Cloud & Service Management blog
Kimberlee Kemble 120000GMAV KEMBLE@US.IBM.COM Tags:  security service-management integrated-service-manage... x-force 1 Comment 1,352 Visits
It almost goes without saying, but, hey, I'll say it anyway...Security is top of mind for everyone these days, no matter your industry, no matter the size of your organization - and even on a personal level, too. You certainly don't have to be a security manager to be concerned about security, particularly internet security.
Case in point: Which of the following internet vulnerabilities is keeping you up at night these days?
5. Remote access
Perhaps a more precise answer would be "All of the above plus a few more."
So, how can you stay ahead of these types of threats - understanding what the most critical and recurrent vulnerabilities are and what you can do to prevent them? One excellent source of emerging information is the IBM X-Force Research and Development team. For more than a dozen years, these security specialists have tracked well over 40,000 different vulnerabilities, from Trojan horses to malware to Web spoofing, and documented them in the world's largest and most comprehensive threat database.
The IBM X-Force researches and monitors the latest internet threat trends, develops security content for IBM customers, and helps advise customers and the general public on how to respond to emerging and critical threats. Twice a year, the team releases a detailed report discussing the latest security complexities. These reports are far more than just abstract information. They are actionable intelligence, designed to lead to more comprehensive security and a better business outcome. Take a look at the latest report.
For more information about how the IBM X-Force research can help your organization (and perhaps even keep you from losing sleep worrying about security threats), check out this Service Management in Action article.
Signing off for this week,
Your friendly roving Integrated Service Management reporter
Rebecca Swindell 270003U1MK REBECCA.SWINDELL@UK.IBM.COM Tags:  application_security x-force rob_ford infosec rob_whitters simon_smith infosecurity john_smith q1-labs qradar 3,900 Visits
IBM had another great four speaking sessions today, and a colleague of mine -Lauren Mort (@Laurenmort2), joined me to help with our social media activities throughout the day. Below are the key points that Lauren and I thought were raised during the sessions.
Despite our first session being a report of the one given by Simon Smith yesterday, we still learnt some more interesting facts whilst he took the audience through the journey from basic, to proficient to a final state of optimised security (which you can see in more detail in our blog from yesterday - http://ibm.co/IoV9ju). Simon talked about how the optimisation needs to be the specific to the individual company, be it a large multinational bank or a 100 person company in the UK. A good security model can mean high levels of staff retention, because employees are able to be innovative on other projects, rather than having to deal with the daily struggle of keeping the network secure.
Simon spoke about how you need to start understanding what in your network is a normal state and what isn't a normal state in order to achieve the desired “optimised” state. The security needs to fit your business processes to ensure the maximum amount of availability on your systems. Simon finished by talking about how security needs to be built into the design, in an ideal world from the word go – which often is untenable, but it certainly should not just be a “bolt on”. Security is all about risk, and it’s the effective managing of this risk that can lead you to the desired “optimised” state.
The second session of the day was given by John Smith on application security hacking 101 – to a packed room of over 70 people! He opened the session by talking about the work of our X-Force team, who monitor 14b security events every day and produce an annual trends and risks report on what security breaches etc we have seen over the last 12 months. John talked to the audience about SQL injection attacks against web servers, and how they are on the rise - saying there must be a return for the attacker even if it is not at apparent at first. John told the audience that in 2011, 41% security vulnerabilities affected web apps – which is good news as that was down 8% from the previous years, and the lowest it’s been since 2005. This stat shows the organisations are taking the important steps needed to address this problem – by using products like IBMs AppScan!
John then continued the session by looking into XSS vulnerabilities, which still appear in 40% of app scans that IBM perform for companies – which he said was scary as they can so easily be addressed. John explained how injection flaws have “become the poster child of application security”. John then gave the audience an example of an XSS attack, and how much easily a lot of damage can be done, despite warning end users of such possibilities.
John closed the discussion by looking at black box (dynamic) analysis & white box (static) analysis, and gave examples of how these both work. He then offered all the audience a free demonstration of IBM AppScan on their own networks – which many of the audience took him up on!
Rob Ford and Jef Gielkens were next up for IBM, who gave a presentation on Integrated, Intelligent Security analytics for Enterprises. They talked about as the world is becoming more and more digitalised and interconnected, we are opening the door to emerging threats and more data leaks. They looked at four key components that we are currently seeing, all of which are affecting IT Security in some way – Data Explosion, Consumerisation of IT, Everything Everywhere and Attack Sophistication. Jef then looked at the different attacker types and techniques that we are now seeing, and how this is making security a board room discussion, be in affecting brand image, business results, supply chain, legal exposures, impact of hacktivism and audit risk.
Jef talked about how it is no longer enough just to protect the perimeter, silo point products are not enough to secure your enterprises, IBM is integrating across it silos with security intelligence solutions. He spoke about the X-Force protection systems – which is a purpose built, multi tenanted infrastructure designed to collect, aggregate, store, summarise and analyse data to derive the events of most interest.
Rob then took over and showed the audience the MSS architecture overview and how it can be used to optimise security intelligence. He looked into suspicious hosts and IP intelligence. He then took the audience through three use case scenarios – visibility despite encryption or obfuscation, identification of reconnaissance and infected websites. Jef wrapped up the session by stating that intelligent security solutions provide the DNA to secure a Smarter Planet.
Rob Whitters gave the final session of the day for IBM (entitled Next Generation SIEM in Action), who has just joined IBM through the acquisition of Q1 labs. Rob opened by giving a brief history of Q1 labs and his involvement with the company. He explained that Q1 labs solve customer problems with total security intelligence. He explained how they are able to help customers look at the threats on their networks, predict risks against the business, consolidate data silos and detect insider fraud. Rob spoke about how the product can be used to link context to what threats we are seeing on the network, where it’s from, which asset it is affecting, changes in network protocol etc and from this derive vulnerability data.
Rob then took
the audience through a demonstration of the QRadar product, looking at the
customisable dashboards, the role based permissions/access and various
workflows. He explained how QRadar allows you to get to the facts quickly and
the data allows you to be proactive, to do something intelligent with it. He closed by talking about some of the 1500
report templates available inbuilt in the product, that can be used to
demonstrate immediate value.
If you would like copies of any of the presentations, please email me at email@example.com.
Come back tomorrow evening for my thoughts from day 3 and
final overview of Infosecurity 2012!
When I saw Tom Cross give a talk at Innovate 2010 in June, I was first struck with the nonchalance with which he spoke of the black market business of Internet data. I could not have been more intrigued if I were watching a movie adapted from a John Grisham novel. He seemed to have some emotional distance from what creeps most of us out about our mail. And I’m not even talking about email. I mean the good old-fashioned USPS mail. I KNOW I am not the only one who has worn out a few paper shredders thanks to Citibank, Chase, and the like.
The second thing that hijacked my thought train for more than a few moments was how network vulnerabilities are created for the explicit purpose of learning cyber criminal behavior. Like signing up for as much spam as you can. Sure it makes sense to me now. But I am still vaguely uncomfortable talking publicly about threat and attacks. It seems akin to Batman and the Joker building websites to promote their plans to outsmart the other. What was I not getting? By now I was considering slipping quietly out of the room to silence the voice in my head saying I had been foolish, very, very foolish in my confidence as a clever and vigilant consumer of Internet Things.
Realizing that I had some mental catching up to do, I stayed for the lasting impression that could keep me awake at night: just how easy it is to steal digital data. As I struggled with the impartial irony of how enormous yet simple a cat and mouse game Web App security is, visions of Tom and Jerry danced in my boggled brain.