How to Secure Your Cloud with...a Cloud?

Transcription

1 A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security IBM Corporation 1

2 A New Era of Thinking Agenda IBM Cloud Security Enforcer IBM MaaS360 IBM Application Security on Cloud Demo 2 A New Era of Thinking 2

3 IBM Cloud Security Enforcer The first CASB solution with integrated access control, visibility, and threat protection

4 A New Era of Thinking Cloud is here to stay, are you ready to move with the business? EMPLOYEES IT OPERATIONS YOUR BUSINESS Look for better ways to get their jobs done Find cloud services quick and easy to use Wants to save money and reduce complexity Wants to automate and consolidate IT Loses visibility and control over IT New risk requires new safeguards 4 4

5 A New Era of Thinking Security and IT leaders face new challenges My team is not equipped to manage the increased employee usage and demand for cloud CISO / CIO: How does my organization? Uncover Shadow IT Gain visibility of all cloud app usage Simplify connecting to approved apps Remove mobile blind spots Stop risky user behavior Quickly react to cloud threats Address compliance and governance concerns 5 5

6 A New Era of Thinking Introducing IBM Cloud Security Enforcer DETECT Usage of cloud apps and actions CONNECT Users to approved cloud apps PROTECT Against cloud-related threats 6 6

7 A New Era of Thinking DETECT APPROVED / SHADOW APPS Discover thousands of cloud apps View analytics and risk reports Chart progress over time 7 7

8 A New Era of Thinking DETECT DETAILED USER ACTIVITY Correlate cloud activity to employees Identify suspicious activities and trends See and respond to priority alerts 8 8

9 A New Era of Thinking GitHub Connecter GitHub Connecter for NA Dev Team September 30, 2015 CONNECT THE BUSINESS TO APPROVED APPS, DISABLE OTHERS On/Off toggles for cloud access Correct out of policy application usage 9 9

10 A New Era of Thinking CONNECT USERS TO CLOUD APPS Display approved app catalog Enable self-onboarding Find and use apps faster 10 10

11 A New Era of Thinking PROTECT AGAINST RISKY APPS Understand cloud app reputation Prioritize apps based on past threats Limit interaction with unsafe apps 11 11

12 A New Era of Thinking PROTECT AGAINST RISKY BEHAVIOR Establish user risk ratings Address rogue cloud app usage Block specific actions to/from the cloud 12 12

13 A New Era of Thinking Key takeaways Industry s first solution to combine cloud discovery, access, and threat prevention Connect users to Cloud apps in seconds Protect against Cloud threats using IBM s network of threat intelligence Speed cloud adoption, making your employees more productive 13 ibm.com/security/cloud-enforcer 13

14 IBM MaaS360 Delivering secure mobile enablement for the way people work and collaborate with colleagues and customers

15 Productivity and protection without compromise CIO How do I manage the rapid deployment of devices in a costeffective way? CISO How do I ensure authorized access to customer data and protect against threats? LOB How do I enable my workforce with the right apps and user experience at the right time? 15 IBM Security

16 Mobile is complex and challenging App explosion Device choice & Content access Fast pace of change Mobile users Varying work styles Native experience Privacy concerns CIO/CISO Enable business Information sprawl Data security Business visibility Awash in data Mobile blind spots Compliance reporting 16 IBM Security

17 IBM MaaS360 delivers secure productivity for enterprise Secure, seamless access Contain data with secure productivity apps Grant contextual access & SSO to cloud apps Provide multi-factor authentication Advanced data protection Apply configuration-based malware detection Browse securely with global threat intelligence Enable device-agnostic, network-based protection Enterprise visibility and control Extend visibility to any endpoint, anywhere Create intelligent policies & compliance rules Detect and remediate risks & advanced threats 17 IBM Security

18 Unleashing end-user productivity Secure PIM Secure Browser App Security & Management File Sync, Edit & Share Trusted Workplace Separates work & personal data with anytime access to corporate resources Works across ios, Android & Windows mobile platforms with a native user experience Supports Microsoft, Google, IBM, Box & other collaboration tools, apps & containers 18 IBM Security

19 Benefits of using IBM MaaS360 Easily manage your devices See all your devices in one place and remotely manage right over-the-air (OTA) Quickly deploy private and public apps Promote, distribute and update approved apps using an interactive catalog Collaborate with content on-the-go Mobilize content and files to stay productive anytime, anywhere Keep apps and data secure Help users get the information they need without risk of data leakage Simply connect to business systems Integrate with enterprise systems so you can use existing infrastructure and data repositories 19 IBM Security

20 What sets IBM MaaS360 apart Best EMM solution to support any deployment Best user experience with the fastest time to value Best integration to secure infrastructure Best-inclass cloud on a mature, trusted platform Delivered and supported by the most trusted leader in mobile management and security 20 IBM Security

21 IBM Application Security on Cloud Security applications was never easier

22 Identify and remediate high-priority vulnerabilities IBM Application Security on Cloud Simple As easy a Fast Fully Automated solution Comprehensive Based on AppScan engines Safe Meets IBM Security standards Improve your application security effectiveness #CoverYourApps 22

23 IBM Application Security on Cloud Easy as 1, 2, 3! Does my application contain security vulnerabilities? Simple Enter URL / upload application Scan the application Review the report Complimentary Trial at ibm.biz/applicationsecurity 23

24 Register, scan and generate results QUICKLY Fast Convenient registration for immediate access to service Simple Complimentary Plan provides summary report on any application Minimal to no set-up time for your environment Launch security scans 24 x 7 x 365 Superior results without needing behind the scenes experts Fast application scanning using Security-as-a-Service (SaaS) 24

25 QUICKLY plug into your application lifecyle Streamlined incorporation into existing DevOps / continuous integration frameworks Fully Automated No waiting on manual steps Scan daily, weekly Trigger scans based on code changes Plugins simplify setup e.g. UrbanCode, Maven, VS, eclipse Extend your environment with robust REST API Automation drives early detection and reduces cost to fix! 25

26 One stop shop for all of your application security testing Analyze everything Comprehensive Web apps Mobile apps Desktop apps Run all tests types DAST SAST IAST Find potential vulnerabilities through automated testing 26

27 Powerful and comprehensive Proven scanning engines powered by IBM Security AppScan Highly accurate identification of dozens of OWASP Top 10 vulnerabilities IBM X-Force Threat Intelligence Comprehensive Open Web Application Security Project (OWASP) Top 10 Regular IBM X-Force Threat Intelligence updates IBM Security AppScan Prioritized results focus the team on high-risk vulnerabilities 27

28 Applying Cognitive Computing to security vulnerability analysis Machine learning with Intelligent Findings Analytics* Comprehensive Learned results Reduce false positives AppScan results Minimize unlikely attack scenarios Provide fix recommendations that resolve multiple vulnerabilities Intelligent Findings Analytics Fully automated review of scan findings Trained by IBM Security Experts Early and repeatable vulnerability analysis drives cost reduction for fixes 1 * Patents pending 1 Poneman Institute estimates the cost to fix a defect if found early in development at $80, while it costs around $960 to fix if found in QA 28

29 Intelligent Findings Analytics Real-World Results 90-95% average reduction to security analyst workload Integrates right back into the development workflow Fix an average of issues in a single place in the code IFA Example Real-World Applications Scan Findings Vulnerabilities Fix Recommendations Application 1 55,132 14, Application 2 12,480 1, Application 3 247,350 1, Reduction of more then 99.95% 29

30 A New Era of Thinking Demo 30 A New Era of Thinking 30

31 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.