Be effective in protecting against the cybercrime

Similar documents
May the (IBM) X-Force Be With You

Integrated, Intelligence driven Cyber Threat Hunting

The New Era of Cognitive Security

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Fabrizio Patriarca. Come creare valore dalla GDPR

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Securing global enterprise with innovation

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Notice on Names and Logos Used in This Presentation

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

IBM MaaS360 Kiosk Mode Settings

Cisco & IBM Security SECURING THE THREATS OF TOMORROW, TODAY, TOGETHER

Ponemon Institute s 2018 Cost of a Data Breach Study

The McGill University Health Centre (MUHC)

BigFix 101- Server Pricing

Combatting advanced threats with endpoint security intelligence

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

How to Secure Your Cloud with...a Cloud?

ISAM Advanced Access Control

Healthcare Cognitive Security

Let s Talk About Threat Intelligence

Modern Realities of Securing Active Directory & the Need for AI

BigFix Query Unleashed!

IBM Application Security on Cloud

locuz.com SOC Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Penetration testing a building automation system

Aligning with HIPAA mandates in healthcare

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

Detect Fraud & Financial Crime

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Continuous Diagnostics and Mitigation demands, CyberScope and beyond

IBM Security Network Protection Solutions

IBM Guardium Data Encryption

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Predators are lurking in the Dark Web - is your network vulnerable?

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

ForeScout Extended Module for Splunk

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

IBM Security April Cognitive security. Evolve your defenses with security that understands, reasons and learns

Optimizing IBM QRadar Advisor with Watson

Staying GDPR Ready with MaaS360. Ankur Acharya Offering Manager, IBM MaaS360

SWD & SSA Updates 2018

Accelerating growth and digital adoption with seamless identity trust

Transforming Security from Defense in Depth to Comprehensive Security Assurance

IBM Security Strategy Intelligence, Integration and Expertise

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

IBM Next Generation Intrusion Prevention System

Gujarat Forensic Sciences University

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

SIEM Solutions from McAfee

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

RSA INCIDENT RESPONSE SERVICES

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Securing Your Cloud Introduction Presentation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA INCIDENT RESPONSE SERVICES

IBM Security Guardium: : Sniffer restart & High CPU correlation alerts

BUILDING AND MAINTAINING SOC

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Endpoint Security for DeltaV Systems

ICS Security Monitoring

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Managed Security Services - Endpoint Managed Security on Cloud

IBM BigFix Compliance

MSS VSOC Portal Single Sign-On Using IBM id IBM Corporation

RiskSense Attack Surface Validation for IoT Systems

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

IBM Threat Protection System: XGS - QRadar Integration

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Symantec Security Monitoring Services

Configuring your policy to prevent appliance problems

empow s Security Platform The SIEM that Gives SIEM a Good Name

Incident Response Agility: Leverage the Past and Present into the Future

Power of the Threat Detection Trinity

SIEM: Five Requirements that Solve the Bigger Business Issues

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

IBM Security Guardium Analyzer

Identity Governance Troubleshooting

Imperva Incapsula Website Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Industrial Defender ASM. for Automation Systems Management

CyberArk Privileged Threat Analytics

Teradata and Protegrity High-Value Protection for High-Value Data

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Carbon Black PCI Compliance Mapping Checklist

Security by Default: Enabling Transformation Through Cyber Resilience

Put an end to cyberthreats

RSA NetWitness Suite Respond in Minutes, Not Months

FOR FINANCIAL SERVICES ORGANIZATIONS

ISO27001 Preparing your business with Snare

Transcription:

Be effective in protecting against the cybercrime INTEGRATED SECURITY FOR A NEW ERA Domenico Raguseo Domenico Scardicchio Luca Bizzotto Simone Riccetti Technical Sales Manager, Europe Software Procdut Management SWAT X-Force Red IBM MERMEC IBM IBM @domenicoraguseo @bizzotech

Objective of the paper Understanding the most relevant risks for Railway Indentify the most relevant attach patterns Develop prototypes and provide reccomendation on how to mitigate risks 2

What happens if something goes wrong? Best case, train stops Worse case, train incident Economical Impact Loss of trust Human casualities 3

Railways components ( E.g. ERTMS / ETCS System) Central Systems Network Connections Trackside Equipment Radio Link On-board Equipment Power Management Diagnostic & Maintenance 4

Observations Principal security controls is based on a safety concent, anything goes wrong, trains stops The Central Systems are the ones that can be more easly attached Can rely on concepts from other critical domains An attacher should have access to a large number of information 5

1. proactively detect an attach to rails by monitoring all the document an hacker should have in order to perform an attack. On the SIEM create define an offence with all events coming by those elements 2. Match the rail healthcheck with events in the control rooms to capture the attach as soon as possible. 6

Outcomes Electric Tractions: SCADA bag - Prototype Diagnostic & Maintenance : Implementing security controls and adopting congitive technologies Central System : Offence 7

SCADAbag Power Management - Railways 1 x Wago 750-841 - PLC 2 x Wago 750-501 Digital Output Module 1 x Wago 750-403 Digital Input Module 1 x Wago 750-653 Modubus RS485 port. 1 x Wago 750-461 PT100 1 x Wago 750-600 Terminator 1 x Wago 750-923 USB/Serial Cable 1 x Wago 787-712 - Primary switch mode power supply unit 1 x PT100 Temperature Sensor 1 x Modbus LED Display 1 x TP-Link Gigabit Easy Smart Switch (configurable switch with a SPAN port) 1 x GL-AR150 portable WiFi Router 1 x Samsung Galaxy S3 2 x AXIS USB 3 Gigabit Ethernet Interfaces A fistfull of LED and cable A switch MAX case rugged box 8

9 Network Diagram

10 Electric Tractions: SCADA bag - Prototype

Comments Attack network, difficult to prevent Focus on detection What can realy be done for prevention? 11

Diagnostic & Maintenance : Implementing security controls and adopting cognitive technologies

WannaCry patterns 1. Email containing a malicious attachment is received 2. Attachment is opened and a malware is launched 1. Malware communicates with outside 2. Malware compromise the system using a known vulnerability 3. Ransom is requested in Bitcoin 13

Security Controls violated during WannaCry ( some or... at least ) 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4. Continuous Vulnerability Assessment and Remediation 5. Malware Defenses 6. Data Recovery Capability 7. Data Protection 14

An integrated and intelligent security immune system Endpoint detection and response Endpoint patching and management Malware protection Malware analysis Indicators of compromise Threat sharing Network forensics and threat management Firewalls Sandboxing Virtual patching Network visibility and segmentation Threat and anomaly detection User behavior analysis Transaction protection Device management Content security Vulnerability management Cognitive security Incident response Threat hunting and investigation Fraud protection Criminal detection Data protection Data access control Application scanning Application security management Cloud identity and access Workload protection Privileged user management Identity governance and administration Access management IDaaS Mainframe security 15

Applied cognitive technologies Cognitive Cognitive Cognitive Cognitive Cognitive Cognitive Cognitive Cognitive 16

Drivers for cognitive adoption Intelligence gap #1 most challenging area due to insufficient resources is threat research (65% selecting) #3 highest cybersecurity challenge today is keeping current on new threats and vulnerabilities (40% selecting) Speed gap The top cybersecurity challenge today and tomorrow is reducing average incident response and resolution time This is despite the fact that 80% said their incident response speed is much faster than two years ago Accuracy gap #2 most challenging area today is optimizing accuracy alerts (too many false positives) #3 most challenging area due to insufficient resources is threat identification, monitoring and escalating potential incidents (61% selecting) Addressing gaps while managing cost and ROI pressures 17

Incident Analysis I investigate potential threats EXTERNAL THREAT RESEARCH Know Business Industry-Relevant Trends How and why is this different from normal system behavior? INTERNAL THREAT RESEARCH Investigate Potential Network Problems MONITOR Alarm Queues and Potential Threats How much will it hurt our organization? Do I need to deal with this now? REPORT Vulnerabilities and Issues TUNE Improve Rules Who is this information from? Are they trustworthy? Informed Consulted Accountable Responsible 18

Revolutionizing how security analysts work SECURITY ANALYST SECURITY ANALYST and WATSON GAIN POWERFUL INSIGHTS!!! Human Generated Security Knowledge Tap into the vast array of data to uncover new patterns Get smarter over time and build instincts Enterprise Security Analytics Cognitive techniques to mimic human intuition around advanced threats REDUCE THE SECURITY SKILLS GAP Triage threats and make recommendations with confidence, at scale and speed 19

Helps analysts hunt for threats like never before Speeds up investigations with automates analysis Correlates local threat information against billions of nodes Fed with millions of security documents, blogs and more 20

Central System : Offence

1. proactively detect an attach to rails by monitoring all the document an hacker should have in order to perform an attack. On the SIEM create define an offence with all events coming by those elements 2. Match the rail healthcheck with events in the control rooms to capture the attach as soon as possible. 22

A large Japanese railway operator deploys IBM QRadar Security Intelligence Platform and IBM Security Guardium Database Activity Monitor software to protect its infrastructure from external and internal threats Solution highlights Proactive identification of threats across the entire IT infrastructure Comprehensive database monitoring Integration into a single dashboard Advanced analytics and correlation analyses assess network activity in real time Rule-based security management Automated compliance controls Alerting of abnormal database activity Centralized security management Real-time visibility Intelligent incident analysis SECURITY OPERATIONS AND RESPONSE 23

THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback