Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US


Published on

Præsentation fra IBM Smarter Business 2012

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US

  1. 1. IBM Security SystemsIBM SecurityIntelligence, Integration and Expertise© 2012 IBM Corporation1 © 2012 IBM Corporation
  2. 2. IBM Security SystemsThe world is becoming more digitized and interconnected,opening the door to emerging threats and leaks… The age of Big Data – the explosion of digital DATA information – has arrived and is facilitated by EXPLOSION the pervasiveness of applications accessed from everywhere With the advent of Enterprise 2.0 and social CONSUMERIZATION business, the line between personal and OF IT professional hours, devices and data has disappeared Organizations continue to move to new EVERYTHING platforms including cloud, virtualization, IS EVERYWHERE mobile, social business and more The speed and dexterity of attacks has ATTACK increased coupled with new actors with new SOPHISTICATION motivations from cyber crime to terrorism to state-sponsored intrusions2 © 2012 IBM Corporation
  3. 3. IBM Security SystemsTargeted Attacks Shake Businesses and Governments Attack Type Bethesda Software SQL Injection URL Tampering Northrop Italy Grumman IMF PM Fox News Site Spear Phishing X-Factor 3rd Party SW Citigroup Spanish Nat. Sega DDoS Police Secure ID Gmail Booz Epsilon Accounts PBS Allen Hamilton Unknown Vanguard Sony PBS SOCA Defense Monsanto Malaysian Gov. Site Peru HB Gary RSA Lockheed Special Police Martin Nintendo Brazil Gov. L3 SK Communications Sony BMG Communications Size of circle estimates relative Greece Turkish Government Korea impact of breach AZ Police US Senate NATO Feb Mar April May June July Aug3 IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011 © 2012 IBM Corporation
  4. 4. IBM Security SystemsIT Security is a board room discussion Business Brand image Supply chain Legal Impact of Audit risk results exposure hacktivism Sony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurich potential $1B breach impacts 100 $150M class hack-at-will Insurance PLc long term discloses 24K national brands action spree impacts fined £2.275M impact – private banking settlement in Nintendo, CIA, ($3.8M) for the $171M / 100 customers release of PBS, UK NHS, loss and customers* credit / debit UK SOCA, exposure of card info Sony … 46K customer records4 *Sources for all breaches shown in speaker notes © 2012 IBM Corporation
  5. 5. IBM Security SystemsSolving a security issue is a complex, four-dimensional puzzle People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers Data Structured Unstructured At rest In motion Systems Applications Web applications Web 2.0 Mobile apps applicationsInfrastructure It is no longer enough to protect the perimeter – siloed point products will not secure the enterprise55 © 2012 IBM Corporation
  6. 6. IBM Security SystemsIn this “new normal”, organizations need an intelligent view of theirsecurity posture O Automated pt im I S nt ecu el iz lig rity ed Optimized e Prr P nc Organizations use e off o predictive and iic i ci automated security en en analytics to drive toward security intelligence Basic tt Ba Manual Organizations Proficient si employ perimeter c protection, which Security is layered into regulates access and the IT fabric and feeds manual reporting business operations Reactive Proactive6 © 2012 IBM Corporation
  7. 7. IBM Security SystemsIBM Security: Delivering intelligence, integration and expertise across acomprehensive framework  Only vendor in the market with end-to- end coverage of the security foundation  6K+ security engineers and consultants  Award-winning X-Force® research  Largest vulnerability database in the industry Intelligence Intelligence ● ● Integration Integration ●● Expertise Expertise7 © 2012 IBM Corporation
  8. 8. IBM Security SystemsIntelligence: Leading products and services in every segment8 © 2012 IBM Corporation
  9. 9. IBM Security SystemsAnalysts recognize IBM’s superior products and performance Domain Report Analyst Recognition Security Security Information & Event Management (SIEM) 2011 2010 Intelligence, Analytics and GRC Enterprise Governance Risk & Compliance Platforms 2011 2011 User Provisioning / Administration 2011 Role Management & Access Recertification 2011 People 2010 Enterprise Single Sign-on (ESSO) 2011* Web Access Management (WAM) 2011* Data Database Auditing & Real-Time Protection 2011 Static Application Security Testing (SAST) 2010 Applications 2010 Dynamic Application Security Testing (DAST) 2011 Endpoint Network Network Intrusion Prevention Systems (NIPS) 2010 2010 Infrastructure EndPoint Protection Platforms (EPP) 2010 Challenger Leader Visionary Niche Player Leader (#1, 2, or 3 in segment) Leader Strong Performer Contender * Gartner MarketScope9 © 2012 IBM Corporation
  10. 10. IBM Security SystemsIntegration: Increasing security, collapsing silos, and reducing complexity Increased Awareness and Accuracy Increased Awareness and Accuracy   Detect advanced threats with real-time intelligence correlation across security domains Detect advanced threats with real-time intelligence correlation across security domains   Increase situational awareness by leveraging real-time feeds of X-Force® Research and global threat Increase situational awareness by leveraging real-time feeds of X-Force® Research and global threat intelligence across IBM security products, such as QRadar SIEM and Network Security appliances intelligence across IBM security products, such as QRadar SIEM and Network Security appliances  Conduct comprehensive incident investigations with unified identity, database, network and endpoint  Conduct comprehensive incident investigations with unified identity, database, network and endpoint activity monitoring and log management activity monitoring and log management Ease of Management Ease of Management  Simplify risk management and decision-making  Simplify risk management and decision-making with automated reporting though a unified console with automated reporting though a unified console  Enhance auditing and access capabilities by sharing  Enhance auditing and access capabilities by sharing Identity context across multiple IBM security products Identity context across multiple IBM security products  Build automated, customized application  Build automated, customized application protection policies by feeding AppScan results into protection policies by feeding AppScan results into IBM Network Intrusion Prevention Systems IBM Network Intrusion Prevention Systems Reduced Cost and Complexity Reduced Cost and Complexity  Deliver fast deployment, increased value and  Deliver fast deployment, increased value and lower TCO by working with a single strategic partner lower TCO by working with a single strategic partner10 © 2012 IBM Corporation
  11. 11. IBM Security SystemsExpertise: Unmatched global coverage and security awareness Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches World Wide Managed IBM Research Security Services Coverage   20,000+ devices under contract 20,000+ devices under contract   3,700+ MSS clients worldwide 3,700+ MSS clients worldwide   9B+ events managed per day 9B+ events managed per day   1,000+ security patents 1,000+ security patents   133 monitored countries (MSS) 133 monitored countries (MSS)11 © 2012 IBM Corporation
  12. 12. IBM Security Systems How is IBM solving complex security challenges?1212 © 2012 IBM Corporation
  13. 13. IBM Security SystemsData ExplosionIBM is integrating across IT silos with Security Intelligence solutions Most Accurate & Sources + Intelligence = Actionable Insight13 © 2012 IBM Corporation
  14. 14. IBM Security SystemsSolving complex problems that point solutions cannot Discovered 500 hosts with “Here You Improving threat Have” virus, which all other security detection products missed Consolidating 2 billion log and events per day reduced data silos to 25 high priority offenses Predicting risks Automating the policy monitoring and against your evaluation process for configuration business changes in the infrastructure Addressing Real-time monitoring of all network regulatory mandates activity, in addition to PCI mandates14 © 2012 IBM Corporation
  15. 15. IBM Security SystemsConsumerization of ITIBM is converging traditional endpoint and mobile security managementinto a single solution with complementary services IBM Mobile Security IBM Mobile Software Security Services Device Lifecycle Management Inventory Mobile Enterprise Services (MES) Security Policy Management Endpoint Management Hosted Mobile Device Device and Security Management Data Wipe Secure Connectivity Anti-Jailbreak Secure Enterprise and Anti-Root Smartphone and Tablets15 © 2012 IBM Corporation
  16. 16. IBM Security SystemsAllowing organizations to innovate with confidence Saved on deployment time (400K users Significantly in <6 months) and management costs Reducing while helping to achieve compliance with Costs IBM’s end user device IT security policies (95% of patches applied within 24 hours) Deployed Tivoli Endpoint Manager to 1K Time-to-Value & endpoints in days, reduced the software update and patching process from 20 to Performance 1 person, remediation time from weeks Improvements to hours, and call volumes from 100 to less than 20 calls per day Combining power, patch and lifecycle management along with security and Ecosystem compliance, Fiberlink was able to grow Value Creation its cloud-based, mobile device management business by 25% annually over the last 5 years16 © 2012 IBM Corporation
  17. 17. IBM Security SystemsEverything is EverywhereIBM is helping clients adopt cloud with flexible, layered security solutions Identity Web Application Virtualization Network Image & Patch Database Federation Scanning Security Security Management Monitoring IBM Security Intelligence17 © 2012 IBM Corporation
  18. 18. IBM Security SystemsEnabling security for new business models and delivery methods Worldwide Enabled security for access to public European SaaS applications – including Google Energy access to SaaS Apps and – using cloud- Company applications enabled federation Best-in-class Integrated security in a multi-tenant Infrastructure-as-a-Service environment security for a using flexible, virtualized security cloud provider managed from the cloud Rapid Identity Delivered identity and access management capabilities quickly and solution easily using a SaaS-deployed Tivoli deployment solution18 © 2012 IBM Corporation
  19. 19. IBM Security SystemsAttack SophisticationIBM is helping clients combat advanced threats with pre- and post-exploitintelligence and action Are we configured What are the external What is happening to protect against What was the impact? and internal threats? right now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. Network and Host Intrusion Prevention. Configuration and Patch Management. Network Anomaly Detection. Packet Forensics. X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. IBM Security Intelligence19 © 2012 IBM Corporation
  20. 20. IBM Security SystemsIdentifying and protecting against sophisticated attacks Deployed solutions to identify threats and Securing across vulnerabilities with protection across the the enterprise entire infrastructure – from network to ecosystem desktops in the customers’ showrooms and remote offices Luxury Detecting Cross-correlated identity, access, and Brand application data to identify trusted insider insider fraud stealing and destroying key data Retailer Outsourced security management for End-to-end critical credit card holding systems (318 monitoring and network devices and servers), security- managed protection event log monitoring and reporting through a SaaS-based customer portal services to detect and prevent attacks20 © 2012 IBM Corporation
  21. 21. IBM Security SystemsSecurity Intelligence is enabling progress to optimized security Security Intelligence: Information and event management Security Advanced correlation and deep analyticsIntelligence External threat research Optimized Advanced network Role based analytics Secure app monitoring Identity governance Data flow analytics engineering processes Forensics / data Privileged user Data governance mining controls Fraud detection Secure systems Virtualization security User provisioning Application firewall Access monitoring Asset mgmt Proficient Access mgmt Source code Data loss prevention Endpoint / network Strong authentication scanning security management Encryption Perimeter security Basic Centralized directory Application scanning Access control Anti-virus People Data Applications Infrastructure21 © 2012 IBM Corporation
  22. 22. IBM Security SystemsIntelligent solutions provide the DNA to secure a Smarter Planet Security Intelligence, Analytics & GRC People Data Applications Infrastructure22 © 2012 IBM Corporation
  23. 23. Comments or Questions? IBM Security Systems Come see the Security Systems Team in the Expo area: Jesper Glahn Marcus Eriksson Sven-Erik VestergaardDenmark Sales Leader Sales Leader, ISS Sara Anwar Security Architect & Qradar Nordic Sales23 © 2012 IBM Corporation
  24. 24. IBM Security Systems © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United24 States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. © 2012 IBM Corporation