• No results found

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence"

Copied!
25
0
0

Loading.... (view fulltext now)

Download now ( 25 Page )

Full text

(1)

Take the Red Pill: Becoming One

with Your Computing Environment

using Security Intelligence

Chris Poulin

Security Strategist, IBM

(2)

Securing Information Resources is a Multi-Dimensional Puzzle

People

Data

Applications

Infrastructure

Hackers

Outsourcers

Suppliers

Systems

applications

Web

Applications

Web 2.0

Mobile apps

Structured

Unstructured

At rest

In motion

It is no longer possible to define and protect the perimeter, but demands a focus on

protecting data. Point products are not sufficient to protect the enterprise.

Consultants

Terrorists

Customers

(3)

Getting Intimate with Your Computing Environment

How well do you know:

Applications? Owners? Activity patterns?

Where sensitive data resides?

(4)

Why Take the Red Pill?

(5)

How to Get There: Security Intelligence

Extensive Data

Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=

Suspected Incidents

Event Correlation

Activity Baselining & Anomaly

Detection

• Logs

• Flows

• IP Reputation

• Geo Location

• User Activity

• Database Activity

• Application Activity

• Network Activity

Offense Identification

• Credibility

• Severity

• Relevance

Database Activity

Servers & Hosts

Vulnerability Info

Configuration Info

Security Devices

Network & Virtual Activity

(6)

What is Security Intelligence?

Security Intelligence

--noun

1.

the real-time collection, normalization, and analytics of the

data generated by users, applications and infrastructure that

impacts the IT security and risk posture of an enterprise

Security Intelligence provides actionable and comprehensive

insight for managing risks and threats from protection and

detection through remediation

(7)

Activity and Data Access Monitoring

Visualize Data Risks

Automated charting and reporting

on potential attacks

Correlate System, Application,

& Network Activity

Enrich security alerts with anomaly

detection and flow analysis

Detect suspicious activity before it leads to a breach

(8)
(9)
(10)
(11)

Alert on data patterns, such as credit card

number, in real time.

Who is responsible for the data leak?

(12)
(13)
(14)
(15)

Customize Your Network Landscape for Contextual Visibility

(16)
(17)
(18)

User Activity Monitoring to Combat Advanced Persistent Threats

User & Application

Activity Monitoring alerts

on a user anomaly for

Oracle database access.

(19)

Baselining Complex Patterns

 Complex patterns can be baselined

(20)

Configuration & Risk

Network topology and open

paths of attack add context

Rules can take exposure

into account to:

Prioritize offenses and

remediation

Enforce policies

(21)

Security Intelligence Timeline

Prediction & Prevention

Risk Management. Vulnerability Management. Configuration Monitoring. Patch Management. X-Force Research and Threat Intelligence. Compliance Management. Reporting and Scorecards.

Reaction & Remediation

SIEM. Log Management. Incident Response.

(22)

Security Intelligence Wrap-Up

 Monitor all activity and correlate in real time

 Reduce cost & complexity, lower TCO, compliance

 Detect policy violations

 Baseline against reality (CMDB)

 Social media, P2P, etc.

 Detect suspicious behavior

 Privileged actions from a contractor’s workstation

 DNS communications with external system

 Detect APTs

 File accesses out of the norm—behavior anomaly detection

 Least used applications or external systems; occasional traffic

 Detect fraud

 Baseline credit pulls or trading volumes, and detect anomalies

 Correlate eBanking PIN change with large money transfers

 Forensic evidence for prosecution

(23)

IBM’s Security Intelligence, Analytics and Big Data portfolio

1

IBM QRadar

Security Intelligence

unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and risk related data

2

IBM Big Data Platform (Streams, Big Insights, Netezza)

addresses the speed and flexibility required for customized data

exploration, discovery and unstructured analysis

3

IBM i2

Analyst Notebook

helps analysts investigate fraud by discovering patterns and trends across volumes of data

4

IBM SPSS

unified product family to

(24)

Thank You!

(25)

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is

provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

References

Download now ( PDF - 25 Page - 2.88 MB )

Related documents

Chorionic thickness and PlGF concentrations as early predictors of small-for-gestational age birth weight in a low risk population

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

Crisis Prevention: Tackling Horizontal Inequalities

Nonetheless, in societies where the private sector forms a major source of group inequality in jobs, incomes and assets, horizontal inequality in this sector could be conducive

Legal Assisting Program. Advisory Board Meeting. Minutes. December 9, 2011

Moreiras said that now that grandfathering into the FRP is over, there will be no shortage of people interested in taking the CLA/CP Exam and therefore it will be easy to market

Pemberitaan Indonesia International Motor Show 2013 (Studi Analisis Isi Fungsi Media Pada Pemberitaan Seputar Indonesia International Motor Show 2013 di Media Online Otomotifnet.com)

Tidak terdapat fungsi mendorong kohesi sosial, karena dalam pemberitaan IIMS 2013 di otomotifnet.com, menyajikan seluruh berita (58 berita) hanya menggunakan satu

TIle wasbased onthe Ke~ne'iVer-m~'l;Ilar~~et 8upportingd.ocumentation. The in

MGT of America performed an annual inspection for compliance with the ICE National Detention Standards (NOS) at the Central Texas Detention Facility (CTDF) located in San

Hell on Rails. The Continuing Violence in La Mara by Rafael Ramirez Heredia

Ramírez Heredia ha situado su novela en el corazón de una frontera tan importante como la que conduce a los indocumentados hasta EEUU, y que supone una escala importantísima en

Secure Alternate Viable Technique of Securely Sharing The Personal Health Records in Cloud

This system uses a Secure Alternate Viable (SAV) algorithm to make sure that no un-trusted access to the PHR, but allows the authorized data consumers to decrypt the

EFFECT OF SILVER NANOPARTICLES, SPERMINE, SALICYLIC ACID AND ESSENTIAL OILS ON VASE LIFE OF Alstroemeria

This study examines the effects of different concentration of nanosilver, salicylic acid, spermine and some essential oils preharvest and postharvest on improving the