It was great to be back at Infosec, with a very colourful IBM booth, that clearly stands out from the crowd! We had four sessions during the day, and below are the key points that I thought were raised.
Our first session was given by Robert Freeman, Manager of X-Force Advance Research Strategy, on The Advanced Persistent Threat in 2012, who opened by talking to the audience about the role of the X-Force team at IBM. He spoke about how 2011 was the year of the security breach, and went into some specific, well known examples that made it into the news during the year. Robert then talked to the audience about who is actually attacking our networks - attacker types and techniques based on the X-Force research, be it off the shelf versus sophisticated attacks, broad versus targeted, financially motivated, state sponsored, or all out cyber war!
Robert used the analogy of in past it was dumpster diving - looking through someone's trash, now its breaking into a computer network & attacking - attackers are now more and more stealthy and stay as long as possible. Web browsers & their plug ins continue to be the largest category of client side vulnerabilities. He said that unfortunately there are no perfect detections methods, but every detection is a win. He also urged the audience to not just put the fire out and go back to work, if it has gone too quiet then you are missing attacks.
The next IBM session was given by Steve Durkin, who joins IBM from our recent acquisition of Q1 labs, whose session was titled “providing your business, total security intelligence”. Steve Durkin opened the session by talking about Security and Information Event Management or SIEM for short! He wanted the audience to understand that SIEM leads to actionable and comprehensive insight into their security infrastructure. He also took the audience through the industry examples of attacks on businesses we have all seen in the press during the last few years. Steve spoke about the four domains or pillars that IBM see as forming a comprehensive IT Security – People, Data, Applications and Infrastructure - if you have got all four areas covered you've cracked it. He then explained that Q1 labs products should been seen as the glue that hold all of these together. Steven urged that internal threats are just as dangerous as external ones. He wanted the audience to ask themselves if they have taken the best steps to protect against these.
Steve then took the audience through some Q1 case studies – such as the work they did at Chevron Oil (more info about you can find out about on the Q1 website). He talked about how the Q1 labs product can help pull all information together and analyse it, to show you where the vital attacks are taking place, what's being hit and impact it will have. He gave a few more product examples and suggested if the audience were interested they should start small and add functionality using normal software updates, the products are simple and quick to deploy, on one pane of glass.
Vijay Dheap was next up for IBM, who talked to the audience about Securing Mobile Devices in the Enterprise. He gave some very interesting stats, such as in 2011 sales of smart phones surpassed that of PCs, soon they will dwarf the sales of PC, by 2015 40% of Enterprise devices will be mobile devices – (an IBM projection) and 50% of all apps send device information or personal details. Social norms are now different - mobile devices used in way more locations, mobile devices shared more often, and user experience is prioritised. He continued by talking about how apps now push the boundaries of collaborations, but unfortunately leave you open to attacks. He urged the audience to have visibility to what mobile devices are connected to their corporate network and be reactive, be responsive, and be transparent.
Vijay explained that lost devices are still top of CSO worries, they want to know things such as how to selectively wipe the device central and how to be 100% compliant. Vijay finished by speaking about the various Mobile Device Management products and services IBM have – all of which you can find out more about on the IBM website.
Our final session of the day was given by Simon Smith who presented on Infrastructure Protection - Towards an Optimised Security Position. He talked about how IBM is keen to usher in new era of security intelligence. He then took the audience through what he saw where the different stages companies are at when it comes to IT Security, asking the audience to share where they thought they were in the journey. He first discussed what “basic” security looks like: point solutions, stand alone products & deployments, different solutions for every problem block and prevent attacks, and analysis is mostly manual & reactive.
Simon then looked at what would constitute as “proficient” security – such as - further data feeds, introduce decision making based on knowledge of assets, greater investigative capability, still large amounts of manual involvement, and analysis and investigation is largely manual.
He then looked at the final stage, “optimised security”, where there is enriched data and increased information such as from -
Vulnerability assessment tools
This is combined with correlation and analytics, alerts based on predefined rules and information, auto analysis and assessment reports and alerts. Simon closed by saying there are no absolutes, no scoring systems, you should look at where we are and your aspirations.
Simon mentioned that there will be new product announcements tomorrow morning, so be sure to follow me @RSwindell and @IBMSecurity to find out what they are! #
If you would like copies of any of the presentations, please email be at firstname.lastname@example.org.
Come back tomorrow evening for my thoughts from day 2 of Infosecurity 2012!