Your SlideShare is downloading. ×
2012.04.18 - IBM Managed Security Services - SmartCloud Services
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2012.04.18 - IBM Managed Security Services - SmartCloud Services


Published on

Présentation de l'offre Cloud IBM Managed Security Services de la famille IBM SmartCloud Services

Présentation de l'offre Cloud IBM Managed Security Services de la famille IBM SmartCloud Services

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • To qualify the customer always remember what their issues are. Ask questions about the applications they are looking to protect.
  • The Security Event and Log Management service is a turn-key cloud based SIEM solution designed to help clients overcome the challenges associated with log and event management in a cost effective manner that requires reduced infrastructure investment, shorter deployment times, and substantially reduced costs over comparable in-house solutions. The service collects log and event data from client applications, operating systems, network infrastructure, and security devices, and securely transmits, archives, and analyzes this data within the IBM cloud. Data can then be accessed from within the IBM virtual SOC portal for querying, analysis, and research activities. By applying IBM ’s deep analytics and automated intelligence correlation engines to received data, IBM can also help clients understand what type of threats might be recorded in select data types, and bring these to the attention of client security analsysts. Since many organizations struggle with the application of human resources to 24x7 monitoring duties, services like the IBM Security Event and Log Management solution can help provide the tools to make this process simpler and more cost effective. Clients need this solution because more governance frameworks and regulatory requirements are actively requiring organizations to perform regular monitoring of log and event data. With today ’s systems generating more and more data every day, long gone are the opportunities to effectively meet these requirements with manual analysis alone. Instead, complex automated tools are necesarry, and SELM can help simplify the process and bring the capability to medium and large businesses in a simplified manner.
  • Transcript

    • 1. Managed Security ServicesSelling Enterprise Security Services From the Cloud © 2012 IBM Corporation
    • 2. Data tops concerns relative to cloud computing… Protection of intellectual property and data 30% Ability to enforce regulatory or contractual obligations 20% Unauthorized use of data 14% Confidentiality of data 11% Availability of data 9% Integrity of data 8% Ability to test or audit a provider’s environment 6% Other Source: Deloitte Enterprise@Risk: Privacy and Data Protection Survey 2%2 © 2012 IBM Corporation
    • 3. IBM Global Technology Services Security Services Market Dynamics Market dynamics – Due to the nature of numerous Major actors: security technologies invented for resolving a variety of MSS – IBM, Dell SecureWorks, Symantec, security issues, security market is very fragmented, Verizon, AT&T, HP, Wipro crowded with a large number of vendors providing specific solutions. New technologies are evolving rapidly, and Cloud Services – IBM, HP, McAfee, Verizon, M&A has been incredibly active in the past few years. Symantec, SecureWorks However, there are very few “full scale” security solution Consulting services (PSS) – IBM, Deloitte, providers that can globally provide customers in different PwC, sizes and industries with a comprehensive portfolio of E&Y, Accentuate, KPMG, Verizon security solutions that combines security technologies, IBM has: and consulting, implementation, and managed services. • Solution comprehensiveness: IBM has a unique position in the market as an true end-to-end security provider – we address virtually any dimension ofWW Security Services market is a $31.5B opportunity customers’ security 2011, growing at a CAGR of 10.8% throughout •Leading technologies: All IBM’s security solutions2015 Education $3.02B are built based on unparalleled security technologies invented by IBM research (including x-Force) & Managed Consulting development or market leading product vendors ( Services Service •Global delivery: IBM has thousands of consultants, $4.51B $9.66B specialist, and delivery experts and global security operation centers to deliver professional, managed, and cloud security services to customers in almost every country in the world Professional Implementation Services Service 3 $14.29B © 2012 IBM Corporation Page 3
    • 4. Capability: The IBM Security FrameworkDelivering intelligence, integration and expertise acrossdomains IBM Security  End-to-end coverage across domains  6K+ security engineers and consultants  Award-winning X-Force research  Analyst recognized leadership  Continued commitment to investment  Trusted Advisor to Global companies Intelligence ● Integration ● Expertise4 © 2012 IBM Corporation
    • 5. IBM Managed Security Services approaches the problem twoways: Security for the Cloud Security from the Cloud Helping clients begin their journey to the Subscription service, Cloud-based, monitoring & cloud with relevant security expertise management Security Services that help reduce costs & complexity, improve sec. posture, and meet regulatory compliance  Cloud Security Strategy Roadmap  Security Event and Log Management  Cloud Security Assessment  Vulnerability Management Services  Penetration Testing  Hosted Application Security  Application Security Assessment  Hosted Mobile Device Management  Identity and Access Management  Managed Email / Web Security  X-Force Threat Analysis Service Security & Privacy Leadership5 © 2012 IBM Corporation
    • 6. Security FROM the Cloud:Hosted Application Security Management (HASM) Application Security Management Service Overview: Service Quick Facts: Helps customers identify and remediate web application Service Type: Cloud / Managed vulnerabilities on Internet facing servers without the need to purchase, install, and configure separate servers and software packages. The solution tests for common Web application vulnerabilities including Cross-Site Scripting, Average Project: $100K-750K Buffer Overflow, and Web 2.0 exposure scans. Key Offering Capabilities: Business Challenges:  Full AppScan Enterprise access: The solution  Web apps represent the fastest growing threat vector delivers the power of enterprise class application assessment capability directly to the organization via  70% of companies view web 2.0 as a top security a cloud based delivery model. concern  Skilled experts to assist in analyzing scan results:  Web vulnerabilities are easily remotely exploited Dedicated one on one time with security experts is  Web app scanning is required by regs such as PCI. included in the service to assist with interpretation of scan results and applicable remediation strategies Service Value Proposition / Benefits:  Suggested fixes and remediation steps provided: Scan results are accompanied by detailed fix  Reduces risk with an unmatched time to value suggestions that guide developers to solutions and  Allows for vulnerabilities to be identified and best practices. remediated without in-depth expertise  24x7 support and on-demand access: The HASM  Application Security Analysts consult with clients to platform and associated support are available from help build a prioritized remediation strategy. IBM experts 24x7.6 © 2012 IBM Corporation
    • 7. Situations that drive the need to HASM • Is web site used to collect any customer information? • Is it used to send or receive sensitive information – including corporate IP, employee data, customer or partner information? • Is it accessed by hundreds, thousands (or even millions) of users? • Is the organization subject to federal or state legislative regulations or industry compliance stands? (PCI / HIPAA / SOX / GLBA) • If so, then you need to assess the application to provide validation that it is within compliance standards and regulations. • The Hosted Application Security Services conducts application assessments that help to provide required information for compliance regulations.7 © 2012 IBM Corporation
    • 8. Security FROM the Cloud: Mobile DeviceHosted Mobile Device Security Management (MDS) Security Mgt. Service Overview: Service Quick Facts: Designed to provide expert monitoring and management Service Type: Cloud / Managed of policy enforced mobile connectivity to corporate and enterprise-wide assets. Incorporates design and deployment capabilities along with managed services to accelerate time to value and drive established security Average Project Size: Varies measures to mobile endpoints. Key Offering Capabilities: Business Challenges:  Backed by IBM’s industry leading MSS: Managed and monitored by IBM, one of the largest Managed  Attainment of mobile security skills can be challenging Security Service Providers in the world.  Most mobile deployments combine corporate and  Broad mobile platform support: Offers support for employee owned assets w/ varying security controls leading mobile operating systems allowing for broad  More data lives on smartphones than ever before applicability of policy and technology.  Turn-key implementation: Comprehensive deployment strategies designed to simplify the rollout Service Value Proposition / Benefits: and reduce the burden on security / IT teams  Gain control over data stored on mobile endpoints  Secure, policy based connectivity: When used in conjunction with the Juniper SA gateway, secure,  Helps organizations reduce the impact of lost devices policy based enforcement can be applied across mobile devices accessing corporate resources.  Supports the consumerization of mobile rollouts while retaining a responsible and secure approach to data  Deep security technology: Introduced enterprise management class security to mobile endpoints: FW, AV, AS, etc.8 © 2012 IBM Corporation
    • 9. Situations that drive the need for MDS • What security policies does your company have for corporate desktops and laptops? • Are your employees mobile devices compliant with relevant security policies? • Do you allow your workforce to access corporate data from their personal mobile devices? • Do you want to embrace mobile technology to provide flexibility to your employees? • Are you aware of the potentially disastrous risks and threats that can affect mobile devices? • Do you lack the in-house expertise and technology needed to ensure secure mobile access to corporate data? • Today’s mobile device should be viewed as any other endpoint device in the organization  having an overall endpoint security strategy is key. • There are differences between desktops/laptops and mobile devices. • The risk of breaches for mobile devices is the same or even greater due to the proliferation of smartphones.9 © 2012 IBM Corporation
    • 10. Security FROM the Cloud:Security Event and Log Management (SELM) Security Event and Log Mgt. Service Overview: Service Quick Facts: The Security Event and Log Management Service Service Type: Cloud / SaaS enables compilation of the event and log files from network applications, operating systems, and security technologies into one seamless platform. The SELM offering allows for automated analysis of IPS data as well Average Project Size: Varies as robust query and research capabilities against a variety of different log types. Key Offering Capabilities: Challenges:  Two tiers of service: SELM is available in Standard and Select service levels allowing for varying degrees  Information and event management solutions can be of analysis and analytics to be applied to data types costly and overly complex depending on needs  Integrated workflow and analysis capabilities:  Data often spans geographies and obtaining a With SELM’s integrated workflow and analysis consolidated view can be difficult and costly capabilities, security issues can be investigated,  Many solutions struggle with real-time analysis escalated, and recorded using IBM’s web based tools  Custom log parser and correlation engine: Easily use regular expressions to add support for custom log Service Value Proposition / Benefits: sources and correlation rules  Improve time to value by leveraging an on-demand  Forensically sound storage and archival: SELM cloud based platform employs best practice processes for storage  Shorten investigations for suspicious/malicious activity  Seamless blending of MSS and non-MSS data: SELM blends managed and unmanaged logs and  Centralize key data and reduce storage burdens events into a common data set10 © 2012 IBM Corporation
    • 11. Situations that drive the need for SELM • How are you managing, monitoring and archiving both log and event data across your enterprise? • Does your company have a formal log management and monitoring process that supports analysis, escalation, and investigation? • Do you consolidate log data from disparate geographies and systems or is this data spread among many separate locations? • In the event of a security incident, can you effectively query and analyze logs from hundreds or thousands of systems in minutes? • Could your security team use additional time and budget to address security issues? • Do you have the tools in place for centralizing data, storing long term (up to 7 years), and an automated form of analysis? • What tools are being used for existing efforts, are those tools integrated off the shelf vs. cobbled together? • What would be the implications of a distributed data deployment if you attempted to quickly respond to a global security incident? • How would you check all of your systems for suspicious activity if you knew of an attackers IP or a compromised account? IBM Confidential © 2012 IBM Corporation
    • 12. Security FROM the Cloud:Hosted Vulnerability Management Service (VMS) Security Event Mgt. Vulnerability and Service Log Mgt. Service Overview: Service Quick Facts: Offers network based vulnerability assessment from the Service Type: Cloud / SaaS cloud via the VSOC web portal. Scans can be configured and scheduled via the web, with scanning performed from the cloud or via IBM managed scanners at the customer premise. Results are and archived in the Average Deal Size: $75K-300K cloud, and accompanied by reporting, workflow, and remediation capabilities. Key Offering Capabilities: Business Challenges:  Vulnerability management: Agent-less scanning  Vulnerabilities allow easy access to systems from both inside and outside the firewall  Proper assessment and remediation is required for  Remediation guidance and workflow: Fix compliance initiatives vulnerabilities quickly and easily with the information provided in remediation reports  Today’s solutions can be difficult to use and manage  Intelligent scanning: Delivers accurate scanning results in less time with a system that follows an Service Value Proposition / Benefits: assessment similar to that used by ethical hackers.  Streamlined SaaS delivery model saves clients money  PCI compliance assistance: IBM can serve as an and improves time to value. Approved Scanning Vendor (ASV) in support of PCI compliance initiatives  Assists with compliance efforts for multiple regulations, including PCI  Web and dbase vulnerability detection: Identifies basic web and database vulnerabilities to satisfy  Reduces risk and improves security posture. compliance requirements12 © 2012 IBM Corporation
    • 13. Situations that drive the need for VMS • How are you managing software vulnerabilities (Network, database, and application) in your IT environment today? • Does your company have a formal vulnerability management program that supports frequent scanning, prioritization, and remediation efforts? • Does your current scanning solution support Network, application and database vulnerabilities? • Have you considered the cost savings that could be realized by leveraging scanning from the cloud vs. maintaining your own solution in-house? • Could your security team use additional time and budget to address big picture issues in your environment? • What is the importance of a vulnerability management program with repeatable process, documentation, reporting, and validation? • What tools are being used for your existing efforts, are those tools integrated off the shelf vs. cobbled together.13 © 2012 IBM Corporation
    • 14. ‘Cloud security service’ value The value proposition for cloud security has become widely understood, creating projects within many enterprises. Services FROM the cloud:  Online access to key security tools that enable clients to efficiently perform key security functions  Reduced up-front capital investment and deployment  Lower overall security management costs  Quicker time to deploy and time to value vs. on-premise  Reduced on-premise skill requirements  Ability to standardize capabilities on one platform  Ability to rapidly consume software improvements14 © 2012 IBM Corporation
    • 15. IBM Managed Security Services helps answer critical security questions Virtual SOC Portal 13+ billion events per day 9 security operations centers Answering customers’ critical questions: Am I being targeted? Where else has this IP been? What’s the attack vector? Is the attack approach custom or common? Is the attack against a vulnerable system? Is there a block or prevention rule? Can you shut down that port? Is this website malicious? Is that an email virus? Firewalls Intrusion detection Routers/switches Servers Emails URLs15 © 2012 IBM Corporation
    • 16. IBM’s global security expertise extends to cloud and is trustedby some of the world’s most demanding companies! 9 Security operations centers 9 Security research centers 11 Security development labs 400 Security operations analysts 520 Field security specialists 941 Professional services security consultants Security Operations Centers  15B-plus events managed per day 3,300 Security Research Centers  1,000-plus security patents Strategic outsourcing security Security Solution Development Centers delivery resources Institute for Advanced Security Branches  133 monitored countries (MSS)16 © 2012 IBM Corporation
    • 17. IBM Security Services – Cloud Security Resources Web Pages: IBM Cloud Security Web page Papers: Cloud Security Guidance Strategies for Assessing Cloud Security Leveraging Security from the Cloud IBM POV: Security and Cloud Computing Tools: MSS Total Cost of Ownership Offering Details: Hosted Application Security Management Hosted Vulnerability Management Hosted Mobile Device Security Management Hosted Security Event and Log Management17 © 2012 IBM Corporation
    • 18. Retrouvez une sélection d’offres CloudIBM pour les Partenaires sur :http://ibmcloudcatalog.blogspot.com18 © 2012 IBM Corporation