2011.06.24 - services managés de la sécurite du cloud - forum des partenaires du cloud ibm -...

© 2011 IBM Corporation

Global Technology Services – OM&D Southwest Europe

Managed Security ServicesMeeting BPs – June 2011

Loïc Guézo – [email protected] & Compliance Services Area ManagerCISSP® - LA 27001:2005 - IBM Technical Expert CouncilIBM Security Solutions - IBM Global Technology Services

© 2011 IBM Corporation22


Managed Firewall Services

Managed IDPS

Managed UTM Services

Managed Protection Services for Networks, Servers and Desktops

Vulnerability Management Services

Security Event & Log Management Services

Managed E-mail Security

Managed Web Security

Multiple Device Types & Vendors Supported

IBM ISS X-Force®

Threat Analysis Services

IBM Managed Security Services Portfolio

Managed Security Services Cloud Security Services

Managed Secure Web Gateway

ManagedSecurity Services

Cloud Security Services



Managed/Cloud Security Services

• Vendor Neutral• Enhanced Protection• 24x7x365 Service• Security Expertise• Strong SLA’s• Guaranteed 100% SLA’s

• Executive Reporting

• Reduced Costs

• Reduced Complexity

• Reduced Risk

• Regulatory Compliance

• Executive reporting

Meta data(logs, events)

Management MonitoringAlerting Reporting

IBM Security Operations CenterCustomer Sites

Data Centers

Customer IT-Security Manager• Real time systems health checking

• Track threats, reduce risks

Real Business Value

Security Operations Center

SOCAtlanta - Detroit

BackBone

Customer CIO/VP executive reporting• Policy reporting

• Audit reporting

• Compliance dashboard

SOCBrussels

SOC4…8

SOCBrisbane

SOCIndia



Summary of Cloud and Managed Security

�AntiVirus, AntiSpam, Image Control, Content Control

� „washing machine“ for eMailseMail security

Cloud Security

Services

�AntiVirus, Anti Spyware, URL Filtering� washing machine“ for Web trafficWeb security

�Standard : no alerting

�Select : automated alerting� Log event collection and archival

Security Event & Log

Management

�Internal Scanning

�External Scanning (IPs owned by Client)

� Ongoing internal and external vulnerabilty

assessments, regulation compliance (PCI)Vulnerability Management

�Filtering of vulnerabilities� Internet Threat analysis ServiceX-Force Threat Analysis

� Different Service Levels� Gateway managment (Bluecoat)Mgd Web Security Gateway

�Standard : Low End, limited changes, limited alerting

�Select : Many changes, advanced alerting and escalation

�Premium : Unlimited changes, advanced alerting and escalation

� Focus is on intrusion detection and device

mangement

� Multi-vendor support

� Service Level Agreements on uptime and

reporting.

� main goal: reduce operational cost.

Mgd. Firewall

Mgd. Intrusion / Detection

Prevention

Mgd. Unified Threat

Management

�Standard : Low End, limited changes, limited alerting

�Select : Many changes, advanced alerting and escalation

�Premium : Bundled with PSS offerings, Unlimited changes, advanced alerting and escalation

� Focus is on intrusion protection and device

management

� ISS Proventia Product line

� Protection Service Level Agreements

� IBM ISS shares Customer risk

� main goal: provide proteciont while reduce

operational cost.

MPS for Desktop

Managed Security Services

MPS for Server

MPS for Network

Description OptionsThreat Mitigation Service Name



Security Services answer critical IT security questions

Firewalls Intrusion detection Routers/switches Servers Emails URLs

Answering customers’ critical questions:

Is someone breaking in?Am I compliant?

Is that a cyber attack?Can you change my firewall settings?

Can you shut down that port?Is this website malicious?Is that an email virus?Is this server vulnerable?

Single customer / SOC portal 9 security operations centers10+ billion events per day

•Recent Win Logos•Deal sizes $300k - $12M• 40 – 45% gross profit



MSS – BP Advantages

� Create a new recurring revenue stream with small upfront investment (skill

enablement): Deal Size: 15-20k€/Year to x00k€

�Multiyear Signing Upfront

�Recurrent Revenue

� Business Model very fast and with no additional investment needed

� Portfolio of service offerings is enhanced with additional unique efficient and

effective tools to serve customers

� Complement BP’s security value proposition and justify higher security

specialists’ rate

� Provide platform to propose/implement additional security services and

integrations RFP (sec assessment & reviews, patching, installation of additional

IPS and IDS systems, on-site support,…..)

� Can push additional architectural consulting/solution leveraging MSS services

(i.e. VMS)

� Leverage IBM Virtual-SOC Portal without having to build own solution

� Leverage on at least 20% discount on IBM MSS list price as IBM MSS reseller



7

Integrated Business Partner Model



MSS – Integrated Business Partner Model

�Mode B is the new proposed Integrated BP Model: BPs talks with SOC and with Clients (which interacts only with BP)

- IBM delivers MSS services to the Final Client

- BP handles MSS services requests between (to/from) IBM and the Final Client

�Mode A is the IBM direct model (IBM SOC interacts directly with Clients)

Service Request- Mode B -


IBM Global Security Operation Center

IBM Business Partner

ClientOrder

MSS Offering

Order

Billing Billing

Service Request- Mode A -

MSS Offering

Service Delivery and service request (in mode A) is done by IBM directly

Service Delivery

BP PRE-REQUISITES for mode B:

�BP needs to have an 24x7 Help Desk (HD) already in place

� BP needs to support Frenchand English language (use MSS portal in English)

� BP needs to have sufficient skill on Logical Security area and IBM MSS offering



MSS – Integrated Business Partner Model



IBM Global Security Operation Center

IBM Business Partner

ClientOrder

MSS Offering

Order

Billing Billing

Service Request- Mode A -

MSS Offering

Service Delivery and service request (in mode A) is done by IBM directly

BP TASKS FOR MODE B OF THE INTEGRATED BP MODEL:�BP can resell (leveraging 20% discount on the list price) the IBM MSS offering to Client

� BP can leverage on MSS service to push/implement its own additional services to the Client

� Based on pre-defined SLAs:

� BP interacts with Client for all services related requests (i.e. policy change)

�BP support the Client on the MSS Portal and requests of help on its information content)

�BP routes (if needed) all services requests to IBM as a Level 1 HD support

� IBM will notify of the fulfillment of any services requests (submitted via the pre-defined model) to the BP which will then notify the Client

� BP and IBM SOC (based on Client needs) interact in a 24x7 HD model

Service Delivery



MSS – Integrated Business Partner ModelUK Experience (IBM & SITA)

• SITA is a Company specialized in air transport communications and information technology (IT) solutions for airports and governmental organizations.

• SITA implements the “IBM MSS Integrated Partner Model”:

�Help Desk support (24x7) to the end users (from a service delivery, IBM interacts only with the BP, not

with the end user)

� Provides, to its Clients and on a wide range of hardware and software platforms, security services for:

– firewalls

– intrusion protection and detection devices

– multi-function devices

– unified threat management devices

– Antivirus, malcode, worm protection and web filtering;

• IBM MSS solutions are packaged with SITA services and sold by SITA as one integrated solution. SITA leverage on:

– IBM MSS Firewall management service

– IBM MSS IDS/IPS management service

– IBM MSS Unified Threat Management service

• At the moment SITA is looking at expanding its services’ scope by leveraging IBM Hosted Security and Log Management service (IBM SELM).

• Details of SITA solution at: http://www.sita.aero/product/managed-security-appliance