Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment

613 views

Published on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DSS ITSEC 2013 Conference 07.11.2013 - Security in High Risk Environment

  1. 1. IBM Security Systems Security in High Risk Environment Vulnerabilities, Vulnerabilities and Vulnerabilities Jan Bojtos Security Channel Manager Central & Eastern Europe IBM Security Systems jan.bojtos@sk.ibm.com © 2013 IBM Corporation 1 © 2013 IBM Corporation
  2. 2. IBM Security Systems You know? You can do this online now. 2 © 2013 IBM Corporation
  3. 3. IBM Security Systems Agenda  Application Security  Vulnerability Management  New Generation Network Security 3 © 2013 IBM Corporation
  4. 4. IBM Security Systems Agenda  Application Security  Vulnerability Management  New Generation Network Security 4 © 2013 IBM Corporation
  5. 5. IBM Security Systems Security Incident s in the first half of 5 © 2013 IBM Corporation
  6. 6. IBM Security Systems The Application Security landscape Web application vulnerabilities dominate the enterprise threat landscape Applications in Development  In-house development  Outsourced development Production Applications  Developed in house  Acquired  Off-the-shelf commercial apps • • 6 Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012 47% of all vulnerabilities that the IBM XForce documented in 2012 were considered web application vulnerabilities *IBM X-Force 2012 Trend & Risk Report  Vulnerabilities are spread through a wide variety of applications **IBM X-Force 2012 Trend & Risk Report © 2013 IBM Corporation
  7. 7. Applications IBM Security Systems Challenge 1: Finding more vulnerabilities using advanced techniques Total Potential Security Issues Static Analysis - Analyze Source Code - Use during development - Uses Taint Analysis / Pattern Matching Dynamic Analysis - Analyze Live Web Application - Use during testing - Uses HTTP tampering Hybrid Analysis - Correlate Dynamic and Static results - Assists remediation by identification of line of code Run-Time Analysis - Combines Dynamic Analysis with run-time agent - More results, better accuracy 77 Client-Side Analysis !New !New - Analyze downloaded Javascript code which runs in client !New - Unique in the industry !New © 2013 IBM Corporation
  8. 8. IBM Security Systems Challenge 2: Reducing Costs Through a Secure by Design Approach 80% of development costs 80% of development costs are spent identifying and are spent identifying and correcting defects!* correcting defects!* Average Cost of a Data Breach Average Cost of a Data Breach $7.2M** from law suits, loss of customer $7.2M** from law suits, loss of customer trust, damage to brand trust, damage to brand Find during Development Find during Build Find during QA/Test Find in Production $80/defect $240/defect $960/defect $7,600 / defect “As financially-motivated attackers have shifted their focus to applications, Web application security has become a top priority. However, “As financially-motivated attackers have shifted their focus to applications, Web application the responsibility for web application security cannot rest solely with information security. Enterprises should evaluate how to identify the responsibility for web application security cannot rest solely with information security. Enterprises should evaluate how to vulnerabilities in Web applications earlier in the development process as transparently as possible using web application security testing vulnerabilities products or services.” products or services.” Neil MacDonald, Gartner, 12-6-11 Neil MacDonald, Gartner, 12-6-11 8 * Source: National Institute of Standards and Technology ** Source: Ponemon Institute 2009-10 © 2013 IBM Corporation
  9. 9. IBM Security Systems Challenge 3: Bridging the Security/Development gap Break down organizational silos  Security experts establish security testing policies  Development teams test early in the cycle Provide Management Visibility  Dashboard of application risk  Enable compliance with regulation-specific reporting  Treat vulnerabilities as development defects “… we wanted to go to a multiuser web-based solution “… we wanted to go to a multiuser web-based solution that enabled us to do concurrent scans and provide our that enabled us to do concurrent scans and provide our customers with a web-based portal for accessing and customers with a web-based portal for accessing and sharing information on identified issues.” sharing information on identified issues.” Alex Jalso, Asst Dir, Office of InfoSecurity, WVU Alex Jalso, Asst Dir, Office of InfoSecurity, WVU 9 Developer Architect Quality Professional Enables Collaboration Security Auditor © 2013 IBM Corporation
  10. 10. IBM Security Systems Finding Vulnerabilities During Security Test Phase SDLC Coding % of Issue found by stage of SDLC 10 Build QA Security Production Most Issues are Most Issues are found by security found by security auditors prior to auditors prior to going live. going live. © 2013 IBM Corporation
  11. 11. IBM Security Systems Maturity of Security Testing SDLC Coding % of Issue found by stage of SDLC 11 Build QA Security Production Desired Profile Desired Profile © 2013 IBM Corporation
  12. 12. IBM Security Systems Organizations need to take a proactive approach to Application Security  Embed security testing early in the development lifecycle to support agile delivery demands  Bridge the gap between “Security” and “Development” through joint collaboration and visibility, enabling regulatory compliance  Integrate security testing into the development lifecycle, through interfaces to development tools A proactive team approach to Application Security AppScan Static Analysis Hybrid Analysis Dynamic Analysis Collaboration Governance Visibility Analyst Developer Quality Professional Architect Security Auditor 12 © 2013 IBM Corporation
  13. 13. IBM Security Systems IBM Security Systems AppScan Suite – Comprehensive Application Vulnerability Management SECURITY REQUIREMENTS CODE BUILD QA AppScan Enterprise Security Requirements Definition Security requirements defined before design & implementation AppScan Source Build security testing into the IDE PRE-PROD PRODUCTION AppScan onDemand AppScan Standard Security & Automate Security Security / compliance Compliance testing incorporated / Compliance Testing, into testing & testing in the oversight, control, remediation Build Process policy, audits workflows AppScan Standard Outsourced testing for security audits & production site monitoring Application Security Best Practices – Secure Engineering Framework 13 13 Dynamic Analysis/Blackbox – Static Analysis/Whitebox - © 2013 IBM Corporation
  14. 14. IBM Security Systems Agenda  Application Security  Vulnerability Management  New Generation Network Security 14 © 2013 IBM Corporation
  15. 15. IBM Security Systems Vulnerability market trends 1 Escalating Escalating threat landscape threat landscape Vulnerabilities are increasing in volume and severity, while attackers are exploiting them quicker than ever before… and with greater sophistication 15 2 Evolving IT Evolving IT infrastructures infrastructures Rapid adoption of mobile and cloud – as well as the ever increasing speed and complexity of IT – make discovery and accuracy of new and existing risks a daunting task 3 Surpassing simple Surpassing simple compliance efforts compliance efforts Routine snapshots may satisfy the auditors, but hardly enough to understand what’s really going on within your IT environment © 2013 IBM Corporation
  16. 16. IBM Security Systems Customer business problems Problems in current Vulnerability management deployments: !! Yo ur V Siloed system limitations !! rV uln rV uln era uln era bil itie era s bil itie s bil it ies Hidden risks remain Leaves unanswered questions 16 Yo u Data overload inhibitor !! Yo u CV E CV CV E E CV CV CV CV E E E CV CV CV CVE E CV CV E E E E C C C C CV E CV CV CV VE VE VE CVE C E C V E E CE C C C V V V CV CV CV VE VE E VE C E C E C E CV CV E E C C C C C CV VE VE VE E E E V VE VE E C C E CV CV CVE VE VE EVC C C C CV CV CVE CVE VE E V E C CV C VE E VE C CVE CV CCV CVE VE E VE CVC E C E CV CVE CVE CVE VE VE V C E E VEE C C CVCVCVE VE CVE E VE E C C C C C CV CV V V E E CV CV CV E E E E C C C C CVC CV C V VE VE VE VE C C CV E CE C C CC CV CV V V VE VE EVE E VE E C C E V C C C V E EE E C CV CV CVVE VE E VVE E C C C CV V CV VCV VE V VE VE VE C E C E CV CC E E E CE CCV C CV V C V V V E E CE E C CE C CV C V V E VE CV CV CVE E VE E VE E E VE E CE E CVCV V CV VCV VE VE E VE C E C E CV V C V C C CVV E C C C CC CV V V CCE VE V E E E CE E C C C C E E V E C E VE V E CV CV CVVE VE E VVE E E E CVECC CE C CVCV VE VE CVEVE VEVE E C E CV CC CV V V V V C E E CC E CC CV CVE V CVECE EVE E VE E C C C C CVC CVCV V VE E E E V CV CV V VE VVE CCE VEE C C C CE VC CV CV V V VE VE EVE E E E C CV C E CCE V C CV VV V V V CEVE E E E E C C C C C C C E CE C C V V E E VEV V E VVC C E EV E C C CC E CC C V CV CV CVVE VE E VVE E E E E EECCV E CV V CV VE V VCVEVE VEVE C E C E CV C V E E C V E C C CV V V V VE E CE E E E CCE C CVC C C E VE C V CV CV CCVECCVE VE E VVECE E E E CECCE V V V VE V VE VE EVEVEVEVE C E CV E CC C CC CV V V V E CE E C C C C V CV V VV E C E CE E C C C C C E VV C E V VV E CVE EE E CV CVV V V C V V V CV CV CVVECCEE VVE VE E CEEC E E V CV CV VE V CEE E E VE E E E C E CV C E CV CE V CVE E E E E CC V E E E CC CC C V V CV C CV CVE V VC CV V C V C CC CV CV CV CCVE VVE VVECVE E C EEC E E V CVE VCVE E EVE E VE E C E CV E C C VE E V CVE E E E E E C C C CVC CV V E E C CC V E E VV CV CV V V CV CV CV CV CVE CVVE VVECC EECVEE C E CCCVE CVE E E E VE EVE E C E C CV C E CC E E E E VV V E VV VV C E E C C CV C CV V V CV E CV CV CV CVE CVE VVE C EEC E C V E CEE CV CVECVE VE E VE E C E C E EC CV C CV V VEE E VE C C C V E E C V V E V CC VC C V V CV CV CVE CVE VE VVE C EECC EECCE E V V CCV VE VE EVE E C E C E EC V E C E C C CV CV V VE V E VVE VVE E E CEE C CVC CV E C V CE V VE VE VE C E C E C E C V CCV CCVE VE E VE E VE E CV E CV V CV CV CV VE VE VE VEE CEE C E CCV CV CVE E E C E C E CV VE E C E C CV CV CV CVVE VVE VEE E EC E C E C E CCV CCV CVE CVE VE VE E VE E VEE VE CV CV CV V V C C E C E C E C E CVE CV CCVE VE VE V VE VE VE E E C E CV CVE EC CV CV CVE CVE VE VE E C E C CV CV VE VE E E CV CV CVE EC EC VE VE CV E Creates security gaps • • • • • Has that been patched? Has or will it be exploited? Does my firewall block it? Does my IPS block it? Does it matter? © 2013 IBM Corporation
  17. 17. IBM Security Systems Our solution: IBM Security QRadar Vulnerability Manager Solution Highlights  Unique VA solution integrated with Security Intelligence context/data New Log Manager SIEM Network Activity Monitor Risk Manager Vulnerability Manager  Providing unified view of all vulnerability information  Dramatically improving actionable information through rich context  Reducing total cost of ownership through product consolidation Security Intelligence is extending and transforming vulnerability management – just as it did with logs, events, flows and risk management. 17 © 2013 IBM Corporation
  18. 18. IBM Security Systems IBM Security QRadar Vulnerability Manager key features  Contains an embedded, well proven, scalable, analyst recognised, PCI certified scanner  Detects 70,000+ vulnerabilities  Tracks National Vulnerability Database (CVE)  Present in all QRadar log and flow collectors and processors  Integrated external scanner  Complete vulnerability view supporting 3rd party vulnerability system data feeds  Supports exception and remediation processes of VM with seamlessly integrated reporting and dash boarding 18 Complete Vulnerability Context and Visibility Integrated vulnerability scanner Network discovery and asset information IBM Security Context 3rd Party vulnerability solutions AppScan Guardium Endpoint (BigFix) Network IPS X-Force e.g. Qualys Rapid7 Nessus nCircle McAfee © 2013 IBM Corporation
  19. 19. IBM Security Systems Security Intelligence Integration  QVM scanners present in every QRadar appliance − ‘Switch’ on distributed scanning  Event triggered scanning − E.g. New asset seen  Rapid and dynamic scans using asset search based scans − Less time spent searching  Shared reporting and dashboard infrastructure, providing single view Scanning  External threat posture, exploit events, network usage, and security context seamlessly integrated 20 © 2013 IBM Corporation
  20. 20. IBM Security Systems What’s a difference? Standard VM Y Yo our V Yo u ur r Vu ulne Vu r l lne nera abili t ie rab bil ilit ities s ies CV E CV CV CV E E C EC CV V E CV CV V CV CV E C E C E C E CV CV EC E CVE VE VE VE EC C E C CV CV C V E C VE E CVE VE E CVE CVC CVE VE VE C E C C CV CV V VC C C V V EV E CV CVC CVE CVE VE VE C E C E E E C E CV CV CVE EVC EVCV CV CVE VE VE CV C VC CVE CVE E E E E C C E CVE CVC EV C E E CV CV CV CV CVC EVC EVCV EVCVC CVE CVE VE VE C C E E C E CE E EVCV VCV VE V VE VC E CV E CV CV CV V C E VE C C E C CV EC E C EV CV CV E E C VC E V E C E C EC E E E CV E CVE CV E CVC VEVC CVC VC VE C E VE E C E V CV CV E V E VE EVE EVE CVCVE CVE VE VE VE C E C EC CVC CV EVC CVC C E CE C CVC CVE EV EVE EVE EVE CV CV VE VE CV CV VE VE E EV VCV CV E CV CV VE CV E CV CVC CVE E E C C C E C E C C CV E C CVE E E V E EVC CVE EV V VCV CV E CV E V E CE C CVE CVC E V V E E C C CV CV E VE CVC E VE VE C CVE CVE VE CV VCV E C E CV E CV E EV E CV CV C CVE CVE VCV VC C E C E CV V CVE E EC E C C E V CV E CVE E EV E C EC E CVC CVE E E C C VE CV C VC E CV CV E E CV C E E E EVC EVE C V C C CV VE C E VE E CVE VC VE C EE E CVC CV C CV C V E C C E V E V V VC V CVC CV E VE VE E C E CV CC E V E VE E VE E VE CVE E CE E E CV VCV VE C VE CV CV E C VE CV C CV E E CV CV V C V C E VE CV CV EC VE CVC CVC CVE CVE E E VE E E C E C CV CV E E EV CV EVC CVE E VE E VE VE E CVC CVEV VE VE C E C CV CV CV VE E CV C E C E C C CV E CE C CV C EVC V C VE VE E V CV E VC C V CV E VE VE E C V E C E CV CV E V E VE E VE VE CV C CE E E C EVCV VCVC E C E CV EC EE CV CV C CVE CVE E V V CV VEVE E C E CV CV C E EE C E E C E EVE E VE E CV V C CV CV CVE E VE VE VE CE E CVC VCV VCV VE C E CV C E E E C E C CVE VE V VE V E V CVE E VCV CVC CVE CVE E CV C C C C C CE CV C VC CVE CVE V E E E CV E V EVC CV CV VE VE CV C E E E E VE E C CV C E E V C VC C E E CV E CV CV E VE VE VE VE CVC CVEV VE C VE C E CV CV CVE CVE CVE V VC E E C E E EC EC E C V C E V CV CVE E C VE C V V E C C V C VE VE VE CE E CE E CVC VCV VE C E C E E E V C V C C C E E CV VE V CV CVE EVE E CV CVE VE CV CE E C VC VCV E V E C E C E C VE VE V EV E C C C CV E C E CV VE VE VE CV C CVC EVE VE C VE E CV VCV E VE EVEV CV V E C C EC CV VE C E C E C E CV VE V E C E C E E VE VE VE CVC CVE CVE VE E CV CVE E VE CV CV CV E EC C E E VE VE CV E CV E 22 QRadar QVM !! CV E CV CV E E CV CV CV E EC E CV CV CV VE E E E CV CV ICVE CVE CV E na C C E E C c CV CV CVE VE tiVE VE C E v E CV CV eCVE VE CV CV CV E C CV CV E E EC E CV CV CV CVE VE VE E C E C E CV CV V E VE E C C CV CV CVE VE VE E C E C E CV CV E E E CV CV CVE VE VE E CV CV CVE Pa E C E C C CV CVE CVE CVE E E CV tcE VE VE VE E C C CV CVE CV CV CV hC C CV CV VE VE E E E E ed CV CV CV CVE VE VE E C E C CV CV CVE C E C E EC VE E E CV CV CV V CVE VE VE VE CV CV E C C E EC E E CV CVE CVE VE VE E C CV CV CV CVE VE E CV CV CVE VE C E E Cr E CVE CVE CVE CVE CVE CVE C E CVE CV CVE CV iE iC C CV CV CV VE VE l E C E C B tc V E E VEl E E a C Coc V V CV CV CVE CVE VE VE keE C E CV E E E C C CV d VE CV CV CVE CVE VE VE E C E C V EA C CV CV CVE CVE VE VE C E t ri E CV Es CV CV CVE CVE E VE kE E ! C C CV CV CVE VE VE E E CV CV CV CV E E Ex E CV E CV CV pEo E C E l Ci V VE E ted CV !E Yo ur V uln e rab ilit ies © 2013 IBM Corporation
  21. 21. IBM Security Systems QVM enables customers to interpret ‘sea’ of vulnerabilities Inactive: QFlow Collector data helps QRadar Vulnerability Manager sense application activity Patched: IBM Endpoint Manager helps QVM understand which vulnerabilities will be patched Critical: Vulnerability knowledge base, remediation flow and QRM policies inform QVM about business critical vulnerabilities 23 CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE CVE Inactive Blocked Patched Critcal At Risk! Blocked: QRadar Risk Manager helps QVM understand which vulnerabilities are blocked by firewalls and IPSs Exploited! At Risk: X-Force Threat and SIEM security incident data, coupled with QFlow network traffic visibility, help QVM see assets communicating with potential threats Exploited: SIEM correlation and IPS data help QVM reveal which vulnerabilities have been exploited © 2013 IBM Corporation
  22. 22. IBM Security Systems QRadar Vulnerability Manager offering structure  Licensed based on number of Assets scanned  Base Vulnerability Manager capability – QVM vulnerability scans up to 255 assets – Unlimited QVM discovery scans – Hosted scanner for DMZ scanning – Ability to apply QVM functionality to all 3rd party scanner data integrated with QRadar – Deploy QVM Scanner on any managed host AppScan – Deploy unlimited standalone software or Virtual Scanners  Simple capacity increases 24 IBM Endpoint Manager © 2013 IBM Corporation
  23. 23. IBM Security Systems Agenda  Application Security  Vulnerability Management  New Generation Network Security 25 © 2013 IBM Corporation
  24. 24. IBM Security Systems The Evolving Challenges of Network Security 1 Complexity of Complexity of Attacks Attacks 2 Complexity of Complexity of Users Users • Advanced Persistent Threats • Blending work/personal use • 0-Day Vulnerabilities • Broad information sharing • Targeted Phishing • Poor security vigilance • Stealth Botnets • Targeted by social engineering • Designer Malware 26 3 Complexity of Complexity of Technology Technology • Point solutions creating “Security Sprawl” • Bring Your Own Device • Evolving networking and connectivity standards • Rapid growth of web applications © 2013 IBM Corporation
  25. 25. IBM Security Systems Introducing IBM Security Network Protection XGS The Next Generation of IBM intrusion prevention solutions ADVANCED THREAT PROTECTION SEAMLESS DEPLOYMENT & INTEGRATION Proven protection from sophisticated and constantly evolving threats, powered by X-Force® 27 COMPREHENSIVE VISIBILITY & CONTROL Helps discover and block existing infections and rogue applications while enforcing access policies Adaptive deployment and superior integration with the full line of IBM security solutions © 2013 IBM Corporation
  26. 26. IBM Security Systems Advanced Threat Protection The XGS 5100 helps protect against a full spectrum of targeted attacks, even in SSL-encrypted connections Infrastructure System-level Attacks Service-level Attacks Users Web Application Attacks Spear Phishing Client-side Application Protection Malicious Attachments Web/Social Media Risks X X X X X X         Extensible, Ahead-of-the-Threat Protection backed by the power of IBM X-Force® to help protect against mutating threats 28 © 2013 IBM Corporation
  27. 27. IBM Security Systems Comprehensive Visibility & Control Context-aware access control policies block pre-existing infections, rogue applications, and policy violations Complete Identity Awareness associates valuable users and groups with their network activity, application usage and application actions Access Control Policies block pre-existing compromises and rogue applications as well as enforce corporate usage policies 400+ 2,000+ 20 Billion+ Protocols and File Formats Analyzed Applications and Actions Identified Deep Packet Inspection fully classifies network traffic, regardless of address, port , protocol, application, application action or security event 30 URLs classified in 70 Categories © 2013 IBM Corporation
  28. 28. IBM Security Systems Seamless Deployment and Integration Quick initial deployment and immediate integration points with other security technologies such as QRadar Adaptable Deployment Advanced QRadar Integration • Seven varieties of network interface modules • Helps mitigate known and unknown attacks • Flexible performance licensing • Detect “low and slow” and advanced persistent threats • Built-in, programmable network bypass • Integrated SSL inspection 32 • Analysis and correlation across both IBM and non-IBM products Breadth and Depth of Portfolio • Protection of people, data, applications and infrastructure • Advanced cross-product research & development • Solutions and services for practically every security need © 2013 IBM Corporation
  29. 29. IBM Security Systems New XGS Product Line 33 © 2013 IBM Corporation
  30. 30. IBM Security Systems IBM Security Network Protection (XGS) The Next Generation of IBM’s legendary network security solutions Top 5 Reasons to Upgrade to or Purchase an XGS Appliance 1.Visibility and Control over Web and non-Web applications and use 2.Ability to secure encrypted traffic without separate hardware (SSL) 3.Wide performance range with a simple license (600Mbps - 5Gbps) 4.Integrated bypass and flexible network connections (1GbE/10GbE) 5.Tight integration with QRadar including ability to send flow data 34 © 2013 IBM Corporation
  31. 31. IBM Security Systems ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United © 2013 IBM Corporation 35 States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

×