IBM - IAM Security and Trends
1 like1,810 views
This document discusses security trends facing organizations and IBM's security strategy and capabilities. Key points include: - Sophisticated attackers are finding new ways to breach security like SQL injection and watering hole attacks. Data breaches increased 500% from 2011-2013. - New technologies like cloud and mobile introduce new risks as traditional security practices become unsustainable. Skills shortages also challenge security. - Identity has become the new perimeter and a key focus as it is the first line of defense. Context-aware identity and access management is needed. - IBM's security strategy focuses on delivering intelligence, integration, and expertise across frameworks addressing advanced threats, cloud, mobile, compliance, and skills shortages.
IBM - IAM Security and Trends
- 1. © 2015 IBM Corporation IBM Security 1© 2015 IBM Corporation IBM IAM Security and Trends Intelligence, Integration and Expertise January 29, 2015
- 2. © 2015 IBM Corporation IBM Security 2 Sophisticated attackers break through safeguards every day SQL injection Watering hole Physical access MalwareThird-party software DDoSSpear phishing XSS Undisclosed Attack types Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 2011 Year of the breach 2012 40% increase 2013 500,000,000+ records breached 61% of organizations say data theft and cybercrime are their greatest threats 2012 IBM Global Reputational Risk & IT Study $3.5M+ average cost of a data breach 2014 Cost of Data Breach, Ponemon Institute
- 3. © 2015 IBM Corporation IBM Security 3 New technologies introduce new risks… 83% of enterprises have difficulty finding the security skills they need 2012 ESG Research 85 security tools from 45 vendors IBM client example …and traditional security practices are unsustainable of security executives have cloud and mobile concerns 2013 IBM CISO Survey 70% Mobile malware growth in just one year 2012-2013 Juniper Mobile Threat Report 614%
- 4. © 2015 IBM Corporation IBM Security 4 Security leaders are more accountable than ever before Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Your board and CEO demand a strategy
- 5. © 2015 IBM Corporation IBM Security 55
- 6. © 2015 IBM Corporation IBM Security 6 More than half a billion records of PII were leaked in 2013
- 7. © 2015 IBM Corporation IBM Security 7 Enterprise Security is only as strong as its weakest link – Identity of scam and phishing incidents are campaigns enticing users to click on malicious links 55% Criminals are selling stolen or fabricated accounts Social media is fertile ground for pre-attack intelligence gathering Source: IBM X-Force® Research 2013 Trend and Risk Report Mobile and Cloud breaking down the traditional perimeter IAM becomes fist line of defense with Threat and Context awareness
- 8. © 2015 IBM Corporation8 IBM is positioned to help
- 9. © 2015 IBM Corporation IBM Security 9 Applications SYSTEMS APPLICATIONS WEB APPLICATIONS WEB 2.0 MOBILE APPLICATIONS DATACENTERS PCs LAPTOPS Infrastructure CLOUDMOBILE NON-TRADITIONALMOBILE Enterprise Security will need to focus on Identity and Interactions People EMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS CONSULTANTS PARTNES CONSUMERS Data STRUCTURED UNSTRUCTURED AT REST IN MOTION …a holistic approach is needed CONSUMERS IN MOTION MOBILE APPLICATIONS MOBILE EMPLOYEES UNSTRUCTURED WEB 2.0 CLOUDPCs OUTSOURCERS STRUCTURED SYSTEMS APPLICATIONS
- 10. © 2015 IBM Corporation IBM Security 10 IBM Security strategy Delivering intelligence, integration and expertise across a comprehensive framework Advanced threats Cloud Mobile Compliance Skills shortage Key Security TrendsCISO’s Changing Role The IBM Security Framework
- 11. © 2015 IBM Corporation IBM Security 11 IBM Security has global reach monitored countries (MSS) service delivery experts devices under contract + endpoints protected + events managed per day + IBM Security by the Numbers + +
- 12. © 2015 IBM Corporation IBM Security 12 Client Side Attacks Botnets Buffer Overflow Attacks Distributed Denial of Service (DDoS) SQL Injection Backdoors Cross-site Scripting (XSS) Malicious Content Protocol Tunneling Reconnaissance Trojans Worms Exploit Toolkits Peer-to-Peer Networks IBM X-Force delivers expert analysis and threat intelligence Cataloging, analyzing and researching vulnerabilities since 1997 Providing zero-day threat alerts and exploit triage to IBM customers worldwide Building threat intelligence from collaborative data sharing across thousands of clients Analyzing malware and fraud activity from 270M+ Trusteer-protected endpoints X-Force Keeps Customers Ahead of the Threat IBM Security Operations Centers and Security Products Sharing real-time and anonymized threat intelligence
- 13. © 2015 IBM Corporation13 Threat aware Identity and Access
- 14. © 2015 IBM Corporation IBM Security 14 1. Identity is a key security control for a multi-perimeter world • Operational management • Compliance driven • Static, Trust-based • Security risk management • Business driven • Dynamic, context-based Today: Administration Tomorrow: Assurance IAM is centralized and internal Enterprise IAM Cloud IAM BYO-IDs SaaS Device-IDs App IDs IAM is decentralized and external Enterprise IAM IaaS, PaaS
- 15. © 2015 IBM Corporation IBM Security 15 3. Evolving business –driven Identity Governance and Analytics Wave 1: Administration Cost savings Automation User lifecycle Key on premise applications and employees Wave 3: Analytics Application usage Privileged activity Risk-based control Baseline normal behavior Employees, partners, consumers – anywhere Wave 2: Governance Role management Access certification Extended enterprise and business partners On and off-premise applications Identity Intelligence – Collect and Analyze Identity Data Improved visibility into how access being utilized Risk-based insights for prioritized compliance actions Clear actionable dashboards for better business decision making Identity and Governance Evolution
- 16. © 2015 IBM Corporation IBM Security 16 IBM Security Intelligence Integration Expertise The IBM Security Framework
- 17. © 2015 IBM Corporation IBM Security 17 www.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.