Download Managing security risks and vulnerabilities

IBM Software
Thought Leadership White Paper
Managing security risks and
vulnerabilities
Protect your critical assets with an integrated, cost-effective approach to
vulnerability assessments and risk management
January 2014
2
Managing security risks and vulnerabilities
Contents
2 Introduction
2 Understanding the threat landscape
4 Getting proactive about security
5 Unifying security resources with IBM solutions
6 Unleashing the value of security intelligence
8 Improving security with vulnerability management
10 Combining vulnerability management with risk
management
11 Closing the gaps in risk and vulnerability management
11 Conclusion
12 For more information
12 About IBM Security solutions
Introduction
While technology innovations are improving our everyday lives,
cybercrime is also on the rise—and the costs are higher than
ever. A recent study found that the annual costs of cybercrime
averaged USD11.6 million per large organization in 2013, which
is an increase of 26 percent from the previous year.1 In fact, even
the most security-minded organizations can be exploited by
today’s operationally sophisticated attackers. And the impact can
extend far beyond the bottom line. Security breaches can result
in the loss of intellectual property, disrupt critical operations and
damage an organization’s image, brand and public reputation.
Meanwhile, security teams often take approaches that are largely
reactive instead of proactive; it is not uncommon for them to
spend the majority of their time—and budget—deploying tools
that can only detect and remediate breaches, rather than proactively examining and strengthening security defenses already in
place. Plus, personnel are kept busy with activities such as
vulnerability scanning that help ensure compliance with regulatory mandates, yet they lack the ability to add context to this
data, such as which vulnerabilities create the greatest risk for the
organization. As a result, many security products are designed to
support reactive tasks, rather than the broader goal of detecting
weaknesses and unauthorized behavior to help stay ahead of
threats.
Fortunately, today’s organizations have a smarter option. The
latest integrated security intelligence solutions use advanced
labor-saving automation to deliver more value from security
budgets—and increase efficiency of IT staff—while simultaneously strengthening their security posture. Organizations can
automate management of security events, logs and network
flows. In addition, they can compare network configurations to
proactively identify security exposures, analyze firewall rules,
simulate the potential impact of an attack, and quantify the risk
from vulnerabilities.
This white paper discusses how organizations can focus on
protecting high-value assets and provide scalable, cost-effective,
integrated security across the entire IT environment. It will
explain how the right security intelligence platform can integrate
vulnerability analysis, risk management and remediation
support—all from within a single console—to proactively
identify security weaknesses and minimize potential risks across
a dynamic infrastructure.
Understanding the threat landscape
Security breaches are increasingly reported in the media, thanks
to the growing number of attacks and their increasing severity.
The IBM® X-Force® research and development team recently
reported that the total number of security incidents for 2013 was
on track to surpass the numbers from 2012.2 What’s more, the
organizations targeted by attackers have often deployed basic
security measures. So why are the attacks successful?
IBM Software
3
Vulnerability disclosures growth by year
10,000
9,000
8,000
7,000
6,000
5,000
4,000
3,000
2,000
1,000
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
1996
0
2013 prediction of (first half doubled)
Source: “IBM X-Force 2013 Mid-Year Trend and Risk Report”
IBM X-Force reported that halfway through 2013, vulnerability disclosures were on track to surpass the total number disclosed in 2012.2
For one thing, disparate security solutions are sometimes just
toolkits. They often lack the ability to perform real-time analysis
of network flows, or to add context to network traffic and
topologies. This means that IT security teams have limited visibility into what’s really happening on the network. Vulnerability
scans can reveal hundreds of thousands—or even millions—of
exposures, and security administrators are typically faced with
the near-impossible task of prioritizing their efforts and then
manually mitigating and patching the weaknesses. To make matters worse, security threats keep escalating, compliance efforts
don’t go far enough, and organizations are hampered by inefficient, disparate tools for risk and vulnerability management.
Security threats are escalating
The quantity of vulnerabilities are exploding in today’s dynamic
environments, while attackers are exploiting them faster than
ever before—and with greater sophistication and stealth. In socalled “zero-day attacks,” exploits are created for vulnerabilities
in which a patch has not been released. In fact, X-Force found
that 77 percent of all exploitable vulnerabilities have a public
exploit available on the very same day.3 Then, in addition to the
potential lag time between the disclosure of vulnerabilities and
the availability of a patch, organizations need time to determine
which systems are affected, prioritize their remediation, and take
corrective action to patch those machines.
At the same time, today’s sophisticated attackers are becoming
stealthier. Recent research, for example, shows that attackers
are spending long periods of time in the victim’s network—an
average of 243 days—before being discovered.4 And even after
an incident is remediated, many targets are attacked again. To
get ahead of these advanced threats, security teams need to be
able to analyze network flows, detect anomalous behavior and
identify malicious patterns of activity. They must be able to
consider the complete network context of security events—
gathered from disparate sources—to help prevent attackers
from wreaking havoc.
4
Managing security risks and vulnerabilities
Compliance efforts are not enough
The need for integrated risk management
Many organizations deploy only enough security technology
to satisfy compliance requirements relevant to their industry,
such as the Payment Card Industry Data Security Standard
(PCI-DSS), Health Insurance Portability and Accountability Act
(HIPAA), the North American Electric Reliability Corporation
(NERC), Federal Energy Regulatory Commission (FERC) or
the Federal Information Security Management Act (FISMA).
In addition, they may have to comply with their own corporate
security requirements.
Today’s organizations are forced to manage security products
from many different vendors, using different types of tools.
For example, they may have firewalls from Cisco, Check Point
and Juniper Networks, to name a few. The challenge is being
able to manage risk and compliance across this heterogeneous
environment. What’s more, as endpoints multiply across the
organization, configuration errors and other vulnerabilities
grow. Mitigating these risks—and staying ahead of attackers—
is essential, particularly when critical assets with unpatched
vulnerabilities are exposed to attackers, both inside and outside
of the network perimeter.
And yet, these organizations often realize that they are likely
not doing enough. They typically understand the importance of
vulnerability and risk management, but simply lack the proper
tools and adequate staff to do a good job of it. By deploying
security solutions just to maintain compliance, organizations are
faced with:
●●
●●
●●
Lack of visibility: Disjointed security point solutions lack
complete visibility. They produce results that must be
reconciled, correlated and integrated in order to be useful.
Today’s organizations need solutions that are easy to install,
provide rapid time to value, and deliver a consolidated view
of the entire IT environment—where all types of devices are
susceptible to attack.
Inconsistent information: Fragmented processes often
provide conflicting or stale information about patches,
malware signatures and configurations. This can make
accurate compliance reporting a near-impossibility. In
addition, different teams are often unable to work together to
manage critical risks and vulnerabilities, since event correlation and prioritization across tools is often unsupported.
Increased costs: Routine compliance audits with disparate
tools can require more staff, which translates into higher costs.
Audits frequently need to be repeated to help ensure that
findings are addressed—which adds to costs, extends exposure
times and increases the vulnerability of noncompliant systems.
With disparate tools and siloed operations, organizations are
unable to react in near real time to the changing risk landscape.
Threats are continually evolving, and the network environment
is constantly changing. But many vulnerability scanners and riskmanagement tools operate in isolation. They are not integrated
with a security information and event management (SIEM)
engine to gauge—and reduce—risks with real-time analytics.
For example, firewall configuration errors are a gateway for
attackers, and organizations struggle with addressing this risk.
The ability to automatically collect, centralize, normalize and
analyze firewall rules for errors and weaknesses is critical.
Large organizations can have thousands of firewalls, each with
thousands of firewall rules. Relying upon manual analysis of
these firewall rules can be a waste of time and money, since it is
usually ineffective. Even in small environments, manual analysis
can consume precious IT resources that could be spent on more
strategic activities. In contrast, the latest risk-management solutions can also model network configuration changes before they
are made and simulate the potential spread of threats.
Getting proactive about security
To reduce the risk of exploits and compliance violations—while
also reducing the cost of manual labor and inefficient point
solutions—organizations need a comprehensive, proactive
approach to security. On today’s smarter planet, security teams
IBM Software
need to think like an attacker with a counter-intelligence mindset; they need to focus on managing vulnerabilities in terms of
business risk—and stop attacks before they occur.
Rather than reacting to compliance mandates or media reports
of high-profile attacks, organizations need to proactively:
●●
●●
●●
●●
●●
●●
●●
●●
Identify and protect high-value assets (people, applications,
data and networks) at risk for attack
Understand baseline behavior for systems and networks
Detect anomalies, analyze data and remediate issues
Gather and preserve evidence
Assess the effectiveness of security defenses
Understand, investigate and monitor network connections
and topology
Compare network device configurations, event counts and
a history of rules
Simulate attacks for proactive risk mitigation
With the latest integrated security intelligence solutions, organizations can use continuous monitoring and automated problem
resolution to help improve their security posture. These solutions can generate meaningful data from activity associated with
people, data, applications and infrastructure, and then pull all of
that data into a single repository. What’s more, organizations
can apply advanced analytics to that data—whether that data is
traditional security data or nontraditional, unstructured big data,
such as email messages—to connect different events to one
another, identify activity that is out of the ordinary and automatically remediate the security threats that were discovered.
networks require monitoring of the entire environment in real
time. In fact, forward-thinking organizations need proactive,
predictive and automated analytics to help them understand
normal patterns of use so they can quickly identify anomalies,
suspicious activity and other threatening trends to help avoid
data loss and service interruptions.
Unifying security resources with
IBM solutions
IBM offers integrated security solutions that can consolidate
information from across your environment to help you
strengthen your security posture, prioritize security activities and
extend the value of your IT investments. While many security
tools are available for security teams to perform vulnerability
and risk assessments, these tools often lack the intelligence,
automation and integration needed to make those assessments
actionable. What’s more, IBM security products not only integrate with each other, but also with other third-party solutions.
An integrated approach to security can deliver significant
advantages, including:
●●
●●
●●
Today, the wide variety of end-user devices, disparate backend
systems and the dynamic nature of IT infrastructures presents
challenges for traditional security technologies—that is, the firewalls and signature-based intrusion detection systems that block
known threats. Coupled with a new generation of sophisticated
attacks that are hard to detect and prevent, today’s ever-changing
5
Real-time visibility: To help protect the entire IT environment, an integrated approach provides security administrators
with the comprehensive, real-time visibility they need into the
security state of any connected device, regardless of where the
device is physically located.
Consistent information: An integrated approach can help
ensure that reports and assessments provide the same
up-to-date and accurate information to multiple teams.
Reduced costs: An integrated approach can minimize risk
while also reducing the costs associated with managing
security. A consolidated, proactive solution is much less
expensive over the long term than traditional point tools that
are often used for traditional security management.
6
Managing security risks and vulnerabilities
Unleashing the value of security
intelligence
Organizations that take a barebones approach to security tend
to deploy log management solutions with other standalone
safeguards—such as firewalls, intrusion detection, network
encryption, vulnerability scanners and authentication systems.
But these disparate point products do not provide the intelligence, automation and integration needed for proactive security
management.
Log
management
Next-generation
SIEM
Network activity
monitoring
IBM QRadar® Security Intelligence Platform provides a highly
integrated approach to security that can help improve operational efficiency, lower costs, and manage vulnerabilities and
risk for the entire organization. By automating processes and
consolidating information, these integrated IBM solutions
enable companies to proactively and cost-effectively manage data
privacy and protection—rather than simply focusing on passing
an audit. Using IBM Security QRadar solutions, organizations
can make security a priority and deliver strategic value to the
business.
Risk
management
Vulnerability
management
Future
Prioritized offenses
Network, asset and identity context
Categories
Normalization and categorization
Events, logs, configuration and flow data
IBM QRadar Security Intelligence Platform provides an integrated approach to understanding the context of vulnerabilities and minimizing risk.
IBM Software
Anchored by powerful, next-generation SIEM technology,
QRadar solutions enable organizations to achieve comprehensive
security intelligence by integrating log event data from across
the IT infrastructure with network flow data, configuration
and vulnerability data, application events and activities, user
identities, asset profiles, geolocation details and more. After
performing distributed data collection, normalization and
correlation analysis, QRadar solutions then forward actionable
results to a central console for further review and remediation.
●●
●●
QRadar Security Intelligence Platform provides a seamlessly
integrated solution for:
●●
●●
Log management: Most organizations generate huge
volumes of logs, and analyzing them can pose significant
challenges. With its customizable rules engine that includes
thousands of out-of-the-box rules, IBM Security QRadar Log
Manager can process each incoming event in real time; assign
severity, credibility and relevance attributes; and then trigger
an appropriate response. IT staff can analyze data and activity
trends from a central dashboard, identify security anomalies
and potential risks, and take action before any damage can
occur. It can also be easily upgraded to a full SIEM solution
with the use of a simple license key.
SIEM technology: Security teams need to understand the
nature of potential threats, including: Who is attacking?
What is being attacked? What is the business impact? Where
do we investigate? IBM Security QRadar SIEM captures data
from hundreds of data sources, including event data, network
f lows, asset vulnerabilities and user identity information. It
correlates these disparate types of data and categorizes them
by risk severity, so IT staff can prioritize their remediation
activities with a manageable list. Unlike an individual toolkit,
QRadar SIEM is an integrated solution that is easy to install
and easy to use, providing a rapid time to value. It features a
single management interface and a common database for
consistent results.
●●
7
Network activity monitoring: QRadar Security Intelligence
Platform provides deep network monitoring with anomaly
detection capabilities that can add rich context about potential
threats. In addition, IT staff can also help detect and prevent
advanced threats—from the inappropriate use of protocols, to
the unauthorized access of sensitive information, to the misuse
of administrative passwords.
Risk assessments: To proactively manage vulnerabilities
and stay a step ahead of threats, IBM Security QRadar Risk
Manager enables IT staff to visualize the network topology,
review security device configuration data and detect configuration errors—all from a single location. It features an automated policy engine that can quantify the risk of exploits
by calculating attack paths to vulnerable assets and evaluate
actual and potential network traffic for compliance with policy.
IT staff can also simulate threat propagation and assess the
potential impact of changes before they are made. Risk scoring
enables the modification of vulnerability severity scores based
on environmental factors like network reachability and asset
configuration.
Vulnerability management: Most vulnerability scanners
simply identify large numbers of exposures and leave it up to
security teams to manually determine the severity of risks.
IBM Security QRadar Vulnerability Manager provides a
single, fully integrated vulnerability assessment and analytics
system that supports all major operating systems and devices.
The product’s distributed scanning architecture leverages
existing QRadar hardware and can be quickly activated with
a license key, reducing deployment time and costs. It also
leverages integration with QRadar Security Intelligence
Platform to support event-driven scans and deep correlations
between QRadar SIEM and QRadar Risk Manager. This way,
limited IT resources can be focused on protecting assets with
the highest risk of attack.
QRadar Security Intelligence Platform features a unified
architecture that helps organizations improve security almost
immediately. Using a single, familiar interface, security teams
can quickly begin managing risks and vulnerabilities across a
distributed, heterogeneous environment.
8
Managing security risks and vulnerabilities
IBM Security QRadar SIEM makes it easy for security teams to manage vulnerabilities and exposures that pose the greatest risk—all from a single dashboard.
Improving security with vulnerability
management
Many organizations have implemented vulnerability management tools to comply with security policy and compliance
regulations, but those tools are often siloed point solutions with
separate scanners for networks, applications and databases—
which creates huge inefficiencies in both time and effort. These
disparate tools typically identify a “sea” of vulnerabilities that are
not correlated, categorized or prioritized, and do not result in
actionable information. In fact, typical networks might have up
to 30 vulnerabilities per IP address,2 resulting in overwhelmed
patch management and remediation processes. IT staff need to
be able to focus their efforts on the most critical vulnerabilities—
and catch hidden weaknesses that are missed by periodic
scanning.
QRadar Vulnerability Manager is designed to transform tedious
monthly or quarterly vulnerability scanning and reporting into a
fully integrated, continuous monitoring program that combines
regularly scheduled vulnerability scans with the real-time capabilities of QRadar Security Intelligence Platform. The result is
complete visibility across dynamic, multi-layered networks.
Organizations can:
●●
●●
●●
Create, schedule, monitor and view the results of vulnerability
scans directly from the QRadar user interface
Leverage the QRadar rules engine to invoke event-driven
vulnerability scans, such as when a new asset is attached to
the network
Perform comprehensive analysis into asset vulnerabilities
(regardless of discovery source), including powerful searching
and filtering capabilities
IBM Software
●●
●●
●●
●●
Save vulnerability searches for re-use by other QRadar
applications, including QRadar Risk Manager
Make faster, better-informed decisions with a risk-prioritized,
consolidated view of vulnerability scan data
Generate early-warning alerts that identify the systems
that may be vulnerable to the latest exploits—even before
vulnerability data is published
Help coordinate patching and virtual patching activities,
including recommending intrusion prevention system (IPS)
and next-generation firewall signatures to block potential
attack paths
QRadar Vulnerability Manager includes an embedded, PCIcertified scanning engine for running scheduled, on-demand
and event-triggered scans, providing near real-time visibility to
weaknesses that could otherwise remain hidden for weeks or
months. The QRadar solution can detect and immediately scan
any new asset that appears on the network. As a result, organizations can reduce their exposure to vulnerabilities between regular scanning cycles and help ensure compliance with the latest
security regulations.
Using the same rules-based approach as QRadar SIEM, QRadar
Vulnerability Manager helps minimize false positives and filters
out vulnerabilities already classified as non-threatening—that is,
vulnerabilities that can be given a low priority and be patched
later. For example, applications may be installed on a server, but
they may be inactive, and are therefore not an imminent security
risk. Integration with QRadar Risk Manager can reveal when
devices that appear exposed are actually protected by a firewall
or intrusion protection device; likewise, integration with
IBM Endpoint Manager can show which vulnerabilities are
patchable, which endpoint vulnerabilities are already scheduled
for patching, and which patches have been applied.
Inactive
Inactive: Network flow
data can help identity if
applications are active
Patched: Integration with
patch management will
reveal what vulnerabilities
will be patched
Patched
Critical
At risk!
Critical: Vulnerability knowledge base,
remediation flow and policies inform
about business-critical vulnerabilities
9
Blocked
Blocked: Firewall and IPS
rules can identify what
vulnerabilities are exposed
Exploited!
Exploited: Integration
with threat platforms can
alert when specific
vulnerabilities are attacked
At risk: Usage and threat
data can be used to identify
what vulnerabilities are at risk
IBM Security QRadar Vulnerability Manager can help organizations understand the severity of vulnerabilities, including which systems are scheduled for patches or
blocked by firewalls, so security personnel can prioritize remediation efforts efficiently.
10 Managing security risks and vulnerabilities
QRadar Vulnerability Manager maintains a current view of all
discovered vulnerabilities, including which vulnerabilities are still
at risk of being exploited. The software also presents historic
views of daily, weekly and monthly trends, and can produce the
long-term trending reports required by many security compliance regulations.
Combining vulnerability management
with risk management
Risk management can help. With the right risk-management
solution, organizations can:
●●
●●
QRadar SIEM enables organizations to centralize vulnerability
data from many different sources, ranging from QRadar
Vulnerability Manager to other IBM products, such as
IBM Security AppScan®, Endpoint Manager and
IBM InfoSphere® Guardium®, as well as many third-party
vulnerability assessment tools. With all of this vulnerability
data at their fingertips, security professionals need to be able
to risk-prioritize the data not only by using industry-standard
benchmarks, such as the Common Vulnerability Scoring System
(CVSS), but also by increasing or lowering risk scores based on
local network activity and device configurations.
●●
Build a network topology—Security teams can create a
model of the network that not only depicts the relationships
between network devices, but also shows the active application
paths by understanding network security device configuration
and routing information.
Create and monitor risk policies—With the QRadar Risk
Manager policy engine, security teams can test compliance
rules against actual network traffic, network configurations,
asset configurations and vulnerabilities. For example, they can
create policy-monitoring questions that test whether the
network traffic crossing the DMZ is restricted to well-known
and trusted protocols (such as HTTP or HTTPS on specified
ports), test which users are communicating with critical
network assets, and identify rules in a device that violate a
defined policy or introduce risk into the environment. A very
common occurrence is when servers that were not previously
accessible from the Internet become inadvertently accessible
due to a firewall change.
Simulate threats—Security teams can leverage the network
topology, network traffic and vulnerability data to depict how
an exploit could spread through the network.
IBM Security QRadar Risk Manager enables organizations to visualize the relationships between network devices and simulate the impact of changes on
high-value assets.
IBM Software 11
QRadar Risk Manager meets all of these requirements and
more, complementing QRadar SIEM and QRadar Vulnerability
Manager by helping organizations identify their most vulnerable,
highest-risk assets. It can generate alerts when assets and devices
engage in out-of-policy activities or if a firewall rule change
could potentially expose them to exploit. Organizations can also
create policies that calculate attack paths between the Internet
and assets with unpatched vulnerabilities, automatically increasing the risk score of those assets so their remediation activities
can be prioritized.
Using the QRadar Risk Manager interface—available from
within the unified QRadar Security Intelligence Platform central
console—IT staff can:
●●
●●
●●
●●
Easily create and maintain a network topology by leveraging
security device configuration data and routing information
Create policies that map directly to security mandates and
compliance requirements, such as checking for the actual or
potential use of insecure protocols, unapproved applications
and communications between networks
Develop policies that evaluate unpatched vulnerabilities, asset
configurations and reachability by attackers in order to
increase or decrease the risk score of those vulnerabilities and
assets, enabling risk-prioritized remediation activities
Simulate firewall rule changes and model the spread of
potential exploits across the network
QRadar Risk Manager is a fully integrated part of QRadar
Security Intelligence Platform, which allows it to leverage a wide
breadth and depth of security data that other products cannot
match. This includes network events and flows, as well as asset
vulnerabilities and configuration data. As a result, QRadar Risk
Manager can automatically identify offenses and generate notifications when policies are not in compliance. And this is all
accomplished through the unified console for QRadar solutions.
Closing the gaps in risk and vulnerability
management
QRadar Risk Manager and QRadar Vulnerability Manager are
designed to work together to provide smarter protection for
high-value assets. While QRadar Vulnerability Manager provides the status of system vulnerabilities, QRadar Risk Manager
adds the network context. It knows which network paths are
active, which systems can be directly attacked via the Internet
(or from other points inside the network, such as potentially
exploited machines) and which ones are protected. Together,
they provide a powerful solution for managing vulnerabilities
and risks.
To obtain early warnings of potential attacks, an organization
can create a policy in QRadar Risk Manager that checks vulnerable assets for an attack path that could be used to exploit the
machine. The policy can then be set to increase or decrease the
risk score of the vulnerabilities on affected devices; for example,
security teams can increase the risk score by 50 percent for
devices that are directly attackable and decrease the risk score by
50 percent for devices that are not attackable. Users can then
generate vulnerability reports sorted by risk score, which can
then be used by patch managers to schedule remediation for the
“riskiest” assets first. Dynamically increasing or decreasing the
relative risk of a system’s vulnerabilities, along with the relative
need for patching, is a strategic advantage of linking QRadar
Risk Manager with QRadar Vulnerability Manager.
Conclusion
With security threats exploding around the world, organizations
need to be proactive about managing risks and vulnerabilities
before any significant damage can occur. QRadar Security
Intelligence Platform enables organizations to stay a step ahead
of security threats—and get more value from their security
budget—by focusing on critical assets that are truly at risk.
Advanced labor-saving automation can increase efficiency of
IT staff. Plus, QRadar solutions are easy to install and upgrade,
often just requiring a simple license key to enable additional
functionality.
By taking advantage of the integration between QRadar
Vulnerability Manager and QRadar Risk Manager, IT teams
have the power to proactivity identify vulnerabilities and minimize risks across a dynamic infrastructure. They can visualize
the network environment, calculate risk scores, simulate attacks,
prioritize vulnerabilities and take efficient, corrective action to
take a bite out of cybercrime.
For more information
To learn more about the integrated products within
IBM QRadar Security Intelligence Platform, please contact
your IBM representative or IBM Business Partner, or visit:
ibm.com/software/products/us/en/qradar
About IBM Security solutions
IBM Security offers one of the most advanced and integrated
portfolios of enterprise security products and services. The
portfolio, supported by world-renowned X-Force research and
development, provides security intelligence to help organizations
holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management,
database security, application development, risk management,
endpoint management, network security and more. These
solutions enable organizations to effectively manage risk and
implement integrated security for mobile, cloud, social media
and other enterprise business architectures. IBM operates
one of the world’s broadest security research, development
and delivery organizations, monitors 15 billion security events
per day in more than 130 countries, and holds more than
3,000 security patents.
1 Ponemon
Institute, “2013 Cost of Cyber Crime Study: United States,”
October 2013. http://media.scmagazine.com/documents/
54/2013_us_ccc_report_final_6-1_13455.pdf
2 IBM,
“IBM X-Force 2013 Mid-Year Trend and Risk Report,”
September 2013. http://www-03.ibm.com/security/xforce/downloads.html
3 IBM,
“IBM X-Force 2012 Trend and Risk Report,” March 2013.
http://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf
4 Eduard
Kovacs, “It Takes a Company 243 Days to Discover a
Sophisticated Attack, Study Shows,” Softpedia, March 15, 2013.
http://news.softpedia.com/news/It-Takes-a-Company-243-Days-toDiscover-a-Sophisticated-Attack-Study-Shows-337342.shtml
© Copyright IBM Corporation 2014
IBM Corporation
Software Group
Route 100
Somers, NY 10589
Produced in the United States of America
January 2014
IBM, the IBM logo, ibm.com, AppScan, InfoSphere, Guardium, QRadar,
and X-Force are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the web at “Copyright and trademark
information” at ibm.com/legal/copytrade.shtml
This document is current as of the initial date of publication and may be
changed by IBM at any time. Not all offerings are available in every country
in which IBM operates.
THE INFORMATION IN THIS DOCUMENT IS PROVIDED
“AS IS” WITHOUT ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING WITHOUT ANY WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND ANY WARRANTY OR CONDITION OF
NON-INFRINGEMENT. IBM products are warranted according to the
terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations
applicable to it. IBM does not provide legal advice or represent or warrant
that its services or products will ensure that the client is in compliance with
any law or regulation.
Statements regarding IBM’s future direction and intent are subject to change
or withdrawal without notice, and represent goals and objectives only.
Statement of Good Security Practices: IT system security involves protecting
systems and information through prevention, detection and response to
improper access from within and outside your enterprise. Improper access
can result in information being altered, destroyed or misappropriated or can
result in damage to or misuse of your systems, including to attack others.
No IT system or product should be considered completely secure and no
single product or security measure can be completely effective in preventing
improper access. IBM systems and products are designed to be part of a
comprehensive security approach, which will necessarily involve additional
operational procedures, and may require other systems, products or services
to be most effective. IBM does not warrant that systems and products are
immune from the malicious or illegal conduct of any party.
Please Recycle
WGW03049-USEN-00