Introducing IBM Security Solutions Cesare Radaelli Security Tiger Team Leader, Italy © 2010 IBM Corporation IBM’s Strategy ONE voice for security. IBM SECURITY SOLUTIONS INNOVATIVE products and services. IBM SECURITY FRAMEWORK COMMITTED to the vision of a Secure Smarter Planet. 2 SECURE BY DESIGN © 2010 IBM Corporation The IBM Security Framework foundation addresses your challenges of cost, complexity and compliance 3 © 2010 IBM Corporation IBM Security Framework 4 © 2010 IBM Corporation IBM Security Network IPS GX7800 Fabio Panada Security Tech Sales Leader © 2010 IBM Corporation 6 What is X-Force? X-Force is the pre-eminent security and threat protection brand for IBM customers. IBM X-Force Research and Development Content Delivery Engine • Continuous 3rd party testing • Develop new security engines to solve evolving threats facing customers • Execute to deliver new content streams for new engines • Add new capabilities to existing engines to combat new threats • Continuously improve security effectiveness Research Industry/Customer Deliverables • Research all security vulnerabilities • Expand current capabilities in research to stay Ahead of the Threat • Continue unique vulnerability, malware and content filtering research The world’s leading enterprise security R&D organization • Blog, Marketing, and Industry Speaking Engagements • X-Force Database Vulnerability Tracking • Trend Analysis and Security Analytics © 2010 IBM Corporation 2010 – Vulnerability Disclosures are at an All-time High Vulnerability disclosures up 27% from 2009 ● Web applications continue to be the largest category of disclosure. ● Increase in vulnerability disclosures due to significant increases in public exploit releases and to efforts by several vendors to identify and mitigate security vulnerabilities. ● © 2010 IBM Corporation Patches Still Unavailable for Over Half of Vulnerabilities • • Over half (55%) of all vulnerabilities disclosed in the 1st half of 2010 had no vendor-supplied patches to remedy the vulnerability. 71% of critical & high vulnerabilities have no patch. Top five operating systems account for 98% of all critical and high operating system disclosures in the first half of 2010. The top five operating systems account for 95% of all operating system vulnerability disclosures. © 2010 IBM Corporation 2010 – Public Exploits Increase to an All-time High ● ● ● Public exploits being released is up about 21% from 2009. Many of these exploits are being released before a vendor patch is available. IPS will continue to move to a more behavioral approach at detecting classes of vulnerabilities and rely less on pattern matching static signatures © 2010 IBM Corporation Obfuscated Web Pages and Files are on the Rise Obfuscation is a technique used by software developers and attackers alike to hide or mask the code used to develop their applications. ● The level of obfuscation found in Web exploits continues to rise. ● Attackers continue to find new ways to disguise their malicious traffic via JavaScript and PDF obfuscation. ● Exploit toolkit packages continue to favor malicious Adobe Flash and PDF, along with Java files. © 2010 IBM Corporation Drivers Influencing IPS Evolution IPv6 – Deployments of IPv6 networks (and heterogeneous IPv4+IPv6) are picking up speed. Performance – 20 gigs and beyond. - As networks grow larger and faster there will be a need for more speed - As more technologies converge with IPS more bandwidth will be needed Vulnerabilities and Exploits – The number of vulnerabilities and public exploits being disclosed is increasing each year – Behavioral deep packet inspection protocol decodes will continue to be more important. – Attackers are hiding their exploit code inside of compound files and container files, making simple pattern matching IPS techniques less useful – IPS must use more behavioral and anomaly detection and less pattern matching. Obfuscation – Increases in the obfuscated web pages and files. – Obfuscation detection will continue to evolve in IPS. Evasions – New evasion techniques will continue to be discovered Applications – The number of web applications will continue to increase – Application identification, control (allow/deny), and QoS will be important. Compound Documents and Container Files – Increasingly used in attacks. – The need to look “inside” of PDF files and Office documents © 2010 IBM Corporation Introducing IBM Security Network IPS GX7800 Key Pain Points Core Capabilities • • • • Beyond traditional network IPS to deliver comprehensive security including: Balance security and performance of business critical applications Address changing threats with limited expertise, resources, and budget Reduce cost and complexity of security infrastructure Larger organizations require security at network core IBM Security Network Intrusion Prevention GX7800 is the newest addition to IBM’s market-leading portfolio of Intrusion Prevention security appliances •Web application protection •Protection from client-side attacks •Data Loss Prevention (DLP) •Application control •Virtual Patch technology Unmatched Performance delivering 20Gbps+ of throughput and 10GbE connectivity without compromising breadth and depth of security Evolving protection powered by world renowned X-Force research to stay “ahead of the threat” Reduced cost and complexity through consolidation of point solutions and integrations with other security tools © 2010 IBM Corporation IBM Security Network IPS Overview GX7800 Industry-leading solutions for Remote segments, Perimeter, and Core deployments NEW Comprehensive line of models available – Performance surpassing 20Gbps inspected throughput capacity – Up to eight protected network segments IBM Security Network IPS Throughput Metrics Remote Segments 13 Perimeter Core Model GX4004-V2-200 GX4004-V2 GX5008-V2 GX5108-V2 GX5208-V2 GX6116 GX7800 Inspected Throughput 200 Mbps 800 Mbps 1.5 Gbps 2.5 Gbps 4 Gbps 8 Gbps 20 Gbps+ Protected Segments 2 2 4 4 4 8 4 © 2010 IBM Corporation Beyond Traditional Network Intrusion Prevention Virtual Patch What It Does: Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach Why Important: At the end of 2009, 52% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability. Client-Side Application Protection Web Application Protection What It Does: Protects end users against attacks targeting applications used everyday such as Microsoft Office, Adobe PDF, Multimedia files and Web browsers. What It Does: Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP fileincludes, CSRF (Crosssite request forgery). Why Important: At the end of 2009, vulnerabilities, which affect personal computers, represent the second-largest category of vulnerability disclosures and represent about a fifth of all vulnerability disclosures. Why Important: Expands security capabilities to meet both compliance requirements and threat evolution. Threat Detection & Prevention What It Does: Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability. Why Important: Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities. Data Security Application Control What It Does: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist. What It Does: Manages control of unauthorized applications and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling. Why Important: Flexible and scalable customized data search criteria; serves as a complement to data security strategy. Why Important: Enforces network application and service access based on corporate policy and governance. © 2010 IBM Corporation IPS New Features & Enhancements PAM 2.0 Add PAM Flow (netflow from Protocol Analysis Module) Add “network friendly” features Usability improvements Check categorization DLP Lite (based on PAM CA) SSL decryption 100% SNORT engine IP Reputation © 2010 IBM Corporation For More IBM X-Force Security Leadership X-Force Trend Reports The IBM X-Force Trend & Risk Reports provide statistical information about all aspects of threats that affect Internet security,. Find out more at http://www-935.ibm.com/services/us/iss/xforce/trendreports/ X-Force Security Alerts and Advisories Only IBM X-Force can deliver preemptive security due to our unwavering commitment to research and development and 24/7 global attack monitoring. Find out more at http://xforce.iss.net/ X-Force Blogs and Feeds For a real-time update of Alerts, Advisories, and other security issues, subscribe to the X-Force RSS feeds. You can subscribe to the X-Force alerts and advisories feed at http://iss.net/rss.php or the Frequency X Blog at http://blogs.iss.net/rss.php © 2010 IBM Corporation You can’t secure what you don’t know. You need good mapping of your sensitive assets — both of your database instances and your sensitive data inside your databases.” Ron Ben Natan, Ph.D., CTO, Guardium La gestione e protezione degli accessi ai database aziendali : IBM InfoSphere Guardium Claudio Balestri - Information Management Sales - Italy © 2010 IBM Corporation Agenda Introduzione alla soluzione Principali funzionalità Architettura e ambienti supportati Vantaggi & Value Proposition Clienti © 2010 IBM Corporation La protezione dei database : la situazione oggettiva 1. Minacce dall’esterno • 2. 3. Prevenzione del furto di dati Minacce dall’interno • Accessi non autorizzati • Variazioni ai dati sensibili e agli schemi dei database Compliance • Esigenze di semplificazione dei processi • Riduzione dei costi connessi agli adempimenti di legge © 2010 IBM Corporation Introduzione alla soluzione InfoSphere Guardium • Prevenire i cyber-attacchi • Controlli automatizzati e centralizzati • • • • • • • • • • • • Monitorare e bloccare gli utenti privilegiati Rilevare le frodi a livello di applicazione Applicare i controlli delle modifiche Notifica degli “alert” in tempo reale Controllare le firecall ID Integrazione SIEM Repository di verifica cross-DBMS Policies/reports preconfigurati Gestione dei sign-off Reporting delle autorizzazioni Impatto minimo sulle prestazioni Nessuna modifica al database • Trovare e classificare i dati sensibili nei • Valutare le vulnerabilità del database dbms • Aggiornare costantemente le politiche di sicurezza • Scoprire malware incorporato e bombe logiche statiche e comportamentali • Verifica della configurazione • Test preconfigurati basati sugli standard di best practices (STIG, CIS, CVE) © 2010 IBM Corporation Principali funzionalità In sintesi le principali funzionalità possono essere individuate nelle seguenti 4 aree : Monitor & Enforce : Effettua sui DB operazioni di monitoraggio e controlli di sicurezza con l’utilizzo di funzionalità di enforcement. Audit & Report : Offre una reportistica che rappresenta il risultato di un continuo e granulare tracciamento e analisi di tutte le attività effettuate sui DB. Asses & Harden : E’ in grado di seguire il vulnerability management ovvero effettua il delivery di funzioni di sicurezza e di conformità di tutte le piattaforme DBMS e le applicazioni enterprise. Find & Classify : Individua tutti i database che contengono dati sensibili e recepisce come essi vengono acceduti (da parte di applicazioni, processi batch, query ad hoc ecc..). © 2010 IBM Corporation Architettura - Scalabile e Multilivello Oracle on Linux for System z Integration with LDAP, IAM, SIEM, CMDB, change ticketing, … © 2010 IBM Corporation Piattaforme e ambienti supportati © 2010 IBM Corporation Vantaggi introduzione soluzione Non invasivo sull’infrastruttura e nessun impatto sul DBMS Non si basa sulla semplice gestione dei Log ( facilmente by-passabili e spesso non considerati validi dagli auditor ) Controllo granulare delle policies e dei processi di monitoraggio: Chi, Cosa, Quando, Come Real-time alerting Riduce i costi operazionali automatizzando il processo di compliance. Utilizzo trasparente delle 2 modalità: Hardware & Virtual Appliance. Performance elevate Soluzione scalabile Supporto per le maggiori piattaforme, database, protocolli ,sistemi operativi e applicazioni a livello enterprise. © 2010 IBM Corporation Value Proposition Prevenire il furto di dati ( cosiddetto “Data Breach” ) o Diminuisce le minacce alla sicurezza dei dati sia dall’interno che dall’esterno. Assicurare un corretto “ governo e gestione dei dati “ o Previene variazioni non autorizzate ai dati sensibili aziendali Ridurre i costi “necessari” per rispondere alle regolazioni vigenti in materia di “ Data Compliance” o Automatizza e centralizza i controlli Su tutti i DBMS e le relative piattaforme Rispetta le principali normative quali : d.lgs 196/2003 in tema di Data Privacy e il successivo Provvedimento del Garante in tema di accesso e responsabilità per i c.d. Amministratori di sistema. o Semplificazione dei processi. © 2010 IBM Corporation InfoSphere Guardium: La visione degli analisti “Dominance in this space” #1 Scores for Current Offering, Architecture & Product Strategy “Guardium, an established provider … has a large customer base … [and] offers wide platform support.” 2007 Editor's Choice Award in "Auditing and Compliance" “Top of DBEP Class” “Practically every feature you'll need to lock down sensitive data.“ SC Magazine UK awarded Guardium 5 out of 5 stars on Features, The review concludes that “you have to ask yourself whether you can “Enterprise-class data security product that should be on every organization's radar." afford not to have Guardium .” © 2010 IBM Corporation Principali interlocutori / stakeholder 1/2 Responsabili sicurezza Stabilire adeguate policies in modalità real time Tenere sotto il loro controllo l’auditing e la sicurezza degli accessi Caratteristiche e possibilità di effettuare data mining e indagini sulle violazioni Responsabili Compliance e Audit Accessi modulabili in funzione ai profili utente o secondo altre profilature personalizzabili ( separation of duty ) Reportistica che rispecchia ogni tipologia di best practice richiesta Automatizzazione dei controlli e tempestiva risposta alle richieste di audit. © 2010 IBM Corporation Principali interlocutori / stakeholder 2/2 Responsabili Applicativi e Database Impatto minimo sulle applicazioni e sui database ( il controllo è posto a monte e non è invasivo ) Possibilità di implementare politiche di Change Management sugli accessi e controlli relativi. Ottimizzazione delle performance grazie alle attività di discovery dello strumento che consentono di profilare gli accessi secondo caratteri di efficienza . Rispetto di quanto previsto nelle attuali normativi e in particolare per gli amministratori di sistema ( Provv. Del Garante ) a carico dei quali sono previste anche responsabilità in caso di mancato rispetto della suddetta normativa e non solo per la parte relativa alla collezione dei log di sistema. © 2010 IBM Corporation