John Palfreyman, profile picture
Uploaded byJohn Palfreyman
PPTX, PDF1,008 views

Smarter cyber security v8

The document discusses the integration of cloud, big data, social business, and mobile technologies in enhancing organizational transformation and cyber security. It emphasizes the importance of systems of engagement, which facilitate significant value creation while highlighting the new vulnerabilities that arise from their adoption. A balanced, risk-centric approach to cyber security is necessary for effective mitigation and protection of organizational assets.

Embed presentation

Downloaded 41 times
© 2015 IBM Corporation Smarter Cyber Security V8; 5 Jan 15 John Palfreyman, IBM
© 2015 IBM Corporation Agenda 2 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
© 2015 IBM Corporation Smarter Planet 3 Instrumented – Interconnected - Intelligent
© 2015 IBM Corporation Cloud Drivers  Mission speed and agility  New business models – alternatives to escalating CAPEX Sample Use Cases  Back office functions (HR, CRM, SCM) as a service  Predictive and analytics functions (e.g. for smart procurement) as a service 4
© 2015 IBM Corporation Mobile Drivers  Inherently mobile operations  Business agility and flexibility  Rate of change of technology Sample Use Cases  Mobile information capture, with workflow management  Education where & when needed  Case advice to social workers 5
© 2015 IBM Corporation Big Data / Analytics Drivers  Masses of sensor data available  Need for intelligence to help make government / industry “smarter”  Increasing proportion of “unreliable” data Sample Use Cases  Analysis of citizen group sentiment & need based on their Social Media usage  Sensor data processing for traffic & utility prediction  Predictive policing operations based on historical mission data analysis & sensor data 6
© 2015 IBM Corporation Social Business Drivers  Use of Social Channels by clients / citizens / bad guys  New recruitment approach – drive to attract “the best!”  Personnel rotation & retirement Sample Use Cases  Citizen (/consumer) sentiment analysis  Terrorism detection, investigation & prevention  Knowledge capture and dissemination  Recruitment, rapid onboarding & retention of key staff 7
© 2015 IBM Corporation Systems of Engagement 8  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Social Business Mobile Big Data / Analytics Cloud
© 2015 IBM Corporation Case Study – Major European Air Force Business Challenge • Support Organisational Transformation • HQ Task Distribution • Senior Staff demanding Mobile Access IBM Solution • IBM Connections (including Mobile App) • MS Sharepoint Integration (Doc Management) • MaaS 360 based Tablet Security Benefits • Improved work efficiency • Consistent & timely information access • Secure MODERN tablet 9
© 2015 IBM Corporation Section Summary 10 1. Cloud, Big Data / Analytics, Social Business & Mobile are all relevant to, and increasingly used by Industry & Government 2. Most value accrues at the points of intersection = Systems of Engagement 3. Systems of Engagement can underpin organisational transformation, enhancing intelligence-led business
© 2015 IBM Corporation Agenda 11 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
© 2015 IBM Corporation IBM’s Definition . . . Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption. 12
© 2015 IBM Corporation The Millennial Generation . . . 13 Expect:  to embrace technology for improved productivity and simplicity in their personal lives  tools that seem made for and by them  freedom of choice, embracing change and innovation Innovate in a new way:  Actively involve a large user population  Work at Internet Scale and Speed  Discover the points of value via iteration  Engage the Millennial generation
© 2015 IBM Corporation Smart Phones (& Tablets) . . . 14  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
© 2015 IBM Corporation . . . are harder to defend . . . 15  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Most users disable security features  Stolen or “found” devices information – and very easy to loose  Malware, mobile spyware, account impersonation  Need to extend password, encryption policies  Extends set of attack vectors
© 2015 IBM Corporation . . . and now mainstream. 16  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
© 2015 IBM Corporation Social Media – Lifestyle Centric Computing 17 www.theconversationprism.com Different Channels Web centric Conversational Personal Open Explosive growth
© 2015 IBM Corporation Social Business – Relevance for (e.g) Defence 18 Driver How social business can help . . . Coalition operations the norm Find and connect with experts other coalition members Demonstrate clear coalition value to stakeholders Budgetary pressures Improved efficiencies through use of social media platform Develop critical skills by virtual training Ever more complex missions Tap into mission expertise and lessons learnt Use jams, blogs & wikis to solve problems Cyber security threat Secure hosted social media platform Analysis of threat social media activity Technology driven change Promote technology usage through blogs, jams Information & education on mission value of technology Unknown asymmetric threat Supplement intelligence on threat by monitoring social media usage Collaborate cross department on specific threats
© 2015 IBM Corporation Internal Amnesia, External Ignorance – Case Study 19 Client’s Challenges • Silo’d Organisation • Lack of Consistent Methodology • External Ignorance • Internal Amnesia Monitor bad guys • Early Warning of events / incident • Information to Commander Alternatives to • Workflow Centric Analysis • Traditional Intelligence Sources IBM Solution • IBM Connections • Analysis Software • GBS Integration & Configuration
© 2015 IBM Corporation Social Media - Special Security Challenges  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting 20 Source: Digital Shadows, Sophos, Facebook
© 2015 IBM Corporation Section Summary 21 1. Social Business and Mobile are underpinning organisational transformation 2. Millennial Generation expect technologies in the workplace 3. Introduce new vulnerabilities – understand to contain
© 2015 IBM Corporation Agenda 22 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
© 2015 IBM Corporation Balance Technical Mitigation  Better firewalls  Improved anti-virus  Advanced Crypto 23 People Mitigation  Leadership  Education  Culture  Process
© 2015 IBM Corporation Risk Management Approach 24  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Maturity-based approach Proactive AutomatedManual Reactive
© 2015 IBM Corporation Securing a Mobile Device Device Security • Enrolment & access control • Security Policy enforcement • Secure data container • Remote wipe Transaction Security • Allow transactions on individual basis • Device monitoring & event detection • Sever based risk engine – allow, restrict, flag for review Software & Application • Endpoint management – software • Application: secure by design • Application scanning for vulnerabilities Access Control • Enforce access policies • Approved devices and users • Context aware authorisation 25
© 2015 IBM Corporation Secure, Social Business 26 Leadership • More senior, most impact • Important to leader, important to all • Setting “tone” for culture Culture • Everyone knows importance AND risk • Full but SAFEusage • Mentoring Process • What’s allowed, what’s not • Internal & external usage • Smart, real time black listing Education • Online education (benefits, risks) • Annual recertification • For all, at all levels
© 2015 IBM Corporation Security Intelligence > Smart Analysis of too much data! * Truthfulness, accuracy or precision, correctness Volume Velocity Veracity*Variety Data at Rest Terabytes to exabytes of existing data to process Data in Motion Streaming data, milliseconds to seconds to respond Data in Many Forms Structured, unstructured, text, multimedia Data in Doubt Uncertainty due to data inconsistency & incompleteness, ambiguities, latency, deception, model approximations
© 2015 IBM Corporation Data ingest Insights IBM Security QRadar • Hadoop-based • Enterprise-grade • Any data / volume • Data mining • Ad hoc analytics • Data collection and enrichment • Event correlation • Real-time analytics • Offense prioritization Big Data Platform Custom AnalyticsAdvanced Threat Detection Traditional data sources IBM InfoSphere BigInsights Non-traditional Security Intelligence Platform Integrated Approach
© 2015 IBM Corporation Section Summary 29 1. Containment is possible with correct approach 2. Need for a business / mission based (not technology) viewpoint 3. Holistic, balanced, risk centric approach
© 2015 IBM Corporation Agenda 30 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
© 2015 IBM Corporation Systems of Insight 31
© 2015 IBM Corporation Generation 3 Cloud Challenges . . . 32 Static, Perimeter Controls Cloud 1.0 Cloud 2.0 Cloud 3.0 Static Perimeter controls Reactive, Defence in Depth Adaptive, Contextual Security Attackers exploit platform shifts to launch new attacks on high value workloads and data Challenge 1 Challenge 2 Challenge 3 Fragmented and complex security controls Sophisticated threats and attackers Increased attack surface due to agile and composable systems
© 2015 IBM Corporation Contextual, Adaptive Security 33 Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Defence Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from Active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
© 2014 IBM Corporation Cyber Security – Fitness for Purpose? 1. Are you ready to respond to a security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? 34 Maturity-based approach Proactive AutomatedManual Reactive
© 2014 IBM Corporation Section Summary 35 1. Systems of Insight further extend business / mission value 2. Delivered on (secure) “generation 3” Cloud 3. Cyber Security must be designed in, evolving
© 2014 IBM Corporation Summary 36 1. Systems of Engagement (& Insight) help organisations transform, maintain information advantage 2. Social Business & Mobile drive much value, but new vulnerabilities need to be understood to be mitigated 3. Cyber security approach needs to be balanced, risk management based and “designed in”.
© 2014 IBM Corporation Thanks! John Palfreyman 2dsegma@uk.ibm.com

More Related Content

PDF
10 Security Essentials Every CxO Should Know
byIBM Security
 
PPTX
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
byIBM Security
 
PDF
Mobile Vision 2020
byIBM Security
 
PPTX
Secure Systems of Engagement
byJohn Palfreyman
 
PDF
IBM Security - 2015 - Client References Guide
byFrancisco González Jiménez
 
PPTX
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
byIBM Security
 
PPTX
How Vulnerable is Your Critical Data?
byIBM Security
 
PDF
Security Trends in the Retail Industry
byIBM Security
 
10 Security Essentials Every CxO Should Know
byIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
byIBM Security
 
Mobile Vision 2020
byIBM Security
 
Secure Systems of Engagement
byJohn Palfreyman
 
IBM Security - 2015 - Client References Guide
byFrancisco González Jiménez
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
byIBM Security
 
How Vulnerable is Your Critical Data?
byIBM Security
 
Security Trends in the Retail Industry
byIBM Security
 

What's hot

PPTX
Mobile Payments: Protecting Apps and Data from Emerging Risks
byIBM Security
 
PPTX
IBM QRadar UBA
byIBM Security
 
PPTX
Securing your digital world cybersecurity for sb es
bySonny Hashmi
 
PPT
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
PDF
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
byIBM Security
 
PDF
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
byIBM Security
 
PPT
Cognitive security
byIqra khalil
 
PDF
Bring Your Own Device (BYOD)
byMurray Security Services
 
PDF
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
byIBM Security
 
PDF
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
byIBM Security
 
PDF
The Economics of IT Risk and Reputation
byIBM Security
 
PDF
Pulse 2013 - How to run a successful BYOD initiative
byChris Pepin
 
PPTX
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
byIBM Security
 
PDF
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
PDF
8 Principales Raisons de Passer du MDM à l'EMM
byAGILLY
 
PDF
Securing a mobile oriented enterprise
byinfra-si
 
PDF
Kista watson summit final public version
byIBM Sverige
 
PDF
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
byIBM Security
 
PPTX
QRadar & XGS: Stopping Attacks with a Click of the Mouse
byIBM Security
 
PPTX
Hp It Performance Suite Customer Presentation
byesbosman
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
byIBM Security
 
IBM QRadar UBA
byIBM Security
 
Securing your digital world cybersecurity for sb es
bySonny Hashmi
 
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
byIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
byIBM Security
 
Cognitive security
byIqra khalil
 
Bring Your Own Device (BYOD)
byMurray Security Services
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
byIBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
byIBM Security
 
The Economics of IT Risk and Reputation
byIBM Security
 
Pulse 2013 - How to run a successful BYOD initiative
byChris Pepin
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
byIBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
8 Principales Raisons de Passer du MDM à l'EMM
byAGILLY
 
Securing a mobile oriented enterprise
byinfra-si
 
Kista watson summit final public version
byIBM Sverige
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
byIBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
byIBM Security
 
Hp It Performance Suite Customer Presentation
byesbosman
 

Viewers also liked

PPT
Cyber security 22-07-29=013
byDr. Amitabha Yadav
 
PDF
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
byKyle Lai
 
PDF
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
PPTX
Cyber Security Professionals Viewed via Supply Chain
byaletarw
 
PPTX
Internet Safety
byTsenn13
 
PDF
IBM Security Services
byRainer Mueller
 
DOCX
Internet Then and Now
byKeanna Rae Mejia
 
PPTX
Are you putting your organization at risk?
byPanaya
 
PPTX
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
byJack Whitsitt
 
PPT
Health Total
byAlisiaG
 
PDF
オールフェスタ Git勉強会資料 (public)
byShunsuke Tadokoro
 
PPTX
Jf bton-sm
byKrystian Szastok
 
PDF
Maria Grazia Maffucci - relazione di basi di dati
byMaria Grazia Maffucci
 
PPTX
SITE-rminology
byKeanna Rae Mejia
 
PPTX
Slideshare TP
byDanishaAmrina
 
PPTX
Clearance barriers to Cyber Security Profession
byaletarw
 
PPTX
Quartz component
byDurga Prasad Kakarla
 
PPTX
Idea presentation for economics
byBritneyBondin
 
PPTX
In fowmashon william shakespear and romeo and juleyet
byJames D'Arcy
 
PDF
SANT ENGINEERING COMPANY
bySant Engineering Company
 
Cyber security 22-07-29=013
byDr. Amitabha Yadav
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
byKyle Lai
 
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
Cyber Security Professionals Viewed via Supply Chain
byaletarw
 
Internet Safety
byTsenn13
 
IBM Security Services
byRainer Mueller
 
Internet Then and Now
byKeanna Rae Mejia
 
Are you putting your organization at risk?
byPanaya
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
byJack Whitsitt
 
Health Total
byAlisiaG
 
オールフェスタ Git勉強会資料 (public)
byShunsuke Tadokoro
 
Jf bton-sm
byKrystian Szastok
 
Maria Grazia Maffucci - relazione di basi di dati
byMaria Grazia Maffucci
 
SITE-rminology
byKeanna Rae Mejia
 
Slideshare TP
byDanishaAmrina
 
Clearance barriers to Cyber Security Profession
byaletarw
 
Quartz component
byDurga Prasad Kakarla
 
Idea presentation for economics
byBritneyBondin
 
In fowmashon william shakespear and romeo and juleyet
byJames D'Arcy
 
SANT ENGINEERING COMPANY
bySant Engineering Company
 

Similar to Smarter cyber security v8

PPT
Cyber crime in a Smart Phone & Social Media Obsessed World
byJohn Palfreyman
 
PPT
Smarter Cyber Security
byJohn Palfreyman
 
PDF
The nexus of Social, Mobile, Cloud and Big Data Analytics
byE-Government Center Moldova
 
PPT
Breaking down the cyber security framework closing critical it security gaps
byIBM Security
 
PDF
IBM - IAM Security and Trends
byIBM Sverige
 
PPTX
Take your SOC Beyond SIEM
byThomas Springer
 
PDF
A New Remedy for the Cyber Storm Approaching
bySPI Conference
 
PPT
IBM Solutions Connect 2013 IT Day Keynote
byIBM Software India
 
PDF
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
byGlobal Business Events
 
PPT
Securing Systems of Engagement
byJohn Palfreyman
 
PDF
Cyber Security at CTX15, London
byJohn Palfreyman
 
PDF
Rochester Security Event
bycalebbarlow
 
PDF
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
PPTX
IBM Relay 2015: Securing the Future
byIBM
 
PPT
Ibm client strategy final [v4]
byMorten Bjørklund
 
PDF
World of Watson 2016 - For your Boss - Panel discussions
byKeith Redman
 
PDF
World of Watson 2016 - Information Insecurity
byKeith Redman
 
PPTX
Pulse Comes To You Intro
byIBM Danmark
 
PDF
Staying ahead in the cyber security game - Sogeti + IBM
byRick Bouter
 
PDF
Lotusphere 2012 - The social business update
byIBM Collaboration Solutions - Denmark
 
Cyber crime in a Smart Phone & Social Media Obsessed World
byJohn Palfreyman
 
Smarter Cyber Security
byJohn Palfreyman
 
The nexus of Social, Mobile, Cloud and Big Data Analytics
byE-Government Center Moldova
 
Breaking down the cyber security framework closing critical it security gaps
byIBM Security
 
IBM - IAM Security and Trends
byIBM Sverige
 
Take your SOC Beyond SIEM
byThomas Springer
 
A New Remedy for the Cyber Storm Approaching
bySPI Conference
 
IBM Solutions Connect 2013 IT Day Keynote
byIBM Software India
 
Brendan Byrne, Security Services Consulting and Systems Integration Leader at...
byGlobal Business Events
 
Securing Systems of Engagement
byJohn Palfreyman
 
Cyber Security at CTX15, London
byJohn Palfreyman
 
Rochester Security Event
bycalebbarlow
 
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
IBM Relay 2015: Securing the Future
byIBM
 
Ibm client strategy final [v4]
byMorten Bjørklund
 
World of Watson 2016 - For your Boss - Panel discussions
byKeith Redman
 
World of Watson 2016 - Information Insecurity
byKeith Redman
 
Pulse Comes To You Intro
byIBM Danmark
 
Staying ahead in the cyber security game - Sogeti + IBM
byRick Bouter
 
Lotusphere 2012 - The social business update
byIBM Collaboration Solutions - Denmark
 

Recently uploaded

PPTX
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Career Blueprint - Future Career Vision & Success Stories - 2025 - Part 1
byDianaGray10
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 

Smarter cyber security v8

  • 1.
    © 2015 IBMCorporation Smarter Cyber Security V8; 5 Jan 15 John Palfreyman, IBM
  • 2.
    © 2015 IBMCorporation Agenda 2 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
  • 3.
    © 2015 IBMCorporation Smarter Planet 3 Instrumented – Interconnected - Intelligent
  • 4.
    © 2015 IBMCorporation Cloud Drivers  Mission speed and agility  New business models – alternatives to escalating CAPEX Sample Use Cases  Back office functions (HR, CRM, SCM) as a service  Predictive and analytics functions (e.g. for smart procurement) as a service 4
  • 5.
    © 2015 IBMCorporation Mobile Drivers  Inherently mobile operations  Business agility and flexibility  Rate of change of technology Sample Use Cases  Mobile information capture, with workflow management  Education where & when needed  Case advice to social workers 5
  • 6.
    © 2015 IBMCorporation Big Data / Analytics Drivers  Masses of sensor data available  Need for intelligence to help make government / industry “smarter”  Increasing proportion of “unreliable” data Sample Use Cases  Analysis of citizen group sentiment & need based on their Social Media usage  Sensor data processing for traffic & utility prediction  Predictive policing operations based on historical mission data analysis & sensor data 6
  • 7.
    © 2015 IBMCorporation Social Business Drivers  Use of Social Channels by clients / citizens / bad guys  New recruitment approach – drive to attract “the best!”  Personnel rotation & retirement Sample Use Cases  Citizen (/consumer) sentiment analysis  Terrorism detection, investigation & prevention  Knowledge capture and dissemination  Recruitment, rapid onboarding & retention of key staff 7
  • 8.
    © 2015 IBMCorporation Systems of Engagement 8  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Social Business Mobile Big Data / Analytics Cloud
  • 9.
    © 2015 IBMCorporation Case Study – Major European Air Force Business Challenge • Support Organisational Transformation • HQ Task Distribution • Senior Staff demanding Mobile Access IBM Solution • IBM Connections (including Mobile App) • MS Sharepoint Integration (Doc Management) • MaaS 360 based Tablet Security Benefits • Improved work efficiency • Consistent & timely information access • Secure MODERN tablet 9
  • 10.
    © 2015 IBMCorporation Section Summary 10 1. Cloud, Big Data / Analytics, Social Business & Mobile are all relevant to, and increasingly used by Industry & Government 2. Most value accrues at the points of intersection = Systems of Engagement 3. Systems of Engagement can underpin organisational transformation, enhancing intelligence-led business
  • 11.
    © 2015 IBMCorporation Agenda 11 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
  • 12.
    © 2015 IBMCorporation IBM’s Definition . . . Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption. 12
  • 13.
    © 2015 IBMCorporation The Millennial Generation . . . 13 Expect:  to embrace technology for improved productivity and simplicity in their personal lives  tools that seem made for and by them  freedom of choice, embracing change and innovation Innovate in a new way:  Actively involve a large user population  Work at Internet Scale and Speed  Discover the points of value via iteration  Engage the Millennial generation
  • 14.
    © 2015 IBMCorporation Smart Phones (& Tablets) . . . 14  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
  • 15.
    © 2015 IBMCorporation . . . are harder to defend . . . 15  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Most users disable security features  Stolen or “found” devices information – and very easy to loose  Malware, mobile spyware, account impersonation  Need to extend password, encryption policies  Extends set of attack vectors
  • 16.
    © 2015 IBMCorporation . . . and now mainstream. 16  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
  • 17.
    © 2015 IBMCorporation Social Media – Lifestyle Centric Computing 17 www.theconversationprism.com Different Channels Web centric Conversational Personal Open Explosive growth
  • 18.
    © 2015 IBMCorporation Social Business – Relevance for (e.g) Defence 18 Driver How social business can help . . . Coalition operations the norm Find and connect with experts other coalition members Demonstrate clear coalition value to stakeholders Budgetary pressures Improved efficiencies through use of social media platform Develop critical skills by virtual training Ever more complex missions Tap into mission expertise and lessons learnt Use jams, blogs & wikis to solve problems Cyber security threat Secure hosted social media platform Analysis of threat social media activity Technology driven change Promote technology usage through blogs, jams Information & education on mission value of technology Unknown asymmetric threat Supplement intelligence on threat by monitoring social media usage Collaborate cross department on specific threats
  • 19.
    © 2015 IBMCorporation Internal Amnesia, External Ignorance – Case Study 19 Client’s Challenges • Silo’d Organisation • Lack of Consistent Methodology • External Ignorance • Internal Amnesia Monitor bad guys • Early Warning of events / incident • Information to Commander Alternatives to • Workflow Centric Analysis • Traditional Intelligence Sources IBM Solution • IBM Connections • Analysis Software • GBS Integration & Configuration
  • 20.
    © 2015 IBMCorporation Social Media - Special Security Challenges  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting 20 Source: Digital Shadows, Sophos, Facebook
  • 21.
    © 2015 IBMCorporation Section Summary 21 1. Social Business and Mobile are underpinning organisational transformation 2. Millennial Generation expect technologies in the workplace 3. Introduce new vulnerabilities – understand to contain
  • 22.
    © 2015 IBMCorporation Agenda 22 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
  • 23.
    © 2015 IBMCorporation Balance Technical Mitigation  Better firewalls  Improved anti-virus  Advanced Crypto 23 People Mitigation  Leadership  Education  Culture  Process
  • 24.
    © 2015 IBMCorporation Risk Management Approach 24  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Maturity-based approach Proactive AutomatedManual Reactive
  • 25.
    © 2015 IBMCorporation Securing a Mobile Device Device Security • Enrolment & access control • Security Policy enforcement • Secure data container • Remote wipe Transaction Security • Allow transactions on individual basis • Device monitoring & event detection • Sever based risk engine – allow, restrict, flag for review Software & Application • Endpoint management – software • Application: secure by design • Application scanning for vulnerabilities Access Control • Enforce access policies • Approved devices and users • Context aware authorisation 25
  • 26.
    © 2015 IBMCorporation Secure, Social Business 26 Leadership • More senior, most impact • Important to leader, important to all • Setting “tone” for culture Culture • Everyone knows importance AND risk • Full but SAFEusage • Mentoring Process • What’s allowed, what’s not • Internal & external usage • Smart, real time black listing Education • Online education (benefits, risks) • Annual recertification • For all, at all levels
  • 27.
    © 2015 IBMCorporation Security Intelligence > Smart Analysis of too much data! * Truthfulness, accuracy or precision, correctness Volume Velocity Veracity*Variety Data at Rest Terabytes to exabytes of existing data to process Data in Motion Streaming data, milliseconds to seconds to respond Data in Many Forms Structured, unstructured, text, multimedia Data in Doubt Uncertainty due to data inconsistency & incompleteness, ambiguities, latency, deception, model approximations
  • 28.
    © 2015 IBMCorporation Data ingest Insights IBM Security QRadar • Hadoop-based • Enterprise-grade • Any data / volume • Data mining • Ad hoc analytics • Data collection and enrichment • Event correlation • Real-time analytics • Offense prioritization Big Data Platform Custom AnalyticsAdvanced Threat Detection Traditional data sources IBM InfoSphere BigInsights Non-traditional Security Intelligence Platform Integrated Approach
  • 29.
    © 2015 IBMCorporation Section Summary 29 1. Containment is possible with correct approach 2. Need for a business / mission based (not technology) viewpoint 3. Holistic, balanced, risk centric approach
  • 30.
    © 2015 IBMCorporation Agenda 30 Systems of Engagement Cyber Security Implications Cyber Security Risk Mitigation Future Perspective
  • 31.
    © 2015 IBMCorporation Systems of Insight 31
  • 32.
    © 2015 IBMCorporation Generation 3 Cloud Challenges . . . 32 Static, Perimeter Controls Cloud 1.0 Cloud 2.0 Cloud 3.0 Static Perimeter controls Reactive, Defence in Depth Adaptive, Contextual Security Attackers exploit platform shifts to launch new attacks on high value workloads and data Challenge 1 Challenge 2 Challenge 3 Fragmented and complex security controls Sophisticated threats and attackers Increased attack surface due to agile and composable systems
  • 33.
    © 2015 IBMCorporation Contextual, Adaptive Security 33 Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Defence Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from Active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
  • 34.
    © 2014 IBMCorporation Cyber Security – Fitness for Purpose? 1. Are you ready to respond to a security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? 34 Maturity-based approach Proactive AutomatedManual Reactive
  • 35.
    © 2014 IBMCorporation Section Summary 35 1. Systems of Insight further extend business / mission value 2. Delivered on (secure) “generation 3” Cloud 3. Cyber Security must be designed in, evolving
  • 36.
    © 2014 IBMCorporation Summary 36 1. Systems of Engagement (& Insight) help organisations transform, maintain information advantage 2. Social Business & Mobile drive much value, but new vulnerabilities need to be understood to be mitigated 3. Cyber security approach needs to be balanced, risk management based and “designed in”.
  • 37.
    © 2014 IBMCorporation Thanks! John Palfreyman [email protected]

Editor's Notes

  • #13 Cyber Security = lack of clarity : hence definition BUSINESS RISK centric definition MINIMISE key (never assume perfect) Open for debate!