This document discusses security challenges faced by business leaders and IBM's solutions to address them. It outlines typical security concerns like data security, identity management, and compliance issues. It then discusses the rising costs and complexity of security as threats increase. IBM promotes a strategy of foundational security controls that balance effectiveness, cost, and business needs to make security an enabler of innovation and change rather than a hindrance.
Antivirus específicos para entornos virtualizadosNextel S.A.
Ponencia de Álvaro Sierra, Major Account Manager de Trend Micro, durante la Jornada Tecnológica 2011 de Nextel S.A.
http://www.nextel.es/eventos_/jornada-tecnologica/
Antivirus específicos para entornos virtualizadosNextel S.A.
Ponencia de Álvaro Sierra, Major Account Manager de Trend Micro, durante la Jornada Tecnológica 2011 de Nextel S.A.
http://www.nextel.es/eventos_/jornada-tecnologica/
Scott Roe from Corporate Risk Solutions, a solution provider at the marcus evans Generation Summit 2012, on protecting utilities from internal and external attacks.
Interview with: Scott Roe, President, Corporate Risk Solutions
Malicious software or “malware” is the biggest network security threat facing organizations today. Cybercriminals target enterprises that hold a great deal of money or conduct a high volume of transactions on a daily basis. A network intrusion can cost an organization as much as $5 million. And, the damage to a company’s reputation can be irreparable. Statistics show that if a major security breach occurs against a U.S. enterprise, that organization
has a 90 percent chance of going out of business within two years. This is particularly alarming considering that malware is currently the fastest growing trend in the misuse of network resources.
BSidesLondon 20th April 2011 - David Rook and Chris Wysopal (@securityninja & @WeldPond)
--------------------------------------------------------------------
From the perspective of both an employee of a financial transaction provider and a security vendor, this presentation will focus on how to effectively sell the business value of application security to executives, middle management, and development groups
-----------for more about David & Chris go to
http://www.securityninja.co.uk/blog
http://www.veracode.com/blog/
Scott Roe from Corporate Risk Solutions, a solution provider at the marcus evans Generation Summit 2012, on protecting utilities from internal and external attacks.
Interview with: Scott Roe, President, Corporate Risk Solutions
Malicious software or “malware” is the biggest network security threat facing organizations today. Cybercriminals target enterprises that hold a great deal of money or conduct a high volume of transactions on a daily basis. A network intrusion can cost an organization as much as $5 million. And, the damage to a company’s reputation can be irreparable. Statistics show that if a major security breach occurs against a U.S. enterprise, that organization
has a 90 percent chance of going out of business within two years. This is particularly alarming considering that malware is currently the fastest growing trend in the misuse of network resources.
BSidesLondon 20th April 2011 - David Rook and Chris Wysopal (@securityninja & @WeldPond)
--------------------------------------------------------------------
From the perspective of both an employee of a financial transaction provider and a security vendor, this presentation will focus on how to effectively sell the business value of application security to executives, middle management, and development groups
-----------for more about David & Chris go to
http://www.securityninja.co.uk/blog
http://www.veracode.com/blog/
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
It's no secret that cybercriminals and the dynamic methods they use to do their dirty work are evolving faster than companies, governments and individuals are able to deal with them. Dexterity, unmatched domain expertise and the element of surprise creates advantages that grow each day. But what if IT security practitioners could use that power against their enemies, Jujitsu style?
Dr. Eric Cole says this is not only possible, but it’s time to go on the offensive against attackers by using their intelligence, desire for attention, financial motivations and attack tendencies against them to strengthen your own security posture. Dr. Cole, a celebrated author, cyber security consultant for governments and the Fortune 100, and a former CIA security analyst, highlights some of the biggest IT security threats and the critical weaknesses that unleash them on corporations and governments. Cole, president of enterprise and government cyber consultancy Secure Anchor Consulting, discusses:
Two of the most widely talked about threats in 2010, the ZeuS botnet and the Stuxnet worm.
How you can fortify your defenses using the principles of Jujitsu to quickly identify your foes and neutralize them.
How these principles can help you turn the motivations of your foes against them to achieve better security.
How an integrated security information and event management (SIEM) and file integrity monitoring (FIM) solution can detect threats faster, find an attacker's footprints before a breach and seal off discovered weaknesses in real time through on demand remediation.
Cyber Threat Jujitsu 101 Presentation with Mark Evertz and Dr. Eric Cole, IT Security Consultant and founder of Secure Anchor.
Catch the webcast with audio on Tripwire.com here: http://bit.ly/g27pJ6
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
Becoming the safe choice for the cloud by addressing cloud fraud & security t...cVidya Networks
Nava Levy, cVidya's VP SaaS/Cloud Solutions, chaired and spoke at TM Forum's Management World America's 2011 on Racing Ahead of the Competition by Capitalizing on Your Potential to be the Safe and Secure Choice for Cloud at The Race to Cloud Services Summit
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
4. Not all risks are created equally
Frequency of
Occurrences
Per Year Virus
Data Corruption
Worms Disk Failure
frequent
1,000
Application Outage
100 System Availability Failures
Lack of governance
10 Network Problem
Failure to meet
1 Industry standards
Failure to meet
Compliance Mandates Terrorism/Civil Unrest
1/10
Workplace inaccessibility Natural Disaster
infrequent
1/100
Regional Power Failures
1/1,000
Pandemic
1/10,000 Building Fire
1/100,000 $1 $10 $100 $1,000 $10k $100k $1M $10M $100M
Consequences (Single Occurrence Loss) in Dollars per Occurrence
low high
4
5. Increasing complexity
Interconnect, share
and protect
magnitude of data
Death by Confusion on
point 15 petabytes of new information approach
products are being generated every day. This Where to start?
is 8x more than the information in all
U.S. libraries
Rapidly Disruptive
changing technologies like
threat Virtualization and
environment Cloud Computing
508% increase in the number of
new malicious Web links discovered
80% Of enterprises consider security
in the first half of 2009 the #1 inhibitor to cloud adoptions
Source: IBM X-Force 2009 Mid-year Trend Report
5
5
6. Rising costs
Today’s CIOs spend 55% of their time on activities
that spur innovation. The remaining 45% is spent primarily on
cost reduction, managing risk and automation.*
Skills to deploy new IT departments have:
technologies like
Virtualization and Cloud •Increasing responsibilities
computing are costly •Time pressures
•Do more with less
Bulk of security Administrators and
budget is spent help desk resources
firefighting rather are strained to
than innovating support increasing
base of users
Source: IBM Global CIO Study, 2009
6
6
7. Cost, complexity and compliance
Death by point products
People are
becoming more
and more reliant on
Rising Costs: Do more with less security
Regulation/Compliance fatigue
IBM believes that
security is
progressively
viewed as every
individual’s right
7
8. “Foundational Controls” = seatbelts and airbags
• Find a balance between effective security and
cost
– The axiom… never spend $100 dollars on a
Pressure
Cost
fence to protect a $10 horse
• Studies show the Pareto Principle (the 80-20 Complexity
rule) applies to IT security*
Effectiveness
– 87% of breaches were considered
avoidable through reasonable controls
• Small set of security controls provide a Agility
disproportionately high amount of coverage
– Critical controls address risk at every layer Time
of the enterprise
– Organizations that use security controls *Sources: W.H. Baker, C.D. Hylender, J.A. Valentine,
2008 Data Breach Investigations Report, Verizon
have significantly higher performance* Business, June 2008
ITPI: IT Process Institute, EMA December 2008
• Focus on building security into the fabric of
the business
– “Bolt on” approaches after the fact are less
effective and more expensive
8
9. The IBM security strategy:
Make security, by design, an enabler of innovative
change
Trusted Partner Trusted Security Vendor
Delivering secure Providing end-to-end coverage
products and services across all security domains
• 15,000 researchers, developers and
SMEs on security initiatives
– Data Security Steering Committee
– Security Architecture Board
– Secure Engineering Framework
• 3,000+ security & risk management
patents
• Implemented 1000s of security projects
• 40+ years of proven success securing
the zSeries environment
• Managing over 7 Billion security events
per day for clients
• 200+ security customer references and
more than 50 published case studies
9
10. Physical infrastructure
BUSINESS VALUE
Provide actionable intelligence and improve effectiveness of physical infrastructure security
Video Surveillance Video Analytics Command and Control
Legacy analog video Video information from many IT and physical security
systems with proprietary cameras present an operate in silos and do not
interfaces are hard to information overload to integrate. It is increasingly
integrate with IT human security personnel, difficult and expensive to
Business challenge infrastructure detection is often after the consolidate security
fact and response information across locations
management is problematic for effectiveness and
compliance
IT infrastructure, Logical Smart Vision Suite Command Control Center
Software Security products, and DVS Solution
partner products
Base Digital Video Design, Implementation, Command Control Center
Professional Services Surveillance Infrastructure Optimization services Solution Services
services
This is not intended to be a comprehensive list of all IBM products and services
10
11. People and identity
BUSINESS VALUE
Lower costs and mitigate the risks associated with managing user access to corporate resources
Cost and Complexity of Providing Access to Auditing, reporting and
Managing Identities Applications managing access to resources
• On average, enterprises spend 2 “We would need to spend $60k • Privileged users cause 87% of
weeks to setup new users on all on each of our 400 applications internal security incidents, while firms
systems and about 40% of accounts to implement security access cannot effectively monitor thousands
Business Challenge are invalid rules” of security events generated each day
• 30% of help desk calls are for – Global financial services firm • Role management, recertification, etc.
password resets, at $20 per call
Tivoli® Identity and Access Tivoli Access Manager, Tivoli Tivoli Identity and Access Assurance,
Software Assurance, Tivoli zSecure suite Federated Identity Manager Tivoli Security Information and Event
Manager
Identity and Access Management Identity and Access Management Compliance Assessment Services,
Professional Services Professional Services Professional Services Privileged Identity Management
Managed Identity and Access Managed Identity and Access Managed User Monitoring and Log
Managed Services Management Management Management
This is not intended to be a comprehensive list of all IBM products and services
11
11
12. Data and information
BUSINESS VALUE
Understand, deploy and properly test controls for access to and usage of sensitive business data
Protecting Messaging Managing Data Access and Monitoring Data Access
Critical Security and Encryption and Preventing Data
Databases Content Filtering Loss
Mitigate threats Spam and inappropriate Over 82% of firms have had more than 42% of all cases involved third-
against databases Web sites pose major one data breach in the past year party mistakes and flubs…
from external productivity drains, involving loss or theft of 1,000+ records magnitude of breach events
Business attacks and internal resource capacity with personal information; cost of a data ranged from about 5,000 to
privileged users strains, and leading breach increased to $204 per 101,000 lost or stolen customer
Challenge attack vector for compromised customer record* records*
malware
Guardium Multi-Function Security Tivoli® Key Lifecycle Manager, Tivoli Data Loss Prevention; Tivoli
Software Database appliance, Security Policy Manager, Tivoli Security Information and Event
Monitoring & Lotus Protector Federated Identity Manager Manager
Protection
Data Security Data Security Data Security, Compliance Assessment Data Security, Compliance
Professional Assessment Assessment Services Services Assessment Services
Services Services
This is not intended to be a comprehensive list of all IBM products and services
* "Fifth Annual U.S. Cost of Data Breach Study”, Ponemon Institute, Jan 2010
12
13. Application and process
BUSINESS VALUE
Keep applications secure, protected from malicious or fraudulent use, and hardened against failure
Security in App Discovering App Embedding App Providing SOA Security
Development Vulnerabilities Access Controls
Vulnerabilities caught •74% of vulnerabilities in According to Establishing trust and high
early in the development applications have no patch customers, up to 20% performance for services that
process are orders of available today* of their application span corporate boundaries is a
magnitude cheaper to fix •80% of development costs development costs can top priority for SOA-based
Business Challenge versus after the are spent identifying and be for coding custom deployments
application is released correcting defects, costing access controls and
$25 during coding phase vs. their corresponding
$16,000 in post-production** infrastructure
Software Rational® AppScan®; Rational AppScan; Ounce Tivoli® Identity and WebSphere® DataPower®;
Ounce Access Assurance Tivoli Security Policy Manager
Secure App Dev Process App Vulnerability and Source Application Access
Enablement, App Code Scanning Services
Professional Services Vulnerability and Source
Code Scanning
Managed Vulnerability Managed Access
Managed Services Scanning Control
* IBM X-Force Annual Report, Feb 2009 This is not intended to be a comprehensive list of all IBM products and services
** Applied Software Measurement, Caper Jones, 1996
13
14. Application and Process
54% of all vulnerabilities disclosed in 1st half of 2008 were web-based*
75% of attacks are focused on applications**
IBM ISS Intrusion protection Define Security
Requirements
IBM ISS Managed Services and Policy IBM ISS Consulting
IBM Global Services Rational Requirements Management
Build
Manage, Security into
Monitor & design and Rational Application Developer
Defend models
Rational Software Architect
WebSphere Business Modeller
Deploy Build & Test
Rational Change Management
Rational BuildForge
Tivoli distribution products
Rational AppScan
14
15. Network, server and end point
BUSINESS VALUE
Optimize service availability by mitigating risks while optimizing expertise, technology and process
Storage
Systems Virtual Network
Protecting
Protecting Servers Protecting Endpoints Protecting Mainframes
Networks
Mitigate threats against Effective management can Mitigate network Mitigate threats against
servers; prevent data loss cut total cost of ownership based threats and mainframes; protect against
Business Challenge for secured desktops by prevent data loss vulnerabilities from
42%* configuration; contain the
privileged users
Server Protection, Server Desktop security platform; Network Intrusion Tivoli® zSecure suite
Software Protection for VMWare encryption Prevention System
(IPS)
Professional Server security, data Desktop security, data Network security
security assessment security assessment assessment services
Services services services
Managed IDS, Privileged Managed Desktop security Managed Network IPS
Managed Services User Mgmt platform
* Gartner Desktop Total Cost of Ownership: 2008 Update, Jan 2008 This is not intended to be a comprehensive list of all IBM products and services
15
15
16. Addressing New Threats
Virtualization and Cloud Computing
Market-leading network protection now
available on a virtual appliance
– World class, vulnerability-based protection
powered by X-Force research
– Integrate virtual security with physical
network protection
– Runs on VMWare
Segment-based network protection
– Physical network segments
– Virtual network segments
– Cloud-based service providers
Network protection with the speed of an
appliance
– Replacement for Real Secure Network
Sensor
– Upgrade to full Proventia protection
Makes virtualized and cloud environments
REAL FOR BUSINESS
16
17. Security governance, risk management and compliance
BUSINESS VALUE
Ensure comprehensive management of security activities and compliance with all security mandates
Security Pen Testing & Vuln. Sec. Compliance Incident
Strategy Design Assessment Assessment Response
Design and implement Identify and eliminate Perform security Design and implement
secure deployment security threats that compliance assessments policy and processes for
strategies for advanced enable attacks against against PCI, ISO and other security governance,
Business Challenge technologies such as systems, applications standards and regulations incident response;
Cloud, virtualization, and devices perform timely response
etc. and computer forensics
Rational® AppScan®; Tivoli Security Information Tivoli® Security
Guardium Database and Event Manager; Information and Event
Software Monitoring & Protection Guardium Database Manager;
Monitoring & Protection; Tivoli zSecure suite
Tivoli zSecure suite
Consulting Services; Ethical hacking and Qualified Security Policy definition
Professional Services Security Design AppSec assessment Assessors services; CERT team
App Vulnerability and Source Code Scanning Managed Protection
Managed Services OnDemand Services
This is not intended to be a comprehensive list of all IBM products and services
17
17
18. We know how…
Smarter security enabling client innovation
Banco Mercantil do Brasil DTCC
Automates access management, reduces Improves the delivery of new
the number of help desk calls by 30% with insurance products and services and
savings of 450K annually adds 225 new applications per year
Washington Metro Area Transit Authority Gruppo Intergea
Level 1 merchant with 9 million transactions Protects its network infrastructure from threats
yearly protects consumer trust by shielding and ensures business continuity
database infrastructure from internal and
external threats
18
20. Smart surveillance helped a large US metropolis to identify
safety threats quickly and respond proactively
Value
Helped increase patrolling of a convention center during
a conference event
Video analytics covered secondary sites, including
more than 2 dozen hotels hosting conference attendees
Surveillance solution identified a van parked by a hotel
for more than 24 hours and alerted police to avoid a
possible threat
Physical Infrastructure
Business Challenge Solution
IBM Smart Surveillance Solutions
• Identify public safety threats
before they happen • Delivers a broad set of surveillance
• Quickly respond to events with tools – including video analytics
police, emergency medical and centralized monitoring – to
services, and fire and rescue help identify threats and quickly
when needed alert police, fire and rescue resources.
20
20
21. Why IBM? IBM is dedicated to
cybersecurity advancement
“Worldclass Research”
IBM researches
and monitors
latest threat
trends with X-
Force
Institute Focus
• Engage in public-private collaboration
Provides Specific Analysis of: • Address and mitigate cybersecurity
Vulnerabilities and exploits Malware challenges
Malicious/Unwanted websites Other emerging
Spam and phishing trends • Provide a forum for clients to better
understand how recent IBM Research
Most comprehensive vulnerability
database in the world advances can help
Entries date back to the 1990’s
Click for more information
www.ibm.com/federal/security
21
Source: IBM X-Force Database, www.ibm.com/federal/security
21
22. Why IBM?
Recent accolades IBM and a few others can help any
sized customer with security,
regardless of whether they need
“IDC believes IBM has recognized help securing their business,
this trend and has created implementing an enterprise security
comprehensive security packages initiative, or fixing a big security
that leverage various products to problem.”
provide for multiple layers of security
to customers.” — Jon Oltsik, Enterprise Strategy Group, March 2010
— Charles Kolodgy, IDC, March 2010
In light of IBM’s growing presence in security and compliance,
and the weight of its impact on the larger issues of business
risk control, these factors should make IBM a primary partner
to consider in shaping strategy and evaluating technologies
and services that make a difference. Few others have the IBM was named the
range of capabilities of today’s IBM for addressing the “Best Security Company”*
challenge—fewer still have the resources of an IBM for by SC Magazine
understanding the nature of business risks and emerging
threats, and how best to address them going forward.” Source: SC Magazine award, March 2, 2010
High Performers and Foundational Controls: Building a Strategy for Security and Risk 22
Management - Enterprise Management Associates® (EMA™), Dec 2009
22
23. Why IBM?
IBM has unmatched global and local expertise in security
9 Security 9 Security 133 20,000+ 3,700+ 7 Billion+
Operations Research Monitored Devices under MSS Clients Events
Centers Centers Countries Contract Worldwide Per Day
23
3,000+ security and risk management patents 23
24. IBM is your trusted partner…
Know how to
ensure your success
Successfully implemented
Deliver value by 1000s of client projects
Help you to choose
understanding the big picture
Security across mainframes, Create the right solution for you
desktops, networks, handheld devices
Ensure success
Expertise to meet
by execution
your industry needs
Manage security for 400,000 IBM
Tailor solutions to meet your employees, 7B events/day for
industry challenges clients
Client success stories Leverage our skills to
to demonstrate results meet your goals
Provided IT Security for 1000s of researchers and SMEs
30+ yrs, 200 client references Partnership with
a huge ecosystem
Large business partner community
Delivering solutions that enable enterprises to be Secure by Design
24
24
27. Banco Mercantil do Brasil automates access management
processes and increases employee productivity
Value
Reduced the number of help desk calls by 30%, resulting
in savings of at least $450,000 USD annually
Enabled HR managers to create and cancel user accounts
in just 2 days instead of 7 – improving productivity
Provided 3,200 employees with a single password,
synchronized across several environments in 3 months “ We have already reduced
from 7 days to 2 days the
People & Identity
Business Challenge Solution time it takes to provide
employees with
• Automate access management IBM’s Identity Management solution access to IT resources,
processes for internal applications • Manages and including human resource
• Increase agility controls access at a central point processes, identifications
• Manage changes in business • Grants access based on roles and passwords.”
and increasing demands • Ensures security of — Jaime Roberto Pérez Herrera,
critical information Technical Support Manager, Banco
• Increases productivity Mercantil do Brasil.
27
27
Source: http://www-01.ibm.com/software/success/cssdb.nsf/customerindexVW?OpenView&Count=75&RestrictToCategory=corp_1&cty=en_us
28. Community medical center improves patient information
security to meet electronic data requirements (HIPAA)
Value
Client satisfied the mandated electronic data
requirements by required deadline (HIPAA)
Physicians, nurses and administrators are spending
less time logging onto and off applications
Reduced operating costs enabling the medical center
to focus more on patient care
People & Identity
Business Challenge Solution “The solution helped
address issues in more than
Access Manager for Single Sign On
• Meet federal guidelines for half of the HIPAA security
• Secures access to new and
HIPAA compliance standards, specifically
legacy applications
• Not impede staff convenience addressing many access
• Delivers single sign on and sign
control and audit tracking
off to users
issues.”
• Easy to deploy with maximum
— George Vasquez
flexibility
28
28 Source: http://www-01.ibm.com/software/success/cssdb.nsf/customerindexVW?OpenView&Count=75&RestrictToCategory=corp_1&cty=en_us
30. IBM X-Force Research and Development
What does it do?
– Researches and evaluates vulnerabilities and security issues
– Develops assessment and countermeasure technology for IBM security
offerings
– Educates the public about emerging Internet threats
Why is it differentiating?
– One of the best-known commercial security research groups in the world
– IBM X-Force maintains the most comprehensive vulnerability database
in the world—dating back to the 1990s.
– X-Force develops our Protocol Analysis Module which is the engine
inside IBM Security solutions. This technology allows X-Force to
regularly and automatically infuse new security intelligence into IBM
Security offerings on average 341 days ahead of the latest threats.
30
30
31. IBM X-Force Database
IBM X-Force® Database
Most comprehensive
vulnerability database in
the world
Entries date back to the
1990’s
Updated daily by a dedicated
research team currently
tracks over:
7,600 Vendors
17,000 Products
40,000 Versions
31
31
33. Homomorphic Encryption facilitates analysis of encrypted
information without sacrificing confidentiality
Analyze confidential
electronic client data
without seeing any private
information
Store data anywhere
while it remains
completely secure and
private
Query a search engine without will be the engine what you are
Service providers telling
to easily be able to adopt
looking for!
new models like cloud
33
computing and deliver 33
smarter services
34. IBM continues to research and test new, more robust and
more focused approaches to enterprise security
IBM is working with clients worldwide to implement the
new Enterprise Security Architecture
Combines:
IBM Methodology for Architecting Secure Solutions
Enterprise architecture framework of IBM Global
Services Method
The new architecture is defined around the concept
of six security zones of control
(Boundary control, authentication, authorization,
integrity services, audit/monitoring, and cryptographic
services)
34
34
35. Advanced Risk Analytics is the key to future of IT Security
• Mine intelligence from logs and
audit records from multitude of
event sources
• Consolidate and correlate
events and data at line speeds
and present them to the analyst in Advanced risk calculators to provide faster
data processing rates at 15 to 20 times the
a meaningful manner scale of today’s model
• Put control back into the hands Automatically creates and checks behavioral
of decision makers, such as Models for malware detection at real time
security analysts, by taking over Provides pre-fraud detectors with extremely
repetitive and manual tasks low false positive rates
35
35
36. With these new opportunities come new risks
Emerging technology
n Virtualization and cloud computing increase infrastructure complexity.
n Applications are a vulnerable point for breaches and attack.
Data and information explosion
n Data volumes are doubling every 18 months.
n Storage, security, and discovery around information context is becoming increasingly
important.
Wireless world
n Mobile platforms are developing as new means of identification.
n Security technology is many years behind the security used to protect PCs.
Supply chain
n The chain is only as strong as the weakest link… partners need to shoulder their fair
share of the load for compliance and the responsibility for failure.
Clients expect privacy
n An assumption or expectation now exists to integrate security into the infrastructure,
processes and applications.
Compliance fatigue
n Organizations are trying to maintain a balance between investing in both the security
and compliance postures.
36