IBM's New Security Community: An Open Forum on Security Topics
IT as a field continues to evolve very quickly, but few IT domains change as rapidly as security—and few imply quite as many potentially devastating consequences to organizations.
Consider, for instance, some of the ramifications in the event that a breach occurs:
And as IT architectures continue to become more complex and diverse (consider cloud computing and mobile endpoints as examples), the need for timely, accurate insight and guidance becomes more pressing in proportion.
Fortunately, despite the fact that security moves so quickly, there's a great new way to keep yourself up to speed: IBM's recently launched new community site for its Institute of Advanced Security. (link resides outside ibm.com)
This site offers a fantastic blog and content from security experts specializing in a wide variety of key security subjects, ranging from best practices to emerging threats to new solutions and solution integration possibilities.
The site isn't just a place for IBM to offer content; it's also a place for the site's members to contribute insights of their own. They can share their experiences, discuss their own security strategies and discoveries, and thus collaborate with IBM to lock down organizational services more easily, quickly, and cost-efficiently for all the site's participants.
All told, the site offers exceptional value—particularly since complete access to all content is free (registration is required).
Mobile security and the cloud—two hot topics in one blog entry
"Anyone interested in staying on top of Internet-based security threats should be aware of the X-Force—arguably the leading source of security threat analysis and risk assessment information available today. This expert group continually tracks and monitors global security complexities, offering its latest guidance via reports issued twice per year that cover both how security has changed and what organizations are advised to do about it."
For a great example of what you can expect at the new site, consider a recent blog post from David Merrill, a strategist for endpoint security and malware protection in IBM's Chief Information Security Office. This entry focuses on mobile endpoints and cloud architectures and how together they represent a new puzzle for security specialists to ponder.
Many of the site's readers will have discovered for themselves just how this is happening—essentially, as an intersection of popular trends. The first trend, mobile devices, has transformed the user experience in recent years as tablets and smart phones have offered a powerful new and exceptionally convenient platform for accessing company services and data anywhere they go and any time they wish.
Given a browser on the device and Web-based access to the IT infrastructure, that's a compelling opportunity that more and more employees are taking advantage of. The challenge for organizations, of course, is that those devices are usually not particularly secure—certainly not as secure as traditional endpoints like laptops and desktops that fall under IT's control, and hence can be monitored and managed far more comprehensively.
The second trend, cloud computing, is subtler but just as pervasive. No single subject has dominated IT thought leadership in recent years as much as cloud, in large part because clouds are remarkably optimized service delivery platforms, in which shared resources, deep virtualization, and smart automation combine to make clouds both cost-efficient and highly available. But given such an integrated architecture, in which resources, applications, servers, and data are all centralized, the security ramifications are also considerable.
Merrill's blog post discusses an increasingly common situation in which mobile devices are used to access cloud services—seemingly, a perfect storm of security challenges.
But he also speculates about an innovative solution through which security in this scenario could actually be improved—not diminished. And he points out how such a solution could ultimately be leveraged to enforce superior security for any accessing device, whether mobile or not.
A new trend and risk report is out—and you can get the highlights
Another appealing element of the site is the participation on it by members of IBM's X-Force team.
Anyone interested in staying on top of Internet-based security threats should be aware of the X-Force—arguably the leading source of security threat analysis and risk assessment information available today. This expert group continually tracks and monitors global security complexities, offering its latest guidance via reports issued twice per year that cover both how security has changed and what organizations are advised to do about it.
Recently, the latest Trend and Risk report was released, and as usual, it provides an assessment of the security landscape, designed to help readers better understand the latest security risks, and stay ahead of these threats. The report gathers facts from numerous intelligence sources, including its database of more than 50,000 computer security vulnerabilities, its global Web crawler and its international spam collectors, and the real-time monitoring of 13 billion events every day for nearly 4,000 clients in more than 130 countries. This is the result of the work done in IBM's nine global Security Operations Centers,
Truly a collaborative effort, this research includes contributions from the IBM X-Force Research and Development team, IBM Security Managed Services, IBM Professional Services, the IBM Security Content team, IBM Security AppScan OnDemand Managed Services, and product teams from IBM Identity and Access Management, IBM Data and Information Security, IBM InfoSphere Guardium and QRadar from Q1 Labs, an IBM company.
The result is some of the most comprehensive analysis you can find anywhere—and some of the most practical.
The latest report has been discussed in a blog entry by Leslie Horacek that is available on the site. It summarizes some of the landmark findings of the new report, in which 2011 was declared by the X-Force team to be the "Year of the Security Breach" due to the increased frequency of high-impact breaches reported in the media.
Among the good news: an approximate 30% decline in released exploit code in 2011 compared to the average of the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities. There has also been significant improvement in the percentage of known vulnerabilities that remain unpatched: from 42% in 2010 down to 36% in 2011.
Unfortunately, the bad news includes a notable spike in automated attempts to crack passwords by compromising secure shell (SSH) interfaces. And once a Web server has been compromised, it can lead in short order to other problems—among them, exploitation of other systems that are logically linked to that server and exploitation of the site's customers, who in some cases are encouraged to install malware or visit malicious external sites.
For more detailed information, read Horacek's post on the site. Also consider attending the upcoming Webcast: Summary of the Universally Acclaimed IBM X-Force Trend and Risk Report with Tom Cross on April 10th at 10 a.m. EST. The presentation will be 50 minutes long, followed by a 10-minute Q&A session. Please register now !
A video on Security Intelligence can bring you up to speed—fast
Of course, blogs represent only one form of compelling content. The new IBM site actually features a wide range of diverse content to match the diverse interests of its audience.
For instance, you might want to check out a recently posted video on security intelligence —an interesting new field and one that promises a more holistic, integrated, and proactive approach to security strategies than ever before.
Security intelligence can be seen as analogous to business intelligence. The idea is to gather information from many relevant sources, analyze it extensively looking for anomalous activity, and thus get a clearer, more pragmatic look at the security posture of the organization—ideally in real time.
So, for instance, imagine that a Russian hacker attempts to compromise a site. This might manifest as a large number of failed passwords, followed by a successful one, followed by a range of suspicious network activity such as the attempted access of other systems or data repositories, or the copying of large files to a remote site in a country where the organization has never even done business.
Such a pattern would be easily recognized by a security expert, but not, typically, by information and event management security software, because it spans different servers, services, and applications.
What security intelligence solutions offer is just such expert perspective, available right out of the box via the included smart policies, and implemented in an automated way for an incredibly quick response time.
By watching the video, you can learn much more about security intelligence capabilities such as those IBM now offers—specifically, how anomalous and suspicious network behavior of many kinds can rapidly be detected and addressed, and how the business impact of a breach can thus be dramatically reduced.
CIO/CISO job duties are evolving as quickly as their area of expertise
Naturally, as security challenges have evolved and IT architectures and security capabilities have evolved in response, life has changed for Chief Information Officers and Chief Information Security Officers. Today's security leaders, as a result, must find accelerated ways of educating themselves on proven best practices, as well as on the available options to implement them.
If you put yourself in the position of CIO and ask yourself, for instance, how much faith you really have in the security of a public cloud to guard your services and data, you can see right away why security remains the #1 perceived problem for cloud architectures of this type in the minds of business execs.
At the same time, business pressures continue to make clouds very attractive in certain respects—particularly, pay-as-you-go pricing, which ensures that the cost of utilizing such a host will scale only in relation to actual service usage. That's a selling point few CIOs can ignore.
How, then, to leverage the business benefits of cloud services, while also minimizing the perceived security shortcomings?
That's exactly the subject of a recently posted PDF on the IBM site—Security Essentials for CIOs—which is part of an executive series the site is offering. This clear and insightful document discusses not just the technological, but also the human issues involved in maximizing cloud security, for both public and private cloud models. Specifically, it provides seven distinct recommendations that CIOs should bear in mind to ensure clouds deliver the highest value while adding the lowest possible risk.
And for security leaders interested in learning more about how security intelligence can significantly improve an organization's security posture, a forthcoming webcast offered on the site is directly on point.
Titled Defining Security Intelligence for the Enterprise: What Today's CISOs Need to Know, this webcast, slated for April 24, will feature Chris Poulin of Q1 Labs and explain how true security intelligence is different from—and much better than—conventional SIEM solutions.
Register today to attend the webcast!
Innovate, transform and grow your business at Impact 2012
Learn about the latest technologies including WebSphere, BPM, cloud, mobile, and much more! And don’t miss the Tivoli session on ‘Optimizing the World's Infrastructure’ at Impact 2012.