© 2015 IBM Corporation

Antonio Ricci Security Architect IBM Security April 15, 2016

IBM Security and Cloud

2 © 2015 IBM Corporation

Agenda

Cloud and Security

Security for the cloud

Security from the cloud

3 © 2015 IBM Corporation

Cloud adoption requires security to evolve

External Stakeholders Traditional Enterprise IT

Public Cloud Private Cloud

PaaS Development

services

SaaS Business

applications

IaaS Infrastructure

services

100+ IBM Offerings

HR, CRM, SCM

Data archive

App development

100+ IBM Offerings

Online website

4 © 2015 IBM Corporation

From traditional security to cloud security

5 © 2015 IBM Corporation

IT security is a daily challenge with attacks becoming more frequent and aggressive

Near Daily Leaks of Sensitive Data

40% increase in reported data

breaches and incidents

Relentless Use of Multiple Methods

800,000,000+ records were leaked, while the future

shows no sign of change

“Insane” Amount of Records Breached

42% of CISOs claim the risk from external threats

increased dramatically from prior years

Size of circle estimates relative impact of incident in terms of cost to business.

Source: IBM® X-Force® Threat Intelligence Quarterly – 1Q 2015 and 2014 IBM Chief Information Security Officer Assessment

Near Daily Leaks of Sensitive Data

40% increase in reported data breaches

and incidents

Relentless Use of Multiple Methods

800,000,000+ records were leaked, while the future

shows no sign of change

“Insane” Amount of Records Breached

42% of CISOs claim the risk from external threats increased

dramatically from prior years

2012 2013 2014

1 Cross-site scripting, 2 Structured query language, 3 Distributed Denial of Service

2 1 3

© 2015 IBM Corporation

Security for the cloud

7 © 2015 IBM Corporation

Which security requirements should company address when moving to the cloud?

8 © 2015 IBM Corporation

Cloud Security Assessment

• Experience and expertise to assess applicable industry and regulatory standards and frameworks

• Tools to determine cloud application and services accessed from within your environment today

• Unified Compliance Framework’s (UCFs) Common Controls Hub (CCH) to establish controls list for robust viewing and tracking of security controls

Understand business needs and identify the cloud security gaps

Maturity ratings using well known maturity models such as Capability Maturity Model Integration (CMMI)

Cloud security strategy with prioritized roadmap and remediation plan including implementation options

Responsible, accountable, consulted, and informed (RACI) chart with new roles identified

• Assess current state of cloud security

• Develop a security strategy for cloud computing

• Clarify roles and responsibilities to support security in a hybrid cloud environment (public plus private or traditional data center)

• Create a flexible yet sustainable security program to support cloud application and services growth for the business

Objectives Features Deliverables

Cloud security services from IBM offers an assessment of your cloud environment including access and infrastructure, develop a strategy and provide a roadmap to help you achieve target security posture and clarify roles and responsibilities in the new integrated environment.

© 2015 IBM Corporation

Security from the cloud

10 © 2015 IBM Corporation

IBM managed security services provides security at every level

Software as a Service Application security testing and management

Web Defense (Web App Firewall and DDoS Protection)

Email and Content Security

Platform as a Service Identity and access management for cloud

Data security (encryption and monitoring)

Infrastructure as a Service Firewall/Unified Threat Management and Monitoring

Network intrusion detection & prevention

Security event and log management

Vulnerability scanning and management

Host-based intrusion detection & prevention for servers

Managed Security Information and Event Management

11 © 2015 IBM Corporation

Enterprise-wide security correlation

DDoS protection

Web application vulnerability management

Web application firewall (WAF)

DNS protection

Server & database vulnerability management

Email filtering

URL filtering

Web browsing Network threat protection & IDS/IPS

DDoS protection

Protect your direct web presence

Managed Web Defense

Protect your organization’s users

Managed Web Defense strategy

Protect your supporting infrastructure

IBM Managed Web Defense leverages our Managed Security Services and helps protect three core elements of web security

12 © 2015 IBM Corporation

What is E-mail Security Management?

Protects against 100% of known and unknown e-mail viruses

Reduces spam dramatically Stops pornographic e-mails Controls confidential information from leaving

your company Reports on volume of email and malicious

threats

Features 100% virus protection

99.2% spam effectiveness with 1 in 1 million false positives

90%+ effective in identifying pornographic attachments

Enforces acceptable use policy

Multiple layers of defense

Highly redundant infrastructure

Assists in stopping confidential information leaving your company

Industry-leading performance-based SLAs

Benefits Quick and easy setup

No upfront or ongoing hardware, software or support costs

Protection against known, unknown viruses

24x7 customer support

Reduces the need to apply urgent patches

Integrated solution protects against all types of threats

Frees up IT personnel for proactive, strategic initiatives

Improves network security and system uptime

Substantial bandwidth savings, by stopping malicious threats at the Internet

12

13 © 2015 IBM Corporation

Hosted Email Security Service Details

Anti-Virus Anti-virus protection scans emails and attachments for malicious content by leveraging multiple commercial scanning engines for superior accuracy and performance.

– Multiple scanners – Inbound and outbound filtering – Proactive scanning for new threats – Phishing detection – Protection for Zero-Hour outbreaks – 7-day offsite virus quarantine – 100% protection against known and

unknown viruses

Anti-Spam Anti-spam protection scans inbound emails for time wasting content and deletes or quarantines the content based on user definable policies. Leverages multiple engines.

– Multiple filters – TCP/IP traffic shaping – Highly effective with minimal false

Positives – Transparent knowledge base updates – Multiple-handling options, including end

user quarantine; confidence to “block and delete” on signature detection

– Configurable white and black lists

13

14 © 2015 IBM Corporation

Hosted Email Security Service Details

Content Control Content control allows for analysis of email content and enables user definable control over file attachment types, email text content and more.

– Protect corporate and brand reputation – Maintain confidential and intellectual

property – Advance policy setting criteria including,

group, users, sizes, types, times of day – Keyword and contextual analysis – Investigate suspicious activity – Preserve confidentiality and security and

reduce legal liability – Defend against careless & malicious

action

14

15 © 2015 IBM Corporation

Summary of Email Security Reporting

Portal Summary Report Detailed Report Other

Email Security Services

Web-based Portal PDF

Scheduled Reports (CSV)

Anti-Virus CSV Anti-Spam CSV Content Control CSV Image Control CSV Archiving Additional reports on appliance

(HTML, PDF, CSV)

15

16 © 2015 IBM Corporation

How hosted web security works

16

Internet

Employee

Inbound virus and spyware traffic

Legitimate traffic

Corporate network boundary

Antivirus

Anti-spyware

Web-based console for setup, administration

and notification Administrator

Outbound virus and spyware traffic and requests for blocked

URLs

Legitimate traffic URL filtering

Hosted web security

STOP

STOP

GO GO

17 © 2015 IBM Corporation

Our firewall management services are delivered in three distinct phases.

We can: Provide services based on best practices and proven methodology

Leverage state-of-the-art, industry-certified facilities

Offer extensive support and reporting capabilities via a virtual portal

Implement

Interact with your team to understand firewall deployment requirements

Remotely configure required technologies to your specifications

Integrate with the Virtual-Security Operations Center (SOC) platform

Transition and hand off to IBM’s experienced delivery teams

Manage

Administer technologies to documented standards and frameworks

Ensure that UTM1 devices are properly configured, patched, and secured

Backup and retain critical log and configuration data

Monitor devices for health, availability, and abnormal behavior

Support and report

Around-the-clock email, chat and telephone support

Web-based virtual SOC portal for more comprehensive reporting

Best-practices workflow for ticketing, incident handling and support

1Unified threat management (UTM)`

18 © 2015 IBM Corporation

Detect , prioritize and correlate vulnerabilities

Vulnerability management via agent-less scanning from both inside and outside the firewall

Remediation guidance and workflow to help fix vulnerabilities quickly and easily with the information provided in remediation reports

PCI compliance assistance IBM can serve as an Approved Scanning Vendor (ASV) in support of PCI compliance initiatives

Intelligent scanning to help deliver accurate scan results in less time with a system that follows an assessment process similar to that used by ethical hackers. Fewer false positives means less time spent tracking down “potential” vulnerabilities.

Web application vulnerability detection to help identify SQL Injection, cross-site scripting, and other high risk vulnerabilities in web applications

Database vulnerability detection to help identify vulnerabilities in common databases and database configurations

Automatically populates Asset records within the Virtual SOC Portal, helping to document criticality, sensitivity and regulated status of assets

Automatic integration into correlation and analytics that (a) Identify attacks that successfully breach defenses and (b) dramatically reduce false positives by identifying attacks that unsuccessfully target patched devices.

Hosted Vulnerability Management Service

19 © 2015 IBM Corporation

Combining IBM Managed Security Services offerings can help increase your analytic capabilities.

19

Services recommended to enable these capabilities: (1) VMS5 2.0 (1) Managed IDPS

(2) Managed UTM (3) MPS4 (4) Hosted SELM

(1) Firewall management (2) Managed UTM2 (3) Hosted SELM3

(1) Hosted SELM

Firewall management

IDPS1 management

Managed protection services

Unified threat

management

Secure log

management

Hosted vulnerability management

Add firewall logs

Add IDPS

events:

Add vulnerability

scan results

Add operating system and application

logs:

Real-time identification

of connections with known attackers

Know the attacks levied

against you

Know if the attacks are Successful

Monitor suspicious

internal activities

IBM security intelligence

Good Better Enhanced Superior

1Intrusion detection and prevention system (IDPS); 2Unified threat management (UTM); 3Security event log monitor ((SELM); 4Managed protection services (MPS); 5Vulnerability management service (VMS)

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOU www.ibm.com/security