IBM Cognitive Security

Fearless in the face of uncertainty

Hoa, Doan Quang

IBM Technical Sales

April 2019

IBM Security / © 2019 IBM Corporation

We’ve built the largest security start-up in the world

2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017…

Identity management Security services Enterprise Endpoint Cloud-enabled Incident

Directory integration and network security single-sign-on management identity management response
and security Identity governance

SOA management Application security Database monitoring Security Intelligence Advanced fraud protection Data-related
and security and protection business risk
Risk management Secure mobile mgmt. IBM Security management
Data management Application security
Systems

IBM Security
Services

“…IBM Security is making all the right moves...”

Forbes
Forbes

IBM Security / © 2019 IBM Corporation 2

Where we are now

• Largest enterprise cybersecurity provider

• Leader in 12 security market segments

• 8,000+ security employees

• 20+ security acquisitions

• 70B+ security events monitored per day

IBM Security / © 2019 IBM Corporation 3

Attackers break through conventional safeguards every day

average time to identify data breach average cost of a ASEAN data breach

201 days
IBM Security / © 2019 IBM Corporation
$2.5M
4
What we’re hearing
from customers
From thousands of engagements across
the world, we’ve heard some common security
concerns.

HUMAN COMPLIANCE
ERROR

ADVANCED
INNOVATION SKILLS GAP
ATTACKS

IBM Security / © 2019 IBM Corporation 5

 Build an integrated security immune system
Data protection | Data access control

Privileged user management

DATA
Identity governance and administration
Access management
Application scanning IDENTITY IDaaS
APPS
Application security management Security analytics & ACCESS Mainframe security
Vulnerability management
Threat and anomaly detection

Transaction protection SECURITY Fraud protection

ADVANCED
Device management MOBILE ORCHESTRATION Criminal detection
FRAUD
Content security & ANALYTICS

Threat hunting and investigation

User behavior analytics
Endpoint detection and response Incident response Firewalls and intrusion prevention
Endpoint patching and management ENDPOINT NETWORK Network forensics and threat management
Malware protection Network visibility and segmentation

THREAT
INTEL

IBM Security / © 2019 IBM Corporation 6

Threat sharing | Malware analysis | IoCs

Supported by hundreds of open integrations

… …

IBM Security / © 2019 IBM Corporation 7

 The future of security is connected

IBM Security Connect

Connected ecosystem

Operational simplicity

Global-scale AI and analytics

Experts on-demand

Uncover new risks and strengthen your cybersecurity program

with the only open, cloud-based security platform
that doesn’t demand migrating your data
IBM Security / © 2019 IBM Corporation 8
 A tremendous amount of security knowledge is created for
human consumption but most of it is untapped

200K+ security events

viewed each day
• Security events and alerts
• Logs and configuration data
• User and network activity
Traditional
Security Data 75K+ reported software
vulnerabilities
• Threat and vulnerability feeds

Human Generated
Knowledge A universe of security knowledge
Dark to your defenses
Typical organizations leverage only 8% of this content*

720K security
blogs / year
• Industry publications
• Forensic information
• Threat intelligence
commentary
180K security related
news articles / year • Analyst reports
• Conference presentations
• News sources
• Newsletters
10K security research
papers / year • Tweets
• Wikis

IBM Security / © 2019 IBM Corporation 9

 How it works – Building the knowledge (internal and external)
5 Minutes 1 Hour 1-3 Day
Structured Crawl of Critical Massive Crawl of all Security
Security Data Unstructured Security Data Related Data on Web

5-10 updates / hour! 100K updates / week!

X-Force Exchange Blogs Breach replies
Trusted partner data Websites Attack write-ups
Open source News, … Best practices Millions of
Billions of
Paid data
Data Elements - New actors - Course of action Documents
- Indicators - Campaigns - Actors
- Vulnerabilities - Malware outbreaks - Trends
- Malware names, … - Indicators, … - Indicators, …

Filtering + Machine Learning 3:1 Reduction

Removes Unnecessary Information

Machine Learning /
Natural Language Processing
Extracts and Annotates Collected Data

Billions of Nodes / Edges Massive Security Knowledge Graph

IBM Security / © 2019 IBM Corporation 10
Detect and stop threats
IBM QRadar
User and entity profiling
Statistical analysis
Pattern identification
Entity and user context
Network-based anomaly detection
External threat correlation
Real-time analytics
Risk-based analytics
Threat hunting
DNS analytics
Business context

“3 billion security events per day are
#1 SIEM for accurately analyzed and condensed
Advanced Threat Defense into 25 prioritized offenses,
- Gartner enabling analysts to focus on what
matters most.”
- Large energy company
IBM i2 Enterprise Insight Analysis
Use intelligence to find the attacker
• Ingest structured and unstructured data • Deliver actionable intelligence
including OSINT and the dark web and accelerate data to decision
• Uncover hidden connections and patterns

IBM Security / © 2019 IBM Corporation 11

Speed up your SOC with AI
IBM QRadar User Behavior Analytics IBM QRadar Advisor with Watson

Detect insider threats with machine learning Force multiply your team’s effectiveness with AI
• Continuously learns behaviors to predict malicious users • Automatically connect the dots for more decisive threat escalation
• Generate detailed risk scores for individual users • Speed response and visualize attack stages using MITRE ATT&CK
• 16K+ free downloads from X-Force App Exchange • Gain insights from Watson’s 10B+ security data points

IBM Security / © 2019 IBM Corporation 12

 Cognitive: Revolutionizing how security analysts work

IBM Security / © 2019 IBM Corporation 13

THANK YOU
FOLLOW US ON:

ibm.com/security
securityintelligence.com
ibm.com/security/community
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction
represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States,
other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information
being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security
measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and
may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.