© 2013 IBM Corporation
IBM Security Systems
1
© 2012 IBM Corporation
IBM Security Strategy
Intelligence, Integration and Expertise
Marc van Zadelhoff
VP, WW Strategy and Product Management
Joe Ruthven
IBM MEA Security Leader
IBM Security Systems
April 2013
© 2013 IBM Corporation
IBM Security Systems
2
Bring your
own IT
Social
business
Cloud and
virtualization
1 billion mobile
workers
1 trillion
connected
objects
Innovative technology changes everything
© 2013 IBM Corporation
IBM Security Systems
3
Motivations and sophistication are rapidly evolving
National
Security
Nation-state
actors
Stuxnet
Espionage,
Activism
Competitors and
Hacktivists
Aurora
Monetary
Gain
Organized
crime
Zeus
Revenge,
Curiosity
Insiders and
Script-kiddies
Code Red
© 2013 IBM Corporation
IBM Security Systems
4
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: IBM X-Force ® 2012 Trend and Risk Report
© 2013 IBM Corporation
IBM Security Systems
5
Influencers
•Confident / prepared
•Strategic focus
Protectors
•Less confident
•Somewhat strategic
•Lack necessary structural
elements
Responders
•Least confident
•Focus on protection and
compliance
have a dedicated CISO
have a security/risk
committee
have information security
as a board topic
use a standard set of
security metrics to track
their progress
focused on improving
enterprise communication/
collaboration
focused on providing
education and awareness
How they differ
Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from
the 2012 IBM Chief Information Security Officer Assessment , May 2012
IBM’s 2012 Chief Information Security Officer Study revealed the
changing role of the CISO
© 2013 IBM Corporation
IBM Security Systems
6
Security challenges are a complex, four-dimensional puzzle …
… that requires a new approach
Applications
Web
Applications
Systems
Applications
Web 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
People
Hackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems
Applications
Outsourcers
Structured In motion
Customers
Mobile
Applications
© 2013 IBM Corporation
IBM Security Systems
7
© 2013 IBM Corporation
IBM Security Systems
8
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
© 2013 IBM Corporation
IBM Security Systems
9
Intelligence: A comprehensive portfolio of security solutions
Backed by GTS Managed and Professional Services
Enterprise Governance, Risk and Compliance Management
GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)
v13-02
Operational IT Security Domains and Capabilities
People Data Applications Network Infrastructure Endpoint
Federated
Identity Manager
Guardium
Database Security
AppScan Source
Network
Intrusion
Prevention
Endpoint
Manager (BigFix)
Enterprise Single
Sign-On
Guardium
Vulnerability Mgt
AppScan Dynamic
NextGen Network
IPS
Mobile Device
Management
Identity and Access
Management Suite
Dynamic Data
Masking
DataPower Web
Security Gateway
SiteProtector
Management
System
Virtualization and
Server Security
Privileged Identity
Manager
Key Lifecycle
Manager
Security
Policy Manager
Network
Anomaly Detection
Mainframe Security
(zSecure, RACF)
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager
IBM Security Portfolio
© 2013 IBM Corporation
IBM Security Systems
10
Domain Segment / Report Analyst Recognition
Security
Intelligence,
Analytics and
GRC
Security Information & Event Management (SIEM) 2012 2010
Enterprise Governance Risk & Compliance Platforms 2011 2011
People
Identity & Access Governance 2012
User Provisioning / Administration 2012
2012***
2010
Role Management & Access Recertification 2011
Enterprise Single Sign-on (ESSO) 2011*
Web Access Management (WAM) 2012**
Data
Database Auditing & Real-Time Protection 2011
Data Masking 2013
Applications
Static Application Security Testing (SAST) 2010
2010
Dynamic Application Security Testing (DAST) 2011
Infrastructure
Network Intrusion Prevention Systems (NIPS) 2012 2010
EndPoint Protection Platforms (EPP) 2013
Analysts recognize IBM’s superior products and performance
ChallengerLeader Visionary Niche Player
Leader ContenderStrong Performer
Leader (#1, 2, or 3 in segment)
V13-05
* Gartner MarketScope (discontinued in 2012)
** Gartner MarketScope
*** 2012 IDC MarketScape ranked IBM #1 in IAM
© 2013 IBM Corporation
IBM Security Systems
11
 Customize protection
capabilities to block specific
vulnerabilities using scan
results
 Converge access
management with web service
gateways
 Link identity information with
database security
 Stay ahead of the changing
threat landscape
 Designed to help detect the
latest vulnerabilities, exploits
and malware
 Add security intelligence to
non-intelligent systems
 Consolidate and correlate
siloed information from
hundreds of sources
 Designed to help detect, notify
and respond to threats missed
by other security solutions
 Automate compliance tasks
and assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK2012-04-26
© 2013 IBM Corporation
IBM Security Systems
12
Collaborative IBM teams monitor and analyze the latest threats
CoverageCoverage
20,000+ devices
under contract
3,700+ managed
clients worldwide
13B+ events
managed per day
133 monitored
countries (MSS)
1,000+ security
related patents
DepthDepth
14B analyzed
web pages & images
40M spam &
phishing attacks
64K documented
vulnerabilities
Billions of intrusion
attempts daily
Millions of unique
malware samples
© 2013 IBM Corporation
IBM Security Systems
13
© 2013 IBM Corporation
IBM Security Systems
14
Context and Correlation Drive Deepest Insight
Extensive Data
Sources
Deep
Intelligence
Exceptionally Accurate and
Actionable Insight+ =
Suspected Incidents
Event Correlation
Activity Baselining & Anomaly
Detection
• Logs
• Flows
• IP Reputation
• Geo Location
• User Activity
• Database Activity
• Application Activity
• Network Activity
Offense Identification
• Credibility
• Severity
• Relevance
Data Activity
Servers & Mainframes
Users & Identities
Vulnerability & Threat
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
True Offense
© 2013 IBM Corporation
IBM Security Systems
15
Fully Integrated Security Intelligence
• Turn-key log management and reporting
• SME to Enterprise
• Upgradeable to enterprise SIEM
• Log, flow, vulnerability & identity correlation
• Sophisticated asset profiling
• Offense management and workflow
• Network security configuration monitoring
• Vulnerability prioritization
• Predictive threat modeling & simulation
SIEM
Log
Management
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
• Network analytics
• Behavioral anomaly detection
• Fully integrated in SIEM
• Layer 7 application monitoring
• Content capture for deep insight & forensics
• Physical and virtual environments
© 2013 IBM Corporation
IBM Security Systems
16
Fully Integrated Security Intelligence
• Turn-key log management and reporting
• SME to Enterprise
• Upgradeable to enterprise SIEM
• Log, flow, vulnerability & identity correlation
• Sophisticated asset profiling
• Offense management and workflow
• Network security configuration monitoring
• Vulnerability prioritization
• Predictive threat modeling & simulation
SIEM
Log
Management
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
• Network analytics
• Behavioral anomaly detection
• Fully integrated in SIEM
• Layer 7 application monitoring
• Content capture for deep insight & forensics
• Physical and virtual environments
One Console Security
Built on a Single Data Architecture
© 2013 IBM Corporation
IBM Security Systems
17
Key Themes
Advanced Threat
Protection Platform
Helps to prevent sophisticated threats
and detect abnormal network behavior
by using an extensible set of network
security capabilities - in conjunction with
real-time threat information and
Security Intelligence
Expanded X-Force
Threat Intelligence
Increased coverage of world-wide
threat intelligence harvested by X-Force
and the consumption of this data to
make smarter and more accurate
security decisions
Security Intelligence
Integration
Tight integration between the Advanced
Threat Protection Platform and QRadar
Security Intelligence platform to provide
unique and meaningful ways to detect,
investigate and remediate threats
Log
Manager
SIEM
Network
Activity
Monitor
Risk
Manager
Vulnerability
Data
Malicious
Websites
Malware
Information
Intrusion
Prevention
Content
and Data
Security
Web
Application
Protection IBM Network
Security
Security
Intelligence
Platform
Threat
Intelligence
and Research
Advanced
Threat
Protection
Future
Future
Network
Anomaly
Detection
IP Reputation
Application
Control
Future
Infrastructure Protection – Advanced Threat
© 2013 IBM Corporation
IBM Security Systems
18
Key Themes
Reduced Total Cost
of Ownership
Expanded support for databases and
unstructured data, automation, handling
and analysis of large volumes of audit
records, and new preventive
capabilities
Enhanced Compliance
Management
Enhanced Database Vulnerability
Assessment (VA) and Database
Protection Subscription Service (DPS)
with improved update frequency, labels
for specific regulations, and product
integrations
Dynamic
Data Protection
Data masking capabilities for databases
(row level, role level) and for
applications (pattern based, form
based) to safeguard sensitive and
confidential data
Data Security Vision
Across Multiple
Deployment
Models
QRadar
Integration
© 2013 IBM Corporation
IBM Security Systems
19
Key Themes
Security for
Mobile Devices
Provide security for and manage
traditional endpoints alongside mobile
devices such as Apple iOS, Google
Android, Symbian, and Microsoft
Windows Phone - using a single
platform
Expansion of
Security Content
Continued expansion of security
configuration and vulnerability content
to increase coverage for applications,
operating systems, and industry best
practices
Security Intelligence
Integration
Improved usage of analytics - providing
valuable insights to meet compliance
and IT security objectives, as well as
further integration with SiteProtector
and the QRadar Security Intelligence
Platform
Infrastructure Protection – Endpoint Vision
© 2013 IBM Corporation
IBM Security Systems
20
IBM Identity and Access Management Vision
Key Themes
Standardized IAM
and Compliance
Management
Expand IAM vertically to provide identity
and access intelligence to the business;
Integrate horizontally to enforce user
access to data, app, and infrastructure
Secure Cloud, Mobile,
Social Interaction
Enhance context-based access control
for cloud, mobile and SaaS access, as
well as integration with proofing,
validation and authentication solutions
Insider Threat
and IAM Governance
Continue to develop Privileged Identity
Management (PIM) capabilities and
enhanced Identity and Role management
© 2013 IBM Corporation
IBM Security Systems
21
Key Themes
Coverage for Mobile
applications and new
threats
Continue to identify and reduce risk by
expanding scanning capabilities to new
platforms such as mobile, as well as
introducing next generation dynamic
analysis scanning and glass box testing
Simplified interface and
accelerated ROI
New capabilities to improve customer
time to value and consumability with
out-of-the-box scanning, static analysis
templates and ease of use features
Security Intelligence
Integration
Automatically adjust threat levels
based on knowledge of application
vulnerabilities by integrating and
analyzing scan results with
SiteProtector and the QRadar Security
Intelligence Platform
Application Security Vision
© 2013 IBM Corporation
IBM Security Systems
22
All domains feed Security Intelligence
Endpoint Management
vulnerabilities enrich QRadar’s
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed
QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security Network
Intrusion Prevention System
Flow data into QRadar turns NIPS
devices into activity sensors
Identity context for all security
domains w/ QRadar as the dashboard
Database assets, rule logic and
database activity information
Correlate new threats based on
X-Force IP reputation feeds
Hundreds of 3rd
party
information sources
© 2013 IBM Corporation
IBM Security Systems
23
Cloud security is a key concern as
customers rethink how IT resources are
designed, deployed and consumed
Cloud Computing
In 2013 we will continue to focus on solving the big problems
Regulatory and compliance pressures are
mounting as companies store more data
and can become susceptible to audit
failures
Regulation and Compliance
Sophisticated, targeted attacks designed
to gain continuous access to critical
information are increasing in severity and
occurrence
Advanced Threats
Securing employee-owned devices and
connectivity to corporate applications are
top of mind as CIOs broaden support for
mobility
Mobile Computing
Advanced Persistent Threats
Stealth Bots Targeted Attacks
Designer Malware Zero-days
Enterprise
Customers
GLBAGLBA
© 2013 IBM Corporation
IBM Security Systems
24
Security Intelligence is enabling progress to optimized security
Optimized
Security Intelligence:
Flow analytics / predictive analytics
Security information and event management
Log management
Identity governance
Fine-grained
entitlements
Privileged user
management
Data governance
Encryption key
management
Fraud detection
Hybrid scanning and
correlation
Multi-faceted network
protection
Anomaly detection
Hardened systems
Proficient
User provisioning
Access
management
Strong
authentication
Data masking /
redaction
Database activity
monitoring
Data loss prevention
Web application
protection
Source code
scanning
Virtualization security
Asset management
Endpoint / network
security management
Basic
Directory
management
Encryption
Database access
control
Application
scanning
Perimeter security
Host security
Anti-virus
People Data Applications Infrastructure
Security
Intelligence
12-01
© 2013 IBM Corporation
IBM Security Systems
25
Security
Intelligence,
Analytics &
GRC
People
Data
Applications
Infrastructure
Intelligent solutions provide the DNA to secure a Smarter Planet
© 2013 IBM Corporation
IBM Security Systems
26
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

IBM Security Strategy Intelligence,

  • 1.
    © 2013 IBMCorporation IBM Security Systems 1 © 2012 IBM Corporation IBM Security Strategy Intelligence, Integration and Expertise Marc van Zadelhoff VP, WW Strategy and Product Management Joe Ruthven IBM MEA Security Leader IBM Security Systems April 2013
  • 2.
    © 2013 IBMCorporation IBM Security Systems 2 Bring your own IT Social business Cloud and virtualization 1 billion mobile workers 1 trillion connected objects Innovative technology changes everything
  • 3.
    © 2013 IBMCorporation IBM Security Systems 3 Motivations and sophistication are rapidly evolving National Security Nation-state actors Stuxnet Espionage, Activism Competitors and Hacktivists Aurora Monetary Gain Organized crime Zeus Revenge, Curiosity Insiders and Script-kiddies Code Red
  • 4.
    © 2013 IBMCorporation IBM Security Systems 4 IBM has tracked a massive rise in advanced and other attacks 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Source: IBM X-Force ® 2012 Trend and Risk Report
  • 5.
    © 2013 IBMCorporation IBM Security Systems 5 Influencers •Confident / prepared •Strategic focus Protectors •Less confident •Somewhat strategic •Lack necessary structural elements Responders •Least confident •Focus on protection and compliance have a dedicated CISO have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress focused on improving enterprise communication/ collaboration focused on providing education and awareness How they differ Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012 IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO
  • 6.
    © 2013 IBMCorporation IBM Security Systems 6 Security challenges are a complex, four-dimensional puzzle … … that requires a new approach Applications Web Applications Systems Applications Web 2.0 Mobile Applications Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional Data At rest In motionUnstructuredStructured People Hackers Suppliers Consultants Terrorists Employees Outsourcers Customers Employees Unstructured Web 2.0Systems Applications Outsourcers Structured In motion Customers Mobile Applications
  • 7.
    © 2013 IBMCorporation IBM Security Systems 7
  • 8.
    © 2013 IBMCorporation IBM Security Systems 8 Intelligence Integration Expertise IBM delivers solutions across a security framework
  • 9.
    © 2013 IBMCorporation IBM Security Systems 9 Intelligence: A comprehensive portfolio of security solutions Backed by GTS Managed and Professional Services Enterprise Governance, Risk and Compliance Management GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2) v13-02 Operational IT Security Domains and Capabilities People Data Applications Network Infrastructure Endpoint Federated Identity Manager Guardium Database Security AppScan Source Network Intrusion Prevention Endpoint Manager (BigFix) Enterprise Single Sign-On Guardium Vulnerability Mgt AppScan Dynamic NextGen Network IPS Mobile Device Management Identity and Access Management Suite Dynamic Data Masking DataPower Web Security Gateway SiteProtector Management System Virtualization and Server Security Privileged Identity Manager Key Lifecycle Manager Security Policy Manager Network Anomaly Detection Mainframe Security (zSecure, RACF) Security Intelligence, Analytics, and Governance, Risk, and Compliance QRadar SIEM QRadar Log Manager QRadar Risk Manager IBM Security Portfolio
  • 10.
    © 2013 IBMCorporation IBM Security Systems 10 Domain Segment / Report Analyst Recognition Security Intelligence, Analytics and GRC Security Information & Event Management (SIEM) 2012 2010 Enterprise Governance Risk & Compliance Platforms 2011 2011 People Identity & Access Governance 2012 User Provisioning / Administration 2012 2012*** 2010 Role Management & Access Recertification 2011 Enterprise Single Sign-on (ESSO) 2011* Web Access Management (WAM) 2012** Data Database Auditing & Real-Time Protection 2011 Data Masking 2013 Applications Static Application Security Testing (SAST) 2010 2010 Dynamic Application Security Testing (DAST) 2011 Infrastructure Network Intrusion Prevention Systems (NIPS) 2012 2010 EndPoint Protection Platforms (EPP) 2013 Analysts recognize IBM’s superior products and performance ChallengerLeader Visionary Niche Player Leader ContenderStrong Performer Leader (#1, 2, or 3 in segment) V13-05 * Gartner MarketScope (discontinued in 2012) ** Gartner MarketScope *** 2012 IDC MarketScape ranked IBM #1 in IAM
  • 11.
    © 2013 IBMCorporation IBM Security Systems 11  Customize protection capabilities to block specific vulnerabilities using scan results  Converge access management with web service gateways  Link identity information with database security  Stay ahead of the changing threat landscape  Designed to help detect the latest vulnerabilities, exploits and malware  Add security intelligence to non-intelligent systems  Consolidate and correlate siloed information from hundreds of sources  Designed to help detect, notify and respond to threats missed by other security solutions  Automate compliance tasks and assess risks Integration: Increase security, collapse silos, and reduce complexity JK2012-04-26
  • 12.
    © 2013 IBMCorporation IBM Security Systems 12 Collaborative IBM teams monitor and analyze the latest threats CoverageCoverage 20,000+ devices under contract 3,700+ managed clients worldwide 13B+ events managed per day 133 monitored countries (MSS) 1,000+ security related patents DepthDepth 14B analyzed web pages & images 40M spam & phishing attacks 64K documented vulnerabilities Billions of intrusion attempts daily Millions of unique malware samples
  • 13.
    © 2013 IBMCorporation IBM Security Systems 13
  • 14.
    © 2013 IBMCorporation IBM Security Systems 14 Context and Correlation Drive Deepest Insight Extensive Data Sources Deep Intelligence Exceptionally Accurate and Actionable Insight+ = Suspected Incidents Event Correlation Activity Baselining & Anomaly Detection • Logs • Flows • IP Reputation • Geo Location • User Activity • Database Activity • Application Activity • Network Activity Offense Identification • Credibility • Severity • Relevance Data Activity Servers & Mainframes Users & Identities Vulnerability & Threat Configuration Info Security Devices Network & Virtual Activity Application Activity True Offense
  • 15.
    © 2013 IBMCorporation IBM Security Systems 15 Fully Integrated Security Intelligence • Turn-key log management and reporting • SME to Enterprise • Upgradeable to enterprise SIEM • Log, flow, vulnerability & identity correlation • Sophisticated asset profiling • Offense management and workflow • Network security configuration monitoring • Vulnerability prioritization • Predictive threat modeling & simulation SIEM Log Management Configuration & Vulnerability Management Network Activity & Anomaly Detection Network and Application Visibility • Network analytics • Behavioral anomaly detection • Fully integrated in SIEM • Layer 7 application monitoring • Content capture for deep insight & forensics • Physical and virtual environments
  • 16.
    © 2013 IBMCorporation IBM Security Systems 16 Fully Integrated Security Intelligence • Turn-key log management and reporting • SME to Enterprise • Upgradeable to enterprise SIEM • Log, flow, vulnerability & identity correlation • Sophisticated asset profiling • Offense management and workflow • Network security configuration monitoring • Vulnerability prioritization • Predictive threat modeling & simulation SIEM Log Management Configuration & Vulnerability Management Network Activity & Anomaly Detection Network and Application Visibility • Network analytics • Behavioral anomaly detection • Fully integrated in SIEM • Layer 7 application monitoring • Content capture for deep insight & forensics • Physical and virtual environments One Console Security Built on a Single Data Architecture
  • 17.
    © 2013 IBMCorporation IBM Security Systems 17 Key Themes Advanced Threat Protection Platform Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats Log Manager SIEM Network Activity Monitor Risk Manager Vulnerability Data Malicious Websites Malware Information Intrusion Prevention Content and Data Security Web Application Protection IBM Network Security Security Intelligence Platform Threat Intelligence and Research Advanced Threat Protection Future Future Network Anomaly Detection IP Reputation Application Control Future Infrastructure Protection – Advanced Threat
  • 18.
    © 2013 IBMCorporation IBM Security Systems 18 Key Themes Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data Data Security Vision Across Multiple Deployment Models QRadar Integration
  • 19.
    © 2013 IBMCorporation IBM Security Systems 19 Key Themes Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices Security Intelligence Integration Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform Infrastructure Protection – Endpoint Vision
  • 20.
    © 2013 IBMCorporation IBM Security Systems 20 IBM Identity and Access Management Vision Key Themes Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
  • 21.
    © 2013 IBMCorporation IBM Security Systems 21 Key Themes Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform Application Security Vision
  • 22.
    © 2013 IBMCorporation IBM Security Systems 22 All domains feed Security Intelligence Endpoint Management vulnerabilities enrich QRadar’s vulnerability database AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment Tivoli Endpoint Manager Guardium Identity and Access Management IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors Identity context for all security domains w/ QRadar as the dashboard Database assets, rule logic and database activity information Correlate new threats based on X-Force IP reputation feeds Hundreds of 3rd party information sources
  • 23.
    © 2013 IBMCorporation IBM Security Systems 23 Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed Cloud Computing In 2013 we will continue to focus on solving the big problems Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures Regulation and Compliance Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence Advanced Threats Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility Mobile Computing Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days Enterprise Customers GLBAGLBA
  • 24.
    © 2013 IBMCorporation IBM Security Systems 24 Security Intelligence is enabling progress to optimized security Optimized Security Intelligence: Flow analytics / predictive analytics Security information and event management Log management Identity governance Fine-grained entitlements Privileged user management Data governance Encryption key management Fraud detection Hybrid scanning and correlation Multi-faceted network protection Anomaly detection Hardened systems Proficient User provisioning Access management Strong authentication Data masking / redaction Database activity monitoring Data loss prevention Web application protection Source code scanning Virtualization security Asset management Endpoint / network security management Basic Directory management Encryption Database access control Application scanning Perimeter security Host security Anti-virus People Data Applications Infrastructure Security Intelligence 12-01
  • 25.
    © 2013 IBMCorporation IBM Security Systems 25 Security Intelligence, Analytics & GRC People Data Applications Infrastructure Intelligent solutions provide the DNA to secure a Smarter Planet
  • 26.
    © 2013 IBMCorporation IBM Security Systems 26 ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Editor's Notes

  • #21 Identity Management Managing user identities and their rights to access resources throughout the identity life cycle is critical for effective identity and access management, in both our physical and logical worlds: Identity lifecycle management, with user self-care, enrollment, proofing, provisioning, recertification and de-provisioning Identity control, including access and privacy control, role management, single sign-on (SSO) and auditing Access ManagementAccess Management provides timely access throughout the user's lifecycle – authenticating users and providing access to authorized users across multiple environments and security domains, while enforcing security policies and protecting against internal and external threats: Centralized control for consistent execution of security policies across multiple applications and users Single Sign-On (SSO) to improve the user experience and reduce help-desk costs
  • #23 From the start, QRadar has had a kick-ass rule engine that can leverage information from a variety of sources, providing the ‘big picture’ of an overall threat attempt. It can see changes in filesystems, db access attempts, what external flow information followed that db access and then tie it back to the actual identity of the user. Since the acquisition, the QRadar team has done an excellent job at ratcheting up their integrations with IBM security products (e.g. flow information coming from NIPS for activity monitoring, AppScan information, TEM events, Guardium and QRadar rule logic are now being synchgronized It’s very important to note though that QRadar can add tremendous amount of value to customers that may not have any IBM product. With over 450 3rd party integrations, QRadar can fit unobtrusively into any customer environment. Endpoint Management vulnerabilities enrich QRadar’s vulnerability database, resulting in more accurate risk and offense correlation and improved compliance reporting Applications context allows QRadar SIEM to better detect and prioritize threats by calculating more accurate risk levels for each asset and more accurate offense scores for each incident.
  • #24 Industry unique compliance NERC CIPs (version 3 to version 4 and/or 5) California privacy + data security (and other state PUCs) Looming Federal legislation (Cybersecurity Act of 2012) Privacy, information governance and data security Classification and protection of utility and customer data, including customer usage data Increased awareness of Cyber security risks With Stuxnet and variants widely reported, and the recent Basecamp publication of control system vulnerabilities and exploits, it’s becoming clear that cyber threats are no longer an IT-only problem Management seeks more visibility in this area (e.g., situational awareness, intelligence, forensics, etc.)