Security Strategy April2013

2013 IBM Corporation
IBM Security Systems

1
IBM Security Strategy
Intelligence, Integration and Expertise
Marc van Zadelhoff
VP, WW Strategy and Product Management

Joe Ruthven
IBM MEA Security Leader

April 2013
2
Bring your
own IT
Social
business
Cloud and
virtualization
1 billion mobile
workers
1 trillion
connected
objects
Innovative technology changes everything

3
Motivations and sophistication are rapidly evolving
National
Security
Nation-state
actors
Stuxnet
Espionage,
Activism
Competitors and
Hacktivists
Aurora
Monetary
Gain
Organized
crime
Zeus
Revenge,
Curiosity
Insiders and
Script-kiddies
Code Red
4
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: IBM X-Force 2012 Trend and Risk Report
5
Influencers
Confident / prepared
Strategic focus
Protectors
Less confident
Somewhat strategic
Lack necessary structural
elements
Responders
Least confident
Focus on protection and
compliance
have a dedicated CISO
have a security/risk
committee
have information security
as a board topic
use a standard set of
security metrics to track
their progress
focused on improving
enterprise communication/
collaboration
focused on providing
education and awareness
How they differ
Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from
the 2012 IBM Chief Information Security Officer Assessment , May 2012
IBMs 2012 Chief Information Security Officer Study revealed the
changing role of the CISO
6
Security challenges are a complex, four-dimensional puzzle

that requires a new approach
Applications
Web
Applications
Systems
Applications
Web 2.0
Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data
At rest In motion Unstructured Structured
People
Hackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0
Systems
Applications
Outsourcers
Structured In motion
Customers
Mobile
Applications
7
8
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
9
Intelligence: A comprehensive portfolio of security solutions
Backed by GTS Managed and Professional Services
Enterprise Governance, Risk and Compliance Management
GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)
v13-02
Operational IT Security Domains and Capabilities
People Data Applications Network Infrastructure Endpoint
Federated
Identity Manager
Guardium
Database Security
AppScan Source
Network
Intrusion
Prevention
Endpoint
Manager (BigFix)
Enterprise Single
Sign-On
Guardium
Vulnerability Mgt
AppScan Dynamic
NextGen Network
IPS
Mobile Device
Management
Identity and Access
Management Suite
Dynamic Data
Masking
DataPower Web
Security Gateway
SiteProtector
Management
System
Virtualization and
Server Security
Privileged Identity
Manager
Key Lifecycle
Manager
Security
Policy Manager
Network
Anomaly Detection
Mainframe Security
(zSecure, RACF)
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager
IBM Security Portfolio
10
Domain
Segment / Report Analyst Recognition
Security
Intelligence,
Analytics and
GRC
Security Information & Event Management (SIEM) 2012 2010
Enterprise Governance Risk & Compliance Platforms 2011 2011
People
Identity & Access Governance 2012
User Provisioning / Administration 2012
2012***

2010

Role Management & Access Recertification 2011
Enterprise Single Sign-on (ESSO) 2011*
Web Access Management (WAM) 2012**
Data
Database Auditing & Real-Time Protection 2011
Data Masking 2013
Applications
Static Application Security Testing (SAST) 2010
2010
Dynamic Application Security Testing (DAST) 2011
Infrastructure
Network Intrusion Prevention Systems (NIPS) 2012 2010
EndPoint Protection Platforms (EPP) 2013
Analysts recognize IBMs superior products and performance
Challenger Leader Visionary Niche Player
Leader Contender Strong Performer
Leader (#1, 2, or 3 in segment)
V13-05
* Gartner MarketScope (discontinued in 2012)
** Gartner MarketScope
*** 2012 IDC MarketScape ranked IBM #1 in IAM
11

Customize protection
capabilities to block specific
vulnerabilities using scan
results
Converge access management
with web service gateways
Link identity information with
database security

Stay ahead of the changing
threat landscape
Designed to help detect the
latest vulnerabilities, exploits
and malware
Add security intelligence to
non-intelligent systems

Consolidate and correlate
siloed information from
hundreds of sources
Designed to help detect, notify
and respond to threats missed
by other security solutions
Automate compliance tasks
and assess risks

Integration: Increase security, collapse silos, and reduce complexity
J
K

2
0
1
2
-
0
4
-
2
6

12
Collaborative IBM teams monitor and analyze the latest threats

Coverage
20,000+ devices
under contract
3,700+ managed
clients worldwide
13B+ events
managed per day
133 monitored
countries (MSS)
1,000+ security
related patents

Depth
14B analyzed
web pages & images
40M spam &
phishing attacks
64K documented
vulnerabilities
Billions of intrusion
attempts daily
Millions of unique
malware samples
13
14
Context and Correlation Drive Deepest Insight
Extensive Data
Sources
Deep
Intelligence
Exceptionally Accurate and
Actionable Insight
+ =
Suspected Incidents
Event Correlation
Activity Baselining & Anomaly
Detection
Logs
Flows
IP Reputation
Geo Location
User Activity
Database Activity
Application Activity
Network Activity
Offense Identification
Credibility
Severity
Relevance
Data Activity
Servers & Mainframes
Users & Identities
Vulnerability & Threat
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
True Offense
15
Fully Integrated Security Intelligence
Turn-key log management and reporting
SME to Enterprise
Upgradeable to enterprise SIEM
Log, flow, vulnerability & identity correlation
Sophisticated asset profiling
Offense management and workflow
Network security configuration monitoring
Vulnerability prioritization
Predictive threat modeling & simulation
SIEM
Log
Management
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Layer 7 application monitoring
Content capture for deep insight & forensics
Physical and virtual environments
16
Fully Integrated Security Intelligence
Turn-key log management and reporting
SME to Enterprise
Upgradeable to enterprise SIEM
Log, flow, vulnerability & identity correlation
Sophisticated asset profiling
Offense management and workflow
Network security configuration monitoring
Vulnerability prioritization
Predictive threat modeling & simulation
SIEM
Log
Management
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Layer 7 application monitoring
Content capture for deep insight & forensics
Physical and virtual environments

One Console Security

Built on a Single Data Architecture
17
Key Themes
Advanced Threat
Protection Platform
Helps to prevent sophisticated threats
and detect abnormal network behavior
by using an extensible set of network
security capabilities - in conjunction with
real-time threat information and Security
Intelligence
Expanded X-Force
Threat Intelligence
Increased coverage of world-wide threat
intelligence harvested by X-Force and
the consumption of this data to make
smarter and more accurate security
decisions
Security Intelligence
Integration
Tight integration between the Advanced
Threat Protection Platform and QRadar
Security Intelligence platform to provide
unique and meaningful ways to detect,
investigate and remediate threats
Log
Manager
SIEM
Network
Activity
Monitor
Risk
Manager
Vulnerability
Data
Malicious
Websites
Malware
Information
Intrusion
Prevention
Content
and Data
Security
Web
Application
Protection
IBM Network
Security
Security
Intelligence
Platform
Threat
Intelligence
and Research
Advanced
Threat
Protection

Future
Future
Network
Anomaly
Detection
IP Reputation
Application
Control
Future
Infrastructure Protection Advanced Threat
18
Key Themes
Reduced Total Cost
of Ownership
Expanded support for databases and
unstructured data, automation, handling
and analysis of large volumes of audit
records, and new preventive
capabilities
Enhanced Compliance
Management
Enhanced Database Vulnerability
Assessment (VA) and Database
Protection Subscription Service (DPS)
with improved update frequency, labels
for specific regulations, and product
integrations
Dynamic
Data Protection
Data masking capabilities for databases
(row level, role level) and for
applications (pattern based, form
based) to safeguard sensitive and
confidential data
Data Security Vision
Across Multiple
Deployment
Models
QRadar
Integration
19
Key Themes
Security for
Mobile Devices
Provide security for and manage
traditional endpoints alongside mobile
devices such as Apple iOS, Google
Android, Symbian, and Microsoft
Windows Phone - using a single
platform
Expansion of
Security Content
Continued expansion of security
configuration and vulnerability content
to increase coverage for applications,
operating systems, and industry best
practices
Integration
Improved usage of analytics - providing
valuable insights to meet compliance
and IT security objectives, as well as
further integration with SiteProtector
and the QRadar Security Intelligence
Platform
Infrastructure Protection Endpoint Vision
20
IBM Identity and Access Management Vision
Key Themes
Standardized IAM
and Compliance
Management
Expand IAM vertically to provide identity
and access intelligence to the business;
Integrate horizontally to enforce user
access to data, app, and infrastructure
Secure Cloud, Mobile,
Social Interaction
Enhance context-based access control
for cloud, mobile and SaaS access, as
well as integration with proofing,
validation and authentication solutions
Insider Threat
and IAM Governance
Continue to develop Privileged Identity
Management (PIM) capabilities and
enhanced Identity and Role management
21
Key Themes
Coverage for Mobile
applications and new
threats
Continue to identify and reduce risk by
expanding scanning capabilities to new
platforms such as mobile, as well as
introducing next generation dynamic
analysis scanning and glass box testing
Simplified interface and
accelerated ROI
New capabilities to improve customer
time to value and consumability with
out-of-the-box scanning, static analysis
templates and ease of use features
Integration
Automatically adjust threat levels
based on knowledge of application
vulnerabilities by integrating and
analyzing scan results with
SiteProtector and the QRadar Security
Intelligence Platform
Application Security Vision
22
All domains feed Security Intelligence
Endpoint Management
vulnerabilities enrich QRadars
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed
QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security Network
Intrusion Prevention System
Flow data into QRadar turns NIPS
devices into activity sensors
Identity context for all security
domains w/ QRadar as the dashboard
Database assets, rule logic and
database activity information
Correlate new threats based on
X-Force IP reputation feeds
Hundreds of 3
rd
party
information sources
23

Cloud security is a key concern as
customers rethink how IT resources are
designed, deployed and consumed
Cloud Computing
In 2013 we will continue to focus on solving the big problems

Regulatory and compliance pressures are
mounting as companies store more data
and can become susceptible to audit
failures

Regulation and Compliance

Sophisticated, targeted attacks designed
to gain continuous access to critical
information are increasing in severity and
occurrence

Advanced Threats

Securing employee-owned devices and
connectivity to corporate applications are
top of mind as CIOs broaden support for
mobility

Mobile Computing
Advanced Persistent Threats
Stealth Bots Targeted Attacks
Designer Malware Zero-days
Enterprise
Customers
GLBA
24
Security Intelligence is enabling progress to optimized security
Optimized
Security Intelligence:
Flow analytics / predictive analytics
Security information and event management
Log management
Identity governance
Fine-grained
entitlements
Privileged user
management
Data governance
Encryption key
management
Fraud detection
Hybrid scanning
and correlation
Multi-faceted network
protection
Anomaly detection
Hardened systems
Proficient
User provisioning
Access
management
Strong
authentication
Data masking /
redaction
Database activity
monitoring
Data loss
prevention
Web application
protection
Source code
scanning
Virtualization security
Asset management
Endpoint / network
security management
Basic
Directory
management
Encryption
Database access
control
Application
scanning
Perimeter security
Host security
Anti-virus
People Data Applications Infrastructure
Security
Intelligence
1
2
-
0
1

25
Security
Intelligence,
Analytics &
GRC
People
Data
Applications
Infrastructure
Intelligent solutions provide the DNA to secure a Smarter Planet
26
ibm.com/security
Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBMs sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Security Strategy April2013

Uploaded by

Copyright:

Available Formats

Security Strategy April2013

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Strategy April2013

Uploaded by

Copyright:

Available Formats

What security challenges are discussed in the document?

What are the three dimensions of IBM's security framework?

2013 IBM Corporation

IBM Security Systems

You might also like