IBM Endpoint Manager - Meeting the Challenges of PCI DSS compliance
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

IBM Endpoint Manager - Meeting the Challenges of PCI DSS compliance

  • 842 views
Uploaded on

This presentation outlines how IBM Endpoint Manager can assist organisations be PCI DSS compliant

This presentation outlines how IBM Endpoint Manager can assist organisations be PCI DSS compliant

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
842
On Slideshare
842
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
45
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IBM Endpoint Manager Meeting the challenges for Payment Card Industry Data Security Standard (PCI DSS) compliance January 2014
  • 2. © 2013 International Business Machines Corporation 2 Presentation Overview • Other  clients  using  IBM  Endpoint  Manager  (IEM)   • PCI  DSS  recap   • IBM  Endpoint  Manager  overview   • How  IEM  assists  with  PCI  DSS  compliance   • Case  Study:    The  Co-­‐operaEve  Food   • Other  IEM  services   • Summary  
  • 3. © 2013 International Business Machines Corporation 3 Endpoint complexity continues to increase Endpoint device counts, devices and platforms Compliance requirements to establish, prove and maintain continuous compliance Speed, severity and complexity of malware attacks Patch O/S and application vulnerabilities with hours Rapid, agile, automated remediation is needed Mobile/roaming endpoints New form factors and platforms Employee-owned devices Establish, prove and maintain continuous compliance
  • 4. © 2013 International Business Machines Corporation 4 What is PCI DSS and why should you care? •  PCI DSS – Payment Card Industry Data Security Services –  12 Requirements to Protect Credit Card Information –  3 Levels based on transactions per annum 1.  >6m transactions per annum 2.  150k to 6m transactions per annum 3.  <150k transactions per annum –  Formed in September of 2005 •  By these five leading credit card vendors •  Consequences of Non-Compliance –  Steep monetary fines –  Revocation of credit card business trading privileges American Express Discover JCB MasterCard VISA
  • 5. © 2013 International Business Machines Corporation 5 IBM Endpoint Manager offers a unified management platform Desktop and Server Administration Delivers patch, inventory, software distribution, OS deployment, remote control capabilities and near real-time visibility into the state of endpoints including advanced capabilities to support server endpoints. Software Asset Management Track software usage patterns and trends across Windows, UNIX and Linux endpoints with always on asset management to enhance license compliance. Manages software assets from procurement to retirement using control desk integration. Mobile Device Management & Security Address issues of security, complexity and bring-your-own- device (BYOD) policies across a unified platform that spans Apple iOS, Google Android, Blackberry, Nokia Symbian and Microsoft Windows Mobile platforms. Endpoint Security, Protection & Compliance Provides unified, real-time visibility and enforcement to protect distributed environments against threats that target endpoints and helps organizations to comply with regulatory standards on security.
  • 6. © 2013 International Business Machines Corporation 6 IBM Endpoint Manager (IEM) and PCI DSS The PCI DSS standard applies to network components, servers and applications that are included or connected to a cardholder data environment. The cardholder environment is considered to be made up of the people, processes and technology providing cardholder data services. A great article by Orb Data on IEM and PCI DSS here IEM ensures compliance with a number of PCI DSS requirements. IEM works with other IBM security products such as QRader
  • 7. © 2013 International Business Machines Corporation 7 PCI DSS: The six goals and twelve requirements American Express Discover JCB MasterCard VISA ✔ ✔ ✔ ✔ ✔ ✔
  • 8. © 2013 International Business Machines Corporation 8 IBM Endpoint Manager implements PCI via two key modules: Lifecycle and Security and Compliance Vulnerability Management Patch Management Security Configuration Management PCI IBM Endpoint Manager PC / Server Configuration Lifecycle Management IBM Endpoint Manager Security & Compliance / Endpoint Protection IBMEndpointManager TechnicalControls PCI PolicyandProcessFramework
  • 9. © 2013 International Business Machines Corporation 9 IBM Endpoint Manager for Security and Compliance: What It Does •  SCM is a library of technical controls and tools based on industry best practices and standards produced by organizations such as DISA and NIST. •  It allows organizations to achieve IT security compliance by detecting, remediating, enforcing, and reporting on security configuration policies across heterogeneous systems in centralized and distributed environments, including servers, desktops, notebooks, and mobile devices Before…   Lack  of  visibility,  lack  of  standards  enforcement,  poor   success  rates,  insecure   –  Ongoing  failures  to  secure  systems  and  miEgate   against  threats   –  Systems  highly  suscepEble  to  internal  abuse  and   external  aKack   ANer…   Con8nuous  compliance,  real-­‐8me  repor8ng   –  Leverage  out-­‐of-­‐the-­‐box  checklists  to  assess   compliance  and  automate  remediaEon  of  non-­‐ compliant  systems   –  Real-­‐Eme  security  and  compliance  automaEon   and  reporEng   Policy  libraries  that  enable  detecEon,  remediaEon,  and  conEnuous  enforcement  of   security  technical  controls   IBM CONFIDENTAL – FOR INTERNAL IBM CORP USE ONLY
  • 10. © 2013 International Business Machines Corporation 10 Over 5000 out of the box checks are applied for systems hardening, security, and compliance objectives. PCI IBM Endpoint Manager PC / Server Configuration Lifecycle Management IBM Endpoint Manager Security & Compliance / Endpoint Protection IBMEndpointManager TechnicalControls PCI PolicyandProcessFramework
  • 11. © 2013 International Business Machines Corporation 11 Analytics tools enable flexible, easy to use, powerful compliance reporting
  • 12. © 2013 International Business Machines Corporation 12 The Co-operative Food enhances PCI DSS compliance with IBM Endpoint Manager The challenge Achieving PCI compliance across a vast retail estate of 70,000 staff and 2,800 stores across the UK. 18,500 endpoints across the UK. The solution Implemented IBM’s Endpoint Manager to to provide patching and security and compliance: •  Patch Management •  Security and Compliance “With IBM Endpoint Manager we will be able to guarantee that all of our endpoints are patched appropriately, and we will be able to provide solid proof that we have a regular, fully documented patch process in place. This will be a huge step in helping us to move closer to full PCI DSS compliance." – Neil Wakefield, System and Process Change Manager, The Co-operative Food” Benefits Will be able to provide solid proof that we have a regular, fully documented patch process in place for PCI DSS. See Case Study - http://ibm.co/ 1jDQlKQ
  • 13. © 2013 International Business Machines Corporation 13 What else can IEM do? Endpoints •  Common management agent •  Unified management console •  Common infrastructure •  Single server IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Desktop / laptop / server endpoint Mobile Purpose specific Systems Management Security Management Server Automation
  • 14. © 2013 International Business Machines Corporation 14 IBM Endpoint Manager continuously monitors the health and security of all enterprise computers in real-time via a single, policy-driven agent Desktop / laptop / server endpoint Mobile Purpose specific Endpoints •  Common management agent •  Unified management console •  Common infrastructure •  Single server IBM Endpoint Manager Patch Management Lifecycle Management Software Use Analysis Power Management Mobile Devices Security and Compliance Core Protection Systems Management Security Management Server Automation Why IBM Endpoint Manager ? Concord Hospital achieves 98% first- pass success in hours on their Microsoft and 3rd party patches Helped US Foods reduce patch deployment times by 80 percent, saving USD 500,000 on software licenses and avoiding more than USD1 million in license noncompliance fines. Bendigo Bank has saved $175,000 off its power bill within 12 months and avoid 2190 tonnes of carbon emissions IBM has deployed Endpoint Manager to over 700,000 endpoints on three servers. Expects to save over $10M in Year 1 Over 13,000 mobile devices enrolled in 72 hours!
  • 15. © 2013 International Business Machines Corporation 15 Single Server & Console • Highly secure, highly scalable • Aggregates data, analyzes & reports • Pushes out pre-defined/custom policies Cloud-based Content Delivery • Highly extensible • Automatic, on-demand functionality Single Intelligent Agent • Performs multiple functions • Continuous self-assessment & policy enforcement • Minimal system impact (< 2% CPU) Lightweight, Robust Infrastructure • Use existing systems as Relays • Built-in redundancy • Support/secure roaming endpoints How it Works Remote Offices Manage roaming devices Identify unmanaged assets
  • 16. © 2013 International Business Machines Corporation 16 Summary •  IBM Endpoint Manager enables unified management of all enterprise devices – desktops, laptops, servers, smartphones, and tablets •  Real-time/proactive endpoint management: Patch management, anti-virus/malware, security and compliance for PCI DSS compliance •  Continuous compliance reduces costs and risk •  Avoid non-compliance penalties
  • 17. © 2013 International Business Machines Corporation 17 ibm.com
  • 18. © 2013 International Business Machines Corporation 18 Additional Information
  • 19. © 2013 International Business Machines Corporation 19 Patch Management •  IBM  Cloud  content  delivery   service    (operaEng  systems  and   3rd  party  applicaEons)   •  Patch  capabiliEes  for  mulEple   plaSorms:      Windows,  Mac  OS  X,   Linux  and  UNIX   •   Intelligent  agent   •  ReducEon  in  patch  and  update  Emes   from  weeks  and  days  to  hours  and   minutes   •  Increase  first-­‐pass  success  rates  from   60-­‐75%  to  95-­‐99+%   •  Real-­‐Eme  reporEng   •  Automated  self-­‐assessment,  no   centralised  or  remote  scanning  required   Benefits:Services: "We  compressed  our  patch  process  from  6  weeks  to  4  hours"     "We  consolidated  eight  tools/infrastructures  to  one"     "We  reduced  our  endpoint  support  issues  by  78%"     "We  freed  up  tens  of  admins  to  work  on  higher  value  projects"    
  • 20. © 2013 International Business Machines Corporation 20 Overview of Patch Management Start with the Patch Management domain The patches dashboard provides a real-time view on Windows patches requirement across your environment See any New Content here Application vendor patches •  Adobe Acrobat •  Adobe Reader •  Apple iTunes •  Apple QuickTime •  Adobe Flash Player •  Adobe Shockwave Player •  Mozilla Firefox •  RealPlayer •  Skype •  Oracle Java Runtime Environment •  WinAmp •  WinZip …and operating system patches Patch Management Video - link
  • 21. © 2013 International Business Machines Corporation 21 Patch Management for Windows now supports non-security updates, specifically critical updates and service packs for the Microsoft Windows product family
  • 22. © 2013 International Business Machines Corporation 22 Patch Overview Dashboard
  • 23. © 2013 International Business Machines Corporation 23 IBM Endpoint Manager License Overview 23 §  Remote Control §  OS Deployment §  TPMfOSD Lifecycle Management Security & Compliance §  Platform §  Asset Discovery §  Patch Management §  Inventory §  SW Distribution Lifecycle Management Starter Kit Patch Power §  Power §  Platform §  Asset Discovery SUA §  Software Usage §  Platform §  Asset Discovery §  Inventory Core Protection §  Platform §  Core Protection MDM §  MDM §  Platform •  DP Add-On Server Automation §  SA Add-On §  Asset Discovery §  CM for Endpoint Protection §  Network Self Quarantine §  Security Configuration §  Vulnerability Management §  DSS SCM Security & Compliance Starter Kit
  • 24. © 2013 International Business Machines Corporation 24 IBM Endpoint Manager elements Single intelligent agent •  Continuous self-assessment •  Continuous policy enforcement •  Minimal system impact (<2% CPU, <10MB RAM) Single server and console •  Highly secure, highly available •  Aggregates data, analyses and reports •  Manages up to 250K endpoints per server Flexible policy language (Fixlets) •  Thousands of out-of-the-box policies •  Best practices for operations and security •  Simple custom policy authoring •  Highly extensible/applicable across all platforms Virtual infrastructure •  Designate Endpoint Manager agents as a relay or discovery point in minutes •  Provides built-in redundancy •  Leverages existing systems/shared infrastructure
  • 25. © 2013 International Business Machines Corporation 25 Closed Loop Speed is Our Advantage Report Publish Evaluate Traditional Solutions TEM Software Policies Evaluate Enforce PublishReport Challenge Traditional client/server tools TEM Platform Complete the policy enforcement loop Everything is controlled by the server, which is slow A new way to do systems and security management Increase the accuracy and speed of your knowledge It can take days to accurately close the enforcement loop Policy enforcement is accomplished and proven in minutes instead of days Scalability cannot be attained without large infrastructure investments Administrators are still managing tools instead of being productive Distributed processing means scalability is unlimited Adjust system policies depending on environment, location Scan-based assessment, leading to stale data false sense of awareness Real-time situational awareness Decide Evaluate Enforce Decide