IBM Security Strategy

IBM Security

IBM SECURITY STRATEGYIntegrated Security for a New Era

#IBM Security1This file was created in Microsoft PowerPoint 365 Pro Plus 2016To ensure ideal readability and slide effects, view using the latest version of PowerPoint which is free for IBMers to download on any IBM-managed device from theMicrosoft Office at IBM Community: https://w3-connections.ibm.com/communities/service/html/communitystart?communityUuid=5b88000f-d3c4-4e5a-b2be-4acd9e3a0c6a

Todays security driversCOMPLIANCEHUMANERRORSKILLS GAPADVANCEDATTACKSINNOVATION

#IBM SecurityAdvanced Attacks more advanced than ever, >80% in cyber gangs, global business that accounts for $400B+ a year.Source: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

Human error More than half of data breaches are caused by insiders, including employees, third-party contractors and partners.Source: http://www-03.ibm.com/security/data-breach/2015-cyber-security-index.html?ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US

Innovation cloud, mobile, and IOT create unprecedented risks to organizations. 44% of security leaders expect a major cloud provider to suffer a significant security breach in the future. 33% of organizations dont even test their mobile apps. CISCO estimates that by 2020, therell be 50 billion devices connected. Sources: https://www-03.ibm.com/press/us/en/pressrelease/45326.wss; https://securityintelligence.com/mobile-insecurity/; http://blogs.cisco.com/diversity/the-internet-of-things-infographic

Compliance adapting to a threat-aware, risk based approach vs. compliance based, box checking approach. In August 2015 a federal court ruled that the Federal Trade Commission (FTC) has the authority to take action against organizations that fail to protect consumer information against cyber attacks. The courts ruling should lead to greater scrutiny of corporate cyber security following a breach of personal privileged information.Source: http://www.pcworld.com/article/2974771/appeals-court-denies-challenge-to-ftcs-cybersecurity-enforcement.htmlThe Federal Communications Commission (FCC) reached a $25 million settlement with AT&T Services over allegations the phone carrier failed to protect the personal data of hundreds of thousands of customers whose personal information was compromised in a data breach that occurred between November 2013 and April 2014.Source: http://topclassactions.com/lawsuit-settlements/lawsuit-news/53582-att-to-pay-25m-in-data-breach-settlement-with-fcc/

Skills gap - experts predict a shortage of 1.5 million open and unfilled security positions by 2020.Source: Frost & Sullivan Report, 2015More than209,000 cybersecurity jobsin the U.S. are unfilled, and postings are up 74% over the past five years, according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press, a project of the Stanford University Journalism Program.Source: http://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#683b25157d27

2

2013800+ Million records20141+ Billion records2015Unprecedented Impact

Attackers break through conventional safeguards every day$7Maverage cost of a U.S. data breachaverage time to identify data breach201 days

#IBM SecurityV2016-6-17Todays threats continue to rise in numbers and scale as sophisticated attackers break through conventional safeguards every day.

Organized criminals, hacktivists, governments and adversaries are compelled by financial gain, politics and notoriety to attack your most valuable assets. Their operations are well-funded and business-like attackers patiently evaluate targets based on potential effort and reward. Their methods are extremely targeted they use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities. Meanwhile, negligent employees inadvertently put the business at risk via human error. Even worse, security investments of the past can fail to protect against these new classes of attacks. The result is more severe security breaches happening more and more frequently.

In fact, according to the latest IBM X-Force Threat Intelligence Report, the amount of data records and variety of attacks have expanded to unprecedented levels.Note: Size of circle indicated estimated relative impact.

Cybercriminals targets are now bigger and their rewards greater as they fine-tune efforts to obtain and leverage higher value data than years past.

The demand for leaked data is trending toward higher-value records such as health-related personally identifiable information (PII) and other highly sensitive data, with less emphasis on the emails, passwords and even credit card data that were the targets of years past. This PII can be used for social engineering to gain access to valuable financial targets.

We see this in both the breach trends and the evolution of malware to target high value bank accounts.Source: IBM X-Force Threat Intelligence Report 2016http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=WGL03114USEN&attachment=WGL03114USEN.PDF

According to a recent Ponemon study, 201 days is the average time it takes companies to identify a data breach; and it costs U.S. organizations an average of $7million per data breachSource: Key findings from the 2016 Cost of Data Breach Study: Global Analysishttp://w3-01.ibm.com/sales/ssi/cgi-bin/ssialias?htmlfid=SEP03396USEN

3

Traditional security practices are unsustainableMILLION unfilled security positions by 20201.585security tools from45vendorsPERCENT of CEOs are reluctant to share incident information externally68

#IBM SecurityOrganizations have admitted that their traditional security practices are unsustainable.

Until recently, organizations have responded to security concerns by deploying a new tool to address each new risk. Weve observed one company was using 85 tools from 45 different software vendors! Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. Costly and complex, these fragmented security capabilities do not provide the visibility and coordination needed to stop todays sophisticated attacks.

And according to a recent Frost & Sullivan Report, experts predict a shortage of 1.5 million open and unfilled security positions by 2020.Source: Frost & Sullivan Report, 2015

And according to a recent IBM report, while 50% of CEOs agreed that collaboration is necessary to combat cyber crime, just one third of them were willing to share their organizations cyber security incident information externally, with 68% reluctant to share such information externally.Source: Securing the C-Suite, IBM Report, Feb. 2016

4

Imagine if you couldPROTECT against tomorrows risks, today

#IBM SecurityImagine if you could protect the world of tomorrow, today. Threats continue to grow as does the reliance on information technology to generate value for your organization. However we are moving to be in a position to proactively stay ahead of the threats. By having the ability to identify and protect your most critical data it will be possible to TRUST that our organization is doing all that is required to adequately prevent, detect, and respond quickly to threats. To get to this point requires a security partner that is building an integrated system to help gain the needed insight required to respond to the threat environment. 5

How do I get started when all I see is chaos?IP reputationIndicators of compromiseThreat sharingFirewallsIncident and threat managementVirtual patchingSandboxingNetwork visibilityMalware protectionAntivirusData access controlData monitoringApplication security managementApplication scanningAccess managementEntitlements and rolesIdentity managementTransaction protectionDevice managementContent securityWorkloadprotectionCloud accesssecurity brokerAnomaly detectionLog, flow, data analysisVulnerability managementPrivileged identity managementIncident responseCriminal detectionFraud protectionEndpoint patching and management

#IBM Security.

Companies have been building up their security arsenals for the past 20 years - what do you see? A jumbled mess of scattered toolschaos. This is actually what most IT environments look like today, which adds to the complexity. 6

Threat IntelligenceSecurity AnalyticsCloudIdentityandAccessDataandAppsMobileAdvanced FraudNetworkEndpointSecurity EcosystemAn integrated and intelligent security immune system

Criminal detectionFraud protectionWorkloadprotectionCloud accesssecurity brokerAccess managementEntitlements and rolesPrivileged identity managementIdentity managementData access controlApplication security managementApplication scanningData monitoringDevice ManagementTransaction protectionContent securityMalware protectionAntivirusEndpoint patching and managementVirtual patchingFirewallsIncident and threat managementSandboxingNetwork visibilityVulnerability managementIncident responseLog, flow, data analysisAnomaly detectionIndicators of compromiseIP reputationThreat sharing

#IBM SecurityLets think about a security portfolio in a more organized fashion, structured around domains, with core discipline of security intelligence in the middle to make sense of threats using logs, data, threats, flows, packets, etc.

Its not integrated until they start talking to each, sending the important info across the environment to make sense of threats. And you start to see the Immune system metaphor. Different organs as your layers of defense, working together, interconnected points to automate policies and block threats. When you get a cold or virus, these are the organs that understand the virus and send data up through your central nervous system (security intelligence) to create white blood cells / antibodies to gather info, prioritize and take actions. This is whats called the Immune Response.

And its not fully integrated until you sit on top of a partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats.

Integration can help increase visibility. Notice how capabilities organize around their domains. Youll start to get an idea of how this immune system works. Like a body fighting a virus, there are different parts of a security portfolio working at once

And its not a complete immune system until these domain capabilities can interact, communicate, and integrate with one another across your hybrid IT environments; Extending beyond your organizations walls across your entire ecosystem.

7

SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security

Threat IntelligenceSecurity AnalyticsCloudIdentityandAccessDataandAppsMobileAdvanced FraudNetworkEndpointSecurity EcosystemIBM has the worlds broadest and deepest security portfolio

App Exchange

MaaS360INFORMATION RISKAND PROTECTION

Trusteer Mobile

Trusteer Rapport

AppScanGuardium

Cloud Security EnforcerPrivileged Identity ManagerIdentity Governance and AccessCloud Identity ServiceKey ManagerzSecureTrusteer Pinpoint

QRadar Vulnerability ManagerResilient Incident ResponseX-Force ExchangeQRadar Incident Forensics

SECURITY OPERATIONSAND RESPONSE

BigFixNetwork Protection XGS

QRadar SIEMQRadar Risk Manager

#IBM SecurityIBM offers a rich portfolio of products and services that are organized into three domains that uniquely address client needs. First is the Security Operations and Response domain that helps organizations orchestrate their defenses throughout the attack lifecycle, The second is the Information Risk and Protection domain that helps organizations protect their most critical information and risks. And the third is the Security Transformation Services which help organizations transform their security program. All of the IBM Security offerings are backed by an extensive business partner ecosystem which consists of industry-leading technology, sales and service partners.Security Operations and Response:IBM BigFix: Find, fix, and secure endpoint threats and vulnerabilitiesIBM Security Network Protection: Prevent network exploits and limit malware communicationsIBM QRadar Security Intelligence: Use advanced analytics to discover and eliminate threatsIBM Resilient Incident Response Platform: Generate response playbooks and coordinate activityIBM X-Force Exchange: Automatically update incident artifacts with threat intelligenceIBM Security Services: Deliver operations consulting to help implement processes and response experts when something goes wrongInformation Risk and Protection:IBM Cloud Security: Deliver visibility, control and protection of cloud appsIBM MaaS360: Mobile productivity and enterprise security without compromiseIBM Identity Governance and Access Management: Govern and enforce context-based access to critical assetsIBM Guardium: Protect crown jewels across the enterprise and cloudIBM AppScan: Scan and remediate vulnerabilities in modern applicationsIBM Trusteer: Stop financial and phishing fraud, and account takeoversIBM Security Services: Deliver governance, risk and compliance consulting, systems integration and managed security servicesSecurity Transformation Services:Security Strategy, Risk and Compliance: Automate governance, risk and compliance programsSecurity Intelligence and Operations: Build security operations and security fusion centersCyber Security Assessment and Response: Establish robust security testing and incident management programsIdentity Governance and Management: Modernize identity and access management for the cloud and mobile eraData and Application Security: Deploy robust critical data protection programsInfrastructure and Endpoint Security: Redefine infrastructure and endpoint solutions with secure software-defined networks

8

LEADin strategic domainsSecurity Transformation ServicesManagement Consulting | Systems Integration | Managed SecuritySecurity Research and Threat IntelligenceSecurity Operations and ResponseInformation Risk and ProtectionIBM Security StrategyCloud SecurityMobile SecurityIdentity Governance and Access ManagementData ProtectionApplicationSecurityAdvanced Fraud Prevention

Incident ResponseSecurity Intelligence and AnalyticsVulnerability andPatch ManagementEndpoint andNetwork ProtectionUser Behavior Analytics

SUPPORTthe CISO agendaCloudMobile andInternet of ThingsComplianceMandatesSkillsShortageAdvancedThreats

CloudCollaborationCognitiveACCELERATE with key innovation

#IBM SecurityIn support of the critical role of the CISO, IBM Security helps accelerate your ability to outthink threats with security innovation that uniquely incorporates cognitive, cloud, and collaboration.

Cognitive Security. IBM is unmatched in analytics to gain visibility and defend against advanced threats. Our offerings are strengthened by cognitive systems that understand, reason, and learn to help analysts resolve incidents quickly.Cloud Security. IBM helps you plan, deploy and manage security as you move workloads and data to the cloud, and consume security from the cloud to lower costs, increase flexibility, and gain visibility.Collaboration. IBM offers real-time threat intelligence crowdsourced from X-Force and a community of 14K+ users, as well as a security app marketplace to help your analysts stay ahead of the threat.

Immune system approach. Disconnected point products and services are expensive, hard to manage, and cannot solve todays challenges. IBM Security helps you establish a security immune system backed by analytics, real-time defenses and proven experts, so you can make strategic decisions about how to safeguard your business.

9

IBM helps protect against new and complex security challenges

Optimize your security program with skills to address modern day risksSECURITY TRANSFORMATION SERVICES

Orchestrate your defenses throughout the entire attack lifecycleSECURITY OPERATIONSAND RESPONSE

Keep your critical information protected while accelerating the businessINFORMATIONRISK ANDPROTECTION

#IBM SecurityIBM helps protect against new, complex security challenges

SECURITY STRATEGY AND TRANSFORMATION SERVICESOptimize your security program with skills to address modern day risksManagement Consulting | Systems Integration | Managed Security

SECURITY OPERATIONS AND RESPONSEOrchestrate your defenses throughout the entire attack lifecycle.Prevent, detect, and respond to all of todays threats across your organization with a single collaborative and cognitive platform.

INFORMATION RISK AND PROTECTIONKeep your critical information protected while accelerating the businessSafeguard and govern users, apps and critical information wherever they live in the cloud, on mobile devices, or on-premises.

10

Enterprise security programs face harsh realities every dayTop questions from leadership:Are we protected from the latest threats?Have we protected our most critical data?Do we have access to the right skill sets?Are we adapting to changing platforms?Are we operating at an appropriate maturity level for our industry?Are we communicating our risks clearly to our leaders and our board?Are we maximizing the valueof our security investments?

#IBM Security

11

Transform your security programBuild strategy that accelerates new IT trendsBYoD, Cloud, Mobile, IoTSaaS and Cloud based services

Access the right skillsAdvisors, responders, testers, analysts and engineers24x7x365 global expertiseBuild protected and connected systemsIncrease productivityGrant stakeholders access to the right data without introducing riskOptimize security programsModernize Identity and access, application development, privacy policies, data securityManage and protect against latest threatsGain access to global threat intelligenceGreater control in real time with actionable insightsImproved visibility to manage the threat lifecycle

Reduce complexityProvide programmatic, automated and integrated outcomesConsolidate point products to an integrated solution

#IBM SecurityRun: Just Managed Services

Skills shortageServices that provide the skills and expertise to address any in-house deficienciesInnovation and agilityServices that adapt to keep you optimized on the latest security technology and innovationAlign IT to business strategyIT can be positioned to support organizational goals and business objectivesGlobal security intelligence Visibility into the global threat landscapeSecure operations globallySecure your business and hybrid IT operations globallyMobile SecurityConnect systems with the world at large and make them safe for clients

7/20/201612IBM SECURITY

With proven global expertise, IBM Security Transformation Services deploys and manages optimized security programsSecurity Strategy, Risk and ComplianceAutomate governance, risk and compliance programsSecurity Intelligence and OperationsBuild security operations and security fusion centersCyber Security Assessment and ResponseEstablish robust security testing and incident management programsIdentity Governance and ManagementModernize identity and access management for the cloud and mobile eraData and Application SecurityDeploy robust critical data protection programsInfrastructure and Endpoint SecurityRedefine infrastructure and endpoint solutions with secure software-defined networksSECURITY TRANSFORMATION SERVICES

CEOCIOCISOCROCCOCLO

Security Strategy, Risk and ComplianceSecurity Intelligence and OperationsCyber Security Assessment and ResponseIdentity Governance and ManagementData and Application SecurityInfrastructure and Endpoint SecuritySystemsIntegrationManagementConsultingManagedSecurity

#IBM SecuritySecurity Strategy, Risk and ComplianceAutomate governance, risk and compliance programsBetter manage risks and drive transformative security programsSecurity Intelligence and OperationsBuild security operations and security fusion centersBuild gold-standard security operations for clients, infused with security intelligence and running at optimal performanceCyber Security Assessment and ResponseEstablish robust security testing and incident management programsApply threat intelligence to the entire security lifecycle: remediate vulnerabilities, respond to breaches and incidents Identity and Access ManagementModernize identity and access management for the cloud and mobile eraProvide the right access to the right information at the right timeData and Application SecurityDeploy robust critical data protection programsProtect Crown Jewel data against threats, across all platforms Infrastructure and Endpoint SecurityRedefine infrastructure and endpoint solutions with secure software-defined networksSolidify network, infrastructure and endpoint security across the enterprise, including Cloud, Mobile, IoT13

Why IBM Security Transformation Services?UnparalleledExpertiseBest-in-class Managed Security ServicesIntegratedApproachIBM X-Force Exchange and Threat Research teams providing zero-day threat alerts to clients Over 1400 employees serving 130+ countries, with a 95% retention rate35 billion security events analyzed daily across 4,500+ global clientsAccess to a global network of skilled industry experts Deep industry service delivery experience across numerous types of operations Ability to lead and execute large, transformational projectsIntegrated portfolio of security services and technologyOpen ecosystem with 100+ technology partners and 30+ services partners800+ technical vendor and 150+ professional security certifications

#IBM Security

14









15

Todays attacks require a strategic security approachBuild multiple perimetersProtect all systems Use signature-based methodsPeriodically scan for known threatsShut down systemsTactical ApproachCompliance-driven, reactionaryTodays AttacksAssume constant compromisePrioritize high-risk assetsUse behavioral-based methodsContinuously monitor activityGather, preserve, retrace evidenceStrategic ApproachIntelligent, orchestrated, automatedIndiscriminate malware,spam and DDoS activityAdvanced, persistent, organized, politically or financially motivatedIt takes power and precision to stop adversaries and unknown threatsYesterdays Attacks

#IBM SecurityTraditional security technologies and detection/prevention approaches are really strugglingAs attacks have become more sophisticated and mutate regularly, static technologies cant keep upSimilar to how signature-based antivirus is no longer sufficient, intrusion prevention needs to be smarter and more dynamicThis means adapting quickly to attacks as they change, and dealing with things like custom malware, APTs, etc.This also means taking a much more proactive approach to threat detection and prevention, vs. reactive

16

Continuously stop attacks and remediate vulnerabilitiesUpgrade your defenses with a coordinated platform to outthink threatsDisrupt malware and exploitsDiscover and patch endpointsAutomatically fix vulnerabilitiesRespond to incidents quickly, with precisionHunt for indicators using deep forensicsOrchestrate and automate incident responseDiscover unknown threats with advanced analyticsSee attacks across the enterpriseSense abnormal behaviorsAutomatically prioritize threats

RESPONDDETECT

PREVENT

#IBM SecurityIBM delivers a dynamic, integrated platform designed to prevent, detect, and respond along the entirety of the attack lifecycle.

17

IBM Security offers the industrys first integrated, end-to-end Security Operations and Response PlatformSecurity Operations and Incident Response ServicesIncident ResponseEndpoint andNetwork ProtectionVulnerability and Patch ManagementUser BehaviorAnalyticsSecurity Intelligence and AnalyticsSECURITY OPERATIONS AND RESPONSE

CEO

CISO

HR

IT

LEGAL

IDS | NIPS | AV | DLP | FW | DBs | Apps | Prevent, detect, and respond to threats with an intelligent, orchestrated, automated platformIBM BigFixFind, fix, and secure endpoint threats and vulnerabilitiesIBM Security Network ProtectionPrevent network exploits and limit malware communicationsIBM QRadar Security IntelligenceUse advanced analytics to discover and eliminate threatsIBM Resilient Incident Response PlatformGenerate response playbooks and coordinate activityIBM X-Force ExchangeAutomatically update incident artifacts with threat intelligenceIBM Security ServicesDeliver operations consulting to help implement processes and response experts when something goes wrong

#IBM SecuritySecurity Operations and ResponseDefend against advanced threats throughout the entire attack lifecycle. Prevent, detect, and respond to known and unknown threats across your organization with a single collaborative and cognitive platform.

Turn big data into actionable security intelligenceA leader in correlating massive sets of data in real time, using predictive analytics to help you detect threats faster and make more informed decisions.IBM Security Intelligence and Watson SolutionsIBM Threat Management and Monitoring Services

Deploy next generation defenses built and tested on the front-linesA leader in preventing targeted attacks from sophisticated malware and advanced persistent threats.IBM Security Network Protection and ForensicsIBM BigFix Endpoint ProtectionIBM X-Force Emergency Response Services

Respond quickly when breaches occurA leader in incident response and managementResilient Systems, an IBM CompanyIBM X-Force Incident Response

Collaborate to stay ahead of the threatA leader in threat intelligence and information sharing with near real-time threat feeds and a cloud-based platform for sharing security solutions.IBM X-Force Exchange Platform

18

Why IBM Security Operations and Response?Cognitive AnalyticsOpen EcosystemDeep Threat IntelligenceIBM Security App Exchange provides access to apps from leading security partnersOut-of-the-box integrations for 500+ third-party security productsOpen APIs allow for custom integrations and appsQRadar Sense Analytics allows you to inspect events, flows, users, and moreSpeed analysis with visuals, query, and auto-discovery across the platformGet ready to augment your analysts with Watson for Cyber SecurityIBM X-Force Exchange helps you stay ahead of the latest threats and attacksPowered by the X-Force Research team and 700TB+ of threat dataShare data with a collaborative portal and STIX / TAXII standards

#IBM Security

19









20

Data

Applications

Connectivity to more users, devices, and data than ever beforeWeb Applications

Systems ApplicationsAPIsMobile ApplicationsInfrastructure and Devices

Datacenters

PCs

Mobile

Cloud Services

IoTOn Premises

Off PremisesUnstructuredStructuredUsers

AuditorsSuppliers

ConsultantsContractors

EmployeesPartnersCustomers

Systems Applications

PartnersStructured

LaptopsIts time to expand from infrastructure to information-centric security

Employees

Unstructured

APIsOff Premises

Customers

Mobile Applications

#IBM Security

We realize that protecting against all the different security threats is challenging, especially given todays business domain complexities starting with

Infrastructure. As we know, infrastructures have become more complex. Weve gone from traditional datacenters, PCs, and laptops, to mobile devices with services delivered on the cloud, to the even more complex non-traditional end points or Internet of Things such as smart products and systems that are all interconnected.

Next, the application layer which has also seen a whole series of sophistication from systems applications, to web and now mobile applications. Then theres the data layer which has seen a significant increase in the amount of information being managed. Finally, the people on your network are no longer just your internal employees and external customers. Networks need to be accessible to our many supply chain constituents and yet restricted to our adversaries.

Because of these hyper-connected technologies spanning multiple domains, protecting the enterprise has become even more challenging. The traditional means of protecting the perimeter with individual point product solutions cobbled together cant scale to todays broader needs of the organization.

The entire enterprise needs protection, therefore a more integrated approach to security is needed

21

Protect your information, contain the riskGain control Govern all users and their privilegesProtect data usage across enterprise and cloudImprove DevOps securitySecure mobile devices and appsIdentify risksDiscover and classify business critical data and apps Expose over privileges with identity analyticsAnalyze cloud app usage and activity Detect web fraud with real time alerts Safeguard interactionsDeploy adaptive access and web app protectionFederate to and from the cloudMaintain data compliance and stop attacksSecure mobile collaboration

IDENTITY

CLOUD

FRAUD

APP

DATA

MOBILE

#IBM SecurityKeep your information protected while keeping your employees productive. Safeguard critical data, users, apps, and transactions wherever they live in the cloud, on mobile devices, or on-premises.

22

IBM Security has the industrys most comprehensive solution forInformation Risk and ProtectionKeep your information protected while securely interacting with employees and consumers IBM Cloud SecurityDeliver visibility, control and protection of cloud appsIBM MaaS360Mobile productivity and enterprise security without compromiseIBM Identity Governance and Access ManagementGovern and enforce context-based access to critical assetsIBM GuardiumProtect crown jewels across the enterprise and cloudIBM AppScanScan and remediate vulnerabilities in modern applicationsIBM TrusteerStop financial and phishing fraud, and account takeoversIBM Security ServicesDeliver governance, risk and compliance consulting, systems integration and managed security services

LOB

RISK

AUDIT

CISO

IT

INFORMATION RISK AND PROTECTIONGovernance, Risk and Compliance ServicesIdentity Governance and Access ManagementCloud SecurityMobile SecurityApplicationSecurityData ProtectionAdvancedFraud Protection

#IBM SecurityOptimize user, data, and application security to shield sensitive assetsA leader in ensuring your information is always protected in transit, at rest, and in use, preventing access by unauthorized users and developing intelligence to identify misuse by those allowed.IBM Crown Jewels Protection ProgramIBM Identity and Access ManagementIBM Insider Threat ProtectionIBM Application Security and Risk ManagementMaintain visibility and control of the CloudA leader in securing every stage of cloud adoption, from design to consumption, with end-to-end solutions to harden workloads and monitor malicious activity to and from the cloud.IBM Cloud Security Services and SolutionsIBM Cloud Security EnforcerSafeguard transactions and access to the mobile enterpriseA leader in protecting every layer of the mobile enterprise, ensuring the highest levels of security across handsets, networks, applications, and the transactions in between.IBM MobileFirst Security SolutionsIBM MaaS360 Mobile Security SolutionsIBM Trusteer Mobile and Advanced Fraud Protection Solutions23

Why IBM Information Risk and Protection?Risk-based IntelligenceMulti-layer IntegrationsDesigned for Cloud & MobileUnited controls to span employees, business partners and customersBuilt with open standards to speed integration and interoperabilityCross segment integrations to protect against threatsBusiness focused analytics to make decisions and meet regulationsX-Force and Trusteer intelligence to stay ahead of the latest threatsMachine learning algorithms to spot unusual behaviors and vulnerabilitiesLargest SaaS portfolio across fraud protection, application, cloud, and mobile securityFlexible deployment and out-of-the-box connectors for the most popular cloud servicesSafeguarding mobile and consumer interactions

#IBM Security

24

COGNITIVE, CLOUD,and COLLABORATION

The next era of security

INTELLIGENCEand INTEGRATION

PERIMETER CONTROLS

#IBM SecuritySince the age of the first networks and the hackers who soon followed, weve evolved security technology from perimeter controls of moats and castles to

Intelligence and Integration capabilities that leverage analytics to collect and make sense of massive amounts of real-time data flow, prioritizing events and detecting high-risk threats in real-time; and now to the next era of security

Cognitive, Cloud, and Collaborative systems that learn, reason, interact with security professionals, Help eliminate threats with greater precision, speed, build and improve predictive threat models, identify at-risk users and risky behavior, and provide remediation guidance.

PRESENTER: See Cognitive, Cloud, Collaborative Module for drill-down slides.

25

IBM Security invests in best-of-breed solutions

Incidentresponse

Cloud-enabledidentity managementIdentity governance

Application securityRisk management Data management

Security services and network security

Database monitoringand protection Application security

SOA management and security

IBM Security is making all the right moves...Forbes

201120122013201420152016

2005200620072008200920102002IBM SecuritySystems

IBM SecurityServicesIdentity managementDirectory integrationEnterprisesingle-sign-onEndpoint managementand security

Security Intelligence

Advanced fraud protectionSecure mobile mgmt.

CyberTap

#IBM SecurityFor over 50 years, since the introduction of the mainframe, IBM has been committed to providing comprehensive security that meets evolving technological needs. We have invested substantially in inorganic growth to supplement and enhance our organically developed security solutions to build a comprehensive portfolio that can help clients move up the maturity model from basic to proficient to advanced. Additionally IBM Security has been granted over 3700 security-related patents.

This progression was formalized in 2012 with the creation of the IBM Security Systems Division that brought the multiple solutions together to increase the focus and help drive long term strategy for the organization. In 2015, IBM Security Systems Division became a primary Business Unit of IBM, called IBM Security.

IBM Security is making all the right moves.Source: http://www.forbes.com/sites/stevemorgan/2016/01/20/ibm-reports-2-billion-in-annual-security-revenues/#426f5fae75e1

1976IBM introduces Resource Access Control Facility (RACF), to provides access control and auditing functionality for applications on the mainframe eliminating the need for each application to imbed security 1977The IBM develops Data Encryption Standard (DES), a cryptographic algorithm, adopted as the national standard by the US National Bureau of Standards1978IBM announces the 3624 automatic teller machine, utilizing DES1995IBM starts contributing to Java Security technologies1996IBM launches Cryptolope containers to seal intellectual property in a digital package so that content transactions are secured over the InternetIBM launches the SecureWay Key Management Framework, a collection of applications, services and cryptographic engines that help make the Internet safe for e-commerce IBM begins pilot program with MasterCard using Secure Electronic Transaction (SET) technology which secures credit card transactions over the Internet IBM develops and certifies the IBM Secure Crypto Co-processor (4758) at FIPS 104-1 Level 4, the highest level of FIPSIBM releases its first enterprise-grade LDAP Directory Server (now known as Directory Server)1998IBM extends Secure Electronic Transaction (SET) standard support which secures payments over the Internet and is largely based on technology developed at IBM Research and adopted by major credit card companies1999IBM acquires Dascom, the basis for IBM's Access Manager portfolioIBM Research's breakthrough paper on Side Channel Cryptanalysis Attacks and Countermeasures (1999 2004)2000IBM patents a system and method for alerting computer users to digital security intrusionsIBM appoints Harriet Pearson its first Chief Privacy Officer2002IBM acquires Access 360, the basis for IBM's Identity Manager portfolioIBM acquires MetaMerge for meta-directory and directory synch capability (now known as Directory Integrator)2005IBM debuts the first ThinkPad with an integrated fingerprint reader, at the time offering an unmatched level of data protection through a new biometric capability and embedded security subsystem2006IBM acquires Internet Security Systems, Inc, the basis for todays IBM X-Force IT security research team and the IBM network protection product familySmart cards, highly efficient JavaCard technology developed at IBM Research Zurich, is licensed by a leading smart card manufacturer for secure multi-application smart cards and is used in many JavaCard projects The technology is used today in 10s of millions of VISA credit cards2007IBM acquires Consul, to help accelerate data and governance strategy2008IBM patents a secure system and method for enforcement of privacy policy and protection of confidentialityIBM acquires Encentuate, the basis for 'IBMs Enterprise Single-sign-on (ESSO) productZone Trusted Information Channel: Plugs into the USB port of any computer and creates a direct, secure channel to a banks online transaction server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks2009IBM acquires Ounce Labs, a provider of software that analyzes software code for security vulnerabilities, todays AppScan familyIBM acquires Guardium, a market leader in real-time enterprise database monitoring and protection Pioneers the use of Big Data analytics to cybersecurity problems (FAA, USAF)2010IBM acquires Big Fix, helping organizations extend security and compliance to endpoints, today Endpoint ManagerIBM Researchs breakthrough on Fully Homomorphic Encryption2011IBM Security Systems division is createdIBM acquires Q1 Labs, with its QRadar security intelligence portfolio, to strengthen its offerings around advanced security analyticsIBM launches Cloud-based Mobile Security Services, IBM Hosted Mobile Device Security Management2012IBM delivers next-gen Intrusion system, new access appliance and privileged identity technologyIBM announces 25 new product releases in security, a record year of innovationIBM extends its market leading static application security testing (IBM Security AppScan) to native Android applications, which allows clients to conduct their own testing for mobile applicationsIBM acquires StoredIQ in a push for more big data capability.2013IBM announces breakthrough with combination of Security Intelligence and Big DataIBM acquired Cybertap for their incident forensics technology. IBM announces new QRadar Vulnerability Manager software to help organizations identify and predict security riskIBM announces MobileFirst security software (IBM AppScan Source 87 for iOS) to improve security quality without sacrificing time-to-market of mobile app projectsIBM announces acquiring Trusteer for mobile and application security, counter-fraud and malware detection IBM announced acquiring Fiberlink. Fiberlinks MaaS360 offering expands IBM MobileFirst solutions with new cloud-based capabilities to deliver a comprehensive mobile management and security solution for global organizations of all sizes. This acquisition supports IBMs expanding vision for enterprise mobility management, which encompasses secure transactions between businesses, partners and customers. 2014IBM announces the acquisition of Lighthouse Security Group and CrossIdeas2015In an IBM reorganization, IBM Security Systems Division advances to become an IBM business unit called IBM Security.26

Industry analysts rank IBM SecurityDOMAINSEGMENTMARKET SEGMENT / REPORTANALYST RANKINGSSecurity Operations and ResponseSecurity IntelligenceSecurity Information and Event Management (SIEM)LEADERNetwork and Endpoint ProtectionIntrusion Prevention Systems (IPS) LEADEREndpoint: Client Management ToolsLEADEREndpoint Protection Platforms (EPP)Strong PerformerInformation Riskand ProtectionIdentity Governance and Access ManagementFederated Identity Management and Single Sign-OnLEADERIdentity and Access GovernanceLEADERIdentity and Access Management as a Service (IDaaS)LEADERWeb Access Management (WAM)LEADERMobile Access ManagementLEADERIdentity Provisioning ManagementLEADERData SecurityData MaskingLEADERApplication SecurityApplication Security Testing (dynamic and static)LEADERMobile ProtectionEnterprise Mobility Management (MaaS360)LEADERFraud ProtectionWeb Fraud Detection (Trusteer)LEADERSecurity Transformation ServicesConsulting and Managed ServicesManaged Security Services (MSS)LEADERInformation Security Consulting ServicesLEADER

V2016-06-16Note: This is a collective view of top analyst rankings, compiled as of July, 2016

#IBM Security

Were very proud of our proven leadership across security domains, in fact IBM Security is ranked as a LEADER in 24 analyst reports from Gartner, Forrester, IDC, Frost & Sullivan, and KuppingerCole.

Our commitment is not just to have the right coverage in each of the domains, but more importantly to maintain the leadership position in each of the market segments.27

Adaptive integration with ecosystem partners

Ready for IBM Security IntelligenceIBM PartnerWorld100+ ecosystem partners, 500+ QRadar integrations

#IBM SecurityWe have 400 ready for IBM Security partners that are integrated into our portfolio to make our system open and relevant for customers. 500+ Qradar integrations

First column of companies listed are Ready for IBM Security Intelligence Solution Technology Partners

7/20/201628IBM SECURITY

A Global Leader in Enterprise Security

#1 in enterprise security software and services*7,500+ people 12,000+ customers133 countries3,500+ security patents 15 acquisitions since 2005*According to Technology Business Research, Inc. (TBR) 2016

#IBM Security

29

Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.ibm.com/securitysecurityintelligence.comxforce.ibmcloud.com@ibmsecurityyoutube/user/ibmsecuritysolutionsFOLLOW US ON:THANK YOU

#IBM Security

30

Cognitive: Revolutionizing how security analysts work Natural language processing with security that understands, reasons, and learns

Watson determines the specific campaign (Locky),discovers more infected endpoints, and sends results to the incident response team

#IBM SecurityThe cognitive era is here. Digital everything means that technologys number one job in business now is handling and responding to data. Cognitive capabilities are being applied to security to establish a relationship between machines and humans. The role of technology can now change from enabler to advisor. We are ushering in this new era of cognitive security to out-think and outpace threats with security that understands, reasons and learns.

Watson enables fast and accurate analysis of security threats, saving precious time and resourcesFaster investigationsClear backlog easierIncreased investigative skillsHeavy lifting done beforehand

With the help of Watson, security analysts will be able to spend less time on the mundane tasks of manual and time consuming threat analysis, and more time being human. 31

CloudMonitor and enforce cloud usageIBM Security Cloud Enforcer

RISKYAPPSAPPROVEDAPPS

MOBILE

BYOD

ON PREM

EMPLOYEES

#IBM SecurityGain cloud visibility and control with IBM Cloud Security Enforcer

Discovery and Visibility Uses QRadar connectors to pull in data from hundreds of different network devicesMapping IP addresses back to internal directories, so we know who the users really are, not just an IP addressPulling X-force data on destination IP address to determine the cloud apps and risk scoringQRadar provides more real-time visibility and can report trends over/progress over time

Identity and Access ControlsLeverages marketing leading IBM solutions for simplifying cloud provisioning and access controls

Event CorrelationUses QRadar technologies to look for anomalies and initiate administrative alerts

Threat preventionPulls dynamic threat intelligence data from IBM X-Force; monitoring 15B+ security events dailyReal-time global threat intelligence from 270M+ endpointsData based on threat monitoring of 25B+ web pages and images One of worlds largest database of 89K+ vulnerabilitiesDeep intelligence on 8M+ spam and phishing attacksReputation data with 860K+ malicious IP addresses

Policy EnforcementBuilt in policy engine to monitor user behaviors and actionsProxy based enforcement enables users to be directed or redirected to the approved cloud apps

32

CollaborationCrowd-sourced information sharing based on 700+TB of threat intelligencehttps://exchange.xforce.ibmcloud.com

#IBM SecurityOne element that the offense have mastered is collaboration. According to the United Nations Office on Drugs and Crime upwards to 80% of cybercrime acts are estimated to originate in some form of organized activity. Cyber criminals have learned to collaborate. They share vulnerability, targeting, and countermeasure information. They also share tools to ensure that their attacks can be successful. Collaboration is a force multiplier for the hacking community. It is in this way that confederations of independent actors can succeed. Enterprises have been using threat intelligence in an effort to stay abreast of the threats but these efforts are limited. To succeed requires much more information, shared among security professionals, researchers, and practitioners.

IBM has built a collaboration platform called the X-Force Exchange to facility the collaboration that will allow organizations to have a much greater understanding of threats and actors. X-Force Exchange is a cloud-based threat intelligence sharing platform that enables users to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange provides timely, curated threat intelligenceinsights which adds context to machine-generated data. The platform facilitates making connections with industry peers to validate findings and research threat indicators.

Leveraging the open and powerful infrastructure of the cloud, users can collaborate and tap into over 700 terabytes of information from multiple data sources, including: One of the largest and most complete catalogs of vulnerabilities in the world; Threat information based on monitoring of more than 15 billion monitored security events per day; Malware threat intelligence from a network of 270 million endpoints; Threat information based on over 25 billion web pages and images; Deep intelligence on more than 8 million spam and phishing attacks; Reputation data on nearly 1 million malicious IP addresses.

IBM X-Force Exchanges offers: A robust platform with access to a wealth of threat intelligence data Context for threat indicators, delivered from a mix of human-and machine-generated insights An integrated solution to help quickly discover and act on threats A collaborative platform for sharing threat intelligence An easy-to-use interface for organizing and annotating findings

33

CollaborationApplication extensions to enhance visibility and productivity

https://exchange.xforce.ibmcloud.com

#IBM SecurityAttackers share tools. They collaborate in creating malware that is difficult to discover. On the defensive side enterprises deal with a large number of siloed security solutions from an equally large number of vendors. It is estimated that an average enterprise can have up the 85 security products from 40 vendors. With this mix it is difficult to link the products together so they can support each other. To fill this gap IBM has introduced the IBM Security App Exchange. The exchange is a marketplace for the security community to create and share application that integrate with the leading the IBM Security solutions. The first offering in which customers, business partners and other developers can build custom apps is QRadar, our market leading security intelligence platform. Releasing application programming interfaces (APIs) and software development kits for QRadar will foster integration with third-party technologies to provide customers with better visibility into more types of data and also offer new automated search and reporting functions which help security specialists focus on the most pressing threats. The IBM Security App Exchange has a number of customized apps that extend security analytics into areas like user behavior, endpoint data and incident visualization.

Before releasing the app IBM Security tests them to will be closely testing every application to ensure the integrity of these community contributions.

In the future the App Exchange will offer the opportunity to produce apps for additional IBM Security products.

34