2014 년 5 월 20 일 2014 년최신보안동향분석및보안인텔리전스대응방안 박형근전문위원, 보안사업부, SWG 2014 IBM Corporation
IBM 보안역량 Security Operations Centers Security Research and Development Labs v13-01 Institute for Advanced Security Branches 6,000+ IBM researchers, developers, and subject matter experts focused on security 3,000+ IBM security patents
전세계보안시장점유율 2012 Enterprise Security Market Share 1 Cisco 2 Symantec 3 IBM 4 Check Point Software 5 McAfee (Intel) 6 EMC 7 Trend Micro 8 Microsoft 9 HP 10 Juniper Networks Source: IDC Worldwide IT Security Products 2013-2017 Forecast and 2012 Vendor Shares, December 2013, IDC #245102
공격의최적화와전략적대상선정
2013 보안이벤트 > 공격 > 사고
2013 보안사고시사점 (1)
2013 보안사고시사점 (2)
최근 3 년간보안사고유형 5 억건이상, 2013 년도개인정보유출사고!!!
2014 년국내주요보안사고
미국 Target 사데이터유출사고
2013 년보안사고유형
자바취약점증가
공격에활용되는대표적인사용자애플리케이션
효과적인사용자공격 Watering Hole 특정관심사와관련된웹사이트상에악성코드삽입 취약한중요사람들을공격 Malvertising 온라인광고네트워크상에악성코드삽입 합법적인웹사이트상에악의적인광고서비스 취약한사용자공격
최신보안사고사례
안티바이러스의죽음
웹취약점 : 압도적위협 Applications in Development In-house development Outsourced development Production Applications Developed in house Acquired Off-the-shelf commercial apps
국내인터넷뱅킹모바일앱보안취약점분석결과의시사점 1. 내장웹브라우저의 WebView Class 를사용함에있어, 기본비활성화된 JavaScript 를활성화하여사용. mywebview.getsettings().setjavascriptenabled(true); 2. WebView Class 로호출하는웹 URL 에대해전송계층암호화인 SSL/TLS 를사용하지않음. 3. 결과적으로 MITM 공격자에의해 XSS 취약점에노출될수있으며, 그로인한내부금융정보유출, 피싱, 변조등의위험존재.
주요소프트웨어공급사의패치주기향상
IB M Se cu r i t y N e t wo r k IP S O p e n SSL He a r t B l e e d 취약점에대한공격탐지및대응 ( 차단 ) 공격자 2014 보안위협동향과내부통제를위한 IBM 의제언 OpenSSL HeartBleed 취약점?!!!!! 총 1,151,673 건
웹보안, 또다른생각!!! AppScan 을통한보안분석 웹사이트 진단된웹취약점에대한공격탐지및대응 ( 차단 ) I P S 패턴정보자체업데이트 IB M Se cu r i t y N e t wo r k IP S IPS 패턴정보로 AppScan 취약점데이터활용 공격자 사이트진단 I P S 로취약점정보전달 패치를위해개발자에게전달 웹개발자들
DB 암호화, 또다른생각!!! Log files Password files Configuration files Archive IIS Apache ERP CRM Payments CMS WebLogic Custom Apps DB2 Oracle Informix Sybase Access File Servers FTP Servers Email Servers Others Log files Password files Configuration files Archive Data files Transaction logs Exports Backup File shares Archive Content repositories Multi-media Cloud
IBM 보안프레임워크 Security Services
IBM 보안프레임워크활용법 카테고리 Identity and Access Management Data Information Protection Assurance Threat & Vulnerability People 분류 & 관리 인증보호 행위 교육 & 문화 Data 접근통제 분류 & 암호 무결성 암호키관리 Application 권한 처리 테스트 보안코딩 Infra 접근통제 저장 / 전송 모니터링 패치관리 보안정책과솔루션아키텍처의시작
Identity Intelligence 사용자의계정정보를알아내기위해로그인에성공할때까지모든가능한값들을가지고무차별대입시도하는행위에대해서탐지합니다. 이를 QRadar 가감지하며세션이성공하면발견된세션을삭제또는계정을잠그는등실시간권한을차단하며, 보안담당자에게통보됩니다. Brute-Force Attack 이벤트탐지 동일계정에서 1 분마다암호를바꿔가면서 PoP3 메일서버에접속시도 (Brute-Force Attack) 탐지사례
IBM 보안솔루션포트폴리오
IBM Security Systems Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security Copyright IBM Corporation 2013. 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 27 2014 IBM Corporation