• No results found

IBM Security IBM Corporation IBM Corporation

N/A
N/A
Protected

Academic year: 2021

Share "IBM Security IBM Corporation IBM Corporation"

Copied!
25
0
0

Loading.... (view fulltext now)

Full text

(1)

IBM Security

(2)

IBM Security Systems

What is Security Intelligence?

Security Intelligence --noun

1.the real-time collection, normalization and analytics of the data generated by users,

applications and infrastructure that impacts the IT security and risk posture of an enterprise

Security Intelligence provides actionable and comprehensive insight for managing risks and threats from protection and

detection through remediation

Security Intelligence

(3)

IBM Security

Security Intelligence & Business Intelligence offer insightful parallels

Managed Security Services

Mainframe and Server Security - RACF

SOA Security

Network Intrusion Prevention

Database Monitoring

Identity and Access Management

Application Security

Security as a Service

Compliance Management

Security Intelligence

IBM Security Intelligence

DASCOM

Enterprise Reporting

Performance Management Platform Business Intelligence Suite

IOD Business Optimization

BI Convergence with Collaboration Text & Social Media Analytics

Simplified Delivery (i.e., Cloud )

Predictive Analytics

Decision Management

BI Convergence with Security

IBM Business Intelligence

Market Changes

Time

Security Intelligence

(4)

IBM Security

Organizations are failing at early breach detection, with more than 85% of breaches undetected by the breached organization.*

(...)

It is the combination of real-time security monitoring, context (threat, vulnerability, user, asset, data and

application) and "smart eyeballs" on dally activity reports that will improve your chances of early

breach detection beyond the current 15% success rate.

Gartner “Using SIEM for Targeted Attack Detection” (March 2012)

Security Intelligence & the “Why More Context”

Security Intelligence

(5)

IBM Security Systems

Solutions for the full Security Intelligence timeline

Prediction & Prevention Reaction & Remediation

Network and Host Intrusion Prevention.

Network Anomaly Detection. Packet Forensics.

Database Activity Monitoring. Data Leak Prevention.

Security Information and Event Management.

Log Management. Incident Response.

Risk Management. Vulnerability Management.

Configuration and Patch Management.

X-Force Research and Threat Intelligence.

Compliance Management.

Reporting and Scorecards.

What are the external and internal threats?

Are we configured to protect against

these threats?

What is

happening right now?

What was the impact?

IBM Security Intelligence

(6)

IBM Security Systems

Built upon common foundation of QRadar SIOS

Reporting

Engine Workflow Rules Engine Real-Time

Viewer Analytics Engine

Warehouse Archival

Security Intelligence

Solutions

Security Intelligence

Operating System

(SIOS)

Normalization

IBM QRadar Platform

QRadar Log

Manager QRadar SIEM QRadar Risk Manager

QRadar QFlow and

VFlow

QRadar Vulnerability

Manager

(7)

IBM Security Systems

And continually adding context for increased accuracy

Security Intelligence Feeds

Internet Threats

Geo Location Vulnerabilities

IBM QRadar Platform

(8)

IBM Security Systems

Deployed upon scalable appliance architecture

Network and Application

Visibility

• Layer 7 application monitoring

• Content capture for deep insight & forensics

• Physical and virtual environments

• Log, flow, vulnerability & identity correlation

• Sophisticated asset profiling

• Offense management and workflow

SIEM

Network Activity &

Anomaly Detection

• Network analytics

• Behavioral anomaly detection

• Fully integrated in SIEM

• Turn-key log management and reporting

• SME to Enterprise

• Upgradeable to enterprise SIEM

Log

Management Scale

• Event Processors

• Network Activity Processors

• High Availability & Disaster Recovery

• Stackable Expansion

• Network security configuration monitoring

• Vulnerability scanning & prioritization

• Predictive threat modeling & simulation

Configuration

& Vulnerability Management

IBM QRadar Platform

(9)

IBM Security Systems

Using fully integrated architecture and interface

• Turn-key log management and reporting

• SME to Enterprise

• Upgradeable to enterprise SIEM

• Log, flow, vulnerability & identity correlation

• Sophisticated asset profiling

• Offense management and workflow

• Network security configuration monitoring

• Vulnerability prioritization

• Predictive threat modeling & simulation

SIEM Log

Management

Configuration

& Vulnerability Management

Network Activity &

Anomaly Detection

Network and Application

Visibility

• Network analytics

• Behavioral anomaly detection

• Fully integrated in SIEM

• Layer 7 application monitoring

• Content capture for deep insight & forensics

• Physical and virtual environments

One Console Security

Built on a Single Data Architecture

IBM QRadar Platform

(10)

IBM Security Systems

Network traffic doesn’t lie. Attackers can stop logging and erase their tracks, but can’t cut off the network (flow data)

• Deep packet inspection for Layer 7 flow data

• Pivoting, drill-down and data mining on flow sources for advanced detection and forensics

 Helps detect anomalies that might otherwise get missed

 Enables visibility into attacker communications

Differentiated by network flow analytics

IBM QRadar Platform

(11)

IBM Security Systems

Continued journey towards Total Security Intelligence

IBM QRadar Security Intelligence

(12)

IBM Security Systems

Reporting

Engine Workflow Rules Engine Real-Time

Viewer Analytics Engine

Warehouse Archival

Security Intelligence

Solutions

Security Intelligence

Operating System

(SIOS)

Normalization QRadar Log

Manager QRadar SIEM QRadar Risk Manager

QRadar QFlow and

VFlow

QRadar Vulnerability

Manager

IBM QRadar SIEM

(13)

IBM Security Systems

QRadar SIEM: Command console for Security Intelligence

 Provides full visibility and

actionable insight to protect against advanced threats

 Adds network flow capture and analysis for deep

application insight

 Employs sophisticated

correlation of events, flows, assets, topologies,

vulnerabilities and external data to identify and prioritize threats

 Contains workflow management to fully track threats and ensure resolution

 Uses scalable hardware, software and virtual appliance architecture to support the largest deployments

IBM QRadar SIEM

(14)

IBM Security Systems

 Helps detect zero-day attacks that have no signature

 Enables policy monitoring and rogue server identification

 Provides visibility into all attacker communications

 Uses passive monitoring to build asset profiles and classify hosts

 Improves network visibility and helps resolve traffic problems

Flows provide context for true network intelligence

IBM QRadar SIEM

(15)

IBM Security Systems

Reporting

Engine Workflow Rules Engine Real-Time

Viewer Analytics Engine

Warehouse Archival

Security Intelligence

Solutions

Security Intelligence

Operating System

(SIOS)

Normalization QRadar Log

Manager

QRadar Risk Manager QRadar SIEM

QRadar QFlow and

VFlow

QRadar Vulnerability

Manager

IBM QRadar Risk Manager

(16)

IBM Security Systems

QRadar Risk Manager: Visualize network, configurations and risks

 Depicts network topology views and helps visualize current and alternative

network traffic patterns

 Identifies active attack

paths and assets at risk of exploit

 Collects network device configuration data to

assess vulnerabilities and facilitate analysis and

reporting

 Discovers firewall configuration errors and improves performance by eliminating ineffective rules

 Analyzes policy compliance for network traffic, topology and vulnerability exposures

IBM QRadar Risk Manager

(17)

IBM Security Systems

Investigating offense attack path

 Clicking ‘attack path’ button for an offense performs search showing precise path (and all permutations) between involved source and destination IPs

 Firewall rules enabling the attack path can then be quickly analyzed to understand the exposure

 Allows “virtual patch” to be applied by quickly showing which firewall rules may be changed to immediately shut down attack path—before patching or other

configuration changes can typically be implemented

IBM QRadar Risk Manager

(18)

IBM Security Systems

Reporting

Engine Workflow Rules Engine Real-Time

Viewer Analytics Engine

Warehouse Archival

Security Intelligence

Solutions

Security Intelligence

Operating System

(SIOS)

Normalization QRadar Log

Manager

QRadar Risk Manager QRadar SIEM

QRadar QFlow and

VFlow

QRadar Vulnerability

Manager

IBM QRadar Vulnerability Manager

(19)

IBM Security Systems

Strengthened by integrated vulnerability insights

QRadar Vulnerability Manager

Questions remain:

•Has that been patched?

•Has it been exploited?

•Is it likely to be exploited ?

•Does my firewall block it?

•Does my IPS block it?

•Does it matter?

Existing vulnerability management tools

 Improves visibility

Intelligent, event-driven scanning, asset

discovery, asset profiling and more

 Reduces data load

Bringing rich context to Vulnerability

Management

 Breaks down silos

Leveraging all QRadar integrations and data

Unified vulnerability view across all products

Answers delivered:

•Real-time scanning

•Early warning capabilities

•Advanced pivoting and filtering

Security Intelligence

Integration

IBM QRadar Vulnerability Manager

(20)

IBM Security Systems

QVM enables customers to interpret ‘sea’ of vulnerabilities

CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE

Inactive Inactive: QFlow

Collector data helps QRadar Vulnerability Manager sense

application activity Blocked

Blocked: QRadar Risk Manager helps QVM understand

which vulnerabilities are blocked by

firewalls and IPSs Patched

Patched: IBM

Endpoint Manager helps QVM

understand which

vulnerabilities will be patched

Critcal

Critical: Vulnerability knowledge base,

remediation flow and QRM policies inform QVM about business critical vulnerabilities

At Risk: X-Force Threat and SIEM security incident data, coupled with QFlow network traffic visibility, help QVM see assets communicating with

At Risk! Exploited!

Exploited: SIEM correlation and IPS data help QVM

reveal which

vulnerabilities have been exploited

IBM QRadar Vulnerability Manager

(21)

IBM Security Systems

IBM QRadar Security Intelligence

Reporting

Engine Workflow Rules Engine Real-Time

Viewer Analytics Engine

Warehouse Archival

Security Intelligence

Solutions

Security Intelligence

Operating System

(SIOS)

Normalization QRadar Log

Manager QRadar SIEM QRadar Risk Manager

QRadar QFlow and

VFlow

QRadar Vulnerability

Manager

(22)

IBM Security Systems

QRadar Security Intelligence easily grows with your needs

 Inject IBM X-Force Threat Research Intelligence

- Provides intelligence feed to QRadar

- Includes vulnerabilities, IP reputations, malware reports

 Add QRadar Risk Manager

– Enables pre-exploit configuration investigations

– Simplifies security policy reviews for compliance tests – Provides network topology depictions and permits

attack simulations

 Implement QRadar Vulnerability Manager

– Extends pre-exploit analysis - adds integrated, vulnerability insights

– Reduces magnitude of pre-exploit conditions as QRadar SIEM does for post-exploit conditions

– Helps identify and measure exposures to external threats

 Upgrade Log Manager to QRadar SIEM

– Additional security telemetry data

– Rules-based correlation analysis engine

– Data overload reduction ‘magic’ compressing millions or

even billions of daily raw events to manageable list of issues

IBM QRadar Security Intelligence

(23)

IBM Security Systems

Some of QRadar’s unique advantages

 Scalability for largest deployments, using an embedded database and unified data architecture

 Impact: QRadar supports your business needs at any scale

 Real-time correlation and anomaly detection based on broadest set of contextual data

 Impact: More accurate threat detection, in real-time

 Intelligent automation of data collection, asset discovery, asset profiling, vulnerability scanning and more

 Impact: Reduced manual effort, fast time to value, lower-cost operation

 Integrated flow analytics with Layer 7 content (application) visibility

 Impact: Superior situational awareness and threat identification

 Flexibility and ease of use enabling “mere mortals” to create and edit correlation rules, reports and dashboards

 Impact: Maximum insight, business agility and lower cost of ownership

IBM QRadar Security Intelligence

(24)

IBM Security Systems

Time for a QRadar Demo?

Time for Q&A?

(25)

IBM Security Systems

ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s

THANK YOU

References

Related documents

Governance & Risk Management GOVERNANCE AND COMPLIANCE ILLEGAL TO STEAL © 2008 IBM Corporation IBM Security 6 AND /OR MISUSE DATA INCLUDING ELECTRONIC DATA... Governance &

© 2012 IBM Corporation © 2012 IBM Corporation Reduce the time-to-benefit from new customers, suppliers and partners Reduce security exposure from data exchange

Discovering the Value of Web Application Security Testing with IBM Rational AppScan © 2008 IBM Corporation 9 Network Server Web Applications.. The Reality: Security and Spending

Combining high-quality, real-time threat information from the international network of IBM ISS security operations centers with security intelligence from the renowned

≡ Process variation affects both process flow and product quality. ≡ Compliance flows from

Initiation Planning Execution Controlling Closing Integration Mgmt Scope Mgmt Time Mgmt Cost Mgmt Quality Mgmt Human Resource Management

Review the elements of the cost of quality Discuss the hidden costs of poor quality Interpret the cost of quality graphs Define total quality management (TQM). Review the

PFAET engineers can take a project from to start finish by obtaining permits, supervise drilling and completion conceptual and detail design of oil and gas facilities and see