advertisement

IBM per la sicurezza del Datacenter

25 %
75 %
advertisement
Information about IBM per la sicurezza del Datacenter
Technology

Published on January 14, 2014

Author: annalandolfi

Source: slideshare.net

Description

Soluzioni IBM per la sicurezza del vostro Datacenter e per proteggere i dati e gli accessi dei vostri clienti
advertisement

IBM Security Systems Smarter Security per MSP Giovanni Todaro IBM Security Systems Leader

Le tecnologie Innovative stanno cambiando tutto attorno a noi… 1.000 miliardi di oggetti collegati Social business 2 1 Miliardo di lavoratori mobile Bring your own IT Cloud e virtualizzazione © 2013 IBM Corporation

Attacchi: Motivazioni e raffinatezza sono in rapida evoluzione Nazioni – Stati Cyberwar Stuxnet Sicurezza Nazionale Spionaggio, Attivismo Guadagno Finaziario Vendetta, Curiosità 3 Competitors e Hacktivists Aurora Criminalità Organizzata Zeus Insiders and Script-kiddies Code Red © 2013 IBM Corporation

Il mondo sta diventando più digitalizzato ed interconnesso, aprendo la porta alle minacce emergenti e le perdite di dati… IBM Security Solutions Focus DATA EXPLOSION CONSUMERIZATION OF IT Le organizzazioni continuano a muoversi a nuove piattaforme compresi cloud, virtualizzazione, mobile, social business e molto altro ancora SECURITY INTELLIGENCE Con l'avvento di Enterprise 2.0 e di social business, la linea tra le ore di uso personale e professionale, i dispositivi e dei dati è scomparso MOBILE SECURITY EVERYTHING IS EVERYWHERE ATTACK SOPHISTICATION 4 L'età dei Big Data - l'esplosione di informazioni digitali - è arrivata ed è facilitata dalla pervasività delle applicazioni accessibili da ovunque La velocità e la destrezza degli attacchi è aumentata accoppiata con nuove motivazioni della criminalità informatica CLOUD SECURITY ADVANCED THREAT © 2013 IBM Corporation

IBM Vi porta nell’Era della Security Intelligence IBM Security Solutions Le organizzazioni hanno bisogno di un nuovo approccio alla sicurezza che sfrutta l'intelligenza per stare al passo con l'innovazione. IBM Security Intelligence guida il cambiamento da una strategia "point-product" ad un framework integrato di sicurezza aziendale: La traduzione dei dati di Security in conoscenze fruibili: •Riduce i rischi ed i costi commerciali •Innovazione con agilità e sicurezza • Migliora la continuità operativa 13 Miliardi di eventi di Security gestiti giornalmente 5 1,000 Security Patents 9 Security Operations Centers 600 Security Sales Professionals 11 Laboratori di sviluppo per Soluzioni di Security © 2013 IBM Corporation

IBM Security: Fornire l'intelligenza, l'integrazione e le competenze in un Framework completo Incrementa la Accuratezza e la Incrementa la Accuratezza e la consapevolezza nella Security consapevolezza nella Security Individuare e prevenire minacce avanzate Individuare e prevenire minacce avanzate Una maggiore visibilità e consapevolezza della Una maggiore visibilità e consapevolezza della situazione situazione Condurre indagini complete sugli incidenti Condurre indagini complete sugli incidenti Semplicità di Gestione Semplicità di Gestione Semplificare la gestione del rischio e il processo Semplificare la gestione del rischio e il processo decisionale decisionale Migliorare le capacità di controllo e di accesso Migliorare le capacità di controllo e di accesso Riduzione dei costi e complessità Riduzione dei costi e complessità Fornire una rapida installazione, un minore TCO Fornire una rapida installazione, un minore TCO lavorando con un unico partner strategico, con lavorando con un unico partner strategico, con un ampio portafoglio integrato un ampio portafoglio integrato ● ● 6 Integration Integration ● ● Intelligence Intelligence Expertise Expertise © 2013 IBM Corporation

Fattori chiave che influenzano il business del sw di sicurezza Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi 1. Advanced Threats 2. Cloud Computing La sicurezza è una delle preoccupazioni principali del cloud, in quanto i clienti drasticamente ripensano il modo in cui sono state progettate, distribuite e consumate le risorse IT. Sofisticati, attacchi mirati, volti a ottenere l'accesso continuo alle informazioni critiche, sono in aumento nella severità e nella ricorrenza. Advanced Persistent Threats Stealth Bots Designer Malware Targeted Attacks Zero-days 3. Mobile Computing Come gestire dispositivi di proprietà dei dipendenti e garantire connettività alle applicazioni aziendali sono esigenze da indirizzare per i CIO ampliando il supporto per dispositivi mobili. 7 Enterprise Customers 4. Regulations and Compliance Le pressioni normative e le conformità continuano ad aumentare insieme alla necessità di memorizzare i dati sensibili e le aziende diventano suscettibili ai fallimenti di audit. © 2013 IBM Corporation

Fattori chiave che influenzano il business del sw di sicurezza Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi 1. Advanced Threats 2. Cloud Computing La sicurezza è una delle preoccupazioni principali del cloud, in quanto i clienti drasticamente ripensano il modo in cui sono state progettate, distribuite e consumate le risorse IT. Sofisticati, attacchi mirati, volti a ottenere l'accesso continuo alle informazioni critiche, sono in aumento nella severità e nella ricorrenza. BIG DATA Advanced Persistent Threats Stealth Bots Designer Malware Targeted Attacks Zero-days 3. Mobile Computing Come gestire dispositivi di proprietà dei dipendenti e garantire connettività alle applicazioni aziendali sono esigenze da indirizzare per i CIO ampliando il supporto per dispositivi mobili. 8 Enterprise Customers 4. Regulations and Compliance Le pressioni normative e le conformità continuano ad aumentare insieme alla necessità di memorizzare i dati sensibili e le aziende diventano suscettibili ai fallimenti di audit. © 2013 IBM Corporation

Una migliore protezione contro gli attacchi più sofisticati Misconfigured Firewall 0day Exploit Malicious PDF Phishing Campaign Vulnerable Server Spammer Infected Website SQL Injection Botnet Communication On the Network 9 IBM Advanced Threat Protection Across the Enterprise IBM QRadar Security Intelligence Brute Force Malicious Insider Across the World IBM X-Force® Threat Intelligence © 2013 IBM Corporation

IBM offre Soluzioni di Security in tutte le aree della Cloud Security IBM protegge contro i rischi di cloud comuni con un ampio portafoglio di soluzioni flessibili e di livelli di sicurezza IBM Security Federated Identity Manager 10 IBM Security Key Lifecycle Manager Protezione contro le minacce, riconquistare visibilità e dimostrare la compliance con il monitoraggio delle attività, il rilevamento delle anomalie e la Security Intelligence © 2013 IBM Corporation

Mettere in sicurezza il Mobile Enterprise con le soluzioni IBM 11 © 2013 IBM Corporation

La strategia IBM per la Data Security Data Security • Proteggere i dati in qualsiasi forma, in qualsiasi luogo, da minacce interne o esterne • Semplificare i processi di Compliance • Ridurre i costi operativi circa la protezione dei dati Governance, Security Intelligence, Analytics Governance, Security Intelligence, Analytics Audit, Reporting, and Monitoring Audit, Reporting, and Monitoring integrate integrate Security Solutions Security Solutions Data Discovery and Classification Data Discovery and Classification Stored 12 over Network at Endpoint (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..) (SQL, HTTP, SSH, FTP, email,. …) IT & Business Process IT & Business Process Policy-based Access and Entitlements Policy-based Access and Entitlements (workstations, laptops, mobile,…) © 2013 IBM Corporation

Un Portfolio completo in tutti i domini di sicurezza Security Ecosystem Partner Partner Programs Programs (3rd party) (3rd party) Standards 13 © 2013 IBM Corporation

IBM Identity and Access Management - Visione e Strategia Temi Chiave… Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure 14 Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management © 2013 IBM Corporation

Data Security Vision QRadar Integration Across Multiple Deployment Models Temi Chiave… Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities 15 Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data © 2013 IBM Corporation

Application Security Vision Temi Chiave… Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing 16 Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform © 2013 IBM Corporation

Infrastructure Protection – Endpoint Vision Temi Chiave… Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform 17 Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices Security Intelligence Integration Improved usage of analytics providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform © 2013 IBM Corporation

Threat Protection Vision Security Intelligence Platform Threat Intelligence and Research Advanced Threat Protection Log Manager SIEM Network Activity Monitor Risk Manager Future Vulnerability Data Malicious Websites Malware Information IP Reputation Future Intrusion Prevention Content and Data Security Web Application Protection Network Anomaly Detection Application Control Future IBM Network Security Temi Chiave… Advanced Threat Protection Platform Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence 18 Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by XForce and the consumption of this data to make smarter and more accurate security decisions Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats © 2013 IBM Corporation

X-Force Threat Intelligence: The IBM Differentiator X-Force database – il più esteso catalogo di vulnerabilità Web filter database – il DB relativo a Siti infetti o malevoli IP Reputation – botnets, anonymous proxies, bad actors Application Identification – web application information X-Force Threat Intelligence Cloud 19 Vulnerability Research – le + aggiornate vulnerabilità e protezioni Security Services – gestiscono IPS più di 3000 Clienti © 2013 IBM Corporation

Security Intelligence: L'integrazione tra silos IT Security Devices Servers & Hosts Network & Virtual Activity Event Correlation Database Activity Offense Activity Baselining & Identification Anomaly Detection Application Activity Configuration Info Vulnerability Info User Activity Extensive Data Sources High Priority Offenses + Deep Intelligence = Exceptionally Accurate and Actionable Insight JK 2012-04-26 20 © 2013 IBM Corporation

Tutti i domini alimentano la Security Intelligence Correlate new threats based on X-Force IP reputation feeds Hundreds of 3rd party information sources Guardium Identity and Access Management Database assets, rule logic and database activity information Identity context for all security domains w/ QRadar as the dashboard Tivoli Endpoint Manager Endpoint Management vulnerabilities enrich QRadar’s vulnerability database 21 IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment © 2013 IBM Corporation

IBM Qradar La Security Intelligence per la protezione dei Data Center Luigi Perrone IBM SWG - Security Systems & z/OS Security

Agenda Qradar overview Demo Considerazioni finali 23 © 2013 IBM Corporation

Perché una Security Intelligence ? • Risposta alle esigenze di auditing • Automazione e snellimento dei processi di raccolta eventi • Collezionamento eventi multi-sorgente • Gestione e archiviazione sicura dei dati di log (conformità alle normative) • Aggregazione dati e correlazione eventi • Monitor ed analisi dati per: - identificazione scoperture/anomalie di sicurezza - attivazione allarmi - avvio processi investigativi - report di conformità 24 © 2013 IBM Corporation

Le fasi che riguardano il ciclo di vita degli eventi 25 © 2013 IBM Corporation

1 - Un efficiente gestione degli eventi Forte acquisizione, profonda analisi, elevata reattività MONITOR & ASSET DISCOVERY • Registrazione in tempo reale • Facilità di configurazione • Modalità agent-less • Integrazione standard di molteplici dispositivi • • • • • Auto-discovery of log sources Auto-discovery of applications Auto-discovery of assets Auto-grouping of assets Centralized log management VA Scanner syslog nflow sflow wmi odbc jdbc qflow wincollect ftp/sftp jflow snmp Log Event Event Flows IDS-IPS Switch-Router 26 snare Firewall Server Applications Database © 2013 IBM Corporation

2 - Un potente motore di elaborazione e correlazione Un potente motore di correlazione analisi investigativa e reportistica avanzata per l’identificazione di eventi critici e loro immediata risoluzione Advanced security analytics Auto-tuning Auto-detect threats 27 Easy-to-use event filtering ANALYSYS Thousands of pre-defined rules © 2013 IBM Corporation

3 - Allarmi in tempo reale e profondità investigativa • Controllo chiaro e completo di tutte le attività di rete con monitoraggio in tempo reale • Avvisi ed individuazione di eventi insoliti rispetto alla condizione di normalità • Analisi investigativa e reportistica avanzata • Report di sicurezza standard integrati e di facile personalizzazione ACTIONS & REPORTS • • • • • 28 Thousands of predefined reports Asset-based prioritization Auto-update of threats Auto-response Directed remediation © 2013 IBM Corporation

Qradar: le componenti Log Management Risk Management • Turnkey log management • Predictive threat modeling & simulation • Upgradeable to enterprise SIEM • Scalable configuration monitoring & audit SIEM Scale • Sophisticated event analytics • Event processors • Asset profiling and flow analytics • Network activity processors Network Activity and Anomaly Detection Visibility • Network analytics • Behavioral and anomaly detection 29 • Layer 7 application monitoring • Content capture © 2013 IBM Corporation

30 © 2013 IBM Corporation

31 © 2013 IBM Corporation

Next Generation IPS Salvatore Sollami IBM Security Systems Technical Sales and Solutions

The challenging state of network security STREAMING MEDIA URL Filtering • IDS / IPS IM / P2P • Web App Protection Vulnerability Management 33 Streaming media sites are consuming large amounts of bandwidth SOCIAL NETWORKING Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware SOPHISTICATED ATTACKS Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure Social media sites present productivity, privacy and security risks including new threat vectors POINT SOLUTIONS Point solutions are siloed with minimal integration or data sharing © 2013 IBM Corporation

Network Defense: Traditional solutions not up to today’s challenges Current Limitations Threats continue to evolve and standard methods of detection are not enough Streaming media sites and Web applications introduce new security challenges Internet Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Basic “Block Only” mode limits innovative use of streaming and new Web apps Firewall/VPN – port and protocol filtering Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity Requirement: Multi-faceted Protection 0-day threat protection tightly integrated with other technologies i.e. network anomaly detection Ability to reduce costs associated with nonbusiness use of applications Controls to restrict access to social media sites by a user’s role and business need Email Gateway – message and attachment security only Web Gateway – securing web traffic only, port 80 / 443 Everything Else Multi-faceted Network Protection – security for all traffic, applications and users Augment point solutions to reduce overall cost and complexity 34 © 2013 IBM Corporation

The Need to Understand the Who, What, and When Web Category Protection Server Access Control Protocol Aware Intrusion Protection Network Geography Web Applications Non-web Applications Client-Side Protection Reputation Botnet Protection User or Group Block attachments on all outgoing emails and chats A more strict security policy is applied to traffic from countries where I do not do business Network Awareness Web Protection Reputation Who 35 Allow marketing and sales teams to access social networking sites 172.29.230.15, Bob, Alice What 80, 443, 21, webmail, social networks Advanced inspection of web application traffic destined to my web servers Block known botnet servers and phishing sites Allow, but don’t inspect, traffic to financial and medical sites Traffic Controls Policy © 2013 IBM Corporation July

The Advanced Threat Protection Platform Security Intelligence Platform Threat Intelligence and Research Advanced Threat Protection Platform Log Manager Vulnerability Data Intrusion Prevention SIEM Network Activity Monitor Malicious Websites Content and Data Security Vulnerability Manager Malware Information Web Application Protection Network Anomaly Detection Risk Manager IP Reputation Application Control IBM Network Security NEW Advanced Threat Protection Platform Ability to prevent sophisticated threats and detect abnormal network behavior by leveraging an extensible set of network security capabilities - in conjunction with real-time threat information and Security 36Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions across the IBM portfolio Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats © 2013 IBM Corporation

Next Generation Network IPS 37 © 2013 IBM Corporation

Understanding who, what, and when Immediately discover which applications and web sites are being accessed Quickly Identify misuse by application, website, user, and group Understand who and what are consuming bandwidth on the network Superior detection of advanced threats through integration with QRadar for network anomaly and event details Network flows can be sent to QRadar for enhanced analysis, correlation and anomaly detection Increase Security 38 Identity context ties users and groups with their network activity going beyond IP address only policies Reduce Costs Application context fully classifies network traffic, regardless of port, protocol or evasion techniques Enable Innovation © 2013 IBM Corporation

Next Gen IPS: IBM Security Network Protection XGS 5100 NEW WITH XGS NEW WITH XGS PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL Extensible, 0-Day protection powered by X-Force® Understand the Who, What and When for all network activity Ensure appropriate application and network use IBM Security Network Protection XGS 5100 builds on the proven security of IBM intrusion prevention solutions by delivering the addition of next generation visibility and control to help balance security and business requirements 39 © 2013 IBM Corporation

Proven Security: Extensible, 0-Day Protection Powered by X-Force® Next Generation IPS powered by X-Force® Research protects weeks or even months “ahead of the threat” Full protocol, content and application aware protection goes beyond signatures Expandable protection modules defend against emerging threats such as malicious file attachments and Web application attacks IBM Security Network Protection XGS 5000 IBM Security Threat Protection – Backed by X-Force® – 15 years+ of vulnerability research and development – Trusted by the world’s largest enterprises and government agencies – True protocol-aware intrusion prevention, not reliant on signatures – Specialized engines • Exploit Payload Detection • Web Application Protection • Content and File Inspection Ability to protect against the threats of today and tomorrow 40 © 2013 IBM Corporation

QRadar Network Anomaly Detection QRadar Network Anomaly Detection is a purpose built version of QRadar for IBM’s intrusion prevention portfolio The addition of QRadar’s behavioral analytics and real-time correlation helps better detect and prioritize stealthy attacks Supplements visibility provided by IBM Security Network Protection’s Local Management (LMI) Integration with IBM Security Network Protection including the ability to send network flow data from XGS to QRadar 41 © 2013 IBM Corporation

IBM X-Force® Threat Information Center Identity and User Context 42 Real-time Security Overview w/ IP Reputation Correlation Real-time Network Visualization and Application Statistics Inbound Security Events © 2013 IBM Corporation

The XGS 5100: The Best Solution for Threat Prevention Internet Better Network Control Natural complement to current Firewall and VPN Stealth Bots Worms, Trojans Targeted Attacks Designer Malware Not rip-and-replace – works with your existing network and security infrastructure More flexibility and depth in security and control over users, groups, networks and applications Firewall/VPN – port and protocol filtering Better Threat Protection True Protocol aware Network IPS Higher level of overall security and protection Email Gateway – message and attachment security only More effective against 0-day attacks Best of both worlds – true protocol and heuristicbased protection with customized signature support Web Gateway – securing web traffic only, port 80 / 443 Everything Else IBM Security Network Protection XGS 5100 Proven Security 43 Ultimate Visibility Complete Control © 2013 IBM Corporation

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

IBM Pianificazione e valutazione del datacenter - Ireland

IBM Data Center Assessment and ... basata sulla crescita del business e la ... , caratteristiche e obiettivi di business del nuovo data center per ...
Read more

IBM Il nostro Cloud - Il nuovo Data Center SoftLayer - Italia

Costruisci il tuo cloud in tutta sicurezza nel nuovo data center italiano IBM ... per la realizzazione di un ... stato dell'arte dei Data Center in Italia ...
Read more

Soluzione per la sicurezza del data center | Hewlett ...

Soluzione per la sicurezza del data center. Proteggete le vostre risorse più importanti. Contatti. Contatti Beginning of Contatti menu
Read more

Datacenter e normative per la sicurezza - Keliweb

I nostri datacenter informatici ... riguardo la sicurezza dei dati e per la salvaguardia dell ... con IBM italia. La sale dati sono ...
Read more

IBM - Data Center - La leadership di IBM - Italia

... gestione dei data center per conto di alcune delle maggiori organizzazioni del mondo. La nostra ... IBM dispone di oltre 154 centri per la ...
Read more

IBM - Data Center - Cloud Computing - Italia

IBM - Data Center - Italia. Vai al ... alcuni dei maggiori problemi del nostro tempo. IBM è in grado di ... IBM assicura la funzionalità e sicurezza ...
Read more

Accordo per Servizi Cloud IBM Descrizione dei Servizi ...

l'ubicazione del Data Center da un elenco definito da IBM. ... standard per la sicurezza ... data center di produzione. IBM esamina la sicurezza e le ...
Read more

Cisco sicurezza integrata per il datacenter | 01net

... la potenza del datacenter e permettono di applicare policy di sicurezza efficaci per i datacenter ad elevata ... Ibm: il datacenter è la casa ...
Read more

Scopri il Cloud di IBM con il nuovo Data Center SoftLayer ...

Scopri il Cloud di IBM con il nuovo Data Center ... di sicurezza per la continuità del tuo ... rundtur i IBM's danske datacenter ...
Read more