보안세미나_발표자료 - 박형근

© 2015 IBM Corporation

IBM Security Systems

1 © 2015 IBM Corporation

보안 경영의 시작,

한 눈에 보는 IBM 보안 프레임워크

박형근 실장 IBM AP Security Tiger



2

IBM 보안 전략 2015

메가 트랜드

Advanced

Threats Cloud Mobile / IOT Compliance

Skills

Shortage

참여자

CISO CIO 현업

최신 동향을 설명하기 위한 통합과 혁신을 통한

차별화된, 폭넓은 솔루션 포트폴리오 전달

CISO 아젠다 지원 1

핵심 보안 동향 기반

혁신 과제 수행 2

포트폴리오

Management Consulting

Systems Integration

Integrated Products

Security as a Service

Managed Security

Strategy, Risk and Compliance

Cybersecurity Assessment and Response

Security Intelligence and Operations

Advanced Fraud

Protection

Identity and Access

Management

Data Security

Application Security

Network, Mobile and Endpoint

Protection

Advanced Threat and Security Research

선택 영역에 대한

기술 리더쉽 3



3

2014 IBM CISO Assessment Report 결과 – 미래를 위한 강화

보다 많은 영향과 지원 획득

외부 위협에 대한 많은 우려

보다 많은 외부와의 협업 기대

오늘날 기술에 대한 집중

정부의 역할에 대한 불확실성



4

83% CISO - 지난 3년 사이 외부 위협이 증가했다

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015 and 2014 IBM Chief Information Security Officer Assessment

민감한 데이터가 거의 메일

유출

40% 증가 보고된 데이터 유출 및 사고 내

여러 방법의 혹독한 사용

800,000,000 이상 레코드 유출, 반면 미래에 대한

변화의 징후는 없음.

침해된 레코드의 “미친 것 같은” 양

42% CISO 과거에서 극적으로 증가된 외부

위협으로부터 위험을 주장.

https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-WW_Security_Organic&S_PKG=ov33510&S_TACT=C327017W&dynform=18101









http://www.ibm.com/security/ciso





5 Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015












6

2014년 공개된 취약점의 수

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015












7

2014년 – 심각한 설계 취약점 유행

Heartbleed CVE-2014-0160

OpenSSL

Shellshock CVE-2014-6271/7169

Unix Bash shell

POODLE CVE-2014-3566/8730

SSL 3.0 Protocol

GHOST CVE-2015-0235

Linux GNU C Library



8

• 현재 혹은 신규 보안 솔루션이 너무 중복되거나 충돌하지 않나요?

• 보안 솔루션을 통합/정리하고 싶은데 영향도 파악이 되지 않나요?

• 새로운 IT 기술 도입 시 빠르게 적용해야 할 통제 영역이 확인되나요?

• 현 보안 인프라 중 부족한 영역은 어디일까요?



9

보안 프레임워크?

• 커뮤니케이션 툴이자 참조 모델

• 전사 보안 영역에 대한 큰 그림 제시

• 보안 전략과 정책에 대한 기반과 방향성.

• 보안 아키텍처를 위한 뼈대 제공

• 최적화는 어떻게?



10

IBM 보안 프레임워크

고도화된 위협, 선제 방어

클라우드

모바일/ IoT

법, 규제, 내/외부 감사

보안 전문 인력 부족

5대 핵심 과제 CISO의 변화하는 역할

The IBM Security Framework



11

참조모델 1. 비즈니스 중심 보안 프레임워크의 활용

비즈니스 관점

보안 영역

보안 프로세스 공통 보안 요소

아키텍처 관점

기술적 관점 플랫폼 컴포넌트 구성 비즈니스 중심

보안 프레임워크

보안 블루프린트

보안 아키텍처

비즈니스 기술, 아키텍처

원칙과 선도사례

표준과 기술

보안 이슈와 동인

비즈니스 동향 정의

기술 동향 정의

보안과 IT 아키텍처의 통합된 카테고리



12



13

IBM 보안 프레임워크



14

보안 프레임워크를 재정의할 때에는 반드시 통합과 연계를 통해 보안의 가치를 극대화하십시오.

IBM Confidential

통합 인텔리젼스 새로운 보안 위협을 자동으로 탐지하고 대응하기 위해서는 따로 격리된 정보들 간의 상관 관계를 분석해야 합니다.

통합 방어 보다 향상된 보안 체계 구축을 위해서는 하나의 기술, 솔루션, 체계가 아닌 여러 통제 영역이 서로 간의 상호 협업과 시너지를 통해 보다 결합력 있고, 쉬운 보안 관리를 제공합니다.

통합 혁신 취약점, 공격 그리고 악성코드에 대한 최신 정보를 여러 통제 영역에 걸쳐 공유하고, 새로운 위협에 대한 대응을 통합적인 관점에서 연구하고 혁신시킵니다.



15 IBM Confidential



16



17

IBM Security Trusteer Apex Advanced Malware Protection

IBM Confidential

<141>Oct 6 14:47:38 teep[2885]: LEEF:1.0

Trusteer

Trusteer Enterprise Protection

ver_1303.1

ProcessCreate.cp_cmd_killer

devTime=Oct 06 2014 14:47:38.000 UTC

resource=00000000000000000000000000000000295C9079AF472F7004F48E72B45795C6

cat=exploitation

src=1.1.1.2

sev=9

exploited_process_path=c:\program files\java\jre6\bin\java.exe

exploited_process=java.exe

suspicious_item_md5=8099567CC6C532B940632455E8A3BD4B

suspicious_item=csrs.exe

suspicious_item_command_line=

rapport_bin_version=3.5.1404.11

scenario_version=version1

…

rapport_conf_revision=1954730

scenario_name=ProcessCreate.cp_cmd_killer

devTimeFormat=MMM dd yyyy HH:mm:ss.SSS z



18

우회 공격 탐지 및 가상 패치 기술 – IBM Security Network Protection

IBM Confidential



19



20



21



22 IBM Confidential



23

IBM 보안 솔루션 포트폴리오



24

IBM 보안 서비스 포트폴리오

IBM Security Services Portfolio

People Data Applications Infrastructure

Identity

Assessment & Strategy Crown Jewels Discovery & Protection SDLC Program Development Security Optimization

User Provisioning/Access Mgmt Database Security Dynamic and Static Testing Design, Deployment & Migration

Total Authentication Solution Encryption and

Data Loss Prevention

Embedded Device Testing Staff Augmentation

Managed/Cloud Identity Mobile Application Testing

Strategy, Risk & Compliance

Security Maturity

Benchmarking

Security Strategy &

Roadmap Development

Security Risk Assessment &

Program Design

Industrial Controls

(NIST, SCADA) PCI Advisory

Firewall / Unified Threat

Management

Intrusion Detection &

Prevention

Web Protection & Managed

DDoS

Hosted E-Mail & Web

Vulnerability Mgmt

Managed SIEM &

Log Management

Security Operations

Security Intelligence Operations Center Design & Build Out Services

Cloud and Managed Services

Cybersecurity Assessment & Response

Threat Intelligence Advisory X-Force Threat Analysis Penetration Testing Incident Preparation Emergency Response



25

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

http://www.ibm.com/security

보안세미나_발표자료 - 박형근

Business

Transcript of 보안세미나_발표자료 - 박형근