IBM Security

1
IBM Security
The Evolving Global and South African Security
Threats IBM Security Tamer Aboualy, Ph.D. CTO
Partner, IBM MEA Security Practice
2
Russian hackers claim 7,000 credentials leaked,
400 pasted on Pastebin
Intellectual property critical information
compromised.
Celebrity nude photos other info compromised.
Hack Costs Add Up to 148M
3
Todays criminals are learning the Cybercrime
business.... its a work at home job that pays
well!
4
Exploiting trust is one example of attackers
becoming more operationally sophisticated to
breach targets Many breaches are not the result
of custom malwareand zero-day exploits,
attackers look for paths of least resistance
5
Near Daily Leaks of Sensitive Data 40 increase
in reported data breaches and incidents
Relentless Use of Multiple Methods 800,000,000
records were leaked, while the future shows no
sign of change
Insane Amounts of Records Breached. 25
Records 42 of CISOs claim the risk from external
threats increased dramatically from prior years.
6
32M Cheaters Exposed Globally Including South
Africa
xxx
xxx
7
Based on pure volume, the total number of records
breached in 2014 was nearly 25 percent higher
than in 2013
SourceIBM X-Force Threat Intelligence Report
Quarterly 2015
8
For the average client, IBM filters 1,764,720
security events weekly to identify the 2 security
incidents that can potentially do harm.
Security attacks
Security incidents
Security events
Annual91,765,453
Annual 16,856
Annual 109
Monthly7,647,121
Monthly 9
Monthly 1,405
Weekly 1,764,720
Weekly 2
Weekly 324
up 22
up 12
Security IntelligenceCorrelation and analytics
tools
Security IntelligenceHuman security analysts
Attacks Increased efficiencies achieved Greater
efficiency in security processing to help clients
focus on identified malicious events
Events up 12 year-to-year to 91M Observable
occurrences in a system or network
Incidents up 22 year-to-year Attacks deemed
worthy of deeper investigation
9
Who is attacking your networks?
Inadvertent actors may be a small segment but
they are potentially the most dangerous
Combination
Outsiders
22
56
Malicious insiders
More than half of all attacks are likely to be
instigated by opportunistic outsiders
17
Inadvertent actor
5
10
Question?Is South Africa at Risk of Security
Attacks and Breaches like North America, Europe,
Asia, and the Rest of the World?
11
Hacktivist Groups Are Active in South Africa
12
Anonymous Hacks South African Government
Contractor IT Company and Subsidiaries
August 12, 2015. Cyberguerrilla.org reports
Anonymous
https//www.cyberguerrilla.org/blog/anonymous-hack
s-south-african-government-contractor-it-companys-
subdairies-coffeesec-lulz/
13
SpyCables leak from South Africa Secret Service
and National Intelligence Agency found by
Aljazeera
Source CityPress
Source Aljazeera
14
Governments are prime targets to hack and
publicly defaced.
Source PasteBin
The South African government agencies have been
compromised a few times, with no visible
preventative actions taken.
15
Question?
Is South Africas Security Hygiene Better or
Worse Than The Rest of the World?
16
South Africa Protects its Computers with Security
Software
Source www.microsoft.com/sir
17
South Africa Malware Encounter and Infection Rates
Source www.microsoft.com/sir
18
Top 10 Malware for South Africa
Source www.microsoft.com/sir Microsoft Regional
Security Intelligence Report
19
South Africa Ranks in the Top 10 Globally for
eMail Phishing
Proportion of eMail Identified as Phishing
IBM MSS Cloud Security Services (Symantec 2015
Internet Security Threat Report)
20
South Africa Ranks in the Top 10 Globally for
Malicious eMail
Proportion of eMail Identified as Malicious
IBM MSS Cloud Security Services (Symantec 2015
Internet Security Threat Report)
21
South Africa - Website Defacements Cause
Reputation Impact
Zone-H reported more then 102,557 defacements
for the .co.za domain suffix. 578 gov.za
defacements 200 defacements in 2015 alone
Source zone-h.org
22
Government Website Defacements
23
Various South African websites have been
publically defaced
gcis.gov.za November 11, 2014 Government
Communication Information Systems Department
Ortambodm.gov.za February 12, 2015. South
Africa Airport
sasol.co.za December 2, 2014. Sasol is an
international energy and chemicals company with
37 locations globally
24
Recent Government Defacements
dmr.gov.za - Department of Minerals and
Resources 09-12-2015
www.gssc.gpg.gov.za 2015-03 -11 Gauteng Shared
Services Center
25
Anything that is connected to the Internet can be
hacked.Everything is being connected to the
Internet
26
The Worlds Most Dangerous Search Engine
Our Cities and Countries Critical
Infrastructures Need to Be Protected
shodanhq.com Like google searches the internet
for publicly accessible devices. SHODAN focused
primarily on ICS devices, like city traffic
lights, building/city cameras, water/power
stations, nuclear stations. Anyone can use it,
its free and newly discovered devices are mapped
daily!
CNN 2013 May 2013
27
(No Transcript)
28
SHOWDAN Building Management System Search of
South Africa
29
SHOWDAN Cisco No Password Search of South Africa
30
EVERYONE IS A TARGET
31
Question?
Why IBM Security?
32
IBM has the worlds broadest and deepest security
portfolio
Strategy, Risk and Compliance Strategy, Risk and Compliance Strategy, Risk and Compliance Cybersecurity Assessment and Response Cybersecurity Assessment and Response Cybersecurity Assessment and Response
Security Intelligence and Operations Security Intelligence and Operations Security Intelligence and Operations Security Intelligence and Operations Security Intelligence and Operations Security Intelligence and Operations
Advanced Fraud Protection Identity and Access Management Data Security Data Security Application Security Network, Mobileand Endpoint Protection
Advanced Threat and Security Research Advanced Threat and Security Research Advanced Threat and Security Research Advanced Threat and Security Research Advanced Threat and Security Research Advanced Threat and Security Research
ManagementConsulting ManagementConsulting SystemsIntegration SystemsIntegration Integrated Products Integrated Products Security as a Service Security as a Service Managed Security Managed Security Partner Ecosystem
33
The IBM Security Journey
IBM Security Systems
IBM Security Services
34
Our Position Today
35
IBM helps protect against new, complex security
challenges
Optimize security program
Stop advanced threats
Integrate security silos, reduce complexity, and
lower costs
Use analytics and insights for smarter
integrated defense
Safeguard cloud and mobile
Protect critical assets
Employ cloud and mobile initiatives to build a
new, stronger security posture
Use context-aware, role-based controls to help
prevent unauthorized access
36
Optimize your security program

• Integrate security silos, reduce complexity, and
  lower costs

Assess and transform your security maturity
Build a next generation security operations
capability
Get help from the experts
37
Stop advanced threats

• Use analytics and insights for smarter integrated
  defense

Protect against fraud and targeted attacks
Detect advanced threats with security
intelligence
Deploy integrated security
38
Protect critical assets

• Use context-aware, role-based controls to help
  prevent unauthorized access

Use context-aware controls to prevent
unauthorized access
Identify and protect your crown jewels
Manage application security risk
39
Do you know what and where your organizations
most critical data assets are?

• For most organizations, the most critical data
  the Crown Jewels amount to between 0.01 and
  2.0 of total sensitive data1
• The theft, misuse or corruption of this critical
  data can
• cripple operations
• severely damage brand reputation
• dramatically reduce shareholder value

Source U.S. Presidents 2006 Economic Report to
Congress
40
Safeguard cloud and mobile

• Employ cloud and mobile initiatives to build a
  new, stronger security posture

Maintain cloud visibility and control
Help protect the mobile enterprise
41
Ten Essential Steps to Creating an Intelligent
Security Management Program
Understand Security Essentials
3 Secure collaboration in social and mobile
workplace
6 Create a secure and resilient network
5 Manage IT and OT hygienically
4 Develop secure products, by design
GOAL INTELLIGENT CYBER THREAT PROTECTION AND
RISK MANAGEMENT
2 Establish intelligent security operations and
rapid threat response
1 Build a risk aware culture and management
system
10 Manage the digital identity lifecycle
7 Address security complexity of cloud and
virtualization
9 Assure data security and privacy
8 Manage third party security compliance
42
Where should customers turn?
Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management Security Intelligence and Vulnerability Management

Fraud Identity Access Data Applications Network Endpoint Mobile

Managed Security Services Managed Security Services Managed Security Services Managed Security Services Managed Security Services Managed Security Services Managed Security Services

43
IBM Security