We had one session in the technical theatre today, given by Robert Freeman on IBM XFORCE cyber security threat landscape. The session was very well attended, with over ninety people in the room as well as it being live streamed into conference hall.
Robert began the talk by explaining the IBMs X-Force team mission, giving some great stats around the analysis they do. For more information on this and to download the report etc please see below.
Robert then explained how IBM viewed 2011 as the year of security breach. He gave examples of notable security breaches during the last twelve months, including some of the high profile ones we have all seen in the national press. These included SQL injection attacks against web servers, URL tampering, shell command injection attacks, SSH brute force activity, and phishing based malware distribution and click fraud - which is back up to where it was in early 2008.
As had been mentioned in other IBM sessions, Robert spoke about the decline seen in web app vulnerabilities - a decline of 8% from 2011 and the lowest it's been since 2005. He also talked about how there are now much better patching policies due to pressure from public at large and he predicted there will be continued investment in this.
Robert closed the session by talking about the security challenges emerging in the emerging areas of cloud and mobile. Smartphones and tablets are ever increasingly being brought into the workplace and attackers are finally warming to the opportunities these devices represent. Unfortunately 3rd party apps can lack secure permission coding etc leaving them vulnerable to attacks. He finished by talking about some of the high profile cloud breaches which are affecting known organisations and large amounts of customers. Good Cloud security requires cloud appropriate workloads, a flexible provider and effective due defence on part of the customer.
If anyone is ingesting in learning more about IBMs many security solutions, then please register for our Pulse Comes to You event in London on the 30th May here - http://ibm.co/JgmnZD
If you can't attend the event then follow me on @Rswindell or @IBMPulse, as I will be posting updates through out the day. I will also be blogging here both pre and post the event.
Please follow @IBMSecurity for more information specifically on our security events, news, collateral and more.
If you attended the event, I hope you enjoyed it as much as I did. See you next year!!