2011.06.24 - services managés de la sécurite du cloud - forum des partenaires du cloud ibm -...
DESCRIPTION
Document exploité lors du Forum des Partenaires du Cloud IBM durant l'atelier Services Managés de la Sécurité du CloudTRANSCRIPT
© 2011 IBM Corporation
Global Technology Services – OM&D Southwest Europe
Managed Security ServicesMeeting BPs – June 2011
Loïc Guézo – [email protected] & Compliance Services Area ManagerCISSP® - LA 27001:2005 - IBM Technical Expert CouncilIBM Security Solutions - IBM Global Technology Services
© 2011 IBM Corporation22
Global Technology Services – OM&D Southwest Europe
Managed Firewall Services
Managed IDPS
Managed UTM Services
Managed Protection Services for Networks, Servers and Desktops
Vulnerability Management Services
Security Event & Log Management Services
Managed E-mail Security
Managed Web Security
Multiple Device Types & Vendors Supported
IBM ISS X-Force®
Threat Analysis Services
IBM Managed Security Services Portfolio
Managed Security Services Cloud Security Services
Managed Secure Web Gateway
ManagedSecurity Services
Cloud Security Services
© 2011 IBM Corporation33
Global Technology Services – OM&D Southwest Europe
Managed/Cloud Security Services
• Vendor Neutral• Enhanced Protection• 24x7x365 Service• Security Expertise• Strong SLA’s• Guaranteed 100% SLA’s
• Executive Reporting
• Reduced Costs
• Reduced Complexity
• Reduced Risk
• Regulatory Compliance
• Executive reporting
Meta data(logs, events)
Management MonitoringAlerting Reporting
IBM Security Operations CenterCustomer Sites
Data Centers
Customer IT-Security Manager• Real time systems health checking
• Track threats, reduce risks
Real Business Value
Security Operations Center
SOCAtlanta - Detroit
BackBone
Customer CIO/VP executive reporting• Policy reporting
• Audit reporting
• Compliance dashboard
SOCBrussels
SOC4…8
SOCBrisbane
SOCIndia
© 2011 IBM Corporation44
Global Technology Services – OM&D Southwest Europe
Summary of Cloud and Managed Security
�AntiVirus, AntiSpam, Image Control, Content Control
� „washing machine“ for eMailseMail security
Cloud Security
Services
�AntiVirus, Anti Spyware, URL Filtering� washing machine“ for Web trafficWeb security
�Standard : no alerting
�Select : automated alerting� Log event collection and archival
Security Event & Log
Management
�Internal Scanning
�External Scanning (IPs owned by Client)
� Ongoing internal and external vulnerabilty
assessments, regulation compliance (PCI)Vulnerability Management
�Filtering of vulnerabilities� Internet Threat analysis ServiceX-Force Threat Analysis
� Different Service Levels� Gateway managment (Bluecoat)Mgd Web Security Gateway
�Standard : Low End, limited changes, limited alerting
�Select : Many changes, advanced alerting and escalation
�Premium : Unlimited changes, advanced alerting and escalation
� Focus is on intrusion detection and device
mangement
� Multi-vendor support
� Service Level Agreements on uptime and
reporting.
� main goal: reduce operational cost.
Mgd. Firewall
Mgd. Intrusion / Detection
Prevention
Mgd. Unified Threat
Management
�Standard : Low End, limited changes, limited alerting
�Select : Many changes, advanced alerting and escalation
�Premium : Bundled with PSS offerings, Unlimited changes, advanced alerting and escalation
� Focus is on intrusion protection and device
management
� ISS Proventia Product line
� Protection Service Level Agreements
� IBM ISS shares Customer risk
� main goal: provide proteciont while reduce
operational cost.
MPS for Desktop
Managed Security Services
MPS for Server
MPS for Network
Description OptionsThreat Mitigation Service Name
© 2011 IBM Corporation55
Global Technology Services – OM&D Southwest Europe
Security Services answer critical IT security questions
Firewalls Intrusion detection Routers/switches Servers Emails URLs
Answering customers’ critical questions:
Is someone breaking in?Am I compliant?
Is that a cyber attack?Can you change my firewall settings?
Can you shut down that port?Is this website malicious?Is that an email virus?Is this server vulnerable?
Single customer / SOC portal 9 security operations centers10+ billion events per day
•Recent Win Logos•Deal sizes $300k - $12M• 40 – 45% gross profit
© 2011 IBM Corporation66
Global Technology Services – OM&D Southwest Europe
MSS – BP Advantages
� Create a new recurring revenue stream with small upfront investment (skill
enablement): Deal Size: 15-20k€/Year to x00k€
�Multiyear Signing Upfront
�Recurrent Revenue
� Business Model very fast and with no additional investment needed
� Portfolio of service offerings is enhanced with additional unique efficient and
effective tools to serve customers
� Complement BP’s security value proposition and justify higher security
specialists’ rate
� Provide platform to propose/implement additional security services and
integrations RFP (sec assessment & reviews, patching, installation of additional
IPS and IDS systems, on-site support,…..)
� Can push additional architectural consulting/solution leveraging MSS services
(i.e. VMS)
� Leverage IBM Virtual-SOC Portal without having to build own solution
� Leverage on at least 20% discount on IBM MSS list price as IBM MSS reseller
© 2011 IBM Corporation77
Global Technology Services – OM&D Southwest Europe
7
Integrated Business Partner Model
© 2011 IBM Corporation88
Global Technology Services – OM&D Southwest Europe
MSS – Integrated Business Partner Model
�Mode B is the new proposed Integrated BP Model: BPs talks with SOC and with Clients (which interacts only with BP)
- IBM delivers MSS services to the Final Client
- BP handles MSS services requests between (to/from) IBM and the Final Client
�Mode A is the IBM direct model (IBM SOC interacts directly with Clients)
Service Request- Mode B -
Service Request- Mode B -
IBM Global Security Operation Center
IBM Business Partner
ClientOrder
MSS Offering
Order
Billing Billing
Service Request- Mode A -
MSS Offering
Service Delivery and service request (in mode A) is done by IBM directly
Service Delivery
BP PRE-REQUISITES for mode B:
�BP needs to have an 24x7 Help Desk (HD) already in place
� BP needs to support Frenchand English language (use MSS portal in English)
� BP needs to have sufficient skill on Logical Security area and IBM MSS offering
© 2011 IBM Corporation99
Global Technology Services – OM&D Southwest Europe
MSS – Integrated Business Partner Model
Service Request- Mode B -
Service Request- Mode B -
IBM Global Security Operation Center
IBM Business Partner
ClientOrder
MSS Offering
Order
Billing Billing
Service Request- Mode A -
MSS Offering
Service Delivery and service request (in mode A) is done by IBM directly
BP TASKS FOR MODE B OF THE INTEGRATED BP MODEL:�BP can resell (leveraging 20% discount on the list price) the IBM MSS offering to Client
� BP can leverage on MSS service to push/implement its own additional services to the Client
� Based on pre-defined SLAs:
� BP interacts with Client for all services related requests (i.e. policy change)
�BP support the Client on the MSS Portal and requests of help on its information content)
�BP routes (if needed) all services requests to IBM as a Level 1 HD support
� IBM will notify of the fulfillment of any services requests (submitted via the pre-defined model) to the BP which will then notify the Client
� BP and IBM SOC (based on Client needs) interact in a 24x7 HD model
Service Delivery
© 2011 IBM Corporation1010
Global Technology Services – OM&D Southwest Europe
MSS – Integrated Business Partner ModelUK Experience (IBM & SITA)
• SITA is a Company specialized in air transport communications and information technology (IT) solutions for airports and governmental organizations.
• SITA implements the “IBM MSS Integrated Partner Model”:
�Help Desk support (24x7) to the end users (from a service delivery, IBM interacts only with the BP, not
with the end user)
� Provides, to its Clients and on a wide range of hardware and software platforms, security services for:
– firewalls
– intrusion protection and detection devices
– multi-function devices
– unified threat management devices
– Antivirus, malcode, worm protection and web filtering;
• IBM MSS solutions are packaged with SITA services and sold by SITA as one integrated solution. SITA leverage on:
– IBM MSS Firewall management service
– IBM MSS IDS/IPS management service
– IBM MSS Unified Threat Management service
• At the moment SITA is looking at expanding its services’ scope by leveraging IBM Hosted Security and Log Management service (IBM SELM).
• Details of SITA solution at: http://www.sita.aero/product/managed-security-appliance