© 2013 IBM Corporation
IBM Security Systems
1 1 © 2013 IBM Corporation
IBM Security StrategyIntelligence, Integration and Expertise
György R. RáczSales Executive
IBM Security Systems CEE
Riga, 7th of November
© 2013 IBM Corporation
IBM Security Systems
2 2
Agenda
Introduction: The evolving threat landscape
A new approach to security is needed
How IBM Security is positioned to help
© 2013 IBM Corporation
IBM Security Systems
3 3
M O
T I
V A
T I
O N
Motivations and sophistication are rapidly evolving
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
HacktivistsLulzsec, Anonymous
Monetary Gain
Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack
Nuisance,Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-state actors, APTsStuxnet, Aurora, APT-1
© 2013 IBM Corporation
IBM Security Systems
4 4
Attack frequency increased to record in H1 2013
Source: IBM X-Force® Research 2013 Trend and Risk Report
© 2013 IBM Corporation
IBM Security Systems
5 5
IT Security is a board room discussion
Increasingly, companies are appointing CROs and CISOswith a direct line to the Audit Committee
Loss of market share and reputation
Legal exposure
Audit failure
Fines and criminal charges
Financial loss
Loss of data confidentiality, integrity and/or availability
Violation of employee privacy
Loss of customer trust
Loss of brand reputation
CEO CFO/COO CIO CHRO CMO
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
© 2012 IBM Corporation© 2013 IBM Corporation6 6
© 2013 IBM Corporation
IBM Security Systems
7 7
Security challenges are a complex, four-dimensional puzzle…
…that requires a new approach
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
InfrastructureDatacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
PeopleAttackers Suppliers
Consultants Partners
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems Applications
Outsourcers
Structured In motion
Customers
Mobile Applications
© 2013 IBM Corporation
IBM Security Systems
8 8
Intelligence
Integration
Expertise
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
IBM Security Framework
© 2013 IBM Corporation
IBM Security Systems
9 9
Reaching security maturity
13-0
9-17
Security IntelligencePredictive Analytics, Big Data Workbench, Flow Analytics
SIEM and Vulnerability Management Log Management
Advanced Fraud Protection
People Data Applications Infrastructure
Identity governance
Fine-grained entitlements
Privileged user management
Data governance
Encryption key management
Fraud detection
Hybrid scanning and correlation
Multi-facetednetwork protection
Anomaly detection
Hardened systems
User provisioning
Access management
Strong authentication
Data masking / redaction
Database activity monitoring
Data loss prevention
Web application protection
Source code scanning
Virtualization security
Asset management
Endpoint / network security management
Directorymanagement
Encryption
Database access controlApplicationscanning
Perimeter security
Host security
Anti-virus
Optimized
Proficient
Basic
© 2013 IBM Corporation
IBM Security Systems
10 10
IBM Security InvestmentIBM Security Investment
• 6,000+ IBM Security experts worldwide
• 3,000+ IBM security patents
• 4,000+ IBM managed security services clients worldwide
• 25 IBM Security labs worldwide
• 6,000+ IBM Security experts worldwide
• 3,000+ IBM security patents
• 4,000+ IBM managed security services clients worldwide
• 25 IBM Security labs worldwide
IBM Security: Market-changing milestones
Mainframeand Server
Security
SOA Managementand Security
Network Intrusion Prevention
DatabaseMonitoring
Access Management
ApplicationSecurity
ComplianceManagement
1976
Resource Access Control Facility(RACF) is created, eliminating the need for each application to imbed security
1999
Dascom is acquired for access management capabilities
2006
Internet Security Systems, Inc. is acquired for security research and network protection capabilities
2007
Watchfire is acquired for security and compliance capabilitiesConsul is acquired for risk management capabilitiesPrinceton Softech is acquired for data management capabilities
2008
Encentuate is acquired for enterprise single-sign-on capabilities
2009
Ounce Labs is acquired for application security capabilities
Guardium is acquired for enterprise database monitoring and protection capabilities
2010
Big Fix is acquired for endpoint security management capabilitiesNISC is acquired for informationand analytics management capabilities
2005
DataPower is acquired for SOA management and security capabilities
2013
Intent to acquire Trusteer for mobile and application security, counter-fraud and malware detection
2002
Access360 is acquired for identity management capabilitiesMetaMerge is acquired for directory integration capabilities
Identity Management
AdvancedFraud Protection
Security Analytics
Security Intelligence
IBM Security Systems division is created
2011
Q1 Labs is acquired for security intelligence capabilities
2012
© 2013 IBM Corporation
IBM Security Systems
11 11
Industry analysts rank IBM Security as leading the market
IBM Confidential: For internal use only
© 2013 IBM Corporation
IBM Security Systems
12 12
At IBM, the world is our security lab
v13-01v13-016,000IBM researchers, developers,
and subject matter expertsALL focused on security
3,000 IBM securitypatents
More than
Security Operations Centers
Security Research and Development Labs
Institute for Advanced Security Branches
© 2012 IBM Corporation© 2013 IBM Corporation13 13
© 2013 IBM Corporation
IBM Security Systems
14 14
CAPABILITIES
Security Intelligence and Analytics
Advanced Fraud Protection
People Data Applications Infrastructure
Advanced Security and Threat Research
MEGATRENDS
Advanced Threats Cloud Mobile Compliance
BUYERS
CISO CIO Line-of-Business
Deliver a broad portfolio of solutions differentiated through their integration and innovation to address the latest trends
IBM Security Systems Strategy
Support the CISO agenda1
Innovate around key trends2
Lead in selected segments3
HELP!
© 2013 IBM Corporation
IBM Security Systems
15 15
IBM Security Systems PortfolioIBM Security Systems Portfolio
People Data Applications Network Infrastructure Endpoint
Identity Management
Guardium Data Security and Compliance
AppScan Source
Network Intrusion Prevention
Trusteer Apex
Access Management
Guardium DB Vulnerability Management
AppScan Dynamic
Next Generation Network Protection
Mobile and Endpoint Management
Privileged Identity Manager
Guardium / Optim Data Masking
DataPower WebSecurity Gateway
SiteProtectorThreat Management
Virtualization and Server Security
Federated Access and SSO
Key Lifecycle Manager
Security Policy Manager
NetworkAnomaly Detection
MainframeSecurity
IBM X-Force Research
Advanced Fraud Protection
Trusteer Rapport
Trusteer PinpointMalware Detection
Trusteer PinpointATO Detection
Trusteer Mobile Risk Engine
Security Intelligence and Analytics
QRadar Log Manager
QRadar SIEM
QRadar Risk Manager
QRadar Vulnerability Manager
IBM offers a comprehensive portfolio of security products
© 2013 IBM Corporation
IBM Security Systems
16 16
Influencers
• Confident / prepared• Strategic focus
Protectors
• Less confident• Somewhat strategic• Lack necessary
structural elements
Responders
• Least confident• Focus on protection
and compliance
have a dedicated CISO
have a security/riskcommittee
have information securityas a board topic
use a standard set ofsecurity metrics to track
their progress
focused on improvingenterprise communication/
collaboration
focused on providingeducation and awareness
How they differ
IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO
Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012
© 2013 IBM Corporation
IBM Security Systems
17 17
Cross-domain awareness
of targeted assets
Integrated platform for distribution of threat intelligence
Cross-domain awareness of threat activity
A New Vision for Integrated Advanced Threat Protection
© 2013 IBM Corporation
IBM Security Systems
18 18
Intelligent Security for the Cloud
13-04-02
Data and Application Protection
Secure enterprise databases
Build, test and maintain secure cloud applications
Threat Protection
Prevent advanced threats with layered protection
and analytics
IdentityProtection
Administer, secure, and extend identity and access to and
from the cloud
Security Intelligence
Provide visibility, auditability and control for the cloud
© 2013 IBM Corporation
IBM Security Systems
19 19
Device Management
Network, Data, and Access Security
Application Layer Security
Security for endpoint device and data
Achieve visibility and adaptive security policies
Develop and test applications
Securing the Mobile Enterprise
© 2013 IBM Corporation
IBM Security Systems
20 20
Security Intelligence: Integrating across IT silos
Extensive data sources
Deep intelligence
Exceptionally accurate and actionable insight+ =
V13-03
Data activity
Servers and mainframes
Users and identities
Vulnerabilities and threats
Configuration information
Security devices
Network and virtual activity
Application activity
Correlation• Logs/events• Flows• IP reputation• Geographic location
Activity baselining and anomaly detection
• User activity• Database activity• Application activity• Network activity
True offense
Suspectedincidents
Security Intelligence and Analytics
Offense identification• Credibility• Severity• Relevance
Key Themes
Increased Data Sources Data from 450+ security collectors and Integration with X-Force intelligence and other external feeds to use in analysis for determining relevant vulnerabilities and potential threats
Integrated Vulnerability ManagementComprehensive understanding of the configuration and exposure of systems in the environment, enabling contextual analysis to determine vulnerabilities against particular threats
Enhanced Identity ContextIntegrated understanding of users, their roles, level of privilege, geographical location and their typical behaviors to enable enterprises to identify abnormal activity that might indicate insider threat
© 2013 IBM Corporation
IBM Security Systems
21 21
Trusteer Advanced Fraud and Malware ProtectionHelping to protect against financial fraud and advanced security threats
Among the capabilities Trusteer brings to IBMs security portfolio:
Web Fraud ProtectionLeading web fraud capabilities for financial services and web commerce
Secure Mobile TransactionsEmbedded security for mobile devices and applications helps enables secure transactions from devices to the back office
Advanced Malware ProtectionUnique endpoint solution for identifying and protecting against Advanced Persistent Threats
Security-as-a-ServiceCloud based deployment enabling rapid and real-time updates
Advanced Fraud Protection
© 2013 IBM Corporation
IBM Security Systems
22 22
PeopleIdentity and Access Management: Helping to extend secure user access across the enterprise
Key Themes
Standardized IAM and Compliance ManagementExpand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure
Secure Cloud, Mobile, Social InteractionEnhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions
Insider Threat and IAM GovernanceContinue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
© 2013 IBM Corporation
IBM Security Systems
23 23
Data
Key Themes
Expand to new platformsExpand beyond supporting databases to all relevant data sources, including data warehouses, file shares, file systems, enterprise content managers, and Big Data (Hadoop, NoSQL, in-memory DB), wherever data is stored
Introduce new data protection capabilitiesComplement discovery, classification, monitoring, auditing, and blocking with though leadership capabilities like cloud encryption/tokenization, dynamic data masking, and fraud detection
Lead on scalability and lower TCOContinue to improve on solution deployability with improvements to scalability, performance, simplification, automation, serviceability, and ease of use
Data Security: Helping to secure structured, unstructured, online and offline data across the enterprise
Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics
Data Discovery and ClassificationData Discovery and Classification
Policy-based Access and EntitlementsPolicy-based Access and Entitlements
Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring
at Endpoint(workstations, laptops,
mobile,…)
over Network(SQL, HTTP, SSH, FTP,
email,. …)
Stored(Databases, File Servers, Big
Data, Data Warehouses, Application Servers,
Cloud/Virtual ..)
Sec
urity
Sol
utio
nsS
ecur
ity S
olut
ions
IT &
Bus
ines
s P
roce
ssIT
& B
usin
ess
Pro
cess
inte
gra
te
inte
gra
te
• Protect data in any form, anywhere, from internal or external threats
• Streamline regulation compliance process
• Reduce operational costs around data protection
© 2013 IBM Corporation
IBM Security Systems
24 24
Infrastructure Protection: EndpointProvides in-depth security across your network, servers, virtual servers, mainframes and endpoints
Key Themes
Security for Mobile DevicesProvide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform
Expansion of Security ContentContinued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices
Security Intelligence IntegrationImproved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform
Infrastructure
© 2013 IBM Corporation
IBM Security Systems
25 25
Customer successes across domains
Advanced Fraud Protection
People Manage user access securely and cost-effectively
DataEnsure privacy and integrity of data
Applications Automate security testing on web-based applications
Infrastructure Proactively alert, simplify monitoring and management
Protect against financial fraud and advanced security threats
Security Intelligence and Analytics
Improve overall security and compliance
Major South American bank health reduced the number of help desk calls by 30%, resulting in annual savings of $450,000+
Major global bank saved $1.5 USD / year on storage costs and reduced compliance costs by $20M USD
Client added 225 new applications per year to handle US$1 quadrillion in securities transactions per year
Client monitored all devices and networks across all sites with zero false positives without blocking revenue-based traffic
Banking clients reduced online banking fraud to near zero while complying with regulatory compliance mandates for layered security
Global office products supplier achieved greater visibility to potential security threats and PCI compliance with $0 cost increase
© 2013 IBM Corporation
IBM Security Systems
26 26
Case Study: CEE based Insurance company gains actionable information in minutes to strengthen security and compliance
Optimize staff resources
“We can now find and address the source of a problem in minutes instead of tens of hours.”— Chief Information Security Officer, Insurance Company
“We can now find and address the source of a problem in minutes instead of tens of hours.”— Chief Information Security Officer, Insurance Company
The transformation: By replacing manual processes with an advanced security solution from IBM, Client’s IT staff can quickly uncover threats, prioritize response based on risk level, and take action before the business is affected. The new solution integrates and analyzes data from disparate data sources and provides a unified view of potential security events, operational anomalies and vulnerabilities
99% reductionin time to respond to security and IT incidents
99% reductionin compliance reporting time
Uncovers threatsand prioritizes risk for efficient and effective remediation
• IBM® QRadar® Security Intelligence • IBM® QRadar® Security Intelligence
© 2013 IBM Corporation
IBM Security Systems
27 27
Case Study: CEE based Bank gains 360-degree visibility into the enterprise
The transformation: Replacing an out-of-date security monitoring solution with an advanced security platform from IBM, Client’s security staff gained superior threat detection and a much richer view of enterprise activities. The new solution integrates and analyzes data from disparate sources to help staff more quickly uncover and respond to threats.
Optimize security ROI
“With the IBM security platform, I now have a tool that gives me visibility across my enterprise and helps me find the source of the problem quickly.”- Chief Security Officer of the Bank
“With the IBM security platform, I now have a tool that gives me visibility across my enterprise and helps me find the source of the problem quickly.”- Chief Security Officer of the Bank
• IBM® QRadar® Security Intelligence • IBM® QRadar® Security Intelligence
99% decreasein investigation time
Immediate detectionand notification of anomalies
© 2013 IBM Corporation
IBM Security Systems
28 28
IBM Security: Helping clients optimize IT security
Integrated Portfolio
Managed and Professional Services
Extensive Partner Ecosystem
IBM Research
© 2013 IBM Corporation
IBM Security Systems
29 29
Thank you for your time today! Get engaged with IBM Security
Follow us at @ibmsecurity and @ibmxforce
Download X-Force security trend & risk
reportshttp://www-935.ibm.com/services/
us/iss/xforce/
Subscribe to the security channel for latest security
videos www.youtube.com/ibmsecuritysolutions
Attend in-person events
http://www.ibm.com/events/calendar/
Subscribe to X-Force alerts at http://iss.net/rss.php or
Frequency X at http://blogs.iss.net/rss.php
Join the Institute for Advanced Security
www.instituteforadvancedsecurity.com
© 2013 IBM Corporation
IBM Security Systems
30 30
Disclaimer
Please Note:
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
© 2013 IBM Corporation
IBM Security Systems
31 31
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.