Despite our first session being a report of the one given by Simon Smith yesterday, we still learnt some more interesting facts whilst he took the audience through the journey from basic, to proficient to a final state of optimised security (which you can see in more detail in our blog from yesterday - http://ibm.co/IoV9ju). Simon talked about how the optimisation needs to be the specific to the individual company, be it a large multinational bank or a 100 person company in the UK. A good security model can mean high levels of staff retention, because employees are able to be innovative on other projects, rather than having to deal with the daily struggle of keeping the network secure.
Simon spoke about how you need to start understanding what in your network is a normal state and what isn't a normal state in order to achieve the desired “optimised” state. The security needs to fit your business processes to ensure the maximum amount of availability on your systems. Simon finished by talking about how security needs to be built into the design, in an ideal world from the word go – which often is untenable, but it certainly should not just be a “bolt on”. Security is all about risk, and it’s the effective managing of this risk that can lead you to the desired “optimised” state.
The second session of the day was given by John Smith on application security hacking 101 – to a packed room of over 70 people! He opened the session by talking about the work of our X-Force team, who monitor 14b security events every day and produce an annual trends and risks report on what security breaches etc we have seen over the last 12 months. John talked to the audience about SQL injection attacks against web servers, and how they are on the rise - saying there must be a return for the attacker even if it is not at apparent at first. John told the audience that in 2011, 41% security vulnerabilities affected web apps – which is good news as that was down 8% from the previous years, and the lowest it’s been since 2005. This stat shows the organisations are taking the important steps needed to address this problem – by using products like IBMs AppScan!
John then continued the session by looking into XSS vulnerabilities, which still appear in 40% of app scans that IBM perform for companies – which he said was scary as they can so easily be addressed. John explained how injection flaws have “become the poster child of application security”. John then gave the audience an example of an XSS attack, and how much easily a lot of damage can be done, despite warning end users of such possibilities.
John closed the discussion by looking at black box (dynamic) analysis & white box (static) analysis, and gave examples of how these both work. He then offered all the audience a free demonstration of IBM AppScan on their own networks – which many of the audience took him up on!
Rob Ford and Jef Gielkens were next up for IBM, who gave a presentation on Integrated, Intelligent Security analytics for Enterprises. They talked about as the world is becoming more and more digitalised and interconnected, we are opening the door to emerging threats and more data leaks. They looked at four key components that we are currently seeing, all of which are affecting IT Security in some way – Data Explosion, Consumerisation of IT, Everything Everywhere and Attack Sophistication. Jef then looked at the different attacker types and techniques that we are now seeing, and how this is making security a board room discussion, be in affecting brand image, business results, supply chain, legal exposures, impact of hacktivism and audit risk.
Jef talked about how it is no longer enough just to protect the perimeter, silo point products are not enough to secure your enterprises, IBM is integrating across it silos with security intelligence solutions. He spoke about the X-Force protection systems – which is a purpose built, multi tenanted infrastructure designed to collect, aggregate, store, summarise and analyse data to derive the events of most interest.
Rob then took over and showed the audience the MSS architecture overview and how it can be used to optimise security intelligence. He looked into suspicious hosts and IP intelligence. He then took the audience through three use case scenarios – visibility despite encryption or obfuscation, identification of reconnaissance and infected websites. Jef wrapped up the session by stating that intelligent security solutions provide the DNA to secure a Smarter Planet.
Rob Whitters gave the final session of the day for IBM (entitled Next Generation SIEM in Action), who has just joined IBM through the acquisition of Q1 labs. Rob opened by giving a brief history of Q1 labs and his involvement with the company. He explained that Q1 labs solve customer problems with total security intelligence. He explained how they are able to help customers look at the threats on their networks, predict risks against the business, consolidate data silos and detect insider fraud. Rob spoke about how the product can be used to link context to what threats we are seeing on the network, where it’s from, which asset it is affecting, changes in network protocol etc and from this derive vulnerability data.
Rob then took
the audience through a demonstration of the QRadar product, looking at the
customisable dashboards, the role based permissions/access and various
workflows. He explained how QRadar allows you to get to the facts quickly and
the data allows you to be proactive, to do something intelligent with it. He closed by talking about some of the 1500
report templates available inbuilt in the product, that can be used to
demonstrate immediate value.
If you would like to see live comments during the day from the show, please follow me @RSwindell and @IBMSecurity.
If you would like copies of any of the presentations, please email me at firstname.lastname@example.org.
Come back tomorrow evening for my thoughts from day 3 and
final overview of Infosecurity 2012!