IBM Security, profile picture
Uploaded byIBM Security
PPTX, PDF6,618 views

Security Intelligence: Finding and Stopping Attackers with Big Data Analytics

The document discusses the need for new security approaches using big data and advanced analytics to address modern security challenges. It notes that yesterday's security practices are insufficient, and that automated big data security solutions using integrated defenses across cloud, mobile, and on-premise systems can help organizations stay ahead of threats by providing greater intelligence, innovation, and integration.

Embed presentation

Downloaded 160 times
0
1
Sandy Bird IBM Fellow Chief Technology Officer IBM Security Systems 2
Amplifying Security Intelligence with Big Data and Advanced Analytics IBM Security 3
We are in an era of continuous breaches 4 2011 Year of the breach SQL injection 2013 500,000,000+ records breached Watering hole 2012 40% increase Third-party Physical Malware software access Spear DDoS phishing XSS Undisclosed Attack types Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
Yesterday’s practices are not working 5 $3.5M+ 85 tools from 45 vendors Average cost of a data breach Sources: 2014 Cost of Data Breach, Ponemon Institute, IBM client example
Your security team sees noise 6
Anatomy of a Retail Breach Attacker phishes third-party contractor Attacker finds and infects Windows file server Attacker finds and infects POS systems with malware 1 3 4 Malware scrapes RAM for 5 clear text credit card data Malware sends card data to internal 6 server; sends custom notification ping Attacker accesses contractor portal with stolen credentials 2 Stolen data is exfiltrated 7 to the attacker’s FTP servers
Why a new approach is needed 8 Criminals will not relent and every business is a target New technologies create opportunities to transform IT security Security leaders are more accountable than ever before
INTELLIGENCE Use insights and analytics to identify outliers INNOVATION Use cloud and mobile for better security INTEGRATION Develop an integrated approach to stay ahead of the threat 9
INTELLIGENCE Use insights and analytics to identify outliers 10
Security insights from broader data sets 11 Logs Events Alerts Configuration information System audit trails External threat feeds Identity context Network flows and anomalies Malware information E-mail and Business social activity process data Full packet and DNS captures Traditional Security Operations and Technology Big Data Analytics
Incident forensics extends incident clarity 12 Suspected Incidents Prioritized Incidents • Mine data for attacks in progress • Review incident evidence • Reconstruct incident activity • Determine root cause • Prevent re-occurrences Embedded Intelligence Incident Forensics • Real-time analytics • Automated offense identification • Anomaly detection
Provide real-time indexing and search 13 Data nodes balance real-time analysis and alerting with longer-term storage, search performance and cost 100TB uncompressed data search threads 20+ 100% dedicated to storage and search workload Snap on clustering for increased scale / capacity Centralized or globally distributed processing
IBM X-Force® threat intelligence 14 Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 15B+ daily events managed 133 monitored countries (MSS) 1,700+ security related patents 100M+ customers protected from fraudulent transactions Depth 22B+ analyzed web pages and images 7M+ daily spam and phishing attacks 73K+ documented vulnerabilities 860K+ malicious IP addresses 1,000+ malware samples collected daily Millions of unique malware samples
Gain insights to prioritize critical events 15 Reduced 2 Billion logs and events per day to QRadar Security Intelligence Platform Source: IBM client example QRadar SIEM, QFlow, X-Force, Network IPS A Fortune Five Energy Company A Financial Information Provider 50–80% on staffing A Global Bank Identified and blocked 650+ suspicious incidents in the first 6 months of SOC operations QRadar SIEM, QFlow, Risk Manager 25 high priority offenses Tracked 250 activity baselines and saved
IBM analytics capabilities for security 16 IBM QRadar Security Intelligence Analyze security related data 1 IBM SPSS Capture, predict, and discover trends 4 2 IBM Big Data Platform BigInsights, Streams, and Netezza Customized unstructured data analysis 3 IBM i2 Analyst Notebook Investigate fraud
INTEGRATION Develop an integrated approach to stay ahead of the threat 17
Use integrated defenses against attacks 18 Discover anomalous activity and stop exfiltration Use the cloud to identify suspicious activity Prevent unknown and mutating threats
Integrate to optimize your investment 19 Integrated intelligence Correlate and analyze siloed information from hundreds of sources to automatically detect and respond to threats Integrated protection Enhance security with security solutions that interact across domains to provide cohesive, easy to manage protection Integrated research Incorporate the latest information on exploits, vulnerabilities, and malware into intelligent security solutions across domains
INNOVATION Use cloud and mobile for better security 20
Employ cloud to improve security 21 Maintain cloud visibility and control A global electronics firm helps protect access to cloud-based applications for 10,000 employees Protect the enterprise A global bank enables security-rich mobile access and multi-factor authentication for millions of users Get security from the cloud One of the world’s largest banks reduced phishing attacks by 90% and reduced phone fraud to almost $0
Build security into mobile from day one 22 Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Discovered and enrolled 36,000 devices in the first 60 minutes with ability to wipe the device if lost 70,000+ users migrated in the first month <500 Help Desk calls (< .5%) Chemical company IBM Corporation
Get help from security experts Cloud-based Threat, Malware and Fraud Intelligence 23 Cloud-based Managed Security Existing Resources Managed Security, Augmentation, and Forensics Services
3 Takeaways 24 1 More data analyzed reduces the required incident investigations 2 Look for automated big data security solutions 3 Deploy integrated solutions to help stop advanced threats
Visit the IBM Security Category booth in the Solution EXPO • See the latest demos • Talk to our experts • Download our latest materials Don’t miss… Security Birds-of-a-Feather with dev@Insight • Insightful and interactive discussion on security’s key topics with Chris Poulin Shorelines A (second floor), starting in 5 minutes! Last 3 Fast Track Sessions • How the QRadar platform is being used by IBM! Mariners B, today at 3:00 p.m. • Securing your “Crown Jewels” Islander E, tomorrow at 3:00 p.m. • Security tips for protecting your business in the social world Mariners A, tomorrow at 4:30 p.m. 25
Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any part icipant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2014. All rights reserved. — U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, ibm.com and QRadar, Infosphere, SPSS, BigInsights, Netezza, i2 and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Other company, product, or service names may be trademarks or service marks of others. 26
27

More Related Content

PPTX
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
bySirius
 
PPT
Avoiding data breach using security intelligence and big data to stay out of ...
byIBM Security
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
PPTX
IBM QRadar UBA
byIBM Security
 
PPTX
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
PPTX
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
PDF
Peter Allor - The New Era of Cognitive Security
byscoopnewsgroup
 
PPTX
Are You Ready to Move Your IAM to the Cloud?
byIBM Security
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
bySirius
 
Avoiding data breach using security intelligence and big data to stay out of ...
byIBM Security
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
IBM QRadar UBA
byIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
Peter Allor - The New Era of Cognitive Security
byscoopnewsgroup
 
Are You Ready to Move Your IAM to the Cloud?
byIBM Security
 

What's hot

PPT
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
PDF
IBM Security Services Overview
byCasey Lucas
 
PDF
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
PDF
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
PDF
Top Cyber Security Trends for 2016
byImperva
 
PDF
The Cyber Security Landscape: An OurCrowd Briefing for Investors
byOurCrowd
 
PPTX
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
byIBM Security
 
PDF
Qradar Business Case
byEnterprise Technology Management (ETM)
 
PPTX
Cyber Security Landscape: Changes, Threats and Challenges
byBloxx
 
PDF
True Cost of Data Breaches
byMatthew Rosenquist
 
PDF
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
PDF
Qradar ibm partner_enablement_220212_final
byArrow ECS UK
 
PPTX
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
byIBM Security
 
PPTX
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byIBM Security
 
PDF
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
byIBM Security
 
PPTX
Top 5 Things to Look for in an IPS Solution
byIBM Security
 
PPTX
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
byIBM Security
 
PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
byShah Sheikh
 
PDF
"Thinking diffrent" about your information security strategy
byJason Clark
 
PDF
Next generation security analytics
byChristian Have
 
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
IBM Security Services Overview
byCasey Lucas
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
Top Cyber Security Trends for 2016
byImperva
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
byOurCrowd
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
byIBM Security
 
Qradar Business Case
byEnterprise Technology Management (ETM)
 
Cyber Security Landscape: Changes, Threats and Challenges
byBloxx
 
True Cost of Data Breaches
byMatthew Rosenquist
 
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
Qradar ibm partner_enablement_220212_final
byArrow ECS UK
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
byIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byIBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
byIBM Security
 
Top 5 Things to Look for in an IPS Solution
byIBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
byIBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
byShah Sheikh
 
"Thinking diffrent" about your information security strategy
byJason Clark
 
Next generation security analytics
byChristian Have
 

Viewers also liked

PPTX
Operational Security Intelligence
bySplunk
 
PDF
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
byIBM Security
 
PDF
Leverage Big Data for Security Intelligence
byStefaan Van daele
 
PPTX
Operational Security Intelligence
bySplunk
 
PPTX
Big Data Analytics for Cyber Security: A Quick Overview
byFemi Ashaye
 
PDF
Security Building Blocks of the IBM Cloud Computing Reference Architecture
byStefaan Van daele
 
PPTX
A brief Introduction on Video surveillance Technology
byAneesh Suresh
 
PDF
The Technology Radar - a Tool of Technology Intelligence and Innovation Strategy
byRené Rohrbeck
 
PPT
Using Data Mining Techniques to Analyze Crime Pattern
byZakaria Zubi
 
PDF
Crime Analysis & Prediction System
byBigDataCloud
 
PPTX
Crime Analytics: Analysis of crimes through news paper articles
byChamath Sajeewa
 
PPTX
Swarm intelligence
bySophia
 
PDF
Types of Surveillance Systems
byLeolaHuffman
 
PDF
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
byAndris Soroka
 
PPTX
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
byRedZone Technologies
 
PPT
Intelligence
byahmad bassiouny
 
PPT
Crime Mapping & Analysis – Georgia Tech
byJonathan D'Cruz
 
PPTX
Data visualization - Graphics & arts
byDogstudio
 
PPTX
2014 Chicago Crime Data Analysis
byYawen Li
 
PDF
Quote for Life
bySameya
 
Operational Security Intelligence
bySplunk
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
byIBM Security
 
Leverage Big Data for Security Intelligence
byStefaan Van daele
 
Operational Security Intelligence
bySplunk
 
Big Data Analytics for Cyber Security: A Quick Overview
byFemi Ashaye
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
byStefaan Van daele
 
A brief Introduction on Video surveillance Technology
byAneesh Suresh
 
The Technology Radar - a Tool of Technology Intelligence and Innovation Strategy
byRené Rohrbeck
 
Using Data Mining Techniques to Analyze Crime Pattern
byZakaria Zubi
 
Crime Analysis & Prediction System
byBigDataCloud
 
Crime Analytics: Analysis of crimes through news paper articles
byChamath Sajeewa
 
Swarm intelligence
bySophia
 
Types of Surveillance Systems
byLeolaHuffman
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
byAndris Soroka
 
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
byRedZone Technologies
 
Intelligence
byahmad bassiouny
 
Crime Mapping & Analysis – Georgia Tech
byJonathan D'Cruz
 
Data visualization - Graphics & arts
byDogstudio
 
2014 Chicago Crime Data Analysis
byYawen Li
 
Quote for Life
bySameya
 

Similar to Security Intelligence: Finding and Stopping Attackers with Big Data Analytics

PPTX
QRadar Security Intelligence Overview.pptx
byDmitry718707
 
PPTX
Take your SOC Beyond SIEM
byThomas Springer
 
PPT
Ibm security overview 2012 jan-18 sellers deck
byArrow ECS UK
 
PPSX
IBM: Cognitive Security Transformation for the Enrgy Sector
byFMA Summits
 
PDF
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
PPTX
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
byIBM Security
 
PDF
An Integrated, Intelligent Approach to Security
byGerard McNamee
 
PDF
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
byGlobal Business Events
 
PDF
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
byNorth Texas Chapter of the ISSA
 
PDF
IBM - IAM Security and Trends
byIBM Sverige
 
PDF
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
PDF
Introduction to QRadar
byPencilData
 
PPTX
IBM Q-radar security intelligence roadmap
byDATA SECURITY SOLUTIONS
 
PPTX
PCM Vision 2019 Breakout: IBM | Red Hat
byPCM
 
PPTX
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byFrancisco González Jiménez
 
PDF
Big Data - Amplifying Security Intelligence
byIBM Danmark
 
PPTX
Security in the Cognitive Era: Why it matters more than ever
byEC-Council
 
PDF
Big Data Requires Big Protection
byIBM Security
 
PPT
Desvendando o desenvolvimento seguro de software
byAllyson Chiarini
 
PPT
Five critical conditions to maximizing security intelligence investments
byIBM Security
 
QRadar Security Intelligence Overview.pptx
byDmitry718707
 
Take your SOC Beyond SIEM
byThomas Springer
 
Ibm security overview 2012 jan-18 sellers deck
byArrow ECS UK
 
IBM: Cognitive Security Transformation for the Enrgy Sector
byFMA Summits
 
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
byIBM Security
 
An Integrated, Intelligent Approach to Security
byGerard McNamee
 
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
byGlobal Business Events
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
byNorth Texas Chapter of the ISSA
 
IBM - IAM Security and Trends
byIBM Sverige
 
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
Introduction to QRadar
byPencilData
 
IBM Q-radar security intelligence roadmap
byDATA SECURITY SOLUTIONS
 
PCM Vision 2019 Breakout: IBM | Red Hat
byPCM
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byFrancisco González Jiménez
 
Big Data - Amplifying Security Intelligence
byIBM Danmark
 
Security in the Cognitive Era: Why it matters more than ever
byEC-Council
 
Big Data Requires Big Protection
byIBM Security
 
Desvendando o desenvolvimento seguro de software
byAllyson Chiarini
 
Five critical conditions to maximizing security intelligence investments
byIBM Security
 

More from IBM Security

PPTX
Automation: Embracing the Future of SecOps
byIBM Security
 
PPTX
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
byIBM Security
 
PPTX
Detect and Respond to Threats Better with IBM Security App Exchange Partners
byIBM Security
 
PDF
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
PPTX
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
byIBM Security
 
PPTX
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
byIBM Security
 
PDF
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
byIBM Security
 
PDF
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
byIBM Security
 
PDF
Mobile Vision 2020
byIBM Security
 
PPTX
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
byIBM Security
 
PPTX
Valuing Data in the Age of Ransomware
byIBM Security
 
PDF
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
byIBM Security
 
PPTX
See How You Measure Up With MaaS360 Mobile Metrics
byIBM Security
 
PPTX
Integrated Response with v32 of IBM Resilient
byIBM Security
 
PDF
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
byIBM Security
 
PDF
Top 12 Cybersecurity Predictions for 2017
byIBM Security
 
PPTX
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
byIBM Security
 
PDF
Close the Loop on Incident Response
byIBM Security
 
PDF
Retail Mobility, Productivity and Security
byIBM Security
 
Automation: Embracing the Future of SecOps
byIBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
byIBM Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
byIBM Security
 
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
byIBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
byIBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
byIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
byIBM Security
 
Mobile Vision 2020
byIBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
byIBM Security
 
Valuing Data in the Age of Ransomware
byIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
byIBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
byIBM Security
 
Integrated Response with v32 of IBM Resilient
byIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
byIBM Security
 
Top 12 Cybersecurity Predictions for 2017
byIBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
byIBM Security
 
Close the Loop on Incident Response
byIBM Security
 
Retail Mobility, Productivity and Security
byIBM Security
 

Recently uploaded

PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PPTX
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
WebXR in Android and Linux with OpenXR
byIgalia
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 

Security Intelligence: Finding and Stopping Attackers with Big Data Analytics

  • 1.
  • 2.
  • 3.
    Sandy Bird IBMFellow Chief Technology Officer IBM Security Systems 2
  • 4.
    Amplifying Security Intelligencewith Big Data and Advanced Analytics IBM Security 3
  • 5.
    We are inan era of continuous breaches 4 2011 Year of the breach SQL injection 2013 500,000,000+ records breached Watering hole 2012 40% increase Third-party Physical Malware software access Spear DDoS phishing XSS Undisclosed Attack types Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
  • 6.
    Yesterday’s practices arenot working 5 $3.5M+ 85 tools from 45 vendors Average cost of a data breach Sources: 2014 Cost of Data Breach, Ponemon Institute, IBM client example
  • 7.
    Your security teamsees noise 6
  • 8.
    Anatomy of aRetail Breach Attacker phishes third-party contractor Attacker finds and infects Windows file server Attacker finds and infects POS systems with malware 1 3 4 Malware scrapes RAM for 5 clear text credit card data Malware sends card data to internal 6 server; sends custom notification ping Attacker accesses contractor portal with stolen credentials 2 Stolen data is exfiltrated 7 to the attacker’s FTP servers
  • 9.
    Why a newapproach is needed 8 Criminals will not relent and every business is a target New technologies create opportunities to transform IT security Security leaders are more accountable than ever before
  • 10.
    INTELLIGENCE Use insights and analytics to identify outliers INNOVATION Use cloud and mobile for better security INTEGRATION Develop an integrated approach to stay ahead of the threat 9
  • 11.
    INTELLIGENCE Use insights and analytics to identify outliers 10
  • 12.
    Security insights frombroader data sets 11 Logs Events Alerts Configuration information System audit trails External threat feeds Identity context Network flows and anomalies Malware information E-mail and Business social activity process data Full packet and DNS captures Traditional Security Operations and Technology Big Data Analytics
  • 13.
    Incident forensics extendsincident clarity 12 Suspected Incidents Prioritized Incidents • Mine data for attacks in progress • Review incident evidence • Reconstruct incident activity • Determine root cause • Prevent re-occurrences Embedded Intelligence Incident Forensics • Real-time analytics • Automated offense identification • Anomaly detection
  • 14.
    Provide real-time indexingand search 13 Data nodes balance real-time analysis and alerting with longer-term storage, search performance and cost 100TB uncompressed data search threads 20+ 100% dedicated to storage and search workload Snap on clustering for increased scale / capacity Centralized or globally distributed processing
  • 15.
    IBM X-Force® threatintelligence 14 Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 15B+ daily events managed 133 monitored countries (MSS) 1,700+ security related patents 100M+ customers protected from fraudulent transactions Depth 22B+ analyzed web pages and images 7M+ daily spam and phishing attacks 73K+ documented vulnerabilities 860K+ malicious IP addresses 1,000+ malware samples collected daily Millions of unique malware samples
  • 16.
    Gain insights toprioritize critical events 15 Reduced 2 Billion logs and events per day to QRadar Security Intelligence Platform Source: IBM client example QRadar SIEM, QFlow, X-Force, Network IPS A Fortune Five Energy Company A Financial Information Provider 50–80% on staffing A Global Bank Identified and blocked 650+ suspicious incidents in the first 6 months of SOC operations QRadar SIEM, QFlow, Risk Manager 25 high priority offenses Tracked 250 activity baselines and saved
  • 17.
    IBM analytics capabilitiesfor security 16 IBM QRadar Security Intelligence Analyze security related data 1 IBM SPSS Capture, predict, and discover trends 4 2 IBM Big Data Platform BigInsights, Streams, and Netezza Customized unstructured data analysis 3 IBM i2 Analyst Notebook Investigate fraud
  • 18.
    INTEGRATION Develop anintegrated approach to stay ahead of the threat 17
  • 19.
    Use integrated defensesagainst attacks 18 Discover anomalous activity and stop exfiltration Use the cloud to identify suspicious activity Prevent unknown and mutating threats
  • 20.
    Integrate to optimizeyour investment 19 Integrated intelligence Correlate and analyze siloed information from hundreds of sources to automatically detect and respond to threats Integrated protection Enhance security with security solutions that interact across domains to provide cohesive, easy to manage protection Integrated research Incorporate the latest information on exploits, vulnerabilities, and malware into intelligent security solutions across domains
  • 21.
    INNOVATION Use cloud and mobile for better security 20
  • 22.
    Employ cloud toimprove security 21 Maintain cloud visibility and control A global electronics firm helps protect access to cloud-based applications for 10,000 employees Protect the enterprise A global bank enables security-rich mobile access and multi-factor authentication for millions of users Get security from the cloud One of the world’s largest banks reduced phishing attacks by 90% and reduced phone fraud to almost $0
  • 23.
    Build security intomobile from day one 22 Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Discovered and enrolled 36,000 devices in the first 60 minutes with ability to wipe the device if lost 70,000+ users migrated in the first month <500 Help Desk calls (< .5%) Chemical company IBM Corporation
  • 24.
    Get help fromsecurity experts Cloud-based Threat, Malware and Fraud Intelligence 23 Cloud-based Managed Security Existing Resources Managed Security, Augmentation, and Forensics Services
  • 25.
    3 Takeaways 24 1 More data analyzed reduces the required incident investigations 2 Look for automated big data security solutions 3 Deploy integrated solutions to help stop advanced threats
  • 26.
    Visit the IBMSecurity Category booth in the Solution EXPO • See the latest demos • Talk to our experts • Download our latest materials Don’t miss… Security Birds-of-a-Feather with dev@Insight • Insightful and interactive discussion on security’s key topics with Chris Poulin Shorelines A (second floor), starting in 5 minutes! Last 3 Fast Track Sessions • How the QRadar platform is being used by IBM! Mariners B, today at 3:00 p.m. • Securing your “Crown Jewels” Islander E, tomorrow at 3:00 p.m. • Security tips for protecting your business in the social world Mariners A, tomorrow at 4:30 p.m. 25
  • 27.
    Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any part icipant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2014. All rights reserved. — U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, ibm.com and QRadar, Infosphere, SPSS, BigInsights, Netezza, i2 and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Other company, product, or service names may be trademarks or service marks of others. 26
  • 28.

Editor's Notes

  • #6 We are in an era of continuous breaches, where reported attacks continue to increase In 2011, IBM X-Force declared, somewhat prematurely it would appear, the Year of the Security Breach. It has only gotten worse since. 2012 was a record year for reported data breaches and security incidents, with a 40 percent increase in total volume over 2011. In 2013, security incidents surpassed the total number reported in 2012, and their effects on the organizations involved was more troubling. 2014 kicked off with a number of high profile sophisticated attacks on major websites, media, and tech companies. A new security reality is here, where… Sophisticated attackers break through conventional safeguards every day. Organized criminals, hacktivists, governments and adversaries are compelled by financial gain, politics and notoriety to attack your most valuable assets. Their operations are well-funded and business-like ‒ attackers patiently evaluate targets based on potential effort and reward. Their methods are extremely targeted ‒ they use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities. Meanwhile, negligent employees inadvertently put the business at risk via human error. Even worse, security investments of the past fail to protect against these new classes of attacks. The result is more severe security breaches more often. 61% of organizations say data theft and cybercrime are the greatest threats to their reputation (2012 Global Reputational Risk & IT Study, IBM). And the costs are staggering. By one estimate, the average cost of a breach is over $3.5 million (2014 Cost of a Data Breach Study, Ponemon Institute)
  • #7 Yesterday’s practices are simply not working, and the costs are staggering. By one estimate, the average cost of a breach is over $3.5 million (2014 Cost of a Data Breach Study, Ponemon Institute). Up to now, organizations have responded to security concerns by deploying a new tool to address each new risk. Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. Costly and complex, these fragmented security capabilities do not provide the visibility and coordination needed to stop today’s sophisticated attacks. Moreover, the skills and expertise needed to keep up with a constant stream of new threats is not always available.
  • #10 Because your business is a keystroke away from being in the headlines.   Criminals will not relent: Once you are a target, criminals will spend as much time trying to break into your enterprise as you do on your core business. If you do not have visibility, they will succeed. Every business is impacted: In the past, banks were the primary targets of cyber criminals. Today, diverse actors move with lightning speed to steal money, intellectual property, customer information, and state-secrets across all sectors. Your perimeter is breached, criminals are inside: Recent attacks demonstrate that victims were compromised for months before they discovered it. Assuming that you have been breached is today’s prudent security posture. Because this new era offers an opportunity to transform IT security.   Change will expand and accelerate: Cloud, Mobile, Social and Big Data are radically changing the business landscape. Adoption is accelerating as your business realizes the opportunity they present – the new era is here to stay. New innovations provide the opportunity to get it right: By building security in from the start, you have a chance to secure the new era of computing better than the old. Big Data, Social and Cloud will enable greater security: Now is the chance to embrace the new era of computing to modernize your security capability. Assess how your security team can use these disruptive forces to strengthen and streamline your security infrastructure. Because security leaders are held more accountable than ever before.   Your Board and CEO demand a strategy: After reading about recent breaches, business leaders are asking you for a plan. You need a strategy and roadmap that gets you to best-in-class. Security is now a business, not technology, initiative. Your team is blind to the business risk: With disparate IT security tools deployed and silos preventing visibility, your team is blindfolded and unable to develop an effective risk-based program for improvement. You cannot do this alone: Skills shortages and rapidly changing techniques mean you lack the staff and expertise to counter the threat at hand.
  • #11 Companies need to change their approach to security and adopt…. INTELLIGENCE by using insights and analytics to build a smarter defense. INNOVATION to proactively implement and optimize security to innovate faster. INTEGRATION to develop an integrated approach to stay ahead of the threat.
  • #12 INTELLIGENCE: Use insights and analytics to build a smarter defense.   Use intelligence and anomaly detection across every domain: Enable your security team to hunt for breaches by collecting security-relevant data from everywhere in the enterprise. Deploy security intelligence technologies that enable real-time analysis, fraud prevention and anomaly detection. Leverage external threat intelligence and expertise to augment your knowhow. Build an intelligence vault around your crown jewels: Discover and classify the crown-jewel assets of your organizations. Protect this data, these employees, or these transactions with intelligent controls. Monitor who is accessing that data and from where. Detect anomalies and unauthorized access. Look for subtle indicators of attack using deep security analytics.   Prepare your response for the inevitable: Staff an incident response team. Enable your team with a “hunter mentality” to think like an attacker. Construct a coordinated response plan using the right tools, information and skills to limit the impact of an inevitable breach. Know whom to call when you need help. managed services professionals, as well as advanced research capabilities, to help shore up skills gaps and understand complex threats.
  • #14 Harness security-relevant information from across the organization. Use real-time big data analytics to provide context to help detect threats faster, identify vulnerabilities, prioritize risk, and automate compliance activities. For security threat management the key challenge is to reduce millions of logs to actionable intelligence that identify key threats. Traditional first Gen SIEMs achieve this by leveraging correlation – ‘five failed logins followed by a successful login’ for example – to identify suspected security incidents. Event correlation is a very, very important tool, but it’s not enough. There are two problems. Firstly, consider a 100,000 to 1 reduction ratio of events to correlated incidents. On the surface, this sounds impressive, but for companies generating 2 billion events per day (and you don’t need to be a massive company to do that), it will leave that company’s security team with 20,000 incidents per day to investigate. Traditional SIM correlation can’t get the data reduced enough and of course Log Managers can’t even get a 10,000 to 1 reduction ratio. Secondly, an exclusive reliance on event correlation assumes that the criminals intent on attacking your company will not figure out ways to disable or bypass logging infrastructure – but that’s practically their entire focus and you can’t correlate logs that are not there!!! This limitation results in missed threats or a very poor understanding of the impact of a breach. QRadar vastly expands the capabilities of traditional SIEMs by incorporating new analytics techniques and broader intelligence. Unlike any other SIEM in the market today, QRadar captures all activity on the network for assets, users and attackers before, during, and after an exploit and analyzes all suspected incidents in this context. New analytical techniques like behavioral analysis are applied. QRadar notifies analysts about ‘offenses’ . . . Where an “offense” is a correlated set of incidents with all of the essential, associated network, asset, vulnerability and identity context. By adding business and historical context to suspected incidents and applying new analytic techniques, massive data reduction is realized and threats otherwise missed will be detected. IBM delivers real-time correlation and anomaly detection across a distributed and scalable repository of security information enable more accurate security monitoring and better visibility for any organization, small or large. QRadar SIEM excels at taking in massive amounts of enterprise-wide security data and using it’s advanced intelligence and analytics to build a prioritized list of incidents requiring immediate attention. Inside the Offenses tab, Security teams can simply right-click any of the entries within the dashboard to see any of the underlying event and flow data to start determining a remediation plan or determine the result was a false positive. With the arrival of QRadar Incident Forensics, there’s a new option for seeing even more supporting data extracted from the associated network packet data. This problems a new level of clarity to the incident and allows investigators to discover less obvious data connections and previously hidden relationships between multiple IDs. Using Internet search engine technology, QRadar Incident Forensics presents a simplified user interface accepting free-form text and Boolean logic operators. The search criteria can use any packet capture metadata, reconstructed file metadata or keywords that would reside within a document, email, chat session, etc. Results are normally returned in minutes if not seconds. QRadar Incident Forensics does to full packet capture data what QRadar SIEM does to event and flow data—it helps security teams discover the malicious or anomalous conditions really, really quickly.
  • #15 Provide real-time indexing and search Up to 100 terabytes of uncompressed data and 20+ search threads per node Each Data Node instance is 100% dedicated to storage and search workload Scale new or existing deployments to meet even the most demanding data retention and search needs Virtually unlimited, dedicated and cost effective horizontal scalability for data retention, Data Nodes can easily support PBs worth of data
  • #16 Vulnerability Protection: Reverse engineer and protect against 81K+ vulnerabilities IP Reputation: Categorize 800K+ suspect IP addresses including malware hosts, botnets, spam sources, and anonymous proxies Web Application Control: Identify and manage the capabilities of 2,000+ web and client applications (e.g., Gmail or Skype) URL / Web Filtering: Categorize information on 23 billion+ URLs in one of the world’s largest URL databases
  • #17 A financial information provider hardens defenses against threats and fraud
  • #18 1. IBM QRadar Security Intelligence Analyze security-related data 2. IBM Big Data Platform (BigInsights, Streams, Netezza) Customized unstructured data analysis 3. IBM i2 Analyst Notebook Investigate fraud 4. IBM SPSS Capture, predict, discover trends
  • #20 Maintain visibility and control of the Cloud: A leader in securing every stage of cloud adoption, from design to consume, with end-to-end solutions to harden workloads and monitor malicious activity to and from the cloud.   IBM Cloud Security Solutions     Secure transactions and access to the mobile enterprise: A leader in protecting every layer of the mobile enterprise, ensuring the highest levels of security across handsets, networks, applications, and the transactions in between.     IBM MobileFirst Security Solutions IBM Trusteer Mobile Fraud Solutions IBM Fiberlink Mobile Security Solutions   Adopt enterprise-class Security as a Service: A leader in providing security from the cloud leveraging the ease-of-deployment and crowd-sourced intelligence that SaaS offers.   IBM Cloud-based Security Services IBM Web Presence Protection Service IBM Trusteer Advanced Fraud Protection
  • #21 IBMs solutions and services systematically integrates new and existing security solutions, third-party tools, and threat intelligence to deploy a systematic approach to automatically detect, notify, and respond to threats identified across security capabilities, domains, and stakeholders
  • #23 INNOVATION: Proactively implement and optimize security to innovate faster.   Own the security agenda for innovation: Get smart now on how to secure Mobile, Cloud, Big Data and Social. Understand the strategic imperatives and work with the business to develop risk-based alternatives. Tap into experts to develop a roadmap and to deploy secure solutions. Embed security on day one: This new era is a chance to do it right. Engage early and mandate security in Cloud, Mobile, Social and Big Data initiatives. Use the latest technologies to make mobile devices more secure than laptops, cloud more secure than data centers, social more secure than email, and big data more secure than databases. Leverage Cloud, Mobile, Social and Big Data to improve security: Security as a service offers easy deployment and improved intelligence. Crowd-sourced threat intelligence provides the tips needed to stay ahead of cyber-attacks. Big data forensics tools enable faster breach detection and recovery. And data containers on BYOD devices secure business information no matter where it travels. skills gaps and understand complex threats.
  • #24 IBM mobile security is provided by a wide range of powerful solutions, including Maas360, Worklight, IBM Security AppScan, IBM Security Access Manager and Trusteer. Robust security intelligence can be achieved by deploying the IBM QRadar Security Intelligence Platform.
  • #25 Prepare your response for the inevitable: Staff an incident response team. Enable your team with a “hunter mentality” to think like an attacker. Construct a coordinated response plan using the right tools, information and skills to limit the impact of an inevitable breach. Know whom to call when you need help. Partnerships bring strength. Engage consulting and managed services professionals, as well as advanced research capabilities, to help shore up skills gaps and understand complex threats.
  • #26 More data analyzed reduces the required incident investigations Look for automated big data security solutions Deploy integrated solutions to optimize your security investment and protect against advanced threats