Mobily and IBM Managed Security Solutions

Mobily and IBM
Managed Security Solutions
Tamer Aboualy, Ph.D.
CTO, Security Services
GTS Middle East and Africa
IBM
Ahmed Abdel Hamid
Security Services
IBM Saudi Arabia
© 2013 IBM Corporation
Introduction: Dr. Tamer Aboualy
Qualifications
Tamer Aboualy, Ph.D
CTO, IBM Security Services
Africa & Middle East
[email protected]
2
Over 18 years of experience in IT and Security.
Previously was IBM Canada’s Security Services CTO.
Responsibilities included:
• Security executives managing security at Canada’s largest
governments, financial institutions, telecommunication
companies, and more.
• Canada’s security architecture, strategy, and vision.
• Implementations, transitions, & operations
• Innovation and applied security research.
• Security Operations Center (SOC) executive sponsor and
lead
Executive sponsor and lead for MEA Security Operations Center
(SOC)
Executive security sponsor for managed security services to
government, financial institutions, telecommunications, energy (Oil
and Gas) and others
Wealth of applied knowledge in information assurance, compliance,
security architectures and cryptography.
Various security patents (Intrusion protection, cloud security, others)
Expert speaker at security conferences (ISACA, GOVTECH, VISA,
CLOUD, IDC Canadian Bankers Association, and many others).
Education:
• Bachelors of Information Systems (Ryerson University
Toronto Canada)
• Masters of Science in Telecommunications and Networks
(Syracuse University, New York, USA)
• Ph.D. in Information Systems (Nova Southeaster University,
Florida, USA)
Current Focus: CTO for MEA Security Services
© 2013 IBM Corporation
Agenda
• The Evolving Threat Landscape
• Managed Security Solutions (MSS)
• MSS Offerings Portfolio
3
© 2013 IBM Corporation
Security Today
The Evolving Threat Landscape
4
© 2013 IBM Corporation
IT Security has become a routine Board Room discussion
Business
Results
5
Brand
Image
*Sources for all breaches shown in speaker notes
Systems
Availability
Legal
Exposure
Personal
Harm
Audit
Risk
© 2013 IBM Corporation
Motivations and sophistication are rapidly evolving
Motive
1995 – 2005
1st Decade of the
Commercial Internet
2005 – 2015
2nd Decade of the
Commercial Internet
Nation-state actors
National Security
Espionage,
Political Activism
Monetary Gain
Revenge
Curiosity
Competitors, hacktivists
Organized criminals with
sophisticated tools
Insiders, using inside information
Script-kiddies or hackers
6
© 2013 IBM Corporation
JK 2012-04-26
Adversary
The new security landscape - Sophisticated attackers are a primary concern
Potential Impact
Threat
Profile Type
Advanced
threat /
mercenary
National
governments
Terrorist cells
Crime Cartels
Malicious
Insiders
Employees
Contractors
Outsourcers
Hacktivist
Social Activists
Opportunist
Worm and virus
writers
“Script Kiddies”
Share
of Incidents
Attack Type
Espionage
Intellectual property theft
Systems disruption
Financial Crime
23%
15%
Financial Crime
Intellectual Property Theft
Unauthorized Access/
7%
Systems disruption
Web defacement
Information Disclosure
49%
Malware propagation
Unauthorized Access
Web defacement
Source: Government Accountability Office, Department of Homeland Security's Role in Critical Infrastructure
Protection Cybersecurity, GAO-05-434; IBM CyberSecurity Intelligence & Response Team, September 2012
7
© 2013 IBM Corporation
IBM Cyber Intelligence Update
Each Week The Average Company
Experiences 2.6M Security Attacks
Which Result in approximately
60 Security Incidents
Companies with Mature Cyber
Security Programs have 90% fewer
incidents and are better prepared
to respond to those that do occur
more effectively
8
2013Scorecard
IBM Corporation
IBM Cybersecurity Intelligence & Response Team, Q4’ ©
2012
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: www.ibm.com/security
IBM X-Force Intelligence Report
9
© 2013 IBM Corporation
The year of the Security Breach
When was
the last time
you checked
your web
application?
-Pg 17. Anonymous and
Lulsec were major players
in the SQL tactics.
-Most activity from
automated scanners like
LizaMoon
10
- Pg 27. SQL Injection is specially formatted statements to
manipulate underlining web app.
-15 days after Sony announced fixed their breach, Lulsec
posted 150K customer account details!
- Typically used first to understand DB schema, then used to
retrieve data. 2008 we seen first newer attack. Attackers would
inject script and gain root access
© 2013 IBM Corporation
Saudi Arabia is the MOST SPAM’d Country!
11
© 2013 IBM Corporation
Security Landscape in the Kingdom
KSA double the global average of infected computers!
Source: www.microsoft.com/sir
Microsoft Regional Security Intelligence Report
12
© 2013 IBM Corporation
Catagories of Unwanted Software (malware) in Saudi Arabia
Source: www.microsoft.com/sir
13
Microsoft Regional Security Intelligence Report
© 2013 IBM Corporation
Security challenges are complex and require a high level of
expertise and innovation to protect against today’s threats
Employees
Hackers
People
Consultants
Nation
States
Outsourcers
& Terrorists
Suppliers
Customers
Outsourcers
Data
Structured
Structured
Unstructured
At rest
In motion
Applications
Systems
Systems
Applications
Applications
Web
Applications
Web 2.0
Mobile
Applications
Infrastructure
Datacenters
14
PCs
Laptops
Mobile
Cloud
Non-traditional
© 2013 IBM Corporation
The skills shortage for security practitioners leave clients seeking a
trusted partner to provide managed security solutions
are unable to
find people with
the right skills
complain of the
inability to measure
the effectiveness
of their current
security efforts
struggle with
an understaffed
IT team
81% of chief information security officer functions are re-organizing or
have been re-organized within the last six months.
Corporate Executive Board, IREC Study, July 2012
15
© 2013 IBM Corporation
Clients can be confident knowing that IBM Security Services are
backed by IBM’s strong market leadership and analyst recognition
IBM Managed Security Services
IBM Security Consulting Services
“IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and
responsiveness …while also noting the company’s excellent documentation. Organizations looking for a
high-quality vendor that can do it all and manage it afterwards should consider IBM.”
Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave:
Managed Security Services providers Q1, 2012
Full report can be accessed at http://www.ibm.com
16
© 2013 IBM Corporation
IBM has a broad base of consulting services to provide end to end
solutions. Partnered with Mobily we offer unparalleled Managed
Services and Security Intelligence.
Security Consulting &
Professional Services
Managed Services
•Globally available managed security
services platform
•Manage security operations, detect
and respond to emerging risk
Security Operations Optimization
Infrastructure
and Endpoint
Security
Identity and
Access
Management
Managed Security
Expertise
17
9
Intelligence
Data and
Application
Security
Cybersecurity Assessment and
Response
•6000+ Security Consultants &
Architects
•Assess security risk and
compliance, evolve security program
Security Strategy, Risk and Compliance
Integration
© 2013 IBM Corporation
IBM Managed Security Solutions provided through Mobily provide local
capability while benefiting from unmatched global security coverage
Experience & Expertise
• MSS business founded 1995
• Employee tenure average 4.5 yrs
• Embedded X-Force intelligence
Market Leadership
Riyadh, KSA
• Forrester Wave
• Gartner Magic Quadrant
• Frost & Sullivan
BCP/DRP & Compliance
MSS Global Facts and Figures
• 11 Security Operations Centers
• 3,700+ MSS clients worldwide
• 20,000+ security devices
• 15B+ security events daily
• Fully redundant services
• BC/DRP test performed annually
• SSAE-16, PCI, FFIEC, ITCS-104
• Recording over 30k incident daily
• Monitoring in 133 countries
• Using a grid of 725+ systems
• Maintaining 99.9+% availability
6,000 researchers, developers and subject matter experts
working security initiatives worldwide
18
© 2013 IBM Corporation
Protecting Our Clients
Managed Security Solutions
19
© 2013 IBM Corporation
IBM has a broad base of consulting services to provide end to end
solutions. Partnered with Mobily we offer unparalleled Managed
Services and Security Intelligence.
Security Consulting &
Professional Services
Managed Services
•Globally available managed security
services platform
•Manage security operations, detect
and respond to emerging risk
Security Operations Optimization
Infrastructure
and Endpoint
Security
Identity and
Access
Management
Data and
Application
Security
Managed Security
Mobily Standard Security Portfolio
Expertise
20
9
Intelligence
Cybersecurity Assessment and
Response
•6000+ Security Consultants &
Architects
•Assess security risk and
compliance, evolve security program
Security Strategy, Risk and Compliance
Integration
© 2013 IBM Corporation
Our capabilities cover the wide range of specialized security functions
Security Analysis
Key Functions
•Threat Intelligence Gathering
•Event and Vulnerability Analysis
•Impact Analysis
•Incident Management
•Investigations
•Enforcement Optimization
•Risk Assessments, Briefings,
and Advisories
Security Operations
Key Functions
•Security Monitoring
•Incident Monitoring & Escalation
•Security Application Management
•Configuration Management
•Policy Management
Security Intelligence Platform
Key Functions
•Aggregate Security Event/Log Data
21
•Correlation, Rules & Feeds
© 2013 IBM Corporation
Managed Security Solutions portfolio can address a wide variety of
challenges and business requirements
Managed Security
Services (CPE)
Managed Security
Services (Cloud)
Hosted security event and log
management services
Managed firewall services
Managed and monitored IPS
and IDS services
Security
Requirements
Managed and monitored
UTM services
Hosted vulnerability
management services
Hosted IBM X-Force threat
analysis service
Multiple device types and
vendors supported
Intrusion Protection System
Intrusion Detection System
UTM: Unified Threat Management
IPS:
IDS:
22
© 2013 IBM Corporation
Managed Network Security Services: Firewall, IDPS, UTM
Solution Overview
IBM’s Managed Security Services for Firewall, IPS and
UTM are designed to reduce the operational overhead
associated with the day to day management of core
security technologies that provide the foundational
elements for an organization’s overall security posture.
These offerings combine management, monitoring, and
maintenance across a variety of leading technologies
and service levels.
Customer Pain Points
Multiple technologies create a challenge for skills management
Proper security administration requires round the clock support,
Compliance mandates competency beyond that of many organizations
Security teams are needed for more strategic activities but security
technologies remain complex and cumbersome to implement.
Faster time to deploy and reduced operational overhead within multivendor environments.
Provides 24x7 support for round the clock monitoring, response, and
management.
23
Key Features
Support for market leading technologies
Checkpoint, Cisco, IBM, Juniper, McAfee, Tipping
Point, Sourcefire, Palo Alto, etc.
Support for comprehensive product features
Most major product features are supported:
Virtualization, multiple policies, traffic shaping,
content security, custom signatures, etc.
Industry leading service level agreements
Service level agreements that set the benchmark for
the industry including incident response, change
management, system monitoring, portal availability,
content updates, etc.
Two offering packages to ensure flexibility
The offerings are designed to meet the needs of less
demanding to the most mission critical of
environments.
Integrated service views via the IBM Virtual SOC
IBM’s proprietary web based interface ensures realtime on-demand access to the latest service
information including alerts, advisories, system
configuration, and comprehensive workflow and
reporting capability.
© 2013 IBM Corporation
Cloud Security Services: IBM X-Force Threat Analysis Service
Solution Overview
IBM Security Services' X-FORCE Threat Analysis Service (XFTAS)
is a security intelligence service that delivers customized
information about a wide array of threats that could affect your
network security. XFTAS helps you proactively protect your
networks with detailed analyses of global online threat conditions.
A single source for up-to-the minute, customized security
information
Expert analysis and correlation of global security threats
Actionable data and recommendations that help you maintain
your network security
Easily accessed 24x7x365 through the VSOC Portal
Partner with a trusted security advisor
Unique
Value
24
The IBM X-FORCE Threat Analysis Service combines high-quality, real-time threat
information from an international network of Security Operations Centers with security
intelligence from the X-Force research and development team to develop
comprehensive evaluations and recommendations suited to your business.
© 2013 IBM Corporation
Cloud Security Services: Security Event and Log Management
Solution Overview
The Security Event and Log Management Service (SELM)
enables compilation of the event and log files from network
applications, operating systems, and security technologies into
one seamless platform. The SELM offering allows for
automated analysis of IPS data as well as robust query and
research capabilities against a variety of disparate log types.
Customer Pain Points
Information and event management solutions can be overly complex
SIM implementation can take months and hundreds of thousands of dollars
Many solutions struggle to scale when real-time analysis is required
Reporting requirements are often not met by off-the-shelf solutions
Improved time to value by leveraging an on-demand cloud- based
platform versus cumbersome CPE deployment options.
Quickly analyze data from multiple geographies and technologies via
a single web-accessible interface.
Cloud-based deployment allows for seamless off-site storage of critical
log data.
Optional outsourcing of event monitoring activity to IBM experts on a
shift-by-shift basis!
Key Features
Two tiers of service
SELM is available in Standard and Select service
levels, allowing for varying degrees of analysis and
analytics to be applied to varying data types.
Integrated workflow and analysis capabilities
With SELM’s integrated workflow and analysis
capabilities, security issues can be investigated,
escalated, and recorded using IBM’s web-based
tools.
Seamless blending of MSS and non-MSS data
SELM allows for data of managed and unmanaged
devices to be stored in the same systems and
seamlessly interacted with as though all data is part
of a common data set.
Custom log parser and correlation engine
Easily use regular expressions to add support for
custom log sources and correlation rules. Unique IBM
functionality!
Forensically sound storage and archival
SELM employs best practice processes for data in
motion and at rest as suggested by IBM’s own
Emergency Response Services team.
25
© 2013 IBM Corporation
Cloud Security Services– Hosted Vulnerability Management overview
Solution Overview
Offers network-based vulnerability assessment from the cloud
via the VSOC web portal. Scans can be configured and
scheduled via the web, with scanning performed from the cloud
or via IBM managed scanners at the customer premises.
Results are archived in the cloud and accompanied by
reporting, workflow, and remediation capabilities.
Customer Pain Points
Vulnerabilities allowing hackers easy access to client systems
Proper assessment and remediation are required for compliance initiatives
Today’s solutions are difficult to use and manage
Customers can’t prioritize remediation efforts for identified vulnerabilities
Faster time to deploy and more accurate detection of vulnerabilities,
helping customers identify risks and ultimately improve their security
posture
More efficient end-to-end process for remediating vulnerabilities, and
better tracking for compliance purposes
Streamlined SaaS delivery model gives customers full control without the
expense and distraction of owning and managing scanning infrastructure
Core Capabilities
Vulnerability management
Agentless scanning from both inside and outside the
firewall to find exposures.
Remediation guidance and workflow
Fix vulnerabilities quickly and easily with the
information provided in remediation reports.
PCI compliance assistance
IBM can serve as an approved scanning vendor
(ASV) in support of PCI compliance initiatives.
Intelligent scanning
Delivers accurate scanning results in less time with a
system that follows an assessment process similar to
that used by ethical hackers. Fewer false positives
mean less time spent tracking down “potential”
vulnerabilities.
Web application vulnerability detection
Identifies SQL injection, cross-site scripting, and
other high-risk vulnerabilities in web applications.
Database vulnerability detection
Identifies vulnerabilities in common databases and
database configurations.
26
© 2013 IBM Corporation
Mobily clients have full visibility into work being performed through
the Virtual Security Operations Center portal (V-SOC)
Virtual-SOC technology platform
Anti Virus and
filtering
Normalize
Aggregate
Correlate
Vulnerability
Archival
Security
Operations
Center (SOC)
Aggregation
Networking
devices
Internet
Correlation
Workflow
Aggregation
Archive
Escalate
Remediate
Applications
Firewalls and IDS
and IPS1
27
Reporting
Virtual-SOC
portal
Virtual Security Operations
Center (V-SOC)
© 2013 IBM Corporation
Mobily-IBM Managed Security Services Customer Portal
28
© 2013 IBM Corporation
Tack
ευχαριστώ
Greek
Hindi
Swedish
Спасибо
Russian
Thai
Asante sana
Gracias
Swahili
Spanish
Thank You
Arabic
Portuguese
Danke
Dankie
Grazie
Obrigado
Merci
German
Afrikaans
Italian
French
Hvala
Slovenian
Simplified Chinese
Korean
Köszönöm
Hungarian
Japanese