Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Example Agenda:
Executive summary
Current market or industry situation
Needs and challenges summary
How the offering addresses needs and challenges summary
Offering summary
Proof of IBM’s expertise in this area summary (e.g., key differentiators, client example summary)
Offering description (domain-level capabilities)
Associated offerings (services, software one sales accelerator plays: Security Intelligence, Advanced Threat Protection, Database & Application Protection)
Why IBM? <e.g., key competitor differentiators (per domain), client success stories>
Next steps
1. Introduction: The evolving threat landscape
Today's security attacks are getting more sophisticated <slide exists>
The complexities in which we conduct today's business <slide exists -- replace "social" and "big data" with "advanced threats" and "compliance"?>
CISO challenges (too much complexity, too expensive, not enough effectiveness, not getting enough out of individual point products)
2. A new approach to security is needed
Security challenges are a complex, four-dimensional puzzle <slide exists: KB to reformat>
Visibility and Security Intelligence <funnel slide? --across all domains>
Integrate controls across domains to eliminate silos
Gain expertise and insights <should include research, expertise, and services>
3. How IBM Security can help
Optimize your security maturity <do certain things to gain a higher state of maturity>
IBM Security: Helping clients optimize IT security <slide exists: Framework slide>
Framework applied to megatrends <high-level>
IBM Security: Market-changing milestones <slide exists -- timeline slide>
IBM offers a comprehensive portfolio of security solutions <slide exists>
Analyst slide <slide exists>
Security intelligence <slide exists>
Client success stories aligned to framework
These threats are becoming increasingly sophisticated each day, and the motivations that drive them are becoming all the more complex. We’ve gone from a world in which a mere nuisance or curiosity might have been the motivation for the Nigerian money transfer scams or the code red worm that randomly defaced websites in 2001; to the more complex national security and economic espionage motivations that spawned Stuxnet malware which mimicked good behavior on the Siemens industrial control systems; when in reality it was forcing the controller to go off and cause centrifuges in Iran to spin out of control and explode.
In the past we were worried about random threats that targeted a company; now it’s basically a specific threat with any number of entities anywhere in the world. Who knows, the threat could come from a competitor, or simply someone that has a problem with you personally. Twenty years ago they may have just spray painted graffiti on one of your company trucks; now they can buy a piece of software on the internet and buy modifications to it; then they purchase the source code and rent botnets to try and destroy your business altogether.
The reality is that these motivations, levels of sophistication, and sheer number of people and organizations determined to do harm are much bigger, broader, and more intense than ever. No single industry, organization, team, or individual are immune – everyone has become vulnerable to today’s threats. We can’t afford to be complacent, there’s too much at risk.
___________Alternative narrative for non-security savvy audience:
These threats are becoming increasingly sophisticated each day, and the motivations that drive them are becoming all the more complex. We’ve gone from a world in which curiosity might have been the motivation for adversaries spray painting graffiti on company trucks; to new levels of motivation and sophistication where adversaries can now purchase a piece of software from the internet, add modifications to it; then acquire the source code and rent botnets to try and destroy your business altogether.
The reality is that these motivations, levels of sophistication, and sheer number of people and organizations determined to do harm are much bigger, broader, and more intense than ever. No single industry, organization, team, or individual are immune – everyone has become vulnerable to today’s threats. We can’t afford to be complacent, there’s too much at risk.
This chart highlights the volume of threat activity that is happening out there -- you can see its quite a lot considering this is a mere sampling of what was probably actually going on.
Color of circles represent the technical means used by attackers to breach these customers.
The size of the circle estimates the financial impact that might have occurred based on what was reported publically.
Though the seemingly insurmountable magnitude of these threats is alarming, they’re certainly preventable if you’re armed with the right approach.
This increased activity is precisely what is driving today’s boardroom discussions. Executives are being asked some tough questions… “What are the priorities you’re focusing on? What are the potential risks associated with these priorities, and more importantly how can it affect our bottom line?
Forward thinking companies are weaving security into their everyday business operations. This includes developing proactive approaches to securing cloud and mobile technology, providing security analytics for big data, and improving defenses against evolving cyber threats.
So how do we solve this?
<Presenter note: Slide animates>
We realize that protecting against all the different security threats is challenging, especially given today’s business domain complexities starting with…
<mouse click>
Infrastructure. As we know, infrastructures have become more complex. We’ve gone from traditional datacenters to PCs, to laptops, and now to mobile devices with services delivered on the cloud, to the even more complex non-traditional end points or “Internet of Things” such as smart products and systems that are all interconnected.
<mouse click>
Next, the application layer which has also seen a whole series of sophistication from systems applications, to web and now mobile applications.
Then there’s the data layer which has seen a significant increase in the amount of information being managed.
Finally, the people on your network are no longer just your internal employees and external customers. Networks need to be accessible to our many supply chain constituents and yet restricted to our adversaries.
Because of these hyper-connected technologies spanning multiple domains, companies need to expand their approach to solving their own security needs. The traditional means of “protecting the perimeter” with individual point product solutions cobbled together can’t scale to the broader needs of the organization. The entire enterprise needs protection, therefore a more holistic approach is needed.
IBM offers integrated security intelligence and industry-leading experience enabled by the IBM Security Framework solution capabilities.
These capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:
Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.
Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.
Expertise: Through a more proactive and trusted source of truth in order to stay ahead of emerging threats and risks.
Addressing these three key imperatives enables a more holistic, comprehensive perspective and can enhance your security maturity.
1976
IBM introduces Resource Access Control Facility (RACF), to provides access control and auditing functionality for applications on the mainframe eliminating the need for each application to imbed security
1977
The IBM develops Data Encryption Standard (DES), a cryptographic algorithm, adopted as the national standard by the US National Bureau of Standards
1978
IBM announces the 3624 automatic teller machine, utilizing DES
1995
IBM starts contributing to Java Security technologies
1996
IBM launches Cryptolope containers to seal intellectual property in a digital package so that content transactions are secured over the Internet
IBM launches the SecureWay Key Management Framework, a collection of applications, services and cryptographic engines that help make the Internet safe for e-commerce
IBM begins pilot program with MasterCard using Secure Electronic Transaction (SET) technology which secures credit card transactions over the Internet
IBM develops and certifies the IBM Secure Crypto Co-processor (4758) at FIPS 104-1 Level 4, the highest level of FIPS
IBM releases its first enterprise-grade LDAP Directory Server (now known as Directory Server)
1998
IBM extends Secure Electronic Transaction (SET) standard support which secures payments over the Internet and is largely based on technology developed at IBM Research and adopted by major credit card companies
1999
IBM acquires Dascom, the basis for IBM's Access Manager portfolio
IBM Research's breakthrough paper on Side Channel Cryptanalysis Attacks and Countermeasures (1999 – 2004)
2000
IBM patents a system and method for alerting computer users to digital security intrusions
IBM appoints Harriet Pearson its first Chief Privacy Officer
2002
IBM acquires Access 360, the basis for IBM's Identity Manager portfolio
IBM acquires MetaMerge for meta-directory and directory synch capability (now known as Directory Integrator)
2005
IBM debuts the first ThinkPad with an integrated fingerprint reader, at the time offering an unmatched level of data protection through a new biometric capability and embedded security subsystem
2006
IBM acquires Internet Security Systems, Inc, the basis for today’s IBM X-Force® IT security research team and the IBM network protection product family
Smart cards, highly efficient JavaCard™ technology developed at IBM Research – Zurich, is licensed by a leading smart card manufacturer for secure multi-application smart cards and is used in many JavaCard™ projects The technology is used today in 10s of millions of VISA credit cards
2007
IBM acquires Consul, to help accelerate data and governance strategy
2008
IBM patents a secure system and method for enforcement of privacy policy and protection of confidentiality
IBM acquires Encentuate, the basis for 'IBMs Enterprise Single-sign-on (ESSO) product
Zone Trusted Information Channel: Plugs into the USB port of any computer and creates a direct, secure channel to a bank’s online transaction server, bypassing the PC which could be infected by malicious software (malware) or susceptible to hacker attacks
2009
IBM acquires Ounce Labs, a provider of software that analyzes software code for security vulnerabilities, today’s AppScan family
IBM acquires Guardium, a market leader in real-time enterprise database monitoring and protection
Pioneers the use of Big Data analytics to cybersecurity problems (FAA, USAF)
2010
IBM acquires Big Fix, helping organizations extend security and compliance to endpoints, today Endpoint Manager
IBM Research’s breakthrough on Fully Homomorphic Encryption
2011
IBM Security Systems division is created
IBM acquires Q1 Labs, with its QRadar security intelligence portfolio, to strengthen its offerings around advanced security analytics
IBM launches Cloud-based Mobile Security Services, IBM Hosted Mobile Device Security Management
2012
IBM delivers next-gen Intrusion system, new access appliance and privileged identity technology
IBM announces 25 new product releases in security, a record year of innovation
IBM extends its market leading static application security testing (IBM Security AppScan) to native Android applications, which allows clients to conduct their own testing for mobile applications
2013
IBM announces breakthrough with combination of Security Intelligence and Big Data
IBM announces new QRadar Vulnerability Manager software to help organizations identify and predict security risk
IBM announces MobileFirst security software (IBM AppScan Source 87 for iOS) to improve security quality without sacrificing time-to-market of mobile app projects
<Presenter Note: This slide is IBM Confidential making it useable only within IBM per the Business Conduct Guidelines. It cannot be altered in any way. If you have questions, please contact Kristen Benz at benzk@us.ibm.com>
We’re very proud of our proven leadership across the various domains. Here’s a recent sampling of how some of the industry’s top analyst firms (Gartner, IDC, and Forrester) have ranked IBM Security as a leader.
Our commitment is not just to have the right coverage in each of the domains, but more importantly to maintain the leadership position in each of the market segments.
With more than 6,000 researchers, developers and subject matter experts engaged in security initiatives, IBM operates one of the world’s broadest enterprise security research, development and delivery organizations. This powerful combination of expertise is made up of the award-winning X-Force research and development team—with one of the largest vulnerability databases in the industry—and includes nine security operations centers, nine IBM Research centers, 14 software security development labs and the IBM Institute for Advanced Security with chapters in the United States, Europe and the Asia Pacific region.
________________________
Security Operations Centers: Atlanta, Georgia; Detroit, Michigan; Boulder, Colorado; Toronto, Canada; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil; Bangalore, India; Wroclaw, Poland
Security Research Centers: Yorktown Heights, NY; Atlanta, GA; Almaden, CA; Ottawa, Canada; Zurich, CH; Kassel, DE; Herzliya, IL; Haifa, IL; New Delhi, IN; Tokyo, JP
Security Development Labs: Littleton, MA; Raleigh, NC; Atlanta, GA; Austin, TX; Costa Mesa, CA; Fredericton, Canada; Toronto, CAN; Ottowa, CAN; Belfast, NIR; Delft, NL; Pune, IN; Bangalore, IN, Taipei, TW; Singapore, SG; Gold Coast, AU
Note: IBM patent search performed by Paul Landsberg, IBM IP Office
Now let’s discuss the IBM Security capability strategies we’re committed to deliver through our portfolio…
IBM Security offers a broad portfolio of solutions differentiated through their integration and innovation to address the latest trends.
… by CISOs that are focused on driving security innovation around key mega trends such as; Advanced threats, cloud and virtualization, mobile, and compliance mandates.
These innovations are delivered through domain-level capabilities (aligned to people, data, applications, and infrastructure) all pinned under a rich layer of Security Intelligence and delivered on an Advanced Security and Threat Research foundation.
The IBM Security Systems portfolio is built around protecting the security domains of People, Data, Applications, and Infrastructure, with a layer of Security Intelligence and Analytics providing true integration and visibility into the enterprise security landscape, and underpinned by IBM X-Force Research providing threat intelligence. The acquisition of Trusteer provides enhanced endpoint protection and threat research, while extending the portfolio with a layer of advanced fraud protection.
<Presenter note: Slide animates>
According to the insights gathered from the 2012 IBM Chief Information Security Officer Assessment from May of 2012…
<mouse click>
Responders are the…
Least confident
Focus on protection and compliance
<mouse click>
Protectors are…
Less confident
Somewhat strategic
Lack necessary structural elements
<mouse click>
Influencers are…
Confident / prepared
Strategic focus
The Influencers have the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. These leaders understand the need for more pervasive risk awareness – and are far more focused on enterprise-wide education, collaboration and communication. They are working closely with business functions to create a culture in which employees take a more proactive role in protecting the enterprise. Because they are more integrated with the business, these security organizations are also able to influence the design of new products and services, incorporating security considerations early in the process.
Security leaders are going to become more key to their organizations, their budgets will increase and they will move from the fringe to being embedded.
When you know it’s really important data and it’s in the cloud, we can really focus on the security around that piece of data. If you think it about it that way, it’s a ray of light surrounding your piece of data with incredible [cough] technologies. It’s got a little castle just around it and controls around it. The key is applying the framework to each and every element of our cloud security. Once again, there is not a single product that does it, you have to be able to look at everything from access control, application security, virtualization security, and that’s basically what IBM is doing with the products across our framework is applying them to cloud.
Then, of course, there’s mobile. In the same way it’s applying all of our technologies across the mobile world, every single component. We’re managing the endpoint, mobile data management, access management from their mobile device, and application security and scanning of applications developed on a mobile application platform like [Inaudible 01:03:05].
Event correlation:
Logs/events
Flows
IP reputation
Geographic location
Activity baselining and anomaly detection:
User activity
Database activity
Application activity
Network activity
Offense identification:
Credibility
Severity
Relevance
A unique Cybercrime Prevention Architecture is the technology foundation of the Trusteer service. It tackles online and mobile fraud both on the end point and web application tiers and is built upon real-time intelligence and threat research.
The first layer provides endpoint threat protection. Trusteer Rapport clients protect PC and Mac against financial malware and phishing. Trusteer Mobile detects client side risk factors and extract unique device ID – this data is later fed into the Mobile Risk Engine that is part of Pinpoint ATO for conclusive mobile account takeover and transaction risk detection. Trusteer Apex protects employees against zero day exploits and data exfiltration
The second layer provides fraudulent activity detection. Trusteer Pinpoint Account Takeover (ATO) detection identifies the fraudsters themselves as they use phished or stolen credentials to access online banking. Trusteer Pinpoint Malware Detection detects malware presence in any Javascript-enabled browser in PC, Mac, or Mobile devices. Trusteer Mobile Risk Engine provides a conclusive platform to detect mobile and cross channel fraud risks.
Both layers are sustained by an intelligence platform and cybercrime experts that ensure maximum protection over time. This includes data gleaned from tens of millions of Trusteer-protected endpoints and the expertise of some of the brightest minds in malware research.
We’ve already talked about the security domains; one of them being people; now let’s talk about our vision in how we can help manage that domain with our Identity and Access Management capabilities.
Starting at the bottom of the graphic… IBM continues to invest in the key themes that support this capability with a significant number of Standardized Services that allow you to do directory and federation across your IT infrastructure and into your cloud infrastructure.
Next we offer products and technologies that allow you to do robust Access Management (which you see in the left center of the graphic); These capabilities enable access and entitlement management, single sign-on, and risk-based authentication. An example of this is if I take my laptop from my normal geography to another part of the world, a second factor of authentication may be required to make sure that you truly are that person because we don't recognize the location you're in as being normal. So again, it’s a great example of intelligence built into access management.
On the right center of the graphic, you’ll see we offer Identity Management capabilities to enable user provisioning, role management, and now privileged identity management solutions; This allows you to monitor the actions of your most “trusted” users as they access your servers, databases, and IT infrastructure.)
Next we’ve built in Policy-based Identity and Access Governance capabilities have been built into our portfolio.
And finally, we’ve linked IBM QRadar into our Security Intelligence layer which has been a big differentiator for IBM.
These are just some of the key capabilities that we’ve been focusing on within the People domain, now let’s move on to the Data domain…
In our Data Security and Compliance Strategy we strive to address all forms of protection for data in any state, and in every data security process (including direct enforcement, discovery and classification, data access control, monitoring, and auditing), culminating with the collection and analysis of real time data activity to provide better proactive insights around data protection. And, even though we focus on data security, we also see it as an integral part of both a holistic security strategy (security solutions integrations) and an IT/Business process strategy.
Enforcement
At rest: masking, encryption, key mgmt, vulnerability assessment
In motion: DAM, Network DLP, IPS/IDS, dynamic masking and encryption,
In use: endpoint vulnerability assessment, Endpoint DLP
***************
In this broader view of IBM’s Cloud Security capabilities, you can see how IBM takes an end-to-end approach to data security, looking at the requirements to protect data in any form, anywhere, from internal or external threats, streamline regulation compliance process and reduce operational costs around data protection. Each IBM solution for data security has a set of capabilities that can be mapped back to the requirements for the focus areas or “domains” of the security framework.
There are two segments to the Infrastructure protection layer, the first of which is endpoint security protection.
IBM acquired a company called Big Fix which does desktop, laptop, and server security, patch management, software distribution, security and compliance testing, configuration testing on those devices.
We extended this technology to include mobile device management. Which allows you to selectively wipe a device, understand the policies on the device, and enforce a password; all of which are critical in successfully securing your mobile devices.
Key themes again are mobility and then expansion of our security content out to these endpoints and again integration into security intelligence which is taking all that knowledge of these endpoints and combining that in to our security intelligence QRadar platform.
Here are some of our client proof points aligned across the different domains.
Do not disclose clients with audience:
Security Intelligence and Analytics: Office Depot?
Advanced Fraud Protection: Trusteer Case Studies; Synovus and SomersetHills
http://buildingtrust.trusteer.com/Synovus1
bhttp://buildingtrust.trusteer.com/SomersetHills1
People:BlueCross BlueShield of North Carolina
Data:Visa?
Applications:DTCC
Networks:Equifax
To support the role of successful CISO’s, IBM offers integrated security intelligence and industry-leading experience enabled by the IBM Security Framework solution capabilities. All of the IBM Security offerings are backed by an extensive business partner ecosystem which consists of industry-leading technology, sales and service partners.
These capabilities are delivered through a comprehensive and robust set of tools and best practices (including software and hardware) that are supported by the services needed to address:
Intelligence: Through a common and intuitive view that combines deep analytics with real-time security intelligence.
Integration: Through unifying existing tools and infrastructures with new forms of defense in order to reduce complexity and lower the cost of maintaining a strong security posture.
Expertise: Through a more proactive and trusted source of truth in order to stay ahead of emerging threats and risks.
Addressing these three key imperatives enables a more holistic, comprehensive perspective and can enhance your security maturity.
Mandatory Disclaimer Slide to be included in all external-facing presentations.
Mandatory Thank You Slide (available in English only).
URL is hyperlinked to website.