DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy


Published on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Example Agenda:
    Executive summary
    Current market or industry situation
    Needs and challenges summary
    How the offering addresses needs and challenges summary
    Offering summary
    Proof of IBM’s expertise in this area summary (e.g., key differentiators, client example summary)
    Offering description (domain-level capabilities)
    Associated offerings (services, software one sales accelerator plays: Security Intelligence, Advanced Threat Protection, Database & Application Protection)
    Why IBM? <e.g., key competitor differentiators (per domain), client success stories>
    Next steps
    1. Introduction: The evolving threat landscape
    Today's security attacks are getting more sophisticated <slide exists>
    The complexities in which we conduct today's business <slide exists -- replace "social" and "big data" with "advanced threats" and "compliance"?>
    CISO challenges (too much complexity, too expensive, not enough effectiveness, not getting enough out of individual point products)
    2. A new approach to security is needed
    Security challenges are a complex, four-dimensional puzzle <slide exists: KB to reformat>
    Visibility and Security Intelligence <funnel slide? --across all domains>
    Integrate controls across domains to eliminate silos
    Gain expertise and insights <should include research, expertise, and services>
    3. How IBM Security can help
    Optimize your security maturity <do certain things to gain a higher state of maturity>
    IBM Security: Helping clients optimize IT security <slide exists: Framework slide>
    Framework applied to megatrends <high-level>
    IBM Security: Market-changing milestones <slide exists -- timeline slide>
    IBM offers a comprehensive portfolio of security solutions <slide exists>
    Analyst slide <slide exists>
    Security intelligence <slide exists>
    Client success stories aligned to framework
  • These threats are becoming increasingly sophisticated each day, and the motivations that drive them are becoming all the more complex. We’ve gone from a world in which a mere nuisance or curiosity might have been the motivation for the Nigerian money transfer scams or the code red worm that randomly defaced websites in 2001; to the more complex national security and economic espionage motivations that spawned Stuxnet malware which mimicked good behavior on the Siemens industrial control systems; when in reality it was forcing the controller to go off and cause centrifuges in Iran to spin out of control and explode.
    In the past we were worried about random threats that targeted a company; now it’s basically a specific threat with any number of entities anywhere in the world. Who knows, the threat could come from a competitor, or simply someone that has a problem with you personally. Twenty years ago they may have just spray painted graffiti on one of your company trucks; now they can buy a piece of software on the internet and buy modifications to it; then they purchase the source code and rent botnets to try and destroy your business altogether.
    The reality is that these motivations, levels of sophistication, and sheer number of people and organizations determined to do harm are much bigger, broader, and more intense than ever. No single industry, organization, team, or individual are immune – everyone has become vulnerable to today’s threats. We can’t afford to be complacent, there’s too much at risk.
    ___________Alternative narrative for non-security savvy audience:
    These threats are becoming increasingly sophisticated each day, and the motivations that drive them are becoming all the more complex. We’ve gone from a world in which curiosity might have been the motivation for adversaries spray painting graffiti on company trucks; to new levels of motivation and sophistication where adversaries can now purchase a piece of software from the internet, add modifications to it; then acquire the source code and rent botnets to try and destroy your business altogether.
    The reality is that these motivations, levels of sophistication, and sheer number of people and organizations determined to do harm are much bigger, broader, and more intense than ever. No single industry, organization, team, or individual are immune – everyone has become vulnerable to today’s threats. We can’t afford to be complacent, there’s too much at risk.
  • This chart highlights the volume of threat activity that is happening out there -- you can see its quite a lot considering this is a mere sampling of what was probably actually going on.
    Color of circles represent the technical means used by attackers to breach these customers.
    The size of the circle estimates the financial impact that might have occurred based on what was reported publically.
    Though the seemingly insurmountable magnitude of these threats is alarming, they’re certainly preventable if you’re armed with the right approach.
  • This increased activity is precisely what is driving today’s boardroom discussions. Executives are being asked some tough questions… “What are the priorities you’re focusing on? What are the potential risks associated with these priorities, and more importantly how can it affect our bottom line?
    Forward thinking companies are weaving security into their everyday business operations. This includes developing proactive approaches to securing cloud and mobile technology, providing security analytics for big data, and improving defenses against evolving cyber threats.
  • So how do we solve this?
  • <Presenter note: Slide animates>
    We realize that protecting against all the different security threats is challenging, especially given today’s business domain complexities starting with…
    <mouse click>
    Infrastructure. As we know, infrastructures have become more complex. We’ve gone from traditional datacenters to PCs, to laptops, and now to mobile devices with services delivered on the cloud, to the even more complex non-traditional end points or “Internet of Things” such as smart products and systems that are all interconnected.
    <mouse click>
    Next, the application layer which has also seen a whole series of sophistication from systems applications, to web and now mobile applications.
    Then there’s the data layer which has seen a significant increase in the amount of information being managed.
    Finally, the people on your network are no longer just your internal employees and external customers. Networks need to be accessible to our many supply chain constituents and yet restricted to our adversaries.
    Because of these hyper-connected technologies spanning multiple domains, companies need to expand their approach to solving their own security needs. The traditional means of “protecting the perimeter” with individual point product solutions cobbled together can’t scale to the broader needs of the organization. The entire enterprise needs protection, therefore a more holistic approach is needed.
  • IBM offers integrated security intelligence and industry-leading experience enabled by the IBM Security Framework solution capabilities.
    These capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:
    Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.
    Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.
    Expertise: Through a more proactive and trusted source of truth in order to stay ahead of emerging threats and risks.
    Addressing these three key imperatives enables a more holistic, comprehensive perspective and can enhance your security maturity.
  • 1976
    IBM introduces Resource Access Control Facility (RACF), to provides access control and auditing functionality for applications on the mainframe eliminating the need for each application to imbed security
    The IBM develops Data Encryption Standard (DES), a cryptographic algorithm, adopted as the national standard by the US National Bureau of Standards
    IBM announces the 3624 automatic teller machine, utilizing DES
    IBM starts contributing to Java Security technologies
    IBM launches Cryptolope containers to seal intellectual property in a digital package so that content transactions are secured over the Internet
    IBM launches the SecureWay Key Management Framework, a collection of applications, services and cryptographic engines that help make the Internet safe for e-commerce
    IBM begins pilot program with MasterCard using Secure Electronic Transaction (SET) technology which secures credit card transactions over the Internet
    IBM develops and certifies the IBM Secure Crypto Co-processor (4758) at FIPS 104-1 Level 4, the highest level of FIPS
    IBM releases its first enterprise-grade LDAP Directory Server (now known as Directory Server)
    IBM extends Secure Electronic Transaction (SET) standard support which secures payments over the Internet and is largely based on technology developed at IBM Research and adopted by major credit card companies
    IBM acquires Dascom, the basis for IBM's Access Manager portfolio
    IBM Research's breakthrough paper on Side Channel Cryptanalysis Attacks and Countermeasures (1999 – 2004)
    IBM patents a system and method for alerting computer users to digital security intrusions
    IBM appoints Harriet Pearson its first Chief Privacy Officer
    IBM acquires Access 360, the basis for IBM's Identity Manager portfolio
    IBM acquires MetaMerge for meta-directory and directory synch capability (now known as Directory Integrator)
    IBM debuts the first ThinkPad with an integrated fingerprint reader, at the time offering an unmatched level of data protection through a new biometric capability and embedded security subsystem
    IBM acquires Internet Security Systems, Inc, the basis for today’s IBM X-Force® IT security research team and the IBM network protection product family
    Smart cards, highly efficient JavaCard™ technology developed at IBM Research – Zurich, is licensed by a leading smart card manufacturer for secure multi-application smart cards and is used in many JavaCard™ projects The technology is used today in 10s of millions of VISA credit cards
    IBM acquires Consul, to help accelerate data and governance strategy
    IBM patents a secure system and method for enforcement of privacy policy and protection of confidentiality
    IBM acquires Encentuate, the basis for 'IBMs Enterprise Single-sign-on (ESSO) product
    Zone Trusted Information Channel: Plugs into the USB port of any computer and creates a direct, secure channel to a bank’s online transaction server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks
    IBM acquires Ounce Labs, a provider of software that analyzes software code for security vulnerabilities, today’s AppScan family
    IBM acquires Guardium, a market leader in real-time enterprise database monitoring and protection
    Pioneers the use of Big Data analytics to cybersecurity problems (FAA, USAF)
    IBM acquires Big Fix, helping organizations extend security and compliance to endpoints, today Endpoint Manager
    IBM Research’s breakthrough on Fully Homomorphic Encryption
    IBM Security Systems division is created
    IBM acquires Q1 Labs, with its QRadar security intelligence portfolio, to strengthen its offerings around advanced security analytics
    IBM launches Cloud-based Mobile Security Services, IBM Hosted Mobile Device Security Management
    IBM delivers next-gen Intrusion system, new access appliance and privileged identity technology
    IBM announces 25 new product releases in security, a record year of innovation
    IBM extends its market leading static application security testing (IBM Security AppScan) to native Android applications, which allows clients to conduct their own testing for mobile applications
    IBM announces breakthrough with combination of Security Intelligence and Big Data
    IBM announces new QRadar Vulnerability Manager software to help organizations identify and predict security risk
    IBM announces MobileFirst security software (IBM AppScan Source 87 for iOS) to improve security quality without sacrificing time-to-market of mobile app projects
  • <Presenter Note: This slide is IBM Confidential making it useable only within IBM per the Business Conduct Guidelines. It cannot be altered in any way. If you have questions, please contact Kristen Benz at benzk@us.ibm.com>
    We’re very proud of our proven leadership across the various domains. Here’s a recent sampling of how some of the industry’s top analyst firms (Gartner, IDC, and Forrester) have ranked IBM Security as a leader.
    Our commitment is not just to have the right coverage in each of the domains, but more importantly to maintain the leadership position in each of the market segments.
  • With more than 6,000 researchers, developers and subject matter experts engaged in security initiatives, IBM operates one of the world’s broadest enterprise security research, development and delivery organizations. This powerful combination of expertise is made up of the award-winning X-Force research and development team—with one of the largest vulnerability databases in the industry—and includes nine security operations centers, nine IBM Research centers, 14 software security development labs and the IBM Institute for Advanced Security with chapters in the United States, Europe and the Asia Pacific region.
    Security Operations Centers: Atlanta, Georgia; Detroit, Michigan; Boulder, Colorado; Toronto, Canada; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil; Bangalore, India; Wroclaw, Poland 
    Security Research Centers: Yorktown Heights, NY; Atlanta, GA; Almaden, CA; Ottawa, Canada; Zurich, CH; Kassel, DE; Herzliya, IL; Haifa, IL; New Delhi, IN; Tokyo, JP
    Security Development Labs: Littleton, MA; Raleigh, NC; Atlanta, GA; Austin, TX; Costa Mesa, CA; Fredericton, Canada; Toronto, CAN; Ottowa, CAN; Belfast, NIR; Delft, NL; Pune, IN; Bangalore, IN, Taipei, TW; Singapore, SG; Gold Coast, AU
    Note: IBM patent search performed by Paul Landsberg, IBM IP Office
  • Now let’s discuss the IBM Security capability strategies we’re committed to deliver through our portfolio…
  • IBM Security offers a broad portfolio of solutions differentiated through their integration and innovation to address the latest trends.
    … by CISOs that are focused on driving security innovation around key mega trends such as; Advanced threats, cloud and virtualization, mobile, and compliance mandates.
    These innovations are delivered through domain-level capabilities (aligned to people, data, applications, and infrastructure) all pinned under a rich layer of Security Intelligence and delivered on an Advanced Security and Threat Research foundation.
  • The IBM Security Systems portfolio is built around protecting the security domains of People, Data, Applications, and Infrastructure, with a layer of Security Intelligence and Analytics providing true integration and visibility into the enterprise security landscape, and underpinned by IBM X-Force Research providing threat intelligence. The acquisition of Trusteer provides enhanced endpoint protection and threat research, while extending the portfolio with a layer of advanced fraud protection.
  • <Presenter note: Slide animates>
    According to the insights gathered from the 2012 IBM Chief Information Security Officer Assessment from May of 2012…
    <mouse click>
    Responders are the…
    Least confident
    Focus on protection and compliance
    <mouse click>
    Protectors are…
    Less confident
    Somewhat strategic
    Lack necessary structural elements
    <mouse click>
    Influencers are…
    Confident / prepared
    Strategic focus
    The Influencers have the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. These leaders understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration and communication. They are working closely with business functions to create a culture in which employees take a more proactive role in protecting the enterprise. Because they are more integrated with the business, these security organizations are also able to influence the design of new products and services, incorporating security considerations early in the process.
    Security leaders are going to become more key to their organizations, their budgets will increase and they will move from the fringe to being embedded.
  • When you know it’s really important data and it’s in the cloud, we can really focus on the security around that piece of data. If you think it about it that way, it’s a ray of light surrounding your piece of data with incredible [cough] technologies. It’s got a little castle just around it and controls around it. The key is applying the framework to each and every element of our cloud security. Once again, there is not a single product that does it, you have to be able to look at everything from access control, application security, virtualization security, and that’s basically what IBM is doing with the products across our framework is applying them to cloud.
  • Then, of course, there’s mobile. In the same way it’s applying all of our technologies across the mobile world, every single component. We’re managing the endpoint, mobile data management, access management from their mobile device, and application security and scanning of applications developed on a mobile application platform like [Inaudible 01:03:05].
  • Event correlation:
    IP reputation
    Geographic location
    Activity baselining and anomaly detection:
    User activity
    Database activity
    Application activity
    Network activity
    Offense identification:
  • A unique Cybercrime Prevention Architecture is the technology foundation of the Trusteer service. It tackles online and mobile fraud both on the end point and web application tiers and is built upon real-time intelligence and threat research.
    The first layer provides endpoint threat protection. Trusteer Rapport clients protect PC and Mac against financial malware and phishing. Trusteer Mobile detects client side risk factors and extract unique device ID – this data is later fed into the Mobile Risk Engine that is part of Pinpoint ATO for conclusive mobile account takeover and transaction risk detection. Trusteer Apex protects employees against zero day exploits and data exfiltration
    The second layer provides fraudulent activity detection. Trusteer Pinpoint Account Takeover (ATO) detection identifies the fraudsters themselves as they use phished or stolen credentials to access online banking. Trusteer Pinpoint Malware Detection detects malware presence in any Javascript-enabled browser in PC, Mac, or Mobile devices. Trusteer Mobile Risk Engine provides a conclusive platform to detect mobile and cross channel fraud risks.
    Both layers are sustained by an intelligence platform and cybercrime experts that ensure maximum protection over time. This includes data gleaned from tens of millions of Trusteer-protected endpoints and the expertise of some of the brightest minds in malware research.
  • We’ve already talked about the security domains; one of them being people; now let’s talk about our vision in how we can help manage that domain with our Identity and Access Management capabilities.
    Starting at the bottom of the graphic… IBM continues to invest in the key themes that support this capability with a significant number of Standardized Services that allow you to do directory and federation across your IT infrastructure and into your cloud infrastructure.
    Next we offer products and technologies that allow you to do robust Access Management (which you see in the left center of the graphic); These capabilities enable access and entitlement management, single sign-on, and risk-based authentication. An example of this is if I take my laptop from my normal geography to another part of the world, a second factor of authentication may be required to make sure that you truly are that person because we don't recognize the location you're in as being normal. So again, it’s a great example of intelligence built into access management.
    On the right center of the graphic, you’ll see we offer Identity Management capabilities to enable user provisioning, role management, and now privileged identity management solutions; This allows you to monitor the actions of your most “trusted” users as they access your servers, databases, and IT infrastructure.)
    Next we’ve built in Policy-based Identity and Access Governance capabilities have been built into our portfolio.
    And finally, we’ve linked IBM QRadar into our Security Intelligence layer which has been a big differentiator for IBM.
    These are just some of the key capabilities that we’ve been focusing on within the People domain, now let’s move on to the Data domain…
  • In our Data Security and Compliance Strategy we strive to address all forms of protection for data in any state, and in every data security process (including direct enforcement, discovery and classification, data access control, monitoring, and auditing), culminating with the collection and analysis of real time data activity to provide better proactive insights around data protection. And, even though we focus on data security, we also see it as an integral part of both a holistic security strategy (security solutions integrations) and an IT/Business process strategy.
    At rest: masking, encryption, key mgmt, vulnerability assessment
    In motion: DAM, Network DLP, IPS/IDS, dynamic masking and encryption,
    In use: endpoint vulnerability assessment, Endpoint DLP
    In this broader view of IBM’s Cloud Security capabilities, you can see how IBM takes an end-to-end approach to data security, looking at the requirements to protect data in any form, anywhere, from internal or external threats, streamline regulation compliance process and reduce operational costs around data protection. Each IBM solution for data security has a set of capabilities that can be mapped back to the requirements for the focus areas or “domains” of the security framework.
  • There are two segments to the Infrastructure protection layer, the first of which is endpoint security protection.
    IBM acquired a company called Big Fix which does desktop, laptop, and server security, patch management, software distribution, security and compliance testing, configuration testing on those devices.
    We extended this technology to include mobile device management. Which allows you to selectively wipe a device, understand the policies on the device, and enforce a password; all of which are critical in successfully securing your mobile devices.
    Key themes again are mobility and then expansion of our security content out to these endpoints and again integration into security intelligence which is taking all that knowledge of these endpoints and combining that in to our security intelligence QRadar platform.
  • Here are some of our client proof points aligned across the different domains.
    Do not disclose clients with audience:
    Security Intelligence and Analytics: Office Depot?
    Advanced Fraud Protection: Trusteer Case Studies; Synovus and SomersetHills
    People:BlueCross BlueShield of North Carolina
  • To support the role of successful CISO’s, IBM offers integrated security intelligence and industry-leading experience enabled by the IBM Security Framework solution capabilities. All of the IBM Security offerings are backed by an extensive business partner ecosystem which consists of industry-leading technology, sales and service partners.
    These capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:
    Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.
    Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.
    Expertise: Through a more proactive and trusted source of truth in order to stay ahead of emerging threats and risks.
    Addressing these three key imperatives enables a more holistic, comprehensive perspective and can enhance your security maturity.
  • Mandatory Disclaimer Slide to be included in all external-facing presentations.
  • Mandatory Thank You Slide (available in English only).
    URL is hyperlinked to website.
  • DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy

    1. 1. IBM Security Systems IBM Security Strategy Intelligence, Integration and Expertise György R. Rácz Sales Executive IBM Security Systems CEE Riga, 7th of November © 1 2013 IBM Corporation © 2013 IBM Corporation
    2. 2. IBM Security Systems Agenda  Introduction: The evolving threat landscape  A new approach to security is needed  How IBM Security is positioned to help 2 © 2013 IBM Corporation
    3. 3. IBM Security Systems Motivations and sophistication are rapidly evolving Nation-state actors, APTs Stuxnet, Aurora, APT-1 MOTIVATION National Security, Economic Espionage Notoriety, Activism, Defamation Monetary Gain Nuisance, Curiosity Hacktivists Lulzsec, Anonymous Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red SOPHISTICATION 3 © 2013 IBM Corporation
    4. 4. IBM Security Systems Attack frequency increased to record in H1 2013 4 Source: IBM X-Force® Research 2013 Trend and Risk Report © 2013 IBM Corporation
    5. 5. IBM Security Systems IT Security is a board room discussion CEO CFO/COO Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges CIO Loss of data confidentiality, integrity and/or availability CHRO Violation of employee privacy Financial loss CMO Loss of customer trust Loss of brand reputation Increasingly, companies are appointing CROs and CISOs with a direct line to the Audit Committee 5 Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series © 2013 IBM Corporation
    6. 6. 6 © 2012 IBM Corporation 2013
    7. 7. IBM Security Systems Security challenges are a complex, four-dimensional puzzle… People Attackers Employees Consultants Suppliers Outsourcers Partners Customers Data Structured Unstructured At rest In motion Applications Systems Applications Web Applications Web 2.0 Mobile Applications Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional …that requires a new approach 7 © 2013 IBM Corporation
    8. 8. IBM Security Systems IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Framework Intelligence Integration Expertise 8 © 2013 IBM Corporation
    9. 9. IBM Security Systems Reaching security maturity Security Intelligence Predictive Analytics, Big Data Workbench, Flow Analytics SIEM and Vulnerability Management Log Management Advanced Fraud Protection People Data Applications Infrastructure Data governance Fraud detection Multi-faceted network protection Encryption key management Hybrid scanning and correlation Anomaly detection Identity governance Optimized Fine-grained entitlements Privileged user management User provisioning Proficient Access management Strong authentication Basic Database activity monitoring Virtualization security Web application protection Asset management Source code scanning Endpoint / network security management Data loss prevention Encryption Database access control Application scanning Perimeter security Host security Anti-virus 13-09-17 9 Directory management Data masking / redaction Hardened systems © 2013 IBM Corporation
    10. 10. IBM Security Systems IBM Security: Market-changing milestones Advanced Fraud Protection Security Intelligence 2011 Security Analytics Application Security Database Monitoring Compliance Management Network Intrusion Prevention 2006 SOA Management Internet and Security Security 2005 Identity Systems, Inc. DataPower Management is acquired for 2002 is acquired security Access Access360 for SOA research and Management 1999 management is acquired network Mainframe and Server Security 10 1976 Resource Access Control Facility (RACF) is created, eliminating the need for each application to imbed security Dascom is acquired for access management capabilities and security for identity management capabilities capabilities MetaMerge is acquired for directory integration capabilities protection capabilities 2008 Encentuate is acquired for enterprise single-sign-on capabilities 2007 Watchfire is acquired for security and compliance capabilities Consul is acquired for risk management capabilities Princeton Softech is acquired for data management capabilities 2009 Ounce Labs is acquired for application security capabilities Guardium is acquired for enterprise database monitoring and protection capabilities 2012 2010 Big Fix is acquired for endpoint security management capabilities NISC is acquired for information and analytics management capabilities Q1 Labs is acquired for security intelligence capabilities 2013 Intent to acquire Trusteer for mobile and application security, counter-fraud and malware detection IBM Security Systems division is created IBM Security Investment IBM Security Investment • • 6,000+ IBM Security experts worldwide 6,000+ IBM Security experts worldwide • • 3,000+ IBM security patents 3,000+ IBM security patents • • 4,000+ IBM managed security 4,000+ IBM managed security services clients worldwide services clients worldwide • • 25 IBM Security labs worldwide 25 IBM Security labs worldwide © 2013 IBM Corporation
    11. 11. IBM Security Systems Industry analysts rank IBM Security as leading the market 11 IBM Confidential: For internal use only © 2013 IBM Corporation
    12. 12. IBM Security Systems At IBM, the world is our security lab Security Operations Centers Security Research and Development Labs Institute for Advanced Security Branches More than 6,000 12 IBM researchers, developers, and subject matter experts ALL focused on security 3,000 IBM security patents v13-01 © 2013 IBM Corporation
    13. 13. 13 © 2012 IBM Corporation 2013
    14. 14. IBM Security Systems IBM Security Systems Strategy 1 Support the CISO agenda BUYERS CISO CIO Line-of-Business HELP! Deliver a broad portfolio of solutions differentiated through their integration and innovation to address the latest trends 2 Innovate around key trends MEGATRENDS Advanced Threats 3 Cloud Lead in selected segments Mobile Compliance CAPABILITIES Security Intelligence and Analytics Advanced Fraud Protection People Data Applications Infrastructure Advanced Security and Threat Research 14 © 2013 IBM Corporation
    15. 15. IBM Security Systems IBM offers a comprehensive portfolio of security products IBM Security Systems Portfolio IBM Security Systems Portfolio Security Intelligence and Analytics QRadar Log Manager QRadar SIEM QRadar Risk Manager QRadar Vulnerability Manager Advanced Fraud Protection Trusteer Rapport Trusteer Pinpoint Malware Detection Trusteer Pinpoint ATO Detection Trusteer Mobile Risk Engine People Data Applications Identity Management Guardium Data Security and Compliance AppScan Source Network Intrusion Prevention Trusteer Apex Access Management Guardium DB Vulnerability Management AppScan Dynamic Next Generation Network Protection Mobile and Endpoint Management Privileged Identity Manager Guardium / Optim Data Masking DataPower Web Security Gateway SiteProtector Threat Management Virtualization and Server Security Federated Access and SSO Key Lifecycle Manager Security Policy Manager Network Anomaly Detection Mainframe Security Network Infrastructure Endpoint IBM X-Force Research 15 © 2013 IBM Corporation
    16. 16. IBM Security Systems IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO How they differ Influencers • Confident / prepared • Strategic focus Protectors • Less confident • Somewhat strategic • Lack necessary structural elements Responders • Least confident • Focus on protection and compliance 16 have a dedicated CISO have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress focused on improving enterprise communication/ collaboration focused on providing education and awareness Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012 © 2013 IBM Corporation
    17. 17. IBM Security Systems A New Vision for Integrated Advanced Threat Protection Cross-domain awareness of threat activity Integrated platform for distribution of threat intelligence Cross-domain awareness of targeted assets 17 © 2013 IBM Corporation
    18. 18. IBM Security Systems Intelligent Security for the Cloud Security Intelligence Provide visibility, auditability and control for the cloud 13-04-02 Identity Protection Threat Protection Administer, secure, and extend identity and access to and from the cloud 18 Data and Application Protection Secure enterprise databases Build, test and maintain secure cloud applications Prevent advanced threats with layered protection and analytics © 2013 IBM Corporation
    19. 19. IBM Security Systems Securing the Mobile Enterprise Device Management Application Layer Security Security for endpoint device and data 19 Network, Data, and Access Security Achieve visibility and adaptive security policies Develop and test applications © 2013 IBM Corporation
    20. 20. IBM Security Systems Security Intelligence: Integrating across IT silos Security Intelligence and Analytics Security devices Correlation Servers and mainframes True offense • Logs/events • Flows • IP reputation • Geographic location Data activity Application activity Offense identification Activity baselining and anomaly detection Network and virtual activity • Credibility • Severity • Relevance • User activity • Database activity • Application activity • Network activity Configuration information Vulnerabilities and threats Suspected incidents Users and identities Extensive data sources + Deep intelligence = Exceptionally accurate and actionable insight V13-03 Key Themes Increased Data Sources 20 Integrated Vulnerability Management Enhanced Identity Context Data from 450+ security collectors and Integration with X-Force intelligence and other external feeds to use in analysis for determining relevant vulnerabilities and potential threats Comprehensive understanding of the configuration and exposure of systems in the environment, enabling contextual analysis to determine vulnerabilities against particular threats Integrated understanding of users, their roles, level of privilege, geographical location and their typical behaviors to enable enterprises to identify abnormal activity that might indicate insider threat © 2013 IBM Corporation
    21. 21. IBM Security Systems Trusteer Advanced Fraud and Malware Protection Advanced Fraud Protection Helping to protect against financial fraud and advanced security threats Among the capabilities Trusteer brings to IBMs security portfolio:  Web Fraud Protection Leading web fraud capabilities for financial services and web commerce  Secure Mobile Transactions Embedded security for mobile devices and applications helps enables secure transactions from devices to the back office  Advanced Malware Protection Unique endpoint solution for identifying and protecting against Advanced Persistent Threats  Security-as-a-Service Cloud based deployment enabling rapid and real-time updates 21 © 2013 IBM Corporation
    22. 22. IBM Security Systems Identity and Access Management: Helping to extend secure user access across the enterprise People Key Themes Standardized IAM and Compliance Management Insider Threat and IAM Governance Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure 22 Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management © 2013 IBM Corporation
    23. 23. IBM Security Systems Data Security: Helping to secure structured, unstructured, online and offline data across the enterprise Data Governance, Security Intelligence, Analytics Governance, Security Intelligence, Analytics Audit, Reporting, and Monitoring Audit, Reporting, and Monitoring • Reduce operational costs around data protection integrate integrate • Streamline regulation compliance process Data Discovery and Classification Data Discovery and Classification Security Solutions Security Solutions • Protect data in any form, anywhere, from internal or external threats Stored over Network (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..) (SQL, HTTP, SSH, FTP, email,. …) IT & Business Process IT & Business Process Policy-based Access and Entitlements Policy-based Access and Entitlements at Endpoint (workstations, laptops, mobile,…) Key Themes Expand to new platforms Expand beyond supporting databases to all relevant data sources, including data warehouses, file shares, file systems, enterprise content managers, and Big Data (Hadoop, NoSQL, in-memory DB), wherever data is stored 23 Introduce new data protection capabilities Lead on scalability and lower TCO Complement discovery, classification, monitoring, auditing, and blocking with though leadership capabilities like cloud encryption/tokenization, dynamic data masking, and fraud detection Continue to improve on solution deployability with improvements to scalability, performance, simplification, automation, serviceability, and ease of use © 2013 IBM Corporation
    24. 24. IBM Security Systems Infrastructure Protection: Endpoint Infrastructure Provides in-depth security across your network, servers, virtual servers, mainframes and endpoints Key Themes Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform 24 Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices Security Intelligence Integration Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform © 2013 IBM Corporation
    25. 25. IBM Security Systems Customer successes across domains Security Intelligence and Analytics Global office products supplier achieved greater visibility to potential security threats and PCI compliance with $0 cost increase Advanced Fraud Protection Protect against financial fraud and advanced security threats Banking clients reduced online banking fraud to near zero while complying with regulatory compliance mandates for layered security People Manage user access securely and cost-effectively Major South American bank health reduced the number of help desk calls by 30%, resulting in annual savings of $450,000+ Data Ensure privacy and integrity of data Major global bank saved $1.5 USD / year on storage costs and reduced compliance costs by $20M USD Applications Automate security testing on web-based applications Client added 225 new applications per year to handle US$1 quadrillion in securities transactions per year Infrastructure 25 Improve overall security and compliance Proactively alert, simplify monitoring and management Client monitored all devices and networks across all sites with zero false positives without blocking revenue-based traffic © 2013 IBM Corporation
    26. 26. IBM Security Systems Case Study: CEE based Insurance company gains actionable information in minutes to strengthen security and compliance Optimize staff resources 99% reduction in time to respond to security and IT incidents 99% reduction in compliance reporting time Uncovers threats and prioritizes risk for efficient and effective remediation “We can now find and address the source of a problem in minutes instead of tens of hours.” — Chief Information Security Officer, Insurance Company The transformation: By replacing manual processes with an advanced security solution from IBM, Client’s IT staff can quickly uncover threats, prioritize response based on risk level, and take action before the business is affected. The new solution integrates and analyzes data from disparate data sources and provides a unified view of potential security events, operational anomalies and vulnerabilities • IBM® QRadar® Security Intelligence 26 © 2013 IBM Corporation
    27. 27. IBM Security Systems Case Study: CEE based Bank gains 360-degree visibility into the enterprise Optimize security ROI 99% decrease in investigation time Immediate detection and notification of anomalies “With the IBM security platform, I now have a tool that gives me visibility across my enterprise and helps me find the source of the problem quickly.” - Chief Security Officer of the Bank 27 The transformation: Replacing an out-of-date security monitoring solution with an advanced security platform from IBM, Client’s security staff gained superior threat detection and a much richer view of enterprise activities. The new solution integrates and analyzes data from disparate sources to help staff more quickly uncover and respond to threats. • IBM® QRadar® Security Intelligence © 2013 IBM Corporation
    28. 28. IBM Security Systems IBM Security: Helping clients optimize IT security Integrated Portfolio Managed and Professional Services Extensive Partner Ecosystem IBM Research 28 © 2013 IBM Corporation
    29. 29. IBM Security Systems Thank you for your time today! Get engaged with IBM Security Follow us at @ibmsecurity and @ibmxforce Download X-Force security trend & risk reports http://www935.ibm.com/services/us/iss/xforce / Attend in-person events Join the Institute for Advanced Security http://www.ibm.com/events/calendar/ www.instituteforadvancedsecurity.com Subscribe to X-Force alerts at http://iss.net/rss.php or Frequency X at http://blogs.iss.net/rss.php Subscribe to the security channel for latest security videos www.youtube.com/ibmsecuritysolutions 29 © 2013 IBM Corporation
    30. 30. IBM Security Systems Disclaimer Please Note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 30 © 2013 IBM Corporation
    31. 31. IBM Security Systems Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 31 © 2013 IBM Corporation