Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘security

Batten Down The Hatches! IBM’s X-Force 2012 Trend And Risk Report

leave a comment »

It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.

Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosedin 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

Click to enlarge. Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosed in 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.

At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.

What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.

That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.

In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.

The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,they have become a favorite target of scam and phishing.

Click to enlarge. The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,
they have become a favorite target of scam and phishing.

Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.  They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.

Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.

As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.

Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.

Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.

Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.

Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.

The values for the evaluated threat and residualthreat can be determined by comparing thelikelihood or frequency of a threat occurring (high,medium, low) against the damage impact that couldhappen if the threat occurred (catastrophic, high,medium, low). The goal is to implement mitigationprocesses that either reduce the frequency of thethreat occurring or reduce the impact if the threatdoes occur. A requirement for this to be successful is to have aspecific, designated monitoring mechanism to monitorthe implementation of the treatment processes andfor the appearance of the threats. This monitoringmechanism should be monitored and alerts should beresponded to. It does no good to have network-basedanti-virus consoles gathering information about virusalerts across the network, if nobody is assigned tomonitor the console and respond to those alerts.Monitoring and responding is part of the mitigationprocess. (An example threat assessment and riskmitigation process chart is provided below, thoughthe IR team may identify a greater list.)

Click to enlarge. The values for the evaluated threat and residual threat can be determined by comparing the likelihood or frequency of a threat occurring (high, medium, low) against the damage impact that could happen if the threat occurred (catastrophic, high, medium, low). The goal is to implement mitigation processes that either reduce the frequency of the threat occurring or reduce the impact if the threat does occur. A requirement for this to be successful is to have a specific, designated monitoring mechanism to monitor the implementation of the treatment processes and for the appearance of the threats.

2012 X-Force Trend And Risk Report Highlight

Malware and the malicious web

  • In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
  • Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
  • The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
  • IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
  • IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
  • Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
  • Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
  • One third of all web access is done on websites which allow users to submit content such as web applications and social media.
  • Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.

Spam and phishing

  • Spam volume remained nearly flat in 2012.
  • India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
  • At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.

Operational Security Practices

Vulnerabilities and exploitation

  • In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
  • Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
  • Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
  • There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
  • Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
  • Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
  • Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.

Emerging Trends In Security

Mobile

  • Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
  • Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
  • In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
  • Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.

To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.

IBM’s 2012 Tech Trends Report: Skills, Skills, And More Skills!

with 3 comments

Across the four technology areas covered in the 2012 IBM Tech Trends Report  – mobile, business analytics, cloud and social business – only one in ten organizations has all the skills it needs. These shortages are not trivial or isolated. Within each area, roughly one-quarter report major skill gaps, and 60 percent or more report moderate to major shortfalls.

Across the four technology areas covered in the 2012 IBM Tech Trends Report – mobile, business analytics, cloud and social business – only one in ten organizations has all the skills it needs. These shortages are not trivial or isolated. Within each area, roughly one-quarter report major skill gaps, and 60 percent or more report moderate to major shortfalls.

Okay boys and girls, it’s that time of year.

No, not the time for Saint Nicholas to come shooting down your chimneys to deliver lots of tablets and smartphones for Christmas.

That time will come soon enough.

No, I’m referring to the results from IBM’s third annual Tech Trends Report, where we talk to an extended sample of technology decision makers to find out what’s on their minds.

In 2010, I explained from the results that it was all about mobile and the cloud.

Last year, the headlines centered on IBM’s Watson technology and business analytics.

This year…while we wait for the drum roll, let me first tell provide you with some background about this year’s study.

About the 2012 IBM Tech Trends Report Study

The 2012 Tech Trends Report is based on a survey of more than 1,200 professionals who make technology decisions for their organizations (22 percent IT managers, 53 percent IT practitioners, and 25 percent business professionals), and who come from 16 different industries and 13 countries (which span both mature and growth markets).

IBM also surveyed more than 250 academics and 450 students across those same countries in order to better understand how tech trends are impacting future IT professionals.

The Headlines This Year: What’s Old Is New, And What’s New Is An Emerging Skills Gap

According to this year’s survey, what’s old is new. Mobile technology, business analytics, cloud computing, and social business continue to be emergent key themes. What’s new is this: Though new and exciting business possibilities are emerging from these new capabilities, significant IT skills shortages, combined with lingering security concerns, are threatening adoption and business progress.

By way of example, the survey revealed that only one in ten organizations has all the skills it needs, and within each of the four areas previously mentioned, roughly one-quarter of respondents report major skills gaps, and 60 percent or more report moderate to major shortfalls.

The skills shortage is more acute in mature markets, with roughly two-thirds of respondents indicating moderate to major shortages versus roughly half in growth markets.

With respect to security concerns, they consistently rank as the most significant barrier to adoption across mobile, cloud computing and social business.

The report observes that IT security is not just a technology concern, however. It’s a broad business issue with far-reaching policy and process implications, and notes that moving into mobile means organizations must address the increased risk of data loss and security breach, device management challenges, and complications introduced by the growing trend toward “bring-your-own-device” (BYOD).

In cloud computing, it calls for policies on employee use of public cloud services, segregation of data within shared or hybrid cloud solutions, and ensuring the right data is in the right place subject to the right controls.

In social business, organizations need to consider customer privacy expectations, regulatory compliance, and employee guidelines on confidentiality, acceptable use, and protecting the corporate brand.

Pay Attention To The Pacesetters

So with all this in mind, which organizations are better positioned to create competitive advantage? Early adopters or late arrivers? Those focused on strategic impact or tactical implementations?

The data suggest it’s those companies forging ahead faster (in spite of adoption hurdles) and using mobile, analytics, cloud, and social technologies in more strategic ways.

The so-called “pacesetters” believe emerging technologies are critical to their business success and are using them to enable new operating/business models.

They’re also adoption ahead of their competition.

What sets them apart from the “followers” and “dabblers” are three key factors: They’re more market driven, they’re more analytical, and they’re more willing to experiment.

And where they say they’re headed next also provides a learning opportunity.

More than 75 percent of pacesetters are increasing investments in mobile and cloud computing over the next two years, and they’re betting heavily on business analytics and social business (two to three times as many pacesetters are raising those investments by 10 percent or more).

With respect to skills, 70 percent of pacesetters are building capabilities in mobile integration, security, privacy, and mobile application architecture, design and development.

Twenty-eight percent have already developed business analytics expertise in probability, statistics and mathematical modeling (and another 60 percent are eagerly developing those capabilities).

In cloud computing, more than 70 percent are developing skills in cloud security, administration, and architecture.

The 2012 IBM Tech Trends Report data suggests an opportunity for organizations everywhere to help close the large and expanding technology skills gap. Is your organization prepared to take these important and often necessary actions?

The 2012 IBM Tech Trends Report data suggests an opportunity for organizations everywhere to help close the large and expanding technology skills gap. Is your organization prepared to take these important and often necessary actions?

And nearly one-quarter of them have already built the expertise needed to extend social business solutions to mobile and to perform social analytics.

Their intent to combined technologies — mobile and social, social and analytics, etc. — are helping drive even greater business value for their organizations.

The 2012 IBM Tech Trends Upshot?

CEOs understand the external factors impacting their organizations most: Technology and skills.

But one without the other is a recipe for innovative decline, and to effectively address these interconnected imperatives, business and IT executives need new approaches for bridging skills gaps and helping their organizations capitalize on the strategic potential of emerging technologies.

The figure to the right demonstrates specific actions that can help you as a leader move your organization into a pacesetting position.  And IBM is also stepping up and offering some new skills-building initiatives as well.

Bridging The Skills Gap

On the heels of this study, IBM has announced an array of programs and resources to help students and IT professionals develop new technology skills and prepare for jobs of the future.

The initiatives include new training courses and resources for IT professionals, technology and curriculum materials for educators and expanded programs to directly engage students with real-world business challenges.  You can learn more about those here.

IBM Announces New Security Solutions, Focuses On Cloud, Mobile, Big Data

leave a comment »

Today, IBM made a move designed to reduce the biggest security inhibitors that organizations face in implementing cloud, mobile and big data initiatives with the announcement of a broad set of security software to help holistically secure data and identities.

I blogged about IBM’s 2012 Global Reputational Risk and IT Study recently, the headline of which was this: Managing reputational risk is crucial to many organization’s business, and managing IT is a major part of their efforts.

I also interviewed Brendan Hannigan, the general manager of IBM’s Security Systems Division, at IBM InterConnect last week about some of these critical security matters.

Today, IBM made a move designed to reduce the biggest security inhibitors that organizations face in implementing cloud, mobile and big data initiatives with the announcement of a broad set of security software to help holistically secure data and identities.

New IBM Security Solutions

IBM’s new software capabilities help clients better maintain security control over mobile devices, mitigate internal and external threats, reduce security risks in cloud environments, extend database security to gain real-time insights into big data environments such as Hadoop, and automate compliance and data security management.

Along with IBM Security Services and IBM’s world-class research capabilities, this set of scalable capabilities supports a holistic, proactive approach to security threats spanning people, data, applications and infrastructure.

“A major shift is taking place in how organizations protect data,” said Brendan Hannigan, General Manager, IBM Security Systems. “Today, data resides everywhere—mobile devices, in the cloud, on social media platforms. This is creating massive amounts of data, forcing organizations to move beyond a traditional siloed perimeter to a multi-perimeter approach in which security intelligence is applied closer to the target.”

IBM is unveiling ten new products and enhancements to help organizations deliver real time security for big data, mobile and cloud computing.

Real Time Security for Big Data Environments 

State of the art technologies including Hadoop based environments have opened the door to a world of possibilities. At the same time, as organizations ingest more data, they face significant risks across a complex threat landscape and they are subject to a growing number of compliance regulations.

With today’s announcement, IBM is among the first to offer data security solutions for Hadoop and other big data environments.

Specifically, Guardium now provides real time monitoring and automated compliance reporting for Hadoop based systems such as InfoSphere BigInsights and Cloudera.

Highlighted data security solutions:

NEW: IBM InfoSphere Guardium for Hadoop

ENHANCED: IBM InfoSphere Optim Data Privacy

ENHANCED: IBM Security Key Lifecycle Manager

To learn more about the data security portfolio go here.

Mobile Security: Improving Access and Threat Protection

Today IBM is also announcing risk-based authentication control for mobile users, integration of access management into mobile application development and deployment as well as enhanced mobile device control.

IBM is also announcing a comprehensive Mobile Security Framework to help organizations develop an adaptable security posture to protect data on the device, at the access gateway and on the applications.

Highlighted mobile security solutions:

NEW: IBM Security Access Manager for Cloud and Mobile

ENHANCED: IBM Endpoint Manager for Mobile Devices

Go here to learn more about specific mobile security product attributes.

Cloud Security: From Inhibitor To Enabler

While the cloud can increase productivity with anywhere, anytime information access, it can also introduce additional challenges for enterprise security.

IBM today is announcing security portfolio enhancements designed to address these new challenges, providing improved visibility and increased levels of automation and patch management to help demonstrate compliance, prevent unauthorized access and defend against the latest threats using advanced security intelligence.

With IBM’s new SmartCloud for Patch Management solution, patches are managed automatically regardless of location and remediation cycles are reduced from weeks to hours thereby reducing security risks.

Additionally, IBM is announcing enhancements to its QRadar Security Intelligence Platform that provides a unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and security related data from distributed locations, using the cloud to obtain greater insight into enterprise-wide activity and enable better-informed business decisions.

The new IBM Security Privileged Identity Manager is designed to proactively address the growing insider threat concerns and help demonstrate compliance across the organization.

IBM Security Access Manager for Cloud and Mobile which provides enhanced federated single sign-on to cloud applications is now available with improved out-of-the-box integration with commonly adopted SaaS applications and services.

Highlighted cloud security solutions:

NEW: IBM SmartCloud for Patch Management

NEW: IBM Security Access Manager for Cloud and Mobile

NEW: IBM Security Privileged Identity Manager

ENHANCED: QRadar SIEM and QRadar Log Manager

Visit here to learn more about specific cloud security product attributes, please visit

Enhanced Mainframe Security Capabilities

In addition, IBM is announcing mainframe security capabilities that enhance enterprise-wide security intelligence based on QRadar security solution integration that provides real time alerts and audit reporting.

The mainframe offers Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification for logical partitions, providing a platform for consolidating systems, helping protect private clouds, and helping secure virtualized environment.

New IBM Security zSecure improvements help to reduce administration overhead, automate compliance reporting, enforce security policy, and pro-actively detect threats.

Highlighted zSecure security solutions:

ENHANCED: IBM Security zSecure

Through IBM Global Financing, credit-qualified clients can take advantage of 0% interest for 12 months on qualifying IBM Security products and solutions.

About IBM Security 

With more than 40 years of security development and innovation, IBM has breadth and depth in security research, products, services and consulting.

IBM X-Force is a world-renowned team that researches and evaluates the latest security threats and trends. This team analyzes and maintains one of the world’s most comprehensive vulnerability databases and develops countermeasure technologies for IBM’s security offerings to help protect organizations ahead of the threat.

IBM has 10 worldwide research centers innovating security technology and nine security operations centers around the world to help global clients maintain an appropriate security posture.

IBM Managed Security Services delivers the expertise, tools and infrastructure to help clients secure their information assets against attacks, often at a fraction of the cost of in-house security resources.

The Institute for Advanced Security is IBM’s global initiative to help organizations better understand and respond to the security threats to their organization. Visit the Institute community at www.instituteforadvancedsecurity.com.

IBM Announces New Chief Privacy Officer, Christina Peters

with one comment

IBM’s new Chief Privacy Officer was announced earlier today. Christina Peters has worked as a practicing attorney with IBM since 1996, and has handled a wide range of complex transactional, policy, compliance, litigation, and cybersecurity matters in the United States and internationally. Peters was educated at Dartmouth College and Harvard Law School, where she was an Executive Editor of the Harvard Law Review.

An important announcement earlier today from IBM: The appointment of the company’s new Chief Privacy Officer, Christina Peters.

Peters has worked as a practicing attorney with IBM since 1996 (first in Germany, later in the US), and has handled a wide range of complex transactional, policy, compliance, litigation, and cybersecurity matters in the United States and internationally.

Peters was educated at Dartmouth College (summa cum laude) and Harvard Law School (magna cum laude), where she was an Executive Editor of the Harvard Law Review.

Following a District of Columbia Circuit clerkship, Peters worked at D.C.-based law firm, Covington & Burling. Prior to joining IBM, she was a Robert Bosch Fellow in Germany, where she worked at the Federal Cartel Authority and Deutsche Telekom.

In her new role, Peters will guide and oversee IBM’s global information policy and practices affecting more than 400,000 employees and thousands of clients. She will lead the company’s global engagement in public policy and industry initiatives on data security and privacy, and continue to serve on the advisory board of the Future of Privacy Forum.

Peters also is responsible for a worldwide team of legal, data protection and technical professionals at IBM who address privacy and data security in the leadership manner expected of the company’s global brand.

IBM was the first major corporation to appoint a Chief Privacy Officer in 2000 and has consistently applied advanced techniques and technologies across its global business operations and practices. IBM’s numerous privacy advancements include:

  • First company to adopt a global privacy code of conduct.
  • First to adopt a genetic non-discrimination policy.
  • First to establish a policy to only advertise on websites with visible privacy statements.

Don’t Get Knocked Offline With DNSChanger!

with one comment

Heads up: Krebs On Security is reporting that the DNSChanger Trojan horse virus is still in 12% of the Fortune 500!

On July 9, any systems still infected will be “summarily disconnected from the rest of the Internet.”

Click to enlarge. The U.S. government’s “safetey net” for the DNSChanger virus will go offline on Monday, July 9, which could see thousands could lose access to the Internet that once infected approximately 4 million computers across the world. The Federal Bureau of Investigation first gave details about the virus last November, which affects computers’ abilities to correctly access the Internet’s DNS system — essentially, the Internet’s phone book. The virus would redirect Internet users to fake DNS servers, often sending them to fake sites or places that promoted fake products.

The attached infographic provides some of the key background and history, but now the question is, what to do about it?

PC World explains DNSChanger rerouted infected computers through servers controlled by a criminal ring based in Eastern Europe, by basically hijacking the DNS service.

If you’ve been infected and recently visited Facebook or Google, PC World explains, you’ve likely seen a warning. But to be sure, check out this tutorial to see if DNSChanger has infected your PC (Mac or Windows).

There’s also a list of removal tools here you can use to learn more and prevent your systems from going offline on July 9th!

Written by turbotodd

July 5, 2012 at 5:11 pm

IBM Strengthens Measures For Mobile Workplace Security

with one comment

Guaranteed, if you asked any CIO or VP of IT what was one of their chief concerns as they think about enabling their enterprise to take better advantage of the opportunity that mobile computing presents, the subject of security would come up.

And I’ve got the data to prove it.  But I’m not going to bore you with the gory details just yet.  I want to instead turn to discussing some new solutions (we’ll come back to the data shortly).

Mobile Security By Design

Today, at the IBM Innovate event down in Orlando, Florida, IBM announced new software to help organizations develop mobile applications that are more secure by design.

Now, clients can build security into the initial design of their mobile applications so that vulnerabilities will be detected early in the development process.

Today’s announcement further expands IBM’s strategy to provide clients with a mobile platform that spans application development, integration, security and management.

With more than five billion mobile devices in the world — and only 2 billion computers — the shift to mobile devices as the primary form of connecting to corporate networks is increasing rapidly. Securing those devices is becoming a top priority for security executives and CIOs.

As companies embrace the growing “Bring Your Own Device” (BYOD) trend, the need to secure the applications that run on these devices is becoming more critical.

I said I’d returned to some data.  How about this: According to the 2011 IBM X-Force Trend and Risk Report, mobile exploits increased by 19 percent in 2011. 

In addition, according to the recently released data from the IBM Center for Applied Insights study, 55 percent of respondents cited mobile security as a primary technology concern over the next two years.

The rapid consumerization of mobile endpoints, applications and services has created the urgent need to secure corporate applications on employees’ devices. 

With the latest release of the IBM Security AppScan portfolio, IBM now offers a robust application development security solution, allowing clients to integrate mobile application security testing throughout the application lifecycle.

“We are seeing increased demand from companies looking to extend their corporate applications to mobile devices,” said Stuart Dross, Vice President of Sales and Marketing, Cigital, Inc. “The ability to scan native and hybrid mobile applications for security vulnerabilities is a major step forward in securing sensitive data and mitigating security risks.”

Security On the Go

Mobile applications represent a new threat target, since they carry a higher risk of attack compared to web application vulnerabilities.

Attackers are increasingly focusing on mobile applications because many organizations are not aware of the security risks introduced by the most basic mobile applications.

Beyond the traditional threats, for example, a hacker could perform a SQL injection or scripting attack on the applications. Mobile applications also come under attack from malware and phishing, or scanning QR codes with malicious scripts.

Additionally, mobile applications have vulnerabilities specific to mobile devices because they often store sensitive data that can be leaked to malicious applications. This data, once stored locally, typically is outside the protection of the corporate security programs.

The new AppScan analysis capabilities will find these vulnerabilities to help developers build more secure mobile applications.

Mobilizing the Workforce

With today’s announcement, IBM extends its market leading static application security testing to native Android applications, which allows clients to conduct their own testing for mobile applications.

In the past, for mobile application security testing to be done, clients would have to send their applications and software IP (Intellectual Property) to an offsite vendor to test for vulnerabilities. This approach doesn’t scale and the response time is too slow, as mobile applications undergo constant revisions and updates.

Organizations need to address mobile application security testing in-house early in the software development life cycle.

In addition to the mobile application testing capabilities, there are significant new capabilities from which customers can benefit:

  • Integration with IBM’s QRadar Security Intelligence Platform allows for increased security intelligence when an application is moved into production. By correlating known application vulnerabilities with user and network activity, QRadar can automatically raise or lower the priority score of
    security incidents.
  • A new Cross Site Scripting (XSS) analyzer which uses a learning mode to quickly evaluate millions of potential tests from less than 20 core tests. This new XSS analyzer finds more XSS vulnerabilities faster than any previous version of AppScan.
  • New static analysis capabilities help companies adopt broad application security practices through simplified on-boarding of applications and empowering non-security specialists to test faster than with prior releases.
  • Predefined and customizable templates that provide development teams the ability to quickly focus on a rule set prioritized by their security teams, helping corporations focus on key issues for them across their organization.

In addition to the QRadar integration, AppScan offers integration points with IBM Security Network IPS and IBM Security SiteProtector, and is a regular complement sold with IBM Guardium and IBM Security Access Management solutions for end-to-end application security.

The approach is to provide a comprehensive and integrated security framework for applications across the development and production lifecycle.

IBM has a broad portfolio of mobile security solutions, ranging from helping secure data on the device, to running safer mobile applications.

IBM has been steadily investing in the mobile space for more than a decade, both organically and through acquisitions, building a complete portfolio of software and services that delivers enterprise-ready mobility for clients.

IBM Security AppScan will be generally available this quarter.

Written by turbotodd

June 5, 2012 at 4:25 pm

Flame No Game

leave a comment »

What a week for cybsecurity matters last week was.

First, the story about the Flame virus discovered by Kapersky Labs in Russia, a new and improved “Stuxnet” virus that has apparently infiltrated computers throughout Iran (and, it seems, beyond).

Then, The New York Times reported on the code-named “Olympic Games” cyberintrusion program, in which the U.S. and Israel allegedly developed Stuxnet for the express purpose of disabling Iranian centrifuges that were being used to enrich uranium.

If you ever had the question as to when or whether the digital realm would meet that of the physical, Stuxnet and, now, Flame, are perfectly good examples of how that intersection is being brought about.

But Eugene Kasperksy himself, who’s team discovered the Flame virus, suggests this intersection is one of foreboding, explaining at CeBIT last month that “Cyberweapons are the most dangerous innovation of this century.”

Is he right?  More dangerous than the nuclear weapons they were intended to prevent the manufacture of in Iran?

More dangerous than Hellfire missiles zooming down from the skies of Pakistan?

I suspect it depends on your respective point of view, literally.  But there can be no question the cyberintelligence debate will heat up over the coming years.

Now that digital (and, often, very economically efficient, when compared to more traditional means) mechanisms can be used for the art of proven and productive warfare and espionage purposes, state actors will likely shift more investment into cyber territory, putting much more muscle into what had previously been the domain of fringe actors.

Such a trend could lead to the development of much more serious and sobering digital “agents” whose primary purpose — for espionage, for risk mitigation, and so forth — could ultimately be betrayed by Murphy’s Law of Unintended Consequences.

The virus intended to destabilize the spinning centrifuges in Iran could spin out of control and instead open the floodgates on a dam in China.  Or so goes the fear.

But perhaps the fears are not without some justification?  If you don’t know who you can trust in the digital milieu…or, worse, if your systems don’t know who they can trust…how can you trust anyone? Or anything?

Just overnight SecurityWeek posted that Microsoft had reached out to it customers and notified the public that it had discovered unauthorized digital certifications connected to the Flame virus that “chain[ed] up” to a Microsoft sub-certfication authority that had been issued under the Microsoft Root Authority.

If such certificates can be co-opted by the “Flames” of the world, and appear to be legitimate software coming from Microsoft…well, that’s a fast and slippery slope to cyber anarchy.

As SecurityWeek also recently reported about Flame, yes, the short-term risk to enterprises is low.  But Flame “demonstrated that when nation-states are pulling the strings, they have the ability to repeatedly and significantly leap ahead of the state of the art in terms of malware.”

As state-actors raise the table stakes by developing more and more sophisticated cyber intruders, they will, in essence, be raising everybody’s game.  These virii don’t live in a vacuum — they will be gathered by the non-state actors, hackers white and black hat alike, then deconstructed, disassembled, and, potentially, improved upon before being re-assembled and unleashed back into the wild.

So what’s the answer?  Unfortunately, there is no single cyber bullet.

Constant vigilance, education, monitoring, and adaptive learning will be mostly required, in order to both keep pace with the rapid evolution (or, as the case will likely be, devolution) with these digital beasts, and enterprises everywhere would be well-served to step up their Internet security game.

Finally, let’s not forget that state-actors aren’t just looking to instill damage — many are searching for valuable intellectual capital they can benefit from economically.

That alone is more than enough justification for enterprises to have a more comprehensive cyber intelligence strategy.

In the meantime, let’s just hope the next Flame or Stuxnet doesn’t lead to a more disastrous scenario than knocking out a few centrifuges in Natanz, one that starts to make a Michael Crichton novel look as though it’s actually coming to life!

Written by turbotodd

June 4, 2012 at 3:59 pm

New IBM Security Study: Finding A Strategic Voice In The C-Suite

with one comment

I’m back from IBM Impact 2012…but my brain is still processing all the information I took in through all the interviews Scott and I conducted for ImpactTV and for all the sessions I attended…and I won’t mention all the cocktails in the evenings where I learned SO much from my industry peers.

The first ever IBM security officers study reveals a clear evolution in information security organizations and their leaders with 25 percent of security chiefs surveyed shifting from a technology focus to strategic business leadership role.

I’ll be putting together a recap post of some of the major announcements, and I’ve still yet to transcribe my interview with Walter Isaacson, but first, I wanted to highlight an important new study from IBM on the security front.

For those of you who follow the Turbo blog, you know the issue of security (particularly cybersecurity) is one I take very seriously and that I follow closely, partially because of my longstanding interest in the topic, and partially because I recognize we live in an imperfect world using imperfect technology, created and used by imperfect humans.

But the promise and hope for security, fallible though it may sometimes be, is a worthy aspiration.  There are ideas, assets, and often even lives at risk, and the more we move up the stack into an intellectual capital driven global economy, the more there is at stake and the more that will be needed to protect.

So, that’s a long way of saying expect to be hearing even more from me on this important topic.

Chief Security Officers: “We’ve Got Our CEO’s Attention”

To that end, now for the new information security study results. The new IBM study reveals a clear evolution in information security organizations and their leaders, with 25 percent of security chiefs surveyed shifting from a tech focus to one of a more strategic business leadership role.

In this first study of senior security executives, the IBM Center For Applied Insights interviewed more than 130 security leaders globally and discovered three types of leaders based on breach preparedness and overall security maturity.

Representing about a quarter of those interviewed, the “Influencer” senior security executives typically influenced business strategies of their firms and were more confident and prepared than their peers—the “Protectors” and “Responders.”

Overall, all security leaders today are under intense pressure, charged with protecting some of their firm’s most valuable assets – money, customer data, intellectual property and brand.

Nearly two-thirds of Chief Information Security Executives (CISOs) surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise.

Emerging Security Issues: Mobile And A More Holistic Approach

More than half of respondents cited mobile security as a primary technology concern over the next two years.  Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases.

Rather than just reactively responding to security incidents, the CISO’s role is shifting more towards intelligent and holistic risk management– from fire-fighting to anticipating and mitigating fires before they start.  Several characteristics emerged as notable features among the mature security practices of “Influencers” in a variety of organizations:

  • Security seen as a business (versus technology) imperative: One of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations.  These leaders understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration and communications.  Forward-thinking security organizations are more likely to establish a security steering committee to encourage systemic approaches to security issues that span legal, business operations, finance, and human resources. Sixty-eight percent of advanced organizations had a risk committee, versus only 26percent in the least advanced group.
  • Use of data-driven decision making and measurement: Leading organizations are twice as likely to use metrics to monitor progress, the assessment showed (59 percent v. 26 percent). Tracking user awareness, employee education, the ability to deal with future threats, and the integration of new technologies can help create a risk-aware culture. And automated monitoring of standardized metrics allows CISOs to dedicate more time to focusing on broader, more systemic risks.
  • Shared budgetary responsibility with the C-suite: The assessment showed that within most organizations, CIOs typically have control over the information security budget. However, among highly ranked organizations, investment authority lies with business leaders more often. In the most advanced organizations, CEOs were just as likely as CIOs to be steering information security budgets. Lower ranking organizations often lacked a dedicated budget line item altogether, indicating a more tactical, fragmented approach to security.  Seventy-one percent of advanced organizations had a dedicated security budget line item compared to 27 percent of the least mature group.

Recommendations to Evolve the Security Role in an Enterprise

To create a more confident and capable security organization, IBM recognizes that security leaders must construct an action plan based on their current capabilities and most pressing needs. The report offers prescriptive advice from its findings on how organizations can move forward based on their current maturity level.

For example, those “Responders” in the earliest stage of security maturity can move beyond their tactical focus by establishing a dedicated security leadership role (like a CISO); assembling a security and risk committee measuring progress; and automating routine security processes to devote more time and resources to security innovation.

About the Assessment

The IBM Center for Applied Insights study, “Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment,” included organizations spanning a broad range of industries and seven countries.

During the first quarter of 2012, the Center conducted double-blind interviews with 138 senior business and IT executives responsible for information security in their enterprises. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.

Click here to access the full study.

Warning Against Your Insecurities: The 2011 IBM X-Force Trend And Risk “Poltergeist”

leave a comment »

WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere.  No web servers were hacked in the preparation of this report: at least, none by me!

Okay, troopers, it’s that time of year again.  You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.

Google has the search “Zeitgeist” every year, we have the security “poltergeist!”

This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask?  Surely you jest, Turbo.

This figure from the 2011 IBM X-Force Trend And Risk Report shows a steady decline in the instances of input control related vulnerabilities such as cross-site scripting (XSS) and SQL injection since X-Force began recording these statistics in 2007. In 2011, the statistics suggest that the likelihood of encountering XSS in a given test continues to decrease but shows signs of leveling out at approximately a 40 percent chance of occurring. Injection vulnerabilities and specifically SQL injection appears to have leveled out at around a 20 percent chance of occurring in a given test.

No, no, there IS some good news.  Like a reduction in application security vulnerabilities, exploit code and spam.

But, good news leads to less good news on this front, as many of you who follow security well know, because the bad guys are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.

The Top Line: Less Spam, More Adaptation

To get specific, the X-Force 2011 Trend and Risk Report demonstrated a 50 percent decline in spam email compared to 2010.

2011’s poltergeist saw a diligent patching of security vulnerabilities by software vendors, with only 36 percent of those vulnerabilities remaining unpatched in 2011 (compared to 43 percent in 2010).  The year also saw a higher quality of software application code, as seen in web-app vulnerabilities called “cross-site scripting” that were half as likely to exist in clients’ software as they were four years ago.

So, the net is, the bad guys are adapting their techniques to the changing tech environment. The report uncovered a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.

It also witnessed an increase in automated shell command injection attacks against web servers, which may well be a response to successful efforts to close off other kinds of Web app vulnerabilities.

The Security Landscape Glass Half Full: Decrease In Unpatched Vulnerabilities, Exploit Code, And Spam

Getting even more specific, according to the report, there are several positive trends as companies adjusted their security policies in 2011:

  • Thirty percent decline in the availability of exploit code. When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities.
  • Decrease in unpatched security vulnerabilities. When security vulnerabilities are publicly disclosed, it is important that the responsible software vendor provide a patch or fix in a timely fashion. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. In 2011 this number was down to 36 percent from 43 percent in 2010.
  • Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality. The IBM X-Force team is seeing significant improvement in the quality of software produced by organizations that use tools like IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code.  IBM found XSS vulnerabilities are half as likely to exist in customers’ software as they were four years ago. However, XSS vulnerabilities still appear in about 40 percent of the applications IBM scans. This is still high for something well understood and able to be addressed.
  • Decline in spam. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010. Some of this decline can be attributed to the take-down of several large spam botnets, which likely hindered spammers’ ability to send emails. The IBM X-Force team witnessed spam evolve through several generations over the past seven years as spam filtering technology has improved and spammers have adapted their techniques in order to successfully reach readers.

The Security Landscape Glass Half Empty: Attackers Adapt Their Techniques in 2011

Even with these improvements, there has been a rise in new attack trends and an array of significant, widely reported external network and security breaches.

This figure from the 2011 IBM X-Force Trend And Risk Report shows an increase in mobile operating system exploits in 2011 due to an uptick in malicious activity targeting mobile devices. Because of the two-tiered relationship between phone end users, telecommunications companies, and mobile operating system vendors, disclosed mobile vulnerabilities can remain unpatched on phones for an extended period of time, providing a large window of opportunity to attackers.

As malicious attackers become increasingly savvy, the IBM X-Force documented increases in three key areas of attack activity:

  • Attacks targeting shell command injection vulnerabilities more than double. For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46 percent in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011. Web application developers should pay close attention to this increasingly popular attack vector.
  • Spike in automated password guessing – Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011.
  • Increase in phishing attacks that impersonate social networking sites and mail parcel services – The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.

Emerging Technologies Create New Avenues for Attacks

New technologies such as mobile and cloud computing continue to create challenges for enterprise security.

  • Publicly released mobile exploits rise 19 percent in 2011. This year’s IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of “Bring your Own Device,” or BYOD, in the enterprise. IBM X-Force reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. There are many mobile devices in consumers’ hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.
  • Attacks increasingly relate to social media – With the widespread adoption of social media platforms and social technologies, this area has become a target of attacker activity. IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.
  • Cloud computing presents new challenges - Cloud computing is moving rapidly from emerging to mainstream technology, and rapid growth is anticipated through the end of 2013. In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. Cloud security requires foresight on the part of the customer as well as flexibility and skills on the part of the cloud provider. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.

The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”

You can learn more about IBM Security Solutions here.

Advancing Security Intelligence to Help Organizations Combat Increasing Threats

leave a comment »

If you’ve been curious as to what IBM has been up to on the security front, today’s a good day to check in.

The top global cyber security threats in 2011, according to a recent IBM analysis.

Earlier today, the Dow Jones AllThingsD blog had this post about some new capabilities IBM is announcing on the security front.

Today, IBM unveiled several new services planned for its security intelligence platform designed to combine deep analytics with real-time data feeds from hundreds of different sources to give organizations, for the first time, the ability to help proactively protect themselves from increasingly sophisticated and complex security threats and attacks using a single platform.

The Backdrop

Organizations today are struggling to defend themselves against an onslaught of ever-evolving data breaches, such as theft of customer and employee information, credit card data and corporate intellectual property.

To date, many corporations have been unable to create a security defense system because they have cobbled together technologies that don’t integrate in an intelligent and automated fashion.  This patchwork approach has created loopholes that hackers can exploit.

The QRadar Security Intelligence Platform, designed by Q1 Labs and acquired by IBM last fall, tackles this problem head-on by serving as a control center that integrates real-time security intelligence data to include more than 400 different sources.

Major breakthroughs planned in the security platform include:

  • Threat Intelligence – Intelligence from one of the world’s largest repository of threat and vulnerability insights is planned to be available based on the real-time monitoring of 13 billion security events per day from the IBM X-Force Threat Intelligence Feed. This insight can flag behavior that may be associated with Advanced Persistent Threats, which may emanate from teams of attackers accessing networks through stealth means.
  • Visibility into Enterprise Activity – The platform will unite events from IBM and non-IBM products that span four areas of organizational risk – infrastructure, people, applications and data.
  • Pinpoint Analysis in an Age of Big Data – The platform can drill down to basic data elements to help analyze issues emanating from network access information at the periphery to database activity at the core of a business.
Jack Danahy, Director of Advanced Security at IBM talks about security intelligence. For more information, please visit ibm.com/security.

New Integrations Bring Real-Time Security Analytics

With new integrations to be made available, the analytics platform can quickly identify abnormal activity by combining the contextual awareness of the latest threats and methods being used by hackers with real-time analysis of the traffic on the corporate IT infrastructure.

For example, the future integrations permit the platform to detect when multiple failed logins to a database server are followed by a successful login and access to credit card tables, followed by an upload to an unknown site.

“We chose the QRadar platform to build on and deliver our vision of a streamlined, highly intelligent platform to serve as our central nervous system for enterprise-wide monitoring,” said Ken Major, Information Security Officer at AmeriCU Credit Union. “It enables us to achieve our goals, industry best practices and regulatory compliance.”

Threat Intelligence

One of the significant planned integrations for the QRadar platform is IBM’s X-Force Intelligence Threat Feed based on the real-time monitoring of 13 billion security events per day, on average, for nearly 4,000 clients in more than 130 countries.

The QRadar platform will have visibility into the latest security trends worldwide to help protect enterprises against emerging risks. QRadar will present current IBM X-Force threat feeds in dashboard views for users, and correlate an organization’s security and network events with these threats and vulnerabilities in real-time using automated rules.

Broad Coverage

Other planned integrations to allow the QRadar Security Intelligence Platform to help clients more rapidly identify threats by connecting events from the following categories:

  • People: Organizations should control access to key systems and information. An employee’s unauthorized access to key databases and client information can leave a firm vulnerable to security breaches. With security intelligence, security teams can quickly determine whether access patterns exhibited by a given user are consistent with the user’s role and permissions within the organization. IBM Security Identity Manager and IBM Security Access Manager will integrate with the QRadar platform, complementing QRadar’s existing support for enterprise directories such as Microsoft Active Directory.
  • Data: Data is at the core of security; it is what’s behind every security measure in place, and is the primary target of cyber-criminals. With IBM Guardium Database Security integrated with the security intelligence platform, users will be able to better correlate unauthorized or suspicious activity at the database layer – such as a database administrator accessing credit card tables during off-hours – with anomalous activity detected at the network layer, such as credit card records being sent to unfamiliar servers on the Internet.
  • Applications: Applications are vital to day-to-day function but can also introduce new and serious vulnerabilities into company networks. Applications, because of their sensitivity, should be updated frequently. Organizations however are often unable to patch immediately due to corporate testing requirements and change control cycles. With security intelligence, companies will be able to automatically alert security teams to unpatched Web applications that risk being attacked by known application-layer exploits  that have previously been identified by IBM Security AppScan. This planned integration complements existing QRadar support for monitoring enterprise applications such as IBM WebSphere and SAP ERP.
  • Infrastructure: Today, organizations struggle to secure thousands of physical devices, such as PCs and mobile phones, especially as Bring Your Own Device (BYOD) continues to grow in popularity. For this reason, companies should take extra precautions to help employees to follow secure practices in using these devices. With IBM Endpoint Manager integration, the security platform can provide organizations with enhanced protection of physical and virtual endpoints: servers, desktops, roaming laptops, smartphones and tablets, plus specialized equipment such as point-of-sale devices, ATMs and self-service kiosks.

QRadar integration modules are also planned for Symantec DLP, Websense Triton, Stonesoft Stonegate and other third-party products, increasing QRadar’s ecosystem and continuing Q1 Labs’ long-standing approach to multi-vendor heterogeneous environments.

Solutions to Analyze Big Data

In addition, the QRadar platform has been expanded with Big Data capabilities for storing and querying massive amounts of security information, and functionality for helping to secure virtualized infrastructures and providing a new level of visibility that helps clients reduce security risk and automate their compliance processes.

The expansion of security and network data sources is complemented by advanced functionality to help organizations keep pace with their exponential data growth. The new deliverables include:

  • Instant Search to provide high-speed, free-text querying of both log and flow data, designed to bring the simplicity and speed of Internet search engines to the security intelligence solution.
  • The XX24 appliance series to extend the scalability and performance advantages for which QRadar solutions are well known. With the release of the QRadar 3124 SIEM appliances, QRadar 1624 Event Processor and QRadar 1724 Flow Processor – which all include 16TB of usable storage and 64GB of RAM – organizations can support more users, achieve higher performance and store data longer.
  • Intelligent data policy management to enable users to designate which information they want to store and for how long. Less important data can be removed sooner to achieve longer retention for more important data.
  • Virtual appliances to allow end customers and service providers to capitalize on the virtual infrastructures they have built, while benefiting from lower-priced yet fully capable security intelligence solutions.

The planned integration modules (device support modules) are expected to be included with QRadar SIEM and QRadar Log Manager at no additional cost, via automatic updates.

Availability

The Big Data and virtual infrastructure enhancements are available now.  QRadar integration modules for IBM Guardium Database Security are planned to be available in 1Q2012.

Integration modules for IBM X-Force Threat Intelligence, IBM Security Identity Manager, IBM Security Access Manager, IBM Security AppScan and IBM Endpoint Manager are planned to be available in 2Q2012.

Visit Q1Labs’ site for more information.

Follow

Get every new post delivered to your Inbox.

Join 2,343 other followers

%d bloggers like this: