dss itsec 2013 conference 07.11.2013 - ibm security strategy

© 2013 IBM Corporation

IBM Security Systems

1 1 © 2013 IBM Corporation

IBM Security StrategyIntelligence, Integration and Expertise

György R. RáczSales Executive

IBM Security Systems CEE

Riga, 7th of November



2 2

Agenda

Introduction: The evolving threat landscape

A new approach to security is needed

How IBM Security is positioned to help



3 3

M O

T I

V A

T I

O N

Motivations and sophistication are rapidly evolving

S O P H I S T I C A T I O N

National Security, Economic Espionage

Notoriety, Activism, Defamation

HacktivistsLulzsec, Anonymous

Monetary Gain

Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack

Nuisance,Curiosity

Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red

Nation-state actors, APTsStuxnet, Aurora, APT-1



4 4

Attack frequency increased to record in H1 2013

Source: IBM X-Force® Research 2013 Trend and Risk Report



5 5

IT Security is a board room discussion

Increasingly, companies are appointing CROs and CISOswith a direct line to the Audit Committee

Loss of market share and reputation

Legal exposure

Audit failure

Fines and criminal charges

Financial loss

Loss of data confidentiality, integrity and/or availability

Violation of employee privacy

Loss of customer trust

Loss of brand reputation

CEO CFO/COO CIO CHRO CMO

Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series



7 7

Security challenges are a complex, four-dimensional puzzle…

…that requires a new approach

ApplicationsWeb

ApplicationsSystems

ApplicationsWeb 2.0 Mobile

Applications

InfrastructureDatacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motionUnstructuredStructured

PeopleAttackers Suppliers

Consultants Partners

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications



8 8

Intelligence

Integration

Expertise

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

IBM Security Framework



9 9

Reaching security maturity

13-0

9-17

Security IntelligencePredictive Analytics, Big Data Workbench, Flow Analytics

SIEM and Vulnerability Management Log Management

Advanced Fraud Protection

People Data Applications Infrastructure

Identity governance

Fine-grained entitlements

Privileged user management

Data governance

Encryption key management

Fraud detection

Hybrid scanning and correlation

Multi-facetednetwork protection

Anomaly detection

Hardened systems

User provisioning

Access management

Strong authentication

Data masking / redaction

Database activity monitoring

Data loss prevention

Web application protection

Source code scanning

Virtualization security

Asset management

Endpoint / network security management

Directorymanagement

Encryption

Database access controlApplicationscanning

Perimeter security

Host security

Anti-virus

Optimized

Proficient

Basic



10 10

IBM Security InvestmentIBM Security Investment

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM security patents

• 4,000+ IBM managed security services clients worldwide

• 25 IBM Security labs worldwide

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM security patents

• 4,000+ IBM managed security services clients worldwide

• 25 IBM Security labs worldwide

IBM Security: Market-changing milestones

Mainframeand Server

Security

SOA Managementand Security

Network Intrusion Prevention

DatabaseMonitoring

Access Management

ApplicationSecurity

ComplianceManagement

1976

Resource Access Control Facility(RACF) is created, eliminating the need for each application to imbed security

1999

Dascom is acquired for access management capabilities

2006

Internet Security Systems, Inc. is acquired for security research and network protection capabilities

2007

Watchfire is acquired for security and compliance capabilitiesConsul is acquired for risk management capabilitiesPrinceton Softech is acquired for data management capabilities

2008

Encentuate is acquired for enterprise single-sign-on capabilities

2009

Ounce Labs is acquired for application security capabilities

Guardium is acquired for enterprise database monitoring and protection capabilities

2010

Big Fix is acquired for endpoint security management capabilitiesNISC is acquired for informationand analytics management capabilities

2005

DataPower is acquired for SOA management and security capabilities

2013

Intent to acquire Trusteer for mobile and application security, counter-fraud and malware detection

2002

Access360 is acquired for identity management capabilitiesMetaMerge is acquired for directory integration capabilities

Identity Management

AdvancedFraud Protection

Security Analytics

Security Intelligence

IBM Security Systems division is created

2011

Q1 Labs is acquired for security intelligence capabilities

2012



11 11

Industry analysts rank IBM Security as leading the market

IBM Confidential: For internal use only



12 12

At IBM, the world is our security lab

v13-01v13-016,000IBM researchers, developers,

and subject matter expertsALL focused on security

3,000 IBM securitypatents

More than

Security Operations Centers

Security Research and Development Labs

Institute for Advanced Security Branches



14 14

CAPABILITIES

Security Intelligence and Analytics


People Data Applications Infrastructure

Advanced Security and Threat Research

MEGATRENDS

Advanced Threats Cloud Mobile Compliance

BUYERS

CISO CIO Line-of-Business

Deliver a broad portfolio of solutions differentiated through their integration and innovation to address the latest trends

IBM Security Systems Strategy

Support the CISO agenda1

Innovate around key trends2

Lead in selected segments3

HELP!



15 15

IBM Security Systems PortfolioIBM Security Systems Portfolio

People Data Applications Network Infrastructure Endpoint

Identity Management

Guardium Data Security and Compliance

AppScan Source

Network Intrusion Prevention

Trusteer Apex

Access Management

Guardium DB Vulnerability Management

AppScan Dynamic

Next Generation Network Protection

Mobile and Endpoint Management

Privileged Identity Manager

Guardium / Optim Data Masking

DataPower WebSecurity Gateway

SiteProtectorThreat Management

Virtualization and Server Security

Federated Access and SSO

Key Lifecycle Manager

Security Policy Manager

NetworkAnomaly Detection

MainframeSecurity

IBM X-Force Research


Trusteer Rapport

Trusteer PinpointMalware Detection

Trusteer PinpointATO Detection

Trusteer Mobile Risk Engine


QRadar Log Manager

QRadar SIEM

QRadar Risk Manager

QRadar Vulnerability Manager

IBM offers a comprehensive portfolio of security products



16 16

Influencers

• Confident / prepared• Strategic focus

Protectors

• Less confident• Somewhat strategic• Lack necessary

structural elements

Responders

• Least confident• Focus on protection

and compliance

have a dedicated CISO

have a security/riskcommittee

have information securityas a board topic

use a standard set ofsecurity metrics to track

their progress

focused on improvingenterprise communication/

collaboration

focused on providingeducation and awareness

How they differ

IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO

Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012



17 17

Cross-domain awareness

of targeted assets

Integrated platform for distribution of threat intelligence

Cross-domain awareness of threat activity

A New Vision for Integrated Advanced Threat Protection



18 18

Intelligent Security for the Cloud

13-04-02

Data and Application Protection

Secure enterprise databases

Build, test and maintain secure cloud applications

Threat Protection

Prevent advanced threats with layered protection

and analytics

IdentityProtection

Administer, secure, and extend identity and access to and

from the cloud

Security Intelligence

Provide visibility, auditability and control for the cloud



19 19

Device Management

Network, Data, and Access Security

Application Layer Security

Security for endpoint device and data

Achieve visibility and adaptive security policies

Develop and test applications

Securing the Mobile Enterprise



20 20

Security Intelligence: Integrating across IT silos

Extensive data sources

Deep intelligence

Exceptionally accurate and actionable insight+ =

V13-03

Data activity

Servers and mainframes

Users and identities

Vulnerabilities and threats

Configuration information

Security devices

Network and virtual activity

Application activity

Correlation• Logs/events• Flows• IP reputation• Geographic location

Activity baselining and anomaly detection

• User activity• Database activity• Application activity• Network activity

True offense

Suspectedincidents


Offense identification• Credibility• Severity• Relevance

Key Themes

Increased Data Sources Data from 450+ security collectors and Integration with X-Force intelligence and other external feeds to use in analysis for determining relevant vulnerabilities and potential threats

Integrated Vulnerability ManagementComprehensive understanding of the configuration and exposure of systems in the environment, enabling contextual analysis to determine vulnerabilities against particular threats

Enhanced Identity ContextIntegrated understanding of users, their roles, level of privilege, geographical location and their typical behaviors to enable enterprises to identify abnormal activity that might indicate insider threat



21 21

Trusteer Advanced Fraud and Malware ProtectionHelping to protect against financial fraud and advanced security threats

Among the capabilities Trusteer brings to IBMs security portfolio:

Web Fraud ProtectionLeading web fraud capabilities for financial services and web commerce

Secure Mobile TransactionsEmbedded security for mobile devices and applications helps enables secure transactions from devices to the back office

Advanced Malware ProtectionUnique endpoint solution for identifying and protecting against Advanced Persistent Threats

Security-as-a-ServiceCloud based deployment enabling rapid and real-time updates




22 22

PeopleIdentity and Access Management: Helping to extend secure user access across the enterprise

Key Themes

Standardized IAM and Compliance ManagementExpand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure

Secure Cloud, Mobile, Social InteractionEnhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions

Insider Threat and IAM GovernanceContinue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management



23 23

Data

Key Themes

Expand to new platformsExpand beyond supporting databases to all relevant data sources, including data warehouses, file shares, file systems, enterprise content managers, and Big Data (Hadoop, NoSQL, in-memory DB), wherever data is stored

Introduce new data protection capabilitiesComplement discovery, classification, monitoring, auditing, and blocking with though leadership capabilities like cloud encryption/tokenization, dynamic data masking, and fraud detection

Lead on scalability and lower TCOContinue to improve on solution deployability with improvements to scalability, performance, simplification, automation, serviceability, and ease of use

Data Security: Helping to secure structured, unstructured, online and offline data across the enterprise

Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics

Data Discovery and ClassificationData Discovery and Classification

Policy-based Access and EntitlementsPolicy-based Access and Entitlements

Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring

at Endpoint(workstations, laptops,

mobile,…)

over Network(SQL, HTTP, SSH, FTP,

email,. …)

Stored(Databases, File Servers, Big

Data, Data Warehouses, Application Servers,

Cloud/Virtual ..)

Sec

urity

Sol

utio

nsS

ecur

ity S

olut

ions

IT &

Bus

ines

s P

roce

ssIT

& B

usin

ess

Pro

cess

inte

gra

te

inte

gra

te

• Protect data in any form, anywhere, from internal or external threats

• Streamline regulation compliance process

• Reduce operational costs around data protection



24 24

Infrastructure Protection: EndpointProvides in-depth security across your network, servers, virtual servers, mainframes and endpoints

Key Themes

Security for Mobile DevicesProvide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform

Expansion of Security ContentContinued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices

Security Intelligence IntegrationImproved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform

Infrastructure



25 25

Customer successes across domains


People Manage user access securely and cost-effectively

DataEnsure privacy and integrity of data

Applications Automate security testing on web-based applications

Infrastructure Proactively alert, simplify monitoring and management

Protect against financial fraud and advanced security threats


Improve overall security and compliance

Major South American bank health reduced the number of help desk calls by 30%, resulting in annual savings of $450,000+

Major global bank saved $1.5 USD / year on storage costs and reduced compliance costs by $20M USD

Client added 225 new applications per year to handle US$1 quadrillion in securities transactions per year

Client monitored all devices and networks across all sites with zero false positives without blocking revenue-based traffic

Banking clients reduced online banking fraud to near zero while complying with regulatory compliance mandates for layered security

Global office products supplier achieved greater visibility to potential security threats and PCI compliance with $0 cost increase



26 26

Case Study: CEE based Insurance company gains actionable information in minutes to strengthen security and compliance

Optimize staff resources

“We can now find and address the source of a problem in minutes instead of tens of hours.”— Chief Information Security Officer, Insurance Company

“We can now find and address the source of a problem in minutes instead of tens of hours.”— Chief Information Security Officer, Insurance Company

The transformation: By replacing manual processes with an advanced security solution from IBM, Client’s IT staff can quickly uncover threats, prioritize response based on risk level, and take action before the business is affected. The new solution integrates and analyzes data from disparate data sources and provides a unified view of potential security events, operational anomalies and vulnerabilities

99% reductionin time to respond to security and IT incidents

99% reductionin compliance reporting time

Uncovers threatsand prioritizes risk for efficient and effective remediation

• IBM® QRadar® Security Intelligence • IBM® QRadar® Security Intelligence



27 27

Case Study: CEE based Bank gains 360-degree visibility into the enterprise

The transformation: Replacing an out-of-date security monitoring solution with an advanced security platform from IBM, Client’s security staff gained superior threat detection and a much richer view of enterprise activities. The new solution integrates and analyzes data from disparate sources to help staff more quickly uncover and respond to threats.

Optimize security ROI

“With the IBM security platform, I now have a tool that gives me visibility across my enterprise and helps me find the source of the problem quickly.”- Chief Security Officer of the Bank

“With the IBM security platform, I now have a tool that gives me visibility across my enterprise and helps me find the source of the problem quickly.”- Chief Security Officer of the Bank

• IBM® QRadar® Security Intelligence • IBM® QRadar® Security Intelligence

99% decreasein investigation time

Immediate detectionand notification of anomalies



28 28

IBM Security: Helping clients optimize IT security

Integrated Portfolio

Managed and Professional Services

Extensive Partner Ecosystem

IBM Research



29 29

Thank you for your time today! Get engaged with IBM Security

Follow us at @ibmsecurity and @ibmxforce

Download X-Force security trend & risk

reportshttp://www-935.ibm.com/services/

us/iss/xforce/

Subscribe to the security channel for latest security

videos www.youtube.com/ibmsecuritysolutions

Attend in-person events

http://www.ibm.com/events/calendar/

Subscribe to X-Force alerts at http://iss.net/rss.php or

Frequency X at http://blogs.iss.net/rss.php

Join the Institute for Advanced Security

www.instituteforadvancedsecurity.com



30 30

Disclaimer

Please Note:

IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.



31 31

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

dss itsec 2013 conference 07.11.2013 - ibm security strategy

Technology

security security

security lab security

ibm security systemsat

ibm security labs

ibm security experts

ibm security patents

motivationnational security

ibm corporation