Leitstand für Ihre IT-Sicherheit IBM Security Intelligence

IBM Security Systems 

Leitstand für Ihre IT-Sicherheit 

IBM Security Intelligence 

1 © 2013 IBM Corporation 

© 2012 IBM Corporation


Zielgerichtete Angriffe erschüttern Unternehmen und Behörden 

2 

Source: IBM X-Force® 2011 Trend and Risk Report 

© 2013 IBM Corporation 

JK 2012-04-26


IBM hat beispiellose Erfahrung und globale Abdeckung in Security 

3 

Security Operations Centers 

Security Research Centers 

Security Solution Development Centers 

Institute for Advanced Security Branches 

IBM Research 

World Wide Managed 

Security Services Coverage 

§ 20,000+ devices under contract 

§ 3,700+ MSS clients worldwide 

§ 9B+ events managed per day 

§ 1,000+ security patents 

§ 133 monitored countries (MSS) 


4 


IBM Security Systems Portfolio 

QRadar 

SIEM 

IBM Security Portfolio 

IT Infrastruktur – Operational Security Domains 

Personen Daten Anwendungen Infrastruktur 

Netzwerk Endpoint 

Identity & Access 

Management Suite 

Federated 

Identity Manager 

Enterprise 

Single Sign-On 

Identity Assessment, 

Deployment and 

Hosting Services 

QRadar 

Log Manager 

Guardium 

Database Security 

InfoSphere Optim 

Data Masking 

Key Lifecycle 

Manager 

Enterprise Governance, Risk and Compliance Management 

GRC Plattform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2) 

Produkte Services 

Data Security 

Assessment Service 

Encryption and 

DLP Deployment 

Security Intelligence, Analytics and GRC 

QRadar 

Risk Manager 

AppScan Source & 

Standard Edition 

DataPower 

Security Gateway 

Security 

Policy Manager 

Application 

Assessment Service 

AppScan OnDemand 

Software as a Service 

IBM Privacy, Audit and 

Compliance Assessment Services 

Network 

Intrusion Prevention 

SiteProtector 

Management System 

QRadar Anomaly 

Detection / QFlow 

Managed Firewall, 

Unified Threat and 

Intrusion Prevention 

Services 

Endpoint 

Manager (BigFix) 

Virtualization and 

Server Security 

Mainframe Security 

(zSecure, RACF) 

Penetration 

Testing Services 

Mobile Device 

Management 


Consulting 

Managed 

Services 

X-Force 

and IBM 

Research 



Heutige Sicherheitsherausforderungen 

Security Intelligence 

5 

Erkennen von Bedrohungen 

• Ausrüsten mit umfangreicher Security Intelligence 

Konsolidieren von Datensilos 

• Sammeln, Korrelieren und Berichten von Informationen 

in einer integrierten Lösung 

Erkennen von Betrug durch Insider 

• Nächste Generation von SIEM mit Identity Korrelation 

Bessere Risikovorhersage für Unternehmen 

• Vollständiges Compliance- und Risikomanagement für 

Netzwerk und Sicherheitsinfrastruktur 

Abdecken regulatorischer Anforderungen 

• Automatische Sammlung von Daten und Erzeugung von 

Audit-Reports 




Solving Customer Challenges 

6 

Major 

Electric 

Utility 

Fortune 5 

Energy 

Company 

Branded 

Apparel 

Maker 

$100B 

Diversified 

Corporation 

Industrial 

Distributor 

Detecting threats 

Consolidating data silos 

Detecting insider fraud 

Predicting risks against 

your business 

Addressing regulatory 

mandates 

• Discovered 500 hosts with “Here You 

Have” virus, which other solutions missed 

• 2 Billion logs and events per day reduced 

to 25 high priority offenses 

• Trusted insider stealing and destroying 

key data 

• Automating the policy monitoring and 

evaluation process for configuration 

change in the infrastructure 

• Real-time extensive monitoring of 

network activity, in addition to PCI 

mandates 



Compliance Management und effektives Security Management 

7 

What are the external 

and internal threats? 

Are we configured 

to protect against 

these threats? 

Prediction & Prevention Reaction & Remediation 

Risk Management. Vulnerability Management. 

Configuration Monitoring. Patch Management. 

X-Force Research and Threat Intelligence. 

Compliance Management. Reporting and Scorecards. 

What is 

happening 

right now? 

What was the 

impact? 

SIEM. Log Management. Incident Response. 

Network and Host Intrusion Prevention. 

Network Anomaly Detection. Packet Forensics. 

Database Activity Monitoring. Data Loss Prevention. 


8 


Korrelation für den Blick auf das Wesentliche 

Security Devices 

Servers & Mainframes 

Network & Virtual Activity 

Data Activity 

Application Activity 

Configuration Info 

Vulnerability & Threat 

Users & Identities 

Extensive Data 

Sources 

Event Correlation 

• Logs 

• Flows 

• IP Reputation 

• Geo Location 

Activity Baselining & Anomaly 

Detection 

• User Activity 

• Database Activity 

• Application Activity 

• Network Activity 

Deep 

+ 

Intelligence 

= 

True Offense 

Offense Identification 

• Credibility 

• Severity 

• Relevance 

Suspected Incidents 

Exceptionally Accurate and 

Actionable Insight 



Security Intelligence Bausteine 

9 

Log 

Management 

SIEM 

Configuration 

& Vulnerability 

Management 

Network 

Activity & 

Anomaly 

Detection 

Network and 

Application 

Visibility 

• Turn-key log management and reporting 

• SME to Enterprise 

• Upgradeable to enterprise SIEM 

• Log, flow, vulnerability & identity correlation 

• Sophisticated asset profiling 

• Offense management and workflow 

• Network security configuration monitoring 

• Vulnerability prioritization 

• Predictive threat modeling & simulation 

• Network analytics 

• Behavioral anomaly detection 

• Fully integrated in SIEM 

• Layer 7 application monitoring 

• Content capture for deep insight & forensics 

• Physical and virtual environments 


10 


Security Intelligence – Management aus einer Konsole 

Log 

Management 

SIEM 

Configuration 

& Vulnerability 

Management 

Network 

Activity & 

Anomaly 

Detection 

Network and 

Application 

Visibility 

• Turn-key log management and reporting 

• SME to Enterprise 

• Upgradeable to enterprise SIEM 

One Console Security 

• Log, flow, vulnerability & identity correlation 

• Sophisticated asset profiling 

• Offense management and workflow 

• Network security configuration monitoring 

• Vulnerability prioritization 

• Predictive threat modeling & simulation 

• Network analytics 

• Behavioral anomaly detection 

• Fully integrated in SIEM 

• Layer 7 application monitoring 

• Content capture for deep insight & forensics 

• Physical and virtual environments 

Built on a Single Data Architecture 



Qradar: Intelligenz, Integration, Automation 

11 

• Bridges silos 

• Highly scalable 

• Flexible & adaptable 

• Proactive threat management 

• Identifies critical anomalies 

• Rapid, extensive impact analysis 

• Easy deployment 

• Rapid time to value 

• Operational efficiency 



Herausforderung 1: Erkennen von Angriffen 

12 

Möglicher Botnet erkannt? 

Das ist was traditionelle SIEM 

Lösungen können 

IRC auf Port 80? 

IBM Security QRadar QFlow 

entdeckt versteckten Kanal 

Unwiderlegbare Botnet 

Kommunikation 

Layer 7 Flow Data enthält Botnet 

Command Control Kommandos 

Application Layer Flow Analyse entdeckt Bedrohungen, 

die andere übersehen 




Herausforderung 2: Konsolidierung von Datensilos 

13 

Data Reduction Ratio 

Hoch entwickelte 

Korrelation zwischen Silos 

1153571 : 1 


Analyse von Flow- und 

Event-Daten. Nur IBM 

Security QRadar nutzt 

vollständig Layer 7 

Flows 

Reduzierung von 

großen Datenmengen 

auf handhabbare Größe 



Herausforderung 3: Erkennen von Betrug durch Insider 

14 

Möglicher Datenverlust 

Wer? Was? Wo? 


Wer? 

Ein interner Nutzer 

Was? 

Oracle Daten 

Wo? 

Gmail 

Erkennung von Bedrohungen im Intranet 

Erkennung von abnormalen Nutzerverhalten und Sichtbarkeit auf 

Anwendungsebene sind kritisch um Bedrohungen von Insidern zu 

identifizieren 



Herausforderung 4: Bessere Risikovorhersage für Unternehmen 

15 

Bewerten von Systemen mit hohem Risiko von Angriffen wegen Schwachstellen 

Was sind die Details? 

Schwachstellendetails, 

sortiert nach Risiko 

Wie beseitige ich die 

Schwachstellen? 


Welche Systeme sind betroffen? 

Wie soll ich sie priorisieren? 

Security Intelligence vor dem Angriff 

Überwachung des Netzwerks auf Konfiguration- und Compliance-Risiken 

und Priorisierung für ihre Entschärfung 


16 



Herausforderung 5: Abdecken regulatorischer Anforderungen 

Unverschlüsselter Transfer 

IBM Security QRadar QFlow sieht einen Klartextdienst auf einem Accounting Server 

PCI Anforderung 4 sagt: Verschlüsselung bei der Übertragung von Karteninhaberdaten 

über offene, öffentliche Netze 

Vereinfachung von Compliance 

Out-of-the-box Unterstützung für wichtige Compliance Standards 

Automatisierte Berichte, vordefinierte Korrelationsregeln, Dashboards 

Einhaltung der PCI 

Compliance? 

Real-time Erkennung 

möglicher Verletzungen 



IBM unterstützt Organisationen Security Intelligence einzuführen 

Basic 

Organisationen 

verwenden Perimeter 

Protection, welche den 

Zugriff reguliert und 

manuelles Reporting 

unterstützt 

17 

Automatisiert 

Manuell 

Reaktiv 

Proaktiv 

Optimized 

Organisationen nutzen 

vorhersagende und 

automatisierte 

Sicherheitsanalysen 

Proficient 

Sicherheit ist 

enthalten in 

IT Infrastructure 

und Business 

Operations 



Security Intelligence ermöglicht den Aufbau einer optimalen 

Sicherheit 



18 

Optimized 

Proficient 

Basic 

Personen Daten Anwendungen Infrastruktur 

Rollenbasierte 

Analysen 

Kontrollen für 

privilegierte Nutzer 

Identitäts- 

management 

Starke 

Authentifizierung 

Zentraler 

Verzeichnisdienst 

Verwaltung der 

Kennwörter 

Datenflussanalytik 

Datenverwaltung 

Aktivitätsüberwachung 

Vorbeugung vor 

Datenverlust 

Verschlüsselung 

Zugriffskontrolle 

Sichere 

Anwendungsentwicklung 

Betrugserkennung 

Anwendungs- 

Firewall 

Quellcodeanalyse 

Schwachstellen- 

Scan 

Erweiterte 

Netzwerküberwachung 

/ 

-forensik 

Sichere Systeme 

Mobile Endgeräte 

Asset 

Management 

Endpoint / 

Netzwerk 

Sicherheitsmanagement 

Perimeter Security 

Anti-Virus 



Hochentwickelte 

Gefahrenerkennung 

Erkennung von 

Netzwerkanomalien 

Vorhersagendes 

Risikomanagement 

Real-time Event 

Korrelation 

SIEM 

Netzwerk- 

forensik 

Log Management 

Compliance 

Reporting 



Security Intelligence Lösungen 

Lösung Beschreibung 

IBM Security QRadar SIEM 

IBM Security QRadar Log 

Manager 

IBM Security QRadar QFlow 

IBM Security QRadar VFlow 

IBM Security QRadar Risk 

Manager 

19 


QRadar SIEM bietet umfassende Sichtbarkeit und nachverfolgbare Einblicke, 

um beim Schutz von Netzwerken und IT Systemen gegen eine Vielzahl 

aktueller Bedrohungen zu helfen. Es hilft Einbrüche schneller zu erkennen 

und zu korrigieren, Compliance-Anforderungen umzusetzen und die Effizenz 

der Security Operation zu verbessern. 

QRadar Log Manager sammelt, archiviert, analysiert und berichtet Events in 

einem verteilten Netzwerk. Es unterstützt bei der Einhaltung von Compliance- 

Regularien und reduziert damit verbundene manuelle Aktivitäten. 

QRadar QFlow ergänzt QRadar SIEM in dem es die Sicht auf die 

Dateninhalte liefert. Es sammelt Layer 7 Flow Daten per "Deep Packet 

Inspection" und ermöglicht dadurch weitreichende Erkennung von Angriffen 

durch Analyse der Paketinhalte. 

QRadar VFlow liefert Sichtbarkeit in den Inhalt von Daten in virtuellen 

Netzwerke, ergänzt damit QRadar SIEM und bietet vergleichbare 

Funktionalität wie QRadar QFlow aber für virtuelle Umgebungen. 

QRadar Risk Manager identifiziert und reduziert Sicherheitsrisiken durch die 

Überwacung von Systemkonfigurationen, Priorisierung von Schwachstellen 

und Simulation von Angriffen. Es kann dadurch vor vielen Sicherheitsvorfällen 

schützen und gleichzeitig operationale Effizienz und Compliance verbessern. 



QRadar’s Unique Advantages 

20 

§ Real-time correlation and anomaly detection based on broadest set of 

contextual data 

Ø Impact: More accurate threat detection, in real-time 

§ Integrated flow analytics with Layer 7 content (application) visibility 

Ø Impact: Superior situational awareness and threat identification 

§ Intelligent automation of data collection, asset discovery, asset profiling 

and more 

Ø Impact: Reduced manual effort, fast time to value, lower-cost operation 

§ Flexibility and ease of use enabling “mere mortals” to create and edit 

correlation rules, reports and dashboards 

Ø Impact: Maximum insight, business agility and lower cost of ownership 

§ Scalability for largest deployments, using an embedded database and 

unified data architecture 

Ø Impact: QRadar supports your business needs at any scale 



Why IBM Security: Breadth, deep expertise, integration 

21 

Leadership 

§ Leader in “Magic Quadrant for Security Information and Event Management”, Gartner, May 

24, 2012; May 12, 2011; May 13, 2010; May 29, 2009. 

§ #1 rated by Gartner for Compliance use cases ("Critical Capabilities for Security 

Information and Event Management Technology," Gartner, May 21, 2012) 

Integration 

§ Integrated with 400+ products and vendor platforms 

§ SIEM, log management, behavioral anomaly 

detection, and configuration monitoring combined 

in a single console 

Expertise 

§ Embedded 3rd party security feeds including 

IBM X-Force Threat Intelligence 

§ Integration with IBM InfoSphere Guardium, IBM 

Security Network Protection, IBM Security AppScan 

and IBM Identity & Access Manager for optimized security 



ibm.com/security 

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is 

provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, 

these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its 

suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials 

to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities 

referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a 

commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International 

Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of 

others. 

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper 

access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to 

or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure 

can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will 

22 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT © WARRANT 2013 IBM Corporation 

THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Leitstand für Ihre IT-Sicherheit IBM Security Intelligence

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?