© 2015 IBM Corporation IBM Security 1 © 2015 IBM Corporation Protecting against cyber threats and security breaches IBM APT Survival Kit Overview Client Deck IBM Security Services June 13, 2016 SEP03315-USEN-02

© 2015 IBM Corporation IBM Security 2 We are in an era of continuous breaches, relentless attackers and a rising damage toll SQL injection 2 Spear phishing DDoS 3 Third-party software Physical access MalwareXSS 4 Watering hole Undisclosed Attack types Aggressive adversary evolution: attack types over time 1 1 Size of circle estimates relative impact of incident in terms of cost to business. IBM X-Force  Threat Intelligence Quarterly – 1Q 2014, 2 Structured query language; 3 Distributed denial of service, 4 Cross site scripting IBM® X-Force  -declared year of the security breach 40% increase in reported data breaches and incidents 500,000,000-plus records were leaked, while the future shows no sign of change

© 2015 IBM Corporation IBM Security 3 This evolution suggests that it’s no longer a matter of if you’ll be compromised; it’s a matter of when 1 Okay, Breaches Are Inevitable: So Now What Do We Do? by Paula Musich, Current Analysis, July 20, 2012, are-inevitable-so-now-what-do-we-do/; 2 IBM X-Force® 2012 Mid-year Trend and Risk Reporthttp://itcblogs.currentanalysis.com/2012/07/20/okay-breaches- are-inevitable-so-now-what-do-we-do/ Assume a compromised environment “One thing is clear: the longer a stealthy attacker sits undetected in the enterprise network and its endpoints, the more damage they can do.” 1 Intelligence and response are critical capabilities “While protection and prevention efforts should not be neglected, the true measure of an organization’s advanced persistent threat (APT) defenses is its ability to quickly detect breaches and thoroughly research the extent and impact of those breaches.” 2

© 2015 IBM Corporation IBM Security 4 Data can be gone before you realize it, but visibility enables early detection and more rapid response Verizon Data Breach Investigations report, of compromises take weeks or more to discover, and 59% take weeks or more to contain 1 83 % Time span of events by percent of breaches 1 Initial attack to initial compromise Initial compromise to data exfiltration Initial compromise to discovery Discovery to containment or restoration SecondsMinutesHoursDaysWeeksMonthsYears 10%75%12%2%0%1%0% 8%38%14%25%8% 0% 2%13%29%54%+2% 0%1%9%32%38%17%4% It can take only minutes to get in… …but months to discover and recover

© 2015 IBM Corporation IBM Security 5 The (cyber) storm is coming: are you ready? In today’s environment, an inevitable breach must be assumed. In fact, you may already be compromised. Get ready before it hits with IBM APT Survival Kit End-to-end breach preparedness and recovery guidance  Prevention, detection and remediation helps:  Identify weaknesses in your security posture  Determine if compromise has occurred  Develop plans to harden your defenses  Enable more rapid response should a cyber incident occur  End-to-end versus siloed protection to:  Achieve greater cost-effectiveness and reduced complexity versus ad-hoc protection  Gain peace of mind knowing that your organization’s security posture and reputation is better protected APT: Advanced Persistent Threats

© 2015 IBM Corporation IBM Security 6 IBM APT survival kit IBM Active Threat Assessment IBM APT survival kit can help you better prepare for, detect and remediate attacks, reducing the timeline for potential impact Attack Timeline Lower impact Higher impact Business as usual Remediation and recovery IBM Emergency Response Services IBM Penetration Testing Attack Modeling with tabletop exercise IBM Incident Response Planning Cyber- security awareness workshop Undetected attack Incident detection PREVENTION WINDOWDETECTION WINDOWREMEDIATION WINDOW APT: Advanced Persistent Threats Add-ons + Security intelligence analyst IBM Managed Web DefenseDDoS attack simulation NEW

© 2015 IBM Corporation IBM Security 7 Optimize your prevention window Cybersecurity awareness workshop IBM Incident Response Planning Attack modeling With tabletop exercise IBM Penetration Testing IBM examines the anatomy of modern cyber attacks to generate executive -level awareness of a client’s security posture and discuss key actions to be taken Two-hour remote briefing Behind-the-scenes perspective Real-world scenarios and examples Interactive, action-oriented demonstrations How strong is my security posture against cyber attacks? IBM helps clients review, develop and test their incident response plan to build the foundation for incident response and recovery A framework for effective response Organizational roles and responsibilities Types and priorities of each incident Escalation and communication What should I do when the inevitable attack happens? IBM provides clients with detailed threat and attack modeling down to a granular level, including region, industry and sector Harden the organization against potential cyber incidents Verify security paper policy against known and unknown threats in your landscape What’s in my threat landscape? IBM helps clients identify vulnerable systems, and provides a detailed security roadmap and impact analysis to help prevent network compromise Network discovery and reconnaissance Remote exploitation attempts Insight and access to IBM’s X-Force team Perimeter and internal probing Where am I vulnerable, and how can I help prevent compromise?

© 2015 IBM Corporation IBM Security 8 Help speed detection and remediation IBM helps clients identify active threats that currently exist in their environment while uncovering potential threats requiring mitigation Coordinated Attack Simulation Tool-based scanning of APT IOCs 1 IBM helps clients combat a significant intrusion, sophisticated attack, or other security incident for faster recovery and forensic analysis Annual planning workshop and ongoing quarterly checkpoints Proactive incident preparation Around-the-clock global hotline Memory and log analysis Critical controls assessment 1 Indicators of compromise Am I already infected with malware? Is there a hidden attack? Help, I am under attack! IBM Active Threat Assessment IBM Emergency Response Services

© 2015 IBM Corporation IBM Security 9 Further strengthen your security posture with APT add-on services IBM Managed Web Defense Security intelligence analyst IBM helps prevent attacks before they impact your web presence, including web attack alerts and protection for user activity, website and infrastructure Includes browsing, DDoS 1, DNS 2, IPDS 3, network, server and WAF 4 protection Kona Site Defender from Akamai X-Force Hosted Threat Analysis Service How can I protect our presence, activity and users on the web? IBM provides a dedicated resource to analyze your current security posture and provides policy tuning and strategic recommendations to strengthen it Analysis of daily security events Annual security policy reviews Client briefings providing additional insight Monthly vulnerability scan results review Who can provide me with security analysis, insights and guidance? 1 Distributed denial of service attacks (DDoS); 2 Domain name system (DNS); 3 Intrusion prevention and detection system (IPDS; 4 Web application firewall; (WAF) + DDoS attack simulation NEW IBM helps clients prepare for, and help prevent Distributed Denial of Service (DDoS) attacks, including real-life attack simulations Multiple real-life attacks simulated Can be combined with other attacks Highly customizable, measurable scenarios Mix of valid user and malicious traffic How can I prepare for and help prevent DDoS attacks?

© 2015 IBM Corporation IBM Security 10 We can work with you to customize your IBM APT Survival Kit IBM Security Services Intelligence. Integration. Expertise. Responding to – and recovering from – sophisticated security attacks Download Building a security incident response plan that works Security Essentials – responding to the inevitable incident 2014 Cyber Security Index

© 2015 IBM Corporation IBM Security 11 © Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY