IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Similar documents
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Securing Your Digital Transformation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

CYBER RESILIENCE & INCIDENT RESPONSE

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Think Like an Attacker

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Building a Resilient Security Posture for Effective Breach Prevention

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

A new approach to Cyber Security

THE POWER OF TECH-SAVVY BOARDS:

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

May the (IBM) X-Force Be With You

Cybersecurity and the Board of Directors

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

FOR FINANCIAL SERVICES ORGANIZATIONS

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

RSA NetWitness Suite Respond in Minutes, Not Months

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

NEXT GENERATION SECURITY OPERATIONS CENTER

Cyber Resilience. Think18. Felicity March IBM Corporation

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

RSA INCIDENT RESPONSE SERVICES

align security instill confidence

The University of Queensland

Department of Management Services REQUEST FOR INFORMATION

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Defensible and Beyond

RSA INCIDENT RESPONSE SERVICES

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Cybersecurity. Securely enabling transformation and change

with Advanced Protection

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Building Resilience in a Digital Enterprise

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Symantec Data Center Transformation

INTELLIGENCE DRIVEN GRC FOR SECURITY

Risk Advisory Academy Training Brochure

The Deloitte-NASCIO Cybersecurity Study Insights from

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

SIEMLESS THREAT MANAGEMENT

Securing a Dynamic Infrastructure. IT Virtualization new challenges

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing Digital Transformation

CISO View: Top 4 Major Imperatives for Enterprise Defense

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

The new cybersecurity operating model

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Security-as-a-Service: The Future of Security Management

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

IBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report

Enabling Security Controls, Supporting Business Results

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Cyber Resilience - Protecting your Business 1

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Driving Global Resilience

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

MARCH Secure Software Development WHAT TO CONSIDER

Optimisation drives digital transformation

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

locuz.com SOC Services

Vulnerability Assessments and Penetration Testing

TechValidate Survey Report: SaaS Application Trends and Challenges

RSA IT Security Risk Management

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Kaspersky Security. The Power to Protect Your Organization

TRUE SECURITY-AS-A-SERVICE

I D C T E C H N O L O G Y S P O T L I G H T

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

OWASP CISO Survey Report 2015 Tactical Insights for Managers

Everyday Security: Simple Solutions to Complex Security Problems

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

COMPANY BROCHURE. About Us. Kinnectiv, LLC. Consulting. Security. Innovation. +1(888)

Security in the age of digital disruption. An Australian and New Zealand perspective

THE ACCENTURE CYBER DEFENSE SOLUTION

The State of Cybersecurity and Digital Trust 2016

Best Practices in Securing a Multicloud World

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Transcription:

IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation

IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to: X-Force Research 14B 40M 54K analyzed Web pages & images spam & phishing attacks documented vulnerabilities 13 billion security events monitored daily Research and evaluate threat and protection issues Deliver security protection for today s security problems Develop new technology for tomorrow s security challenges Educate the media and user communities Provides Specific Analysis of: Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends 2

To find out how forward thinkers are harnessing all this data, we asked 138 security leaders in seven counties across a wide range of industries 3

With explosive growth in connectivity and collaboration, information security is becoming increasingly complex and difficult to manage In 2011, the corporate world experienced the second highest data loss total since 2004 The number of mobile workers is expected to reach 1.3 billion by 2015 At the same time, mobile security threats are increasing up almost 20 percent in 2011 Sources: 4 Verizon 2012 Data Breach Investigations Report; IDC

2011: Year of the Security Breach 5

Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 6

Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 7

SQL Injection Attacks against Web Servers 8

Shell Command Injection Attacks 9

SSH Brute Force Activity 10

Phishing based malware distribution and click fraud 11

Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 12

Public Exploit Disclosures Fewer exploits released so far this year since 2006 Down as a percentage of vulnerabilities as well 13

Public Exploits 14

Decline in web application vulnerabilities in 2011 In 2010 49% of security vulnerabilities affected web applications. In 2011 41% affected web applications. Big decline in SQL Injection 15

Better Patching 16

Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 17

Mobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent 18

The Challenges of Cloud Security In 2011, there were many high profile cloud breaches, affecting wellknown organizations and large populations of their customers. Cloud Security Requires: A cloud-appropriate workload Effective due diligence on the part of the customer Flexibility on the part of the cloud provider Cloud customers should take a lifecycle view of the cloud deployment, including what the exit strategy should be if things don't work out. 19

The security landscape is changing 20 Source: IBM Center for Applied Insights

One-quarter of security leaders believe their organizations are mature and are confident in their ability to respond to a breach or incident Self-assessed maturity and preparedness 21 Source: IBM Center for Applied Insights

In this new normal, organizations need an intelligent view of their security posture Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting Auto omated Manual Reactive Proactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations 22

Influencers vs. Responders 2xmore likely to have a dedicated CISO 2.5x more likely to have a security or risk committee 3xmore likely to have information security as a board topic 2xmore likely to use a standard set of security metrics to track their progress 4xmore likely to be focused on improving enterprise wide communication and collaboration over the next two years 2xmore likely to be focused on providing education and security awareness over the next two years 23

Influencers are more likely to measure progress through a wider variety of metrics and devote more attention to systemic change Importance of Metrics 24 Source: IBM Center for Applied Insights

Security leaders should construct an action plan based on their current capabilities and most pressing needs Responders can move beyond their tactical focus by: Establishing a dedicated security leadership role (like a CISO), assembling a security and risk committee, and measuring progress Automating routine security processes to devote more time and resources to security innovation Protectors can make security more of a strategic priority by: Investing more of their budgets on reducing future risks Aligning information security initiatives to broader enterprise priorities Learning from and collaborating with a network of security peers Influencers can continue to innovate and advance their security approaches by: Strengthening communication, education and business leadership skills to cultivate a more risk-aware culture Using insights from metrics and data analysis to identify high-value improvement areas 25

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Only vendor in the market with end-toend coverage of the security foundation 6K+ security engineers and consultants Award-winning X-Force research Largest vulnerability database in the industry Intelligence Integration Expertise 26

Intelligence: Leading products and services in every segment 27

Get Engaged with IBM X-Force Research and Development Follow us at @ibmsecurity and @ibmxforce Download X-Force security trend & risk reports http://www- 935.ibm.com/services/us/iss/xforce/ Subscribe to X-Force alerts at http://iss.net/rss.php or Frequency X at http://blogs.iss.net/rss.php Attend in-person events http://www.ibm.com/events/cale ndar/ Join the Institute for Advanced Security www.instituteforadvancedsecurity.com Subscribe to the security channel for latest security videos www.youtube.com/ibmsecuritysolutions 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback