of the key insights of X-Force analysis of trends and attack behaviors include:

•  Social media: a tool for business, reconnaissance, and attacks

•  Mobile device malware: explosive growth of Android devices attracts malware authors

•  Poisoning the watering hole: compromising a central strategic target

•  Distraction and diversion: attackers amplify distributed denial of service (DDoS) as a

distraction to breach other systems

•  Old techniques, new success: security complexity enables old gaps to be exploited

IBM X-Force continues to see

operationally sophisticated attacks

(13)

13

What are we seeing? Key Findings from the 2013 Trend Report

  Software vulnerability disclosures up from 2012

  Web application vulnerabilities surge upward

  XSS vulnerabilities highest ever seen at 53%

  Content Management Systems plug-ins provide soft target

  Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering

  Mobile Security should be more secure than traditional user computing devices by 2014

  40% increase in breach events

  Sophistication is not always about technology

  SQL Injection, DDoS, Phishing activity increased from 2011

  Java means to infect as many systems as possible

Threats

and Activity

Operational

Security

Emerging

Trends

(14)

A perspective in numbers

137.4 million

cyber security attacks took place

last year, averaging 380,000 on a daily basis

3.6 million

attacks targeted the finance

and insurance sectors

42%

of all malicious links are hosted in the

US

23%

percent of all malicious links hosted

on the Internet are located on pornography

sites.

(15)

15

2011: “The year of the targeted attack”

Marketing Services Online Gaming Online Gaming Online Gaming Online Gaming Central Government Gaming Gaming Internet Services Online Gaming Online Gaming Online Services Online Gaming IT Security Banking IT Security Government Consulting IT Security Tele-communic ations Enter-tainment Consumer Electronics Agriculture Apparel Insurance Consulting Consumer Electronics Internet Services Central

Govt Central _Govt Central Govt Attack Type SQL Injection URL Tampering Spear Phishing 3rd_{Party Software} DDoS SecureID Trojan Software Unknown

Size of circle estimates relative impact of breach in terms of cost to business

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

Entertainment Defense Defense Defense Consumer Electronics Central

Government Government Central Central Government Central Government Central Government Central Government Central Government Consumer Electronics National Police National Police State Police State Police Police Gaming Financial Market Online Services Consulting Defense Heavy Industry Entertainment Banking

2011 Sampling of Security Incidents by Attack Type, Time and Impact

Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

(16)

2012: The explosion of breaches continues!

2012 Sampling of Security Incidents by Attack Type, Time and Impact

(17)

(18)



Fibre optic installation, broadband penetration, and

security



Security trends and incidents in Kenya, incident

(19)

(20)

(21)

21

•  Regionally, according to the Financial Crime Survey, the financial services industry lost more

than Sh2.7 billion ($30 million) in the 18 months through June

•  Data from the Banking Fraud Investigations Department (BFID) indicate that financial

institutions reported Sh1.5 billion (~ $17.6million) was stolen from customers’ accounts in the year to April.

•  Businesses in Kenya are experiencing cases of insider threat including data leakage and

insider fraud.

•  Poorly designed and insecure web applications expose local financial institutions to possible

compromise and defacement by cyber criminals.

•  Automated attacks targeting organizations in Kenya are going undetected due to poor

detection and prevention methods.

•  Cyber criminals are selling stolen credit cards issued by Kenyan banks online for $10 US

dollars.

•  Kenya has a higher percentage of malware infected PCs compared to global averages.

•  Kenyan ISPs have poor reputation scores leading to email and web traffic getting blocked.

•  There is evidence of botnet activity originating from Kenya presenting the greatest threat to

critical infrastructure and corporate networks.

(22)

Accused of stealing $3,791,329.05 (Sh328,

644,155.17) on July 8 at the Standard Chartered Bank head office.

(23)

23

Businesses in Kenya are experiencing cases of insider threat

including data leakage and insider fraud

(24)

Cyber criminals are selling stolen credit cards issued by

Kenyan banks online for $10 US dollars.

(25)

25

$45 million

Amount stolen in 10 hours in

ATM-withdrawal sprees on Feb. 19-20, 2013

40,500

Total ATM withdrawals

27

Countries where ATMs were raided in the operations, including Kenya

The "Unlimited Operation"

Hundreds of people involved in 27 countries without using a gun or bomb threat, or even setting foot inside a bank lobby.

(26)

(27)

(28)

(29)

29

Challenges to Security in the region

•  Executive buy in before incident – reactive, budget constraints

Low investment in security vs. core technology – For every 10000 KES spent on IT vs. 30 KES on security

•  Client skills level and knowledge – low skills

•  Highly technical/unemployed graduates - computer labs and internet sources

in colleges. Availability of cheap hacking tools - Readily available online

•  Lack of security awareness - Sharing password, weak passwords and

unsecured devices

•  User of Web designers to architect websites - Web architects vs. web

designers

(30)

(31)

31

The importance of integrated, all

source analysis cannot be

overstated. Without it, it is not

possible to "connect the dots."

No one component holds all the

relevant information.

(32)

3 2

IBM Security Framework

DATA AND INFORMATION

Understand, deploy, and properly test controls for access to and usage of sensitive data

PEOPLE AND IDENTITY

Mitigate the risks associated with user access to corporate resources

APPLICATION AND PROCESS

Keep applications secure, protected from malicious or fraudulent use, and hardened against failure

NETWORK, SERVER AND END POINT

Optimize service availability by mitigating risks to network components

PHYSICAL INFRASTRUCTURE

Provide actionable intelligence on the desired state of physical infrastructure security and make improvements

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Design, and deploy a strong foundation for security & privacy

(33)

33

• 

IBM Security Research

• 

Security Intelligence and Compliance Analytics

• 

Identity and Access Management

• 

Data Protection

• 

Application Security

• 

Infrastructure Protection

(34)

(35)

35

SECURITY INTELLIGENCE

Security intelligence is the continuous real-time

collection, normalization and analysis of data generated

by users, applications and infrastructure.

Security intelligence integrates event management (SIEM) solutions, including:

* log management

* security event correlation * network activity monitoring * network behavior analytics

(36)

(37)

37

IBM offers a broad portfolio of technologies and services to meet the security needs of organizations

Safeguard Consumer Data

Secure Mobile devices and infrastructure

Ensure Secure Collaboration

QRadar

Endpoint Manager for Mobile

Access Manager for Mobile AppScan for Mobile

WorkLight

Mobile Connect

Managed Mobility Services

QRadar

Guardium Database Security

Trusteer

Optim Data Masking AppScan

Encryption and DLP Service Threat Analysis Services

Firewall, IDS/IPS Managed Services

Identity & Access Assurance

Access Manager Single Sign-on

Federated Identity Manager Policy Manager

DataPower

(38)

Trusteer will further advance the IBM security strategy and

strengthen IBM

’

s portfolio of integrated solutions

IBM Enters Web Fraud Protection

leading web fraud capabilities assists IBM's financial services and web commerce customers

Strengthens IBM Mobile Security

as part of IBM MobileFirst, Trusteer enables secure transactions from devices to the back office

Extends Advanced Threat Protection

provides a unique endpoint solution to help identify and prevent Advanced Threats

Security-as-a-Service

cloud-based deployment enables rapid adoption and real-time updates

(39)

39

Trusteer focuses on the predominant attack vectors responsible for

today

’

s Cybercrime

Financial Fraud

Fraud from Customer or Criminal Device

First target is the customer. Malware installed on their PC and mobile devices can generate fraudulent transactions.

In addition, malware and phishing help attackers steal credentials and other personal data.

Mobile Malware Creden7al The: Account Takeover Automated Malware-‐ driven Fraud Enterprise Security

Targeted a?acks and Advanced Persistent Threats

A new and emerging target are employees. Criminals use spear-phishing email to target employees and deploy malware on their endpoints. Attackers use this malware to

access systems and exfiltrate data out of the enterprise. Malware Infec7on: Spear-‐ Phishing: Creden7al The: Endpoint Remote Control

(40)

• IBM X-Force Global Threat Intelligence

Fraud Detection Extending to IAM and E-commerce

Trusteer

Pinpoint and Rapport

combined with… • IBM Security Access Manager • IBM WebSphere Application Server

Trusteer allows IBM to strengthen its security strategy with broader

intelligence

, additional

expertise

and unique

integrations

Holistic Protection For Zero-Day Exploits and Data Exfiltration

Trusteer Apex

combined with… • IBM QRadar Security Intelligence Platform • IBM Network IPS • IBM Endpoint Manager

Embedded Security for Mobile Devices

and Applications

Trusteer

Mobile Risk Engine

combined with…

IBM MobileFirst Platform and Management Solutions • IBM WorkLight

• IBM Endpoint Manager

Advanced Threat Protection Mobile Transaction Security Enhanced Threat Intelligence Integrated Fraud Protection

(41)

41

(42)

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s

sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.