Security Strategy April2013

8/11/2019 Security Strategy April2013

1/26

2013 IBM Corporation

IBM Security Systems

1


IBM Security Strategy

Intelligence, Integration and

ExpertiseMarc van Zadelhoff

VP, WW Strategy and Product Management

Joe Ruthven

IBM MEA Security Leader


April 2013


2/26



2

Bring yourown IT

Socialbusiness

Cloud and

virtualization

1 billion mobileworkers

1 trillionconnected

objects

Innovative technology changes everything


3/26



3

Motivations and sophistication are rapidly evolving

National

Security

Nation-stateactorsStuxnet

Espionage,Activism

Competitors andHacktivistsAurora

Monetary

Gain

Organizedcrime

Zeus

Revenge,

Curiosity

Insiders andScript-kiddiesCode Red


4/26



4

IBM has tracked a massive rise in advanced and other attacks

2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjectureof relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Source: IBM X-Force 2012 Trend and Risk Report


5/26



5

Influencers

Confident / prepared

Strategic focus

Protectors Less confident Somewhat strategic

Lack necessary structural

elements

Responders Least confident

Focus on protection and

compliance

have a dedicated CISO

have a security/risk

committee

have information security

as a board topic

use a standard set of

security metrics to track

their progress

focused on improving

enterprise communication/

collaboration

focused on providing

education and awareness

How they differ

Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from

the 2012 IBM Chief Information Security Officer Assessment , May 2012

IBMs 2012 Chief Information Security Officer Study revealed thechanging role of the CISO


6/26



6

Security challenges are a complex, four-dimensional puzzle

that requires a new approach

ApplicationsWeb

ApplicationsSystems

ApplicationsWeb 2.0 Mobile

Applications

Infrastructure

Datacenters PCs Laptops Mobile Cloud Non-traditional

DataAt rest In motionUnstructuredStructured

PeopleHackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0SystemsApplications

Outsourcers

Structured In motion

Customers

Mobile

Applications


7/26 2013 IBM Corporation


7




8

Intelligence

Integration

Expertise

IBM delivers solutions across a security framework




9

Intelligence:A comprehensive portfolio of security solutions

Backed b y GTS Managed and Professional Services

Enterprise Governance, Risk and Compliance Management

GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)

v13-02

Operational IT Security Domains and CapabilitiesPeople Data Applications Network Infrastructure Endpoint

Federated

Identity Manager

Guardium

Database SecurityAppScan Source

Network

Intrusion

Prevention

Endpoint

Manager (BigFix)

Enterprise Single

Sign-On

Guardium

Vulnerability MgtAppScan Dynamic

NextGen Network

IPS

Mobile Device

Management

Identity and Access

Management Suite

Dynamic Data

Masking

DataPower Web

Security Gateway

SiteProtector

Management

System

Virtualization and

Server Security

Privileged Identity

Manager

Key Lifecycle

Manager

Security

Policy Manager

Network

Anomaly Detection

Mainframe Security

(zSecure, RACF)

Security Intelligence, Analytics, and Governance, Risk, and Compliance

QRadar SIEM QRadar Log Manager QRadar Risk Manager

IBM Security Portfolio




10

Domain Segment / Report Analyst Recognition

Security

Intelligence,Analytics and

GRC

Security Information & Event Management (SIEM) 2012 2010

Enterprise Governance Risk & Compliance Platforms 2011 2011

People

Identity & Access Governance 2012

User Provisioning / Administration 20122012***

2010

Role Management & Access Recertification 2011

Enterprise Single Sign-on (ESSO) 2011*

Web Access Management (WAM) 2012**

DataDatabase Auditing & Real-Time Protection 2011

Data Masking 2013

ApplicationsStatic Application Security Testing (SAST) 2010

2010Dynamic Application Security Testing (DAST) 2011

Infrastructure

Network Intrusion Prevention Systems (NIPS) 2012 2010

EndPoint Protection Platforms (EPP) 2013

Analysts recognize IBMs superior products and performance

ChallengerLeader Visionary Niche Player

Leader ContenderStrong Performer

Leader (#1, 2, or 3 in segment)

V13-05* Gartner MarketScope (discontinued in 2012)

** Gartner MarketScope

*** 2012 IDC MarketScape ranked IBM #1 in IAM




11

Customize protection

capabilities to block specific

vulnerabilities using scan

results

Converge access management

with web service gateways

Link identity information with

database security

Stay ahead of the changing

threat landscape

Designed to help detect the

latest vulnerabilities, exploits

and malware

Add security intelligence to

non-intelligent systems

Consolidate and correlatesiloed information from

hundreds of sources

Designed to help detect, notify

and respond to threats missed

by other security solutions

Automate compliance tasks

and assess risks

Integration: Increase security, collapse silos, and reduce complexity

JK2012-04-2

6


12/26



12

Collaborative IBM teams monitor and analyze the latest threats

Coverage

20,000+ devicesunder contract

3,700+ managedclients worldwide

13B+ eventsmanaged per day

133monitoredcountries (MSS)

1,000+ securityrelated patents

Depth

14Banalyzedweb pages & images

40M spam &phishing attacks

64Kdocumentedvulnerabilities

Billionsof intrusionattempts daily

Millions of uniquemalware samples


13/26



13


14/26



14

Context and Correlation Drive Deepest Insight

Extensive DataSources

DeepIntelligence

Exceptionally Accurate andActionable Insight+ =

Suspected Incidents

Event Correlation

Activity Baselining & Anomaly

Detection

Logs

Flows IP Reputation

Geo Location

User Activity

Database Activity

Application Activity

Network Activity

Offense Identification Credibility Severity

Relevance

Data Activity

Servers & Mainframes

Users & Identities

Vulnerability & Threat

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity

True Offense


15/26



15

Fully Integrated Security Intelligence

Turn-key log management and reporting

SME to Enterprise

Upgradeable to enterprise SIEM

Log, flow, vulnerability & identity correlation

Sophisticated asset profiling

Offense management and workflow

Network security configuration monitoring

Vulnerability prioritization

Predictive threat modeling & simulation

SIEM

LogManagement

Configuration

& Vulnerability

Management

Network

Activity &Anomaly

Detection

Network and

Application

Visibility

Network analytics

Behavioral anomaly detection

Fully integrated in SIEM

Layer 7 application monitoring

Content capture for deep insight & forensics

Physical and virtual environments


16/26



16

Fully Integrated Security Intelligence

Turn-key log management and reporting

SME to Enterprise

Upgradeable to enterprise SIEM

Log, flow, vulnerability & identity correlation

Sophisticated asset profiling

Offense management and workflow

Network security configuration monitoring

Vulnerability prioritization

Predictive threat modeling & simulation

SIEM

LogManagement

Configuration

& Vulnerability

Management

Network

Activity &Anomaly

Detection

Network and

Application

Visibility

Network analytics

Behavioral anomaly detection

Fully integrated in SIEM

Layer 7 application monitoring

Content capture for deep insight & forensics

Physical and virtual environments

One Console Security

Built on a Single Data Architecture


17/26



17

Key Themes

Advanced ThreatProtection PlatformHelps to prevent sophisticated threats

and detect abnormal network behavior

by using an extensible set of network

security capabilities - in conjunction with

real-time threat information and Security

Intelligence

Expanded X-ForceThreat IntelligenceIncreased coverage of world-wide threat

intelligence harvested by X-Force and

the consumption of this data to make

smarter and more accurate security

decisions

Security IntelligenceIntegrationTight integration between the Advanced

Threat Protection Platform and QRadar

Security Intelligence platform to provide

unique and meaningful ways to detect,

investigate and remediate threats

LogManager

SIEMNetworkActivityMonitor

RiskManager

Vulnerability

Data

Malicious

Websites

Malware

Information

Intrusion

Prevention

Content

and Data

Security

Web

Application

Protection IBM NetworkSecurity

Security

Intelligence

Platform

ThreatIntelligenceand Research

AdvancedThreat

Protection

Future

FutureNetwork

Anomaly

Detection

IP Reputation

Application

Control

Future

Infrastructure ProtectionAdvanced Threat


18/26



18

Key Themes

Reduced Total Cost

of OwnershipExpanded support for databases and

unstructured data, automation, handlingand analysis of large volumes of audit

records, and new preventive

capabilities

Enhanced Compliance

ManagementEnhanced Database Vulnerability

Assessment (VA) and DatabaseProtection Subscription Service (DPS)

with improved update frequency, labels

for specific regulations, and productintegrations

Dynamic

Data ProtectionData masking capabilities for databases

(row level, role level) and forapplications (pattern based, form

based) to safeguard sensitive and

confidential data

Data Security Vision

Across Multiple

Deployment

Models

QRadar

Integration


19/26



19

Key Themes

Security for

Mobile DevicesProvide security for and manage

traditional endpoints alongside mobile

devices such as Apple iOS, Google

Android, Symbian, and Microsoft

Windows Phone - using a single

platform

Expansion of

Security ContentContinued expansion of security

configuration and vulnerability content

to increase coverage for applications,

operating systems, and industry best

practices

Security Intelligence

IntegrationImproved usage of analytics - providing

valuable insights to meet compliance

and IT security objectives, as well as

further integration with SiteProtector

and the QRadar Security Intelligence

Platform

Infrastructure ProtectionEndpoint Vision


20/26



20

IBM Identity and Access Management Vision

Key Themes

Standardized IAM

and Compliance

ManagementExpand IAM vertically to provide identity

and access intelligence to the business;

Integrate horizontally to enforce user

access to data, app, and infrastructure

Secure Cloud, Mobile,

Social InteractionEnhance context-based access control

for cloud, mobile and SaaS access, aswell as integration with proofing,

validation and authentication solutions

Insider Threat

and IAM GovernanceContinue to develop Privileged Identity

Management (PIM) capabilities andenhanced Identity and Role management


21/26



21

Key Themes

Coverage for Mobile

applications and new

threatsContinue to identify and reduce risk byexpanding scanning capabilities to new

platforms such as mobile, as well as

introducing next generation dynamicanalysis scanning and glass box testing

Simplified interface and

accelerated ROINew capabilities to improve customer

time to value and consumability with

out-of-the-box scanning, static analysis

templates and ease of use features

Security Intelligence

IntegrationAutomatically adjust threat levels

based on knowledge of application

vulnerabilities by integrating and

analyzing scan results with

SiteProtector and the QRadar SecurityIntelligence Platform

Application Security Vision


22/26



22

All domains feed Security Intelligence

Endpoint Management

vulnerabilities enrich QRadars

vulnerability database

AppScan Enterprise

AppScan vulnerability results feed

QRadar SIEM for improved

asset risk assessment

Tivoli Endpoint Manager

Guardium Identity and Access Management

IBM Security Network

Intrusion Prevention System

Flow data into QRadar turns NIPS

devices into activity sensors

Identity context for all security

domains w/ QRadar as the dashboard

Database assets, rule logic and

database activity information

Correlate new threats based on

X-Force IP reputation feeds

Hundreds of 3rdparty

information sources


23/26



23

Cloud security is a key concern as

customers rethink how IT resources are

designed, deployed and consumed

Cloud Computing

In 2013 we will continue to focus on solving the big problems

Regulatory and compliance pressures are

mounting as companies store more data

and can become susceptible to audit

failures

Regulation and Compliance

Sophisticated, targeted attacks designed

to gain continuous access to critical

information are increasing in severity and

occurrence

Advanced Threats

Securing employee-owned devices and

connectivity to corporate applications are

top of mind as CIOs broaden support for

mobility

Mobile Computing

Advanced Persistent ThreatsStealth Bots Targeted Attacks

Designer Malware Zero-days

Enterprise

Customers

GLBA


24/26



24

Security Intelligence is enabling progress to optimized security

Optimized

Security Intelligence:

Flow analytics / predictive analytics

Security information and event managementLog management

Identity governance

Fine-grainedentitlements

Privileged user

management

Data governance

Encryption keymanagement

Fraud detection

Hybrid scanningand correlation

Multi-faceted networkprotection

Anomaly detection

Hardened systems

Proficient

User provisioning

Accessmanagement

Strongauthentication

Data masking /redaction

Database activitymonitoring

Data loss

prevention

Web applicationprotection

Source codescanning

Virtualization security

Asset management

Endpoint / networksecurity management

BasicDirectory

management

Encryption

Database accesscontrol

Applicationscanning

Perimeter security

Host security

Anti-virus

People Data Applications Infrastructure

SecurityIntelligence

12-01


25/26



25

SecurityIntelligence,

Analytics &

GRC

People

Data

Applications

Infrastructure

Intelligent solutions provide the DNA to secure a Smarter Planet


26/26



26

ibm.com/security

Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBMs sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Documents

Security Strategy April2013