Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

Transcription

1 Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza Giulia Caliari IT Architect, IBM Security #IBMSecurity

2 Attackers break through conventional safeguards every day Million records Billion records 2015 Unprecedented Impact average time to detect APTs 256 days average cost of a U.S. data breach $6.5M V

3 New technologies introduce new risks 44 % 33 % of security leaders expect a major cloud provider to suffer a significant security breach in the future Source: November 2014, Security for the Cloud and on the Cloud, Security Intelligence.com of organizations don t test their mobile apps and traditional security practices are unsustainable 85 security tools from 45 vendors Source: IBM Client Example 83 % of enterprises have difficulty finding the security skills they need Source: Enterprise Information Security in Transition, 2012 ESG Technology Brief V

4 Adding another tool Hoping it s not me Building more barricades Skipping the basics But first...avoid these strategies... Ignoring privileges Blocking the cloud Betting on BYOS #IBMSecurity 4

5 Establish security as an immune system Malware protection Incident and threat management Identity management Device management Data monitoring Transaction protection Firewalls Access management Entitlements and roles Data access control Privileged identity management Security research Sandboxing Endpoint patching and management Log, flow and data analysis Vulnerability assessment Criminal detection Antivirus Network visibility Content security Application security management Anomaly detection Application scanning Virtual patching Fraud protection #IBMSecurity 5

6 Enhance security through intelligence and integration Global Threat Intelligence Incident and threat management Firewalls Sandboxing Virtual patching Network visibility Network Endpoint Antivirus Endpoint patching and management Malware protection Transaction protection Mobile Device management Content security Application scanning Application security management Applications Security Intelligence Log, flow and data analysis Anomaly detection Vulnerability assessment Advanced Fraud Fraud protection Criminal detection Security Research Data monitoring Data access control Data Cloud Identity and Access Privileged identity management Entitlements and roles Access management Consulting Services Managed Services Identity management #IBMSecurity 6

7 IBM Security invests in best-of-breed solutions Identity management Directory integration Security services and network security Enterprise single-sign-on Endpoint management and security Cloud-enabled identity management Identity governance Incident response SOA management and security Application security Risk management Data management Database monitoring and protection Application security Security Intelligence Advanced fraud protection Secure mobile mgmt. CyberTap IBM Security Systems IBM Security Services IBM Security is making all the right moves... Forbes 7

8 IBM s broad and deep security portfolio QRadar Incident Forensics QRadar Risk Manager Global Threat Intelligence X-Force Exchange App Exchange Endpoint BigFix Trusteer Apex zsecure MaaS360 Network Protection XGS SiteProtector Network Mobile AppScan DataPower Web Security Gateway Applications Security Intelligence Trusteer Pinpoint Trusteer Mobile Advanced Fraud Trusteer Rapport Resilient Systems Incident Response Guardium Key Lifecycle Manager Data Cloud Cloud Security Enforcer Identity and Access Privileged Identity Manager Access Manager Identity Manager Consulting Services Managed Services Identity Governance and Intelligence 8

9 Advanced Fraud Cloud 9 Mobile Identity and Access Endpoint Stop advanced threats Security Intelligence Security research #IBMSecurity Network Applications Data

10 Advanced Fraud Prevent insider breaches Cloud 10 Mobile Identity and Access Endpoint Security Intelligence Security research #IBMSecurity Network Applications Data

11 Advanced Fraud Support mobile transformation Cloud 11 Mobile Identity and Access Endpoint Network Security Intelligence Applications Security research #IBMSecurity Data

12 Intelligence Advanced analytics for threat prevention, detection, and response EXTENSIVE DATA SOURCES IDENTIFICATION Data collection, storage, and analysis Real-time correlation and threat intelligence Automatic asset, service and user discovery and profiling Activity baselining and anomaly detection Prioritized incidents REMEDIATION Incident forensics Around-the-clock management, monitoring and protection Incident response Embedded Intelligence QRadar Sense Analytics Engine, QRadar Incident Forensics, IBM Managed Security Services #IBMSecurity 12

13 The next era of security Moats, Castles Intelligence, Integration Cloud, Collaboration, Cognitive #IBMSecurity 13

14 Cloud adoption and security objectives Securely connect and consume Cloud business applications (SaaS) Services Organization Security Responsibilities and Objectives Software as a Service (SaaS) CxOs (CIO, CMO, CHRO,...) Complete visibility to enterprise SaaS usage and risk profiling Governance of user access to SaaS and identity federation Securely migrate workloads and applications to Cloud (IaaS, PaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Application teams, LOBs CIO, IT teams Enable developers to compose secure cloud applications and APIs, with enhanced user experience Visibility and protection against fraud and applications threats Protect the cloud infrastructure to securely deploy workloads and meet compliance objectives Have full operational visibility across hybrid cloud deployments, and govern usage 14

15 Cloud: security and IT leaders face new challenges My team is not equipped to manage the increased employee usage and demand for cloud CISO / CIO: How does my organization? Uncover Shadow IT Gain visibility of all cloud app usage Simplify connecting to approved apps Remove mobile blind spots Stop risky user behavior Quickly react to cloud threats Address compliance and governance concerns #IBMSecurity 15

16 Cloud: monitor and enforce cloud usage EMPLOYEES RISKY APPS BYOD ON PREM APPROVED APPS MOBILE IBM Security Cloud Enforcer #IBMSecurity 16

17 Cloud: a single platform to address multiple areas DETECT CONNECT PROTECT Discovery and Visibility Risk scoring for 1000 s of apps Continuous stream of cloud activity data Mapping of network data to specific users Mobile integration to uncover blind spots Identity and Access Control Federated cloud SSO Connectors to popular cloud apps Simplified access controls Self-service catalogs Delegated administration Cloud Event Correlation User activity and traffic monitoring Behavioral analysis and correlation to company policies Alerting, reporting, and auditing Threat Prevention Intrusion Prevention and global threat intelligence from IBM X-Force Threat signatures, network analysis, and zero-day threat protection Policy Enforcement User coaching Redirection for out-of-policy usage Policy and anomaly rule implementation 17

18 Collaboration: Threat Information Sharing in Government 18

19 IBM X-Force Monitor and analyze security issues - Continuously collect data and evaluate the rapidly changing threat landscape Research threats - Discover new attack techniques and develop protection for tomorrow s security challenges Deliver threat intelligence - Provide the context that enables IBM Security products to quickly identify and remediate threats Educate the community - Help our customers, fellow researchers and the general public to understand risks and stay ahead of emerging threats 19

20 Breadth and depth of X-Force intelligence 20,000+ devices under contract 32B analyzed web pages and images 20B events managed per day 8M spam and phishing attacks daily 133 monitored countries 860K malicious IP addresses 3,700+ security-related patents 100K documented vulnerabilities 270M endpoints monitored for malware Millions of unique malware samples As of April 29,

21 IBM X-Force Exchange hosts X-Force threat intelligence in a collaborative platform A new platform to consume, share, and act on threat intelligence IBM X-Force Exchange is: OPEN a robust platform with access to a wealth of threat intelligence data Research and collaboration platform and API ACTIONABLE an integrated solution to help quickly stop threats Security Analysts and Researchers Security Operations Centers (SOCs) Security Products and Technologies SOCIAL a collaborative platform for sharing threat intelligence Backed by the reputation and scale of IBM X-Force 21

22 Collaboration Crowd-sourced information sharing based on 700+TB of threat intelligence #IBMSecurity 22

23 Sample X-Force Advisory Access X-Force Advisories: xforce.ibmcloud.com/collection 23

24 Collaboration Application extensions to enhance visibility and productivity #IBMSecurity 24

25 Evolving to cognitive Natural language processing to support the security analyst Security that Understands Reasons Learns #IBMSecurity 25

26 Watson technology to solve complex problems 26

27 A tremendous amount of security knowledge is created for human consumption, but most of it is untapped 27

28 A perfect match 28

29 Applying Cognitive Computing to Security Vulnerability Analysis Machine learning with Intelligent Findings Analytics (IFA)* Scan results Intelligent Findings Analytics Fully automated review of scan findings Trained by IBM security experts Learned results Reduce false positives Minimize unlikely attack scenarios Provide fix recommendations that resolve multiple vulnerabilities Patents pending 29

30 Connecting and analyzing hundreds of internal and external data sources 30

31 IBM is uniquely qualified to help secure a new era of computing INTELLIGENCE and Cognitive Learnings from 35 billion security events managed per day Real-time intelligence and cognition to help detect, assess, stop cyber threats INTEGRATION and Cloud Integrated security services and technology solutions Security for the cloud from the cloud EXPERTISE and Collaboration Security best practices from tens of thousands of engagements Platforms to share threat research and new apps #IBMSecurity 31

32 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.