Das Security Operations Center der Zukunft ist kognitiv!
ZUSAMMENSPIEL UND INTEGRATION VON IBM SECURITY LÖSUNGEN
October 10, 2017
Dieter Riexinger
IT Architekt
Ein Security Operations Center muss sich immer größeren Herausforderungen stellen.
Neue Geschäftsmodelle und Technologien
Cloud / Virtualization Mobile
Collaboration / BYOD
Wachsende Zahl an Regularien
-
•
Unklare Abgrenzung von Identititäten
Privat Beruflich
Zielgerichtete Angriffe
Diebstahl von Geräten und Daten
Datenlecks
Strafzahlungen €€€
Malware Infektion Produktionsausfall
Auswirkungen
Imageschaden
Bedrohungen Vorfälle Verfügbare Analysten
Aktuelle Situation im Security Operations Center:
Verfügbare Zeit pro Vorfall
”93% der SOC Managers sagen sie können nicht alle potentiellen Bedrohungen untersuchen.
“42% der Cybersecurity Analysten in Unternehmen geben zu, dass sie eine signifikante Anzahl an Alarmen ignorieren müssen.
“31% dieser Unternehmen behaupten, dass sie über 50% davon aufgrund der Arbeitsbelastung ignorieren.
Benötigtes Wissen
Ist das Security Operations Center den Herausforderungen gewachsen?
MILLIONEN
unbesetzte Stellen im
Sicherheitsbereich bis 2020
85 Sicherheitslösungen von 45 Anbietern 1.5
PERCENT der CEOs wollen Informationen zu Sicherheitsvorfällen nicht extern zur Verfügung stellen.
68
Traditionelle Sicherheitsansätze sind nicht zielführend.
Network visibility and segmentation
IP reputation
Indicators of compromise
Firewalls
Network forensics and threat management
Virtual patching
Sandboxing
Malware protection
Data access control
Data monitoring
Application security management
Application scanning
Access management
Entitlements and roles
Identity management
Transaction protection
Device management Content security
Workload protection
Cloud access security broker Vulnerability management Privileged identity management
Incident response
Criminal detection
Fraud protection
Endpoint patching and management Cognitive security
User behavior analysis Threat and anomaly detection
Threat hunting and investigation
Threat sharing
Endpoint detection and response
Wie soll ich mit diesem Chaos umgehen?
Criminal detection Fraud protection
Workload protection Cloud access
security broker
Access management Entitlements and roles
Privileged identity management
Identity management Data access control
Application security management Application scanning
Data monitoring Device management
Transaction protection
Content security
Malware protection Endpoint detection
and response Endpoint patching
and management
Virtual patching Firewalls
Network forensics and threat management Sandboxing
Network visibility and segmentation Indicators of compromise
IP reputation Threat sharing
Vulnerability management Incident response User behavior analysis
Threat hunting and investigation Cognitive security
Threat and anomaly detection
Ziel ist ein integriertes und intelligentes Security Immune System.
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
QRadar Console
QRadar Infrastruktur
1. Netzwerk- und
Protokolldatenanalyse, Korrelation und Alarmierung
Sekunden
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
QRadar Console
QRadar SIEM
1. Netzwerk- und
Protokolldatenanalyse, Korrelation und Alarmierung 2. Erkennung neuer
Bedrohungen über App Exchange
App Exchange
Content
Offense
Sekunden
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
QRadar Console
QRadar Advisor
QRadar SIEM
1. Netzwerk- und
Protokolldatenanalyse, Korrelation und Alarmierung 2. Erkennung neuer
Bedrohungen über App Exchange
3. Kognitive Analyse
unterstützt den Analysten und spart wertvolle Zeit (Watson for Cybersecurity)
App Exchange
Content
Offense
Wenige Minuten
Versteht natürlichsprachliche Sicherheitsdokumente, zieht Schlussfolgerungen, lernt und interagiert
Watson identifiziert die spezifische Kampagne (Locky), entdeckt weitere infizierte Endpunkte und stellt die Ergebnisse dem Analysten zur Verfügung.
Cognitive: Revolutioniert die Arbeit des Security Analysten
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Sichere Forensische
Daten Compliance Anforderungen
QRadar Console
QRadar Advisor
Resilient Console
Aktionen einleiten QRadar
SIEM
1. Netzwerk- und
Protokolldatenanalyse, Korrelation und Alarmierung 2. Erkennung neuer
Bedrohungen über App Exchange
3. Kognitive Analyse
unterstützt den Analysten und spart wertvolle Zeit (Watson for Cybersecurity) 4. Automatisierte Einleitung
von Gegenmaßnahmen (Resilient Workflow)
App Exchange
Content
Offense
Wenige Minuten
Das IBM Immune System – In Action
MaaS360 Trusteer Mobile
Trusteer Rapport Trusteer Pinpoint
AppScan Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access Cloud Identity Service
Key Manager
zSecure X-Force Exchange
QRadar Incident Forensics
BigFix Network Protection XGS
App Exchange
QRadar Vulnerability / Risk Manager Resilient Incident Response QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Forensic Data Threat Intel Data
QRadar Console
QRadar Advisor
Resilient Console
Events Flows QRadar
SIEM
QRadar Risk Manager Vuln.Manager
v App
Exchange Content
Offense
1. Netzwerk- und
Protokolldatenanalyse, Korrelation und Alarmierung 2. Erkennung neuer
Bedrohungen über App Exchange
3. Kognitive Analyse
unterstützt den Analysten und spart wertvolle Zeit (Watson for Cybersecurity) 4. Automatisierte Einleitung
von Gegenmaßnahmen (Resilient Workflow)
5. Simulation der Ausbreitung (QRadar Risk Manager)
Wenige Minuten
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied.
IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product