• No results found

Managing security risks and vulnerabilities

N/A
N/A
Protected

Academic year: 2021

Share "Managing security risks and vulnerabilities"

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

Protect your critical assets with an integrated, cost-effective approach to

vulnerability assessments and risk management

(2)

Introduction

While technology innovations are improving our everyday lives, cybercrime is also on the rise—and the costs are higher than ever. A recent study found that the annual costs of cybercrime averaged USD11.6 million per large organization in 2013, which is an increase of 26 percent from the previous year.1 In fact, even

the most security-minded organizations can be exploited by today’s operationally sophisticated attackers. And the impact can extend far beyond the bottom line. Security breaches can result in the loss of intellectual property, disrupt critical operations and damage an organization’s image, brand and public reputation. Meanwhile, security teams often take approaches that are largely reactive instead of proactive; it is not uncommon for them to spend the majority of their time—and budget—deploying tools that can only detect and remediate breaches, rather than proac-tively examining and strengthening security defenses already in place. Plus, personnel are kept busy with activities such as

Contents

2 Introduction

2 Understanding the threat landscape

4 Getting proactive about security

5 Unifying security resources with IBM solutions

6 Unleashing the value of security intelligence

8 Improving security with vulnerability management

10 Combining vulnerability management with risk management

11 Closing the gaps in risk and vulnerability management

11 Conclusion

12 For more information

12 About IBM Security solutions

vulnerability scanning that help ensure compliance with regula-tory mandates, yet they lack the ability to add context to this data, such as which vulnerabilities create the greatest risk for the organization. As a result, many security products are designed to support reactive tasks, rather than the broader goal of detecting weaknesses and unauthorized behavior to help stay ahead of threats.

Fortunately, today’s organizations have a smarter option. The latest integrated security intelligence solutions use advanced labor-saving automation to deliver more value from security budgets—and increase efficiency of IT staff—while simultane-ously strengthening their security posture. Organizations can automate management of security events, logs and network flows. In addition, they can compare network configurations to proactively identify security exposures, analyze firewall rules, simulate the potential impact of an attack, and quantify the risk from vulnerabilities.

This white paper discusses how organizations can focus on protecting high-value assets and provide scalable, cost-effective, integrated security across the entire IT environment. It will explain how the right security intelligence platform can integrate vulnerability analysis, risk management and remediation support—all from within a single console—to proactively identify security weaknesses and minimize potential risks across a dynamic infrastructure.

Understanding the threat landscape

Security breaches are increasingly reported in the media, thanks to the growing number of attacks and their increasing severity. The IBM® X-Force® research and development team recently reported that the total number of security incidents for 2013 was on track to surpass the numbers from 2012.2 What’s more, the

organizations targeted by attackers have often deployed basic security measures. So why are the attacks successful?

(3)

For one thing, disparate security solutions are sometimes just toolkits. They often lack the ability to perform real-time analysis of network flows, or to add context to network traffic and topologies. This means that IT security teams have limited visi-bility into what’s really happening on the network. Vulneravisi-bility scans can reveal hundreds of thousands—or even millions—of exposures, and security administrators are typically faced with the near-impossible task of prioritizing their efforts and then manually mitigating and patching the weaknesses. To make mat-ters worse, security threats keep escalating, compliance efforts don’t go far enough, and organizations are hampered by ineffi-cient, disparate tools for risk and vulnerability management. Security threats are escalating

The quantity of vulnerabilities are exploding in today’s dynamic environments, while attackers are exploiting them faster than ever before—and with greater sophistication and stealth. In so-called “zero-day attacks,” exploits are created for vulnerabilities

Vulnerability disclosures growth by year

2013 prediction of (first half doubled)

Source: “IBM X-Force 2013 Mid-Year Trend and Risk Report”

10,000 9,000 8,000 7,000 6,000 5,000 4,000 3,000 2,000 1,000 0 19 96 19 97 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

IBM X-Force reported that halfway through 2013, vulnerability disclosures were on track to surpass the total number disclosed in 2012.2

in which a patch has not been released. In fact, X-Force found that 77 percent of all exploitable vulnerabilities have a public exploit available on the very same day.3 Then, in addition to the

potential lag time between the disclosure of vulnerabilities and the availability of a patch, organizations need time to determine which systems are affected, prioritize their remediation, and take corrective action to patch those machines.

At the same time, today’s sophisticated attackers are becoming stealthier. Recent research, for example, shows that attackers are spending long periods of time in the victim’s network—an average of 243 days—before being discovered.4 And even after

an incident is remediated, many targets are attacked again. To get ahead of these advanced threats, security teams need to be able to analyze network flows, detect anomalous behavior and identify malicious patterns of activity. They must be able to consider the complete network context of security events— gathered from disparate sources—to help prevent attackers from wreaking havoc.

(4)

Compliance efforts are not enough

Many organizations deploy only enough security technology to satisfy compliance requirements relevant to their industry, such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), the North American Electric Reliability Corporation (NERC), Federal Energy Regulatory Commission (FERC) or the Federal Information Security Management Act (FISMA). In addition, they may have to comply with their own corporate security requirements.

And yet, these organizations often realize that they are likely not doing enough. They typically understand the importance of vulnerability and risk management, but simply lack the proper tools and adequate staff to do a good job of it. By deploying security solutions just to maintain compliance, organizations are faced with:

Lack of visibility: Disjointed security point solutions lack complete visibility. They produce results that must be reconciled, correlated and integrated in order to be useful. Today’s organizations need solutions that are easy to install, provide rapid time to value, and deliver a consolidated view of the entire IT environment—where all types of devices are susceptible to attack.

Inconsistent information: Fragmented processes often provide conflicting or stale information about patches, malware signatures and configurations. This can make accurate compliance reporting a near-impossibility. In addition, different teams are often unable to work together to manage critical risks and vulnerabilities, since event correla-tion and prioritizacorrela-tion across tools is often unsupported. ●

Increased costs: Routine compliance audits with disparate tools can require more staff, which translates into higher costs. Audits frequently need to be repeated to help ensure that findings are addressed—which adds to costs, extends exposure times and increases the vulnerability of noncompliant systems.

The need for integrated risk management

Today’s organizations are forced to manage security products from many different vendors, using different types of tools. For example, they may have firewalls from Cisco, Check Point and Juniper Networks, to name a few. The challenge is being able to manage risk and compliance across this heterogeneous environment. What’s more, as endpoints multiply across the organization, configuration errors and other vulnerabilities grow. Mitigating these risks—and staying ahead of attackers— is essential, particularly when critical assets with unpatched vulnerabilities are exposed to attackers, both inside and outside of the network perimeter.

With disparate tools and siloed operations, organizations are unable to react in near real time to the changing risk landscape. Threats are continually evolving, and the network environment is constantly changing. But many vulnerability scanners and risk-management tools operate in isolation. They are not integrated with a security information and event management (SIEM) engine to gauge—and reduce—risks with real-time analytics. For example, firewall configuration errors are a gateway for attackers, and organizations struggle with addressing this risk. The ability to automatically collect, centralize, normalize and analyze firewall rules for errors and weaknesses is critical. Large organizations can have thousands of firewalls, each with thousands of firewall rules. Relying upon manual analysis of these firewall rules can be a waste of time and money, since it is usually ineffective. Even in small environments, manual analysis can consume precious IT resources that could be spent on more strategic activities. In contrast, the latest risk-management solu-tions can also model network configuration changes before they are made and simulate the potential spread of threats.

Getting proactive about security

To reduce the risk of exploits and compliance violations—while also reducing the cost of manual labor and inefficient point solutions—organizations need a comprehensive, proactive approach to security. On today’s smarter planet, security teams

(5)

need to think like an attacker with a counter-intelligence mind-set; they need to focus on managing vulnerabilities in terms of business risk—and stop attacks before they occur.

Rather than reacting to compliance mandates or media reports of high-profile attacks, organizations need to proactively:

● Identify and protect high-value assets (people, applications, data and networks) at risk for attack

● Understand baseline behavior for systems and networks

● Detect anomalies, analyze data and remediate issues ●

● Gather and preserve evidence

● Assess the effectiveness of security defenses ●

● Understand, investigate and monitor network connections

and topology ●

● Compare network device configurations, event counts and a history of rules

● Simulate attacks for proactive risk mitigation

With the latest integrated security intelligence solutions, organi-zations can use continuous monitoring and automated problem resolution to help improve their security posture. These solu-tions can generate meaningful data from activity associated with people, data, applications and infrastructure, and then pull all of that data into a single repository. What’s more, organizations can apply advanced analytics to that data—whether that data is traditional security data or nontraditional, unstructured big data, such as email messages—to connect different events to one another, identify activity that is out of the ordinary and automat-ically remediate the security threats that were discovered. Today, the wide variety of end-user devices, disparate backend systems and the dynamic nature of IT infrastructures presents challenges for traditional security technologies—that is, the fire-walls and signature-based intrusion detection systems that block known threats. Coupled with a new generation of sophisticated attacks that are hard to detect and prevent, today’s ever-changing

networks require monitoring of the entire environment in real time. In fact, forward-thinking organizations need proactive, predictive and automated analytics to help them understand normal patterns of use so they can quickly identify anomalies, suspicious activity and other threatening trends to help avoid data loss and service interruptions.

Unifying security resources with

IBM solutions

IBM offers integrated security solutions that can consolidate information from across your environment to help you

strengthen your security posture, prioritize security activities and extend the value of your IT investments. While many security tools are available for security teams to perform vulnerability and risk assessments, these tools often lack the intelligence, automation and integration needed to make those assessments actionable. What’s more, IBM security products not only inte-grate with each other, but also with other third-party solutions. An integrated approach to security can deliver significant advantages, including:

Real-time visibility: To help protect the entire IT environ-ment, an integrated approach provides security administrators with the comprehensive, real-time visibility they need into the security state of any connected device, regardless of where the device is physically located.

Consistent information: An integrated approach can help ensure that reports and assessments provide the same up-to-date and accurate information to multiple teams. ●

Reduced costs: An integrated approach can minimize risk while also reducing the costs associated with managing security. A consolidated, proactive solution is much less expensive over the long term than traditional point tools that are often used for traditional security management.

(6)

Unleashing the value of security

intelligence

Organizations that take a barebones approach to security tend to deploy log management solutions with other standalone safeguards—such as firewalls, intrusion detection, network encryption, vulnerability scanners and authentication systems. But these disparate point products do not provide the intelli-gence, automation and integration needed for proactive security management.

IBM QRadar® Security Intelligence Platform provides a highly integrated approach to security that can help improve opera-tional efficiency, lower costs, and manage vulnerabilities and risk for the entire organization. By automating processes and consolidating information, these integrated IBM solutions enable companies to proactively and cost-effectively manage data privacy and protection—rather than simply focusing on passing an audit. Using IBM Security QRadar solutions, organizations can make security a priority and deliver strategic value to the business.

IBM QRadar Security Intelligence Platform provides an integrated approach to understanding the context of vulnerabilities and minimizing risk. Log

management Network activitymonitoring managementRisk managementVulnerability Future

Prioritized offenses Network, asset and identity context

Categories

Normalization and categorization Events, logs, configuration and flow data Next-generation

(7)

Anchored by powerful, next-generation SIEM technology, QRadar solutions enable organizations to achieve comprehensive security intelligence by integrating log event data from across the IT infrastructure with network flow data, configuration and vulnerability data, application events and activities, user identities, asset profiles, geolocation details and more. After performing distributed data collection, normalization and correlation analysis, QRadar solutions then forward actionable results to a central console for further review and remediation. QRadar Security Intelligence Platform provides a seamlessly integrated solution for:

Log management: Most organizations generate huge volumes of logs, and analyzing them can pose significant challenges. With its customizable rules engine that includes thousands of out-of-the-box rules, IBM Security QRadar Log Manager can process each incoming event in real time; assign severity, credibility and relevance attributes; and then trigger an appropriate response. IT staff can analyze data and activity trends from a central dashboard, identify security anomalies and potential risks, and take action before any damage can occur. It can also be easily upgraded to a full SIEM solution with the use of a simple license key.

SIEM technology: Security teams need to understand the nature of potential threats, including: Who is attacking? What is being attacked? What is the business impact? Where do we investigate? IBM Security QRadar SIEM captures data from hundreds of data sources, including event data, network flows, asset vulnerabilities and user identity information. It correlates these disparate types of data and categorizes them by risk severity, so IT staff can prioritize their remediation activities with a manageable list. Unlike an individual toolkit, QRadar SIEM is an integrated solution that is easy to install and easy to use, providing a rapid time to value. It features a single management interface and a common database for consistent results.

Network activity monitoring: QRadar Security Intelligence Platform provides deep network monitoring with anomaly detection capabilities that can add rich context about potential threats. In addition, IT staff can also help detect and prevent advanced threats—from the inappropriate use of protocols, to the unauthorized access of sensitive information, to the misuse of administrative passwords.

Risk assessments: To proactively manage vulnerabilities and stay a step ahead of threats, IBM Security QRadar Risk Manager enables IT staff to visualize the network topology, review security device configuration data and detect configura-tion errors—all from a single locaconfigura-tion. It features an auto-mated policy engine that can quantify the risk of exploits by calculating attack paths to vulnerable assets and evaluate actual and potential network traffic for compliance with policy. IT staff can also simulate threat propagation and assess the potential impact of changes before they are made. Risk scoring enables the modification of vulnerability severity scores based on environmental factors like network reachability and asset configuration.

Vulnerability management: Most vulnerability scanners simply identify large numbers of exposures and leave it up to security teams to manually determine the severity of risks. IBM Security QRadar Vulnerability Manager provides a single, fully integrated vulnerability assessment and analytics system that supports all major operating systems and devices. The product’s distributed scanning architecture leverages existing QRadar hardware and can be quickly activated with a license key, reducing deployment time and costs. It also leverages integration with QRadar Security Intelligence Platform to support event-driven scans and deep correlations between QRadar SIEM and QRadar Risk Manager. This way, limited IT resources can be focused on protecting assets with the highest risk of attack.

QRadar Security Intelligence Platform features a unified architecture that helps organizations improve security almost immediately. Using a single, familiar interface, security teams can quickly begin managing risks and vulnerabilities across a distributed, heterogeneous environment.

(8)

IBM Security QRadar SIEM makes it easy for security teams to manage vulnerabilities and exposures that pose the greatest risk—all from a single dashboard.

Improving security with vulnerability

management

Many organizations have implemented vulnerability manage-ment tools to comply with security policy and compliance regulations, but those tools are often siloed point solutions with separate scanners for networks, applications and databases— which creates huge inefficiencies in both time and effort. These disparate tools typically identify a “sea” of vulnerabilities that are not correlated, categorized or prioritized, and do not result in actionable information. In fact, typical networks might have up to 30 vulnerabilities per IP address,2 resulting in overwhelmed

patch management and remediation processes. IT staff need to be able to focus their efforts on the most critical vulnerabilities— and catch hidden weaknesses that are missed by periodic scanning.

QRadar Vulnerability Manager is designed to transform tedious monthly or quarterly vulnerability scanning and reporting into a fully integrated, continuous monitoring program that combines regularly scheduled vulnerability scans with the real-time capa-bilities of QRadar Security Intelligence Platform. The result is complete visibility across dynamic, multi-layered networks. Organizations can:

● Create, schedule, monitor and view the results of vulnerability scans directly from the QRadar user interface

● Leverage the QRadar rules engine to invoke event-driven vulnerability scans, such as when a new asset is attached to the network

● Perform comprehensive analysis into asset vulnerabilities (regardless of discovery source), including powerful searching and filtering capabilities

(9)

● Save vulnerability searches for re-use by other QRadar applications, including QRadar Risk Manager

● Make faster, better-informed decisions with a risk-prioritized, consolidated view of vulnerability scan data

● Generate early-warning alerts that identify the systems that may be vulnerable to the latest exploits—even before vulnerability data is published

● Help coordinate patching and virtual patching activities, including recommending intrusion prevention system (IPS) and next-generation firewall signatures to block potential attack paths

QRadar Vulnerability Manager includes an embedded, PCI-certified scanning engine for running scheduled, on-demand and event-triggered scans, providing near real-time visibility to weaknesses that could otherwise remain hidden for weeks or months. The QRadar solution can detect and immediately scan

any new asset that appears on the network. As a result, organiza-tions can reduce their exposure to vulnerabilities between regu-lar scanning cycles and help ensure compliance with the latest security regulations.

Using the same rules-based approach as QRadar SIEM, QRadar Vulnerability Manager helps minimize false positives and filters out vulnerabilities already classified as non-threatening—that is, vulnerabilities that can be given a low priority and be patched later. For example, applications may be installed on a server, but they may be inactive, and are therefore not an imminent security risk. Integration with QRadar Risk Manager can reveal when devices that appear exposed are actually protected by a firewall or intrusion protection device; likewise, integration with IBM Endpoint Manager can show which vulnerabilities are patchable, which endpoint vulnerabilities are already scheduled for patching, and which patches have been applied.

Inactive Inactive: Network flow

data can help identity if applications are active

Patched: Integration with patch management will reveal what vulnerabilities will be patched

Critical: Vulnerability knowledge base, remediation flow and policies inform about business-critical vulnerabilities

Blocked: Firewall and IPS rules can identify what vulnerabilities are exposed

Exploited: Integration with threat platforms can alert when specific vulnerabilities are attacked

At risk: Usage and threat data can be used to identify what vulnerabilities are at risk Blocked

Critical At risk! Exploited! Patched

IBM Security QRadar Vulnerability Manager can help organizations understand the severity of vulnerabilities, including which systems are scheduled for patches or blocked by firewalls, so security personnel can prioritize remediation efforts efficiently.

(10)

QRadar Vulnerability Manager maintains a current view of all discovered vulnerabilities, including which vulnerabilities are still at risk of being exploited. The software also presents historic views of daily, weekly and monthly trends, and can produce the long-term trending reports required by many security compli-ance regulations.

Combining vulnerability management

with risk management

QRadar SIEM enables organizations to centralize vulnerability data from many different sources, ranging from QRadar Vulnerability Manager to other IBM products, such as IBM Security AppScan®, Endpoint Manager and

IBM InfoSphere® Guardium®, as well as many third-party vulnerability assessment tools. With all of this vulnerability data at their fingertips, security professionals need to be able to risk-prioritize the data not only by using industry-standard benchmarks, such as the Common Vulnerability Scoring System (CVSS), but also by increasing or lowering risk scores based on local network activity and device configurations.

Risk management can help. With the right risk-management solution, organizations can:

Build a network topology—Security teams can create a model of the network that not only depicts the relationships between network devices, but also shows the active application paths by understanding network security device configuration and routing information.

Create and monitor risk policies—With the QRadar Risk Manager policy engine, security teams can test compliance rules against actual network traffic, network configurations, asset configurations and vulnerabilities. For example, they can create policy-monitoring questions that test whether the network traffic crossing the DMZ is restricted to well-known and trusted protocols (such as HTTP or HTTPS on specified ports), test which users are communicating with critical network assets, and identify rules in a device that violate a defined policy or introduce risk into the environment. A very common occurrence is when servers that were not previously accessible from the Internet become inadvertently accessible due to a firewall change.

Simulate threats—Security teams can leverage the network topology, network traffic and vulnerability data to depict how an exploit could spread through the network.

IBM Security QRadar Risk Manager enables organizations to visualize the relationships between network devices and simulate the impact of changes on high-value assets.

(11)

QRadar Risk Manager meets all of these requirements and more, complementing QRadar SIEM and QRadar Vulnerability Manager by helping organizations identify their most vulnerable, highest-risk assets. It can generate alerts when assets and devices engage in out-of-policy activities or if a firewall rule change could potentially expose them to exploit. Organizations can also create policies that calculate attack paths between the Internet and assets with unpatched vulnerabilities, automatically increas-ing the risk score of those assets so their remediation activities can be prioritized.

Using the QRadar Risk Manager interface—available from within the unified QRadar Security Intelligence Platform central console—IT staff can:

● Easily create and maintain a network topology by leveraging security device configuration data and routing information ●

● Create policies that map directly to security mandates and compliance requirements, such as checking for the actual or potential use of insecure protocols, unapproved applications and communications between networks

● Develop policies that evaluate unpatched vulnerabilities, asset configurations and reachability by attackers in order to increase or decrease the risk score of those vulnerabilities and assets, enabling risk-prioritized remediation activities

● Simulate firewall rule changes and model the spread of potential exploits across the network

QRadar Risk Manager is a fully integrated part of QRadar Security Intelligence Platform, which allows it to leverage a wide breadth and depth of security data that other products cannot match. This includes network events and flows, as well as asset vulnerabilities and configuration data. As a result, QRadar Risk Manager can automatically identify offenses and generate notifi-cations when policies are not in compliance. And this is all accomplished through the unified console for QRadar solutions.

Closing the gaps in risk and vulnerability

management

QRadar Risk Manager and QRadar Vulnerability Manager are designed to work together to provide smarter protection for high-value assets. While QRadar Vulnerability Manager pro-vides the status of system vulnerabilities, QRadar Risk Manager adds the network context. It knows which network paths are active, which systems can be directly attacked via the Internet (or from other points inside the network, such as potentially exploited machines) and which ones are protected. Together, they provide a powerful solution for managing vulnerabilities and risks.

To obtain early warnings of potential attacks, an organization can create a policy in QRadar Risk Manager that checks vulnera-ble assets for an attack path that could be used to exploit the machine. The policy can then be set to increase or decrease the risk score of the vulnerabilities on affected devices; for example, security teams can increase the risk score by 50 percent for devices that are directly attackable and decrease the risk score by 50 percent for devices that are not attackable. Users can then generate vulnerability reports sorted by risk score, which can then be used by patch managers to schedule remediation for the “riskiest” assets first. Dynamically increasing or decreasing the relative risk of a system’s vulnerabilities, along with the relative need for patching, is a strategic advantage of linking QRadar Risk Manager with QRadar Vulnerability Manager.

Conclusion

With security threats exploding around the world, organizations need to be proactive about managing risks and vulnerabilities

before any significant damage can occur. QRadar Security Intelligence Platform enables organizations to stay a step ahead of security threats—and get more value from their security budget—by focusing on critical assets that are truly at risk. Advanced labor-saving automation can increase efficiency of IT staff. Plus, QRadar solutions are easy to install and upgrade, often just requiring a simple license key to enable additional functionality.

(12)

your IBM representative or IBM Business Partner, or visit:

ibm.com/software/products/us/en/qradar

About IBM Security solutions

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned X-Force research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applica-tions, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 15 billion security events per day in more than 130 countries, and holds more than 3,000 security patents.

WGW03049-USEN-00 IBM, the IBM logo, ibm.com, AppScan, InfoSphere, Guardium, QRadar,

and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations

applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.

Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Statement of Good Security Practices: IT system security involves protecting

systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party.

1Ponemon Institute, “2013 Cost of Cyber Crime Study: United States,”

October 2013. http://media.scmagazine.com/documents/ 54/2013_us_ccc_report_final_6-1_13455.pdf

2IBM, “IBM X-Force 2013 Mid-Year Trend and Risk Report,”

September 2013. http://www-03.ibm.com/security/xforce/downloads.html 3IBM, “IBM X-Force 2012 Trend and Risk Report,” March 2013.

http://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf 4Eduard Kovacs, “It Takes a Company 243 Days to Discover a

Sophisticated Attack, Study Shows,” Softpedia, March 15, 2013.

http://news.softpedia.com/news/It-Takes-a-Company-243-Days-to- Discover-a-Sophisticated-Attack-Study-Shows-337342.shtml

References

Related documents

When used with IBM Security QRadar QFlow Collector appli- ances or IBM Security QRadar VFlow Collector appliances, QRadar SIEM provides Layer 7 application visibility and flow

QRadar Security Intelligence Platform takes security profes- sionals beyond the functionality of standard SIEM or log management solutions to provide advanced threat detection,

Only QRadar SIEM with QRadar QFlow and QRadar VFlow uses network- and application-aware flow data to deliver an advanced security intelligence solution, encompassing physical

Security intelligence solutions offer SIEM (security information and event management), log management, configuration and vulnerability management, and behavioral

Security AppScan exports application vulnerabilities information into IBM Security SiteProtector™ System and Security QRadar solutions, where information can be correlated

However, note that if the file does not include images, Remote Operator will display a red 'X' in place of graphics.. The HMI cache files are in

Ovo peto izdanje izlazi kao popravljeno. U njemu su otklonjene sve zapa- žene grafičke pogreške, a pojedine definicije i pojmovi temeljitije su pojašnjeni. Neke

The  rates  of  the  Electricity  Charges  payable  to  RSO  by  the  Applicant  for  the  Electricity  Services  will  be  be  based  on  the  reasonable  costs