Download - IBM Security Strategy Intelligence,
© 2013 IBM Corporation
IBM Security Systems
1 1
© 2012 IBM Corporation
IBM Security StrategyIntelligence, Integration and Expertise
Marc van ZadelhoffVP, WW Strategy and Product Management
Joe RuthvenIBM MEA Security Leader
IBM Security SystemsApril 2013
© 2013 IBM Corporation
IBM Security Systems
2 2
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected
objects
Innovative technology changes everything
© 2013 IBM Corporation
IBM Security Systems
3 3
Motivations and sophistication are rapidly evolving
National Security
Nation-state actorsStuxnet
Espionage,Activism
Competitors and HacktivistsAurora
Monetary Gain
Organized crimeZeus
Revenge,Curiosity
Insiders and Script-kiddiesCode Red
© 2013 IBM Corporation
IBM Security Systems
4 4
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: IBM X-Force ® 2012 Trend and Risk Report
© 2013 IBM Corporation
IBM Security Systems
5 5
Influencers•Confident / prepared•Strategic focus
Protectors•Less confident•Somewhat strategic•Lack necessary structural elements
Responders•Least confident•Focus on protection and compliance
have a dedicated CISO
have a security/riskcommittee
have information securityas a board topic
use a standard set ofsecurity metrics to tracktheir progress
focused on improvingenterprise communication/ collaboration
focused on providingeducation and awareness
How they differ
Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012
IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO
© 2013 IBM Corporation
IBM Security Systems
6 6
Security challenges are a complex, four-dimensional puzzle …
… that requires a new approach
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
InfrastructureDatacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
PeopleHackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
© 2013 IBM Corporation
IBM Security Systems
7 7
© 2013 IBM Corporation
IBM Security Systems
8 8
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
© 2013 IBM Corporation
IBM Security Systems
9 9
Intelligence: A comprehensive portfolio of security solutions
Backed by GTS Managed and Professional Services
Enterprise Governance, Risk and Compliance Management
GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)
v13-02v13-02
Operational IT Security Domains and Capabilities
People Data Applications Network Infrastructure Endpoint
Federated Identity Manager
Guardium Database Security
AppScan SourceNetwork Intrusion
Prevention
Endpoint Manager (BigFix)
Enterprise Single Sign-On
Guardium Vulnerability Mgt
AppScan DynamicNextGen Network
IPSMobile Device Management
Identity and Access Management Suite
Dynamic Data Masking
DataPower WebSecurity Gateway
SiteProtectorManagement
System
Virtualization and Server Security
Privileged Identity Manager
Key Lifecycle Manager
Security Policy Manager
NetworkAnomaly Detection
Mainframe Security (zSecure, RACF)
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager
IBM Security Portfolio
© 2013 IBM Corporation
IBM Security Systems
1010
Domain Segment / Report Analyst Recognition
Security Intelligence,
Analytics and GRC
Security Information & Event Management (SIEM) 2012 2010
Enterprise Governance Risk & Compliance Platforms 2011 2011
People
Identity & Access Governance 2012
User Provisioning / Administration 20122012***
2010
Role Management & Access Recertification 2011
Enterprise Single Sign-on (ESSO) 2011*
Web Access Management (WAM) 2012**
DataDatabase Auditing & Real-Time Protection 2011
Data Masking 2013
ApplicationsStatic Application Security Testing (SAST) 2010
2010Dynamic Application Security Testing (DAST) 2011
InfrastructureNetwork Intrusion Prevention Systems (NIPS) 2012 2010
EndPoint Protection Platforms (EPP) 2013
Analysts recognize IBM’s superior products and performance
ChallengerLeader Visionary Niche Player
Leader ContenderStrong Performer
Leader (#1, 2, or 3 in segment)
V13-05* Gartner MarketScope (discontinued in 2012)** Gartner MarketScope*** 2012 IDC MarketScape ranked IBM #1 in IAM
* Gartner MarketScope (discontinued in 2012)** Gartner MarketScope*** 2012 IDC MarketScape ranked IBM #1 in IAM
© 2013 IBM Corporation
IBM Security Systems
11 11
Customize protection capabilities to block specific vulnerabilities using scan results
Converge access management with web service gateways
Link identity information with database security
Stay ahead of the changing threat landscape
Designed to help detect the latest vulnerabilities, exploits and malware
Add security intelligence to non-intelligent systems
Consolidate and correlate siloed information from hundreds of sources
Designed to help detect, notify and respond to threats missed by other security solutions
Automate compliance tasks and assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK 2012-04-26
© 2013 IBM Corporation
IBM Security Systems
12 12
Collaborative IBM teams monitor and analyze the latest threats
CoverageCoverage
20,000+ devices under contract
3,700+ managed clients worldwide
13B+ events managed per day
133 monitored countries (MSS)
1,000+ security related patents
DepthDepth
14B analyzed web pages & images
40M spam & phishing attacks
64K documented vulnerabilities
Billions of intrusion attempts daily
Millions of unique malware samples
© 2013 IBM Corporation
IBM Security Systems
13 13
© 2013 IBM Corporation
IBM Security Systems
14 14
Context and Correlation Drive Deepest Insight
Extensive Data Sources
Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
Suspected Incidents
Event Correlation
Activity Baselining & Anomaly Detection
• Logs• Flows
• IP Reputation• Geo Location
• User Activity• Database Activity• Application Activity• Network Activity
Offense Identification• Credibility• Severity• Relevance
Data Activity
Servers & Mainframes
Users & Identities
Vulnerability & Threat
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
True Offense
© 2013 IBM Corporation
IBM Security Systems
15 15
Fully Integrated Security Intelligence
• Turn-key log management and reporting• SME to Enterprise• Upgradeable to enterprise SIEM
• Log, flow, vulnerability & identity correlation• Sophisticated asset profiling• Offense management and workflow
• Network security configuration monitoring• Vulnerability prioritization• Predictive threat modeling & simulation
SIEM
Log Management
Configuration & Vulnerability Management
Network Activity & Anomaly Detection
Network and Application
Visibility
• Network analytics• Behavioral anomaly detection• Fully integrated in SIEM
• Layer 7 application monitoring• Content capture for deep insight & forensics• Physical and virtual environments
© 2013 IBM Corporation
IBM Security Systems
16 16
Fully Integrated Security Intelligence
• Turn-key log management and reporting• SME to Enterprise• Upgradeable to enterprise SIEM
• Log, flow, vulnerability & identity correlation• Sophisticated asset profiling• Offense management and workflow
• Network security configuration monitoring• Vulnerability prioritization• Predictive threat modeling & simulation
SIEM
Log Management
Configuration & Vulnerability Management
Network Activity & Anomaly Detection
Network and Application
Visibility
• Network analytics• Behavioral anomaly detection• Fully integrated in SIEM
• Layer 7 application monitoring• Content capture for deep insight & forensics• Physical and virtual environments
One Console Security
Built on a Single Data Architecture
© 2013 IBM Corporation
IBM Security Systems
17 17
Key Themes
Advanced Threat Protection PlatformHelps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence
Expanded X-Force Threat IntelligenceIncreased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions
Security Intelligence IntegrationTight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats
Log Manager SIEM
Network Activity Monitor
Risk Manager
Vulnerability Data
Malicious Websites
Malware Information
Intrusion Prevention
Content and DataSecurity
Web ApplicationProtection IBM Network
Security
SecurityIntelligencePlatform
Threat Intelligenceand Research
Advanced Threat Protection
Future
FutureNetwork Anomaly Detection
IP Reputation
Application Control
Future
Infrastructure Protection – Advanced Threat
© 2013 IBM Corporation
IBM Security Systems
18 18
Key Themes
Reduced Total Cost of OwnershipExpanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities
Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations
Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data
Data Security Vision
Across MultipleDeployment Models
QRadar Integration
© 2013 IBM Corporation
IBM Security Systems
19 19
Key Themes
Security for Mobile DevicesProvide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform
Expansion of Security ContentContinued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices
Security Intelligence IntegrationImproved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform
Infrastructure Protection – Endpoint Vision
© 2013 IBM Corporation
IBM Security Systems
20 20
IBM Identity and Access Management Vision
Key Themes
Standardized IAM and Compliance ManagementExpand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure
Secure Cloud, Mobile, Social InteractionEnhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions
Insider Threat and IAM GovernanceContinue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
© 2013 IBM Corporation
IBM Security Systems
21 21
Key Themes
Coverage for Mobile applications and new threatsContinue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing
Simplified interface and accelerated ROINew capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features
Security IntelligenceIntegrationAutomatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform
Application Security Vision
© 2013 IBM Corporation
IBM Security Systems
22 22
All domains feed Security Intelligence
Endpoint Management vulnerabilities enrich QRadar’s
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed QRadar SIEM for improved
asset risk assessment
AppScan vulnerability results feed QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security NetworkIntrusion Prevention System
Flow data into QRadar turns NIPS devices into activity sensors
Identity context for all security domains w/ QRadar as the dashboard
Identity context for all security domains w/ QRadar as the dashboard
Database assets, rule logic and database activity information
Correlate new threats based on X-Force IP reputation feeds
Hundreds of 3rd party information sources
© 2013 IBM Corporation
IBM Security Systems
23 23
Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed
Cloud Computing
In 2013 we will continue to focus on solving the big problems
Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures
Regulation and Compliance
Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence
Advanced Threats
Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility
Mobile Computing
Advanced Persistent Threats
Stealth Bots Targeted Attacks
Designer Malware Zero-days
EnterpriseCustomers
GLBAGLBA
© 2013 IBM Corporation
IBM Security Systems
24 24
Security Intelligence is enabling progress to optimized security
Optimized
Security Intelligence:Flow analytics / predictive analytics
Security information and event managementLog management
Identity governance
Fine-grained entitlements
Privileged user management
Data governance
Encryption key management
Fraud detection
Hybrid scanning and correlation
Multi-faceted network protection
Anomaly detection
Hardened systems
Proficient
User provisioning
Access management
Strong authentication
Data masking / redaction
Database activity monitoring
Data loss prevention
Web application protection
Source code scanning
Virtualization security
Asset management
Endpoint / network security management
BasicDirectory
management
Encryption
Database access control
Application scanning
Perimeter security
Host security
Anti-virus
People Data Applications Infrastructure
SecurityIntelligence
12-0
1
© 2013 IBM Corporation
IBM Security Systems
25 25
Security Intelligence, Analytics &
GRC
People
Data
Applications
Infrastructure
Intelligent solutions provide the DNA to secure a Smarter Planet
© 2013 IBM Corporation
IBM Security Systems
26 26
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.