Præsentation fra PCTY 2012 v. Fabio Panada, Security Technical Professional Leader, IBM

1. IBM Security
Intelligence, Integration and
Expertise
Optimizing the World’s Infrastructure
May 2012 Copenhagen
Fabio Panada – Security Tech Sales Leader
© 2012 IBM Corporation

2. The world is becoming more digitized and interconnected,
opening the door to emerging threats and leaks…
DATA The age of Big Data – the explosion of digital
information – has arrived and is facilitated by
EXPLOSION the pervasiveness of applications accessed
from everywhere
With the advent of Enterprise 2.0 and social
CONSUMERIZATION business, the line between personal and
OF IT professional hours, devices and data has
disappeared
Organizations continue to move to new
EVERYTHING
platforms including cloud, virtualization,
IS EVERYWHERE mobile, social business and more
The speed and dexterity of attacks has
ATTACK increased coupled with new motivations from
SOPHISTICATION cyber crime to state sponsored to terror
inspired
…making security a top concern, from the boardroom down
2

3. 2011 – The Year of the Breach
3

4. The future of security –
The Darwinian challenge: Evolve or lose
• The business environment is evolving
• The IT environment is evolving
• The cyber threat environment is evolving
• The challenge every function is facing is how to evolve with
them to deliver New Security Solutions
4

5. The future of security - The scale of evolution
5

6. The future of security – Business Evolution
• A greater reliance on:
– Data (business information, competitive advantage, as the business)
– Technology for employees and customers
• Globalisation and 24x7 operations
– Offices, users and IT assets around the globe
• Changing customer perceptions
– Baby boomers to Generation X, and now Generation Y not forgetting
Generation G
• Competitive advantage is difficult - the economy makes it
even harder
– Top UK supermarket profits are between £3.46 and £6.30 for every £100 sold
– that’s not much to work with
6

7. The future of security - Technology evolution
• Know your technical environment (technologies, vulnerabilities, threats)
but don’t be defined by it
‒ Define normal to identify abnormal
7

8. IT Security is a board room discussion
Business Brand image Supply chain Legal Impact of Audit risk
results exposure hacktivism
Sony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurich
potential $1B breach impacts 100 $150M class hack-at-will Insurance PLc
long term discloses 24K national brands action spree impacts fined £2.275M
impact – private banking settlement in Nintendo, CIA, ($3.8M) for the
$171M / 100 customers release of PBS, UK NHS, loss and
customers* credit / debit UK SOCA, exposure of
card info Sony … 46K customer
records
8
*Sources for all breaches shown in speaker notes

9. Key drivers affecting the security software business
It is no longer enough to protect the perimeter – sophisticated attacks are bypassing traditional defenses, IT resources are
moving outside the firewall, and enterprise applications and data are becoming distributed across multiple devices
1. Advanced Threats 2. Cloud Computing
Sophisticated, targeted attacks, designed to gain Security is one of the top concerns of cloud, as
continuous access to critical information, are customers drastically rethink the way IT resources
increasing in severity and occurrence. are designed, deployed and consumed.
Advanced Persistent Threats
Stealth Bots Designer Malware
Targeted Attacks Zero-days
3. Mobile Computing Enterprise 4. Regulations and Compliance
Customers
Managing employee owned devices and securing Regulatory and compliance pressures continue to
connectivity to corporate applications are top of mind mount as companies store sensitive data and
as CIOs broaden their support for mobile devices. become susceptible to audit failures.
9

10. Solving a security issue is a complex, four-dimensional puzzle
People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers
Data
Structured Unstructured At rest In motion
Applications Systems
Web applications Web 2.0 Mobile apps
applications
Infrastructure
It is no longer enough to protect the perimeter –
siloed point products will not secure the enterprise
10

11. Helping Organizations Progress in Their Security Maturity
Security
People Data Applications Infrastructure
Intelligence
Advanced
Role based Advanced threat
network
analytics Data flow Secure app detection
monitoring
Identity analytics engineering Network anomaly
Optimized Forensics / data
governance Data processes detection
mining
Privileged user governance Fraud detection Predictive risk
Securing
controls management
systems
Virtualization
User
Access Application security
provisioning Real-time event
monitoring firewall Asset mgmt
Proficient Access mgmt correlation
Data loss Source code Endpoint /
Strong Network forensics
prevention scanning network security
authentication
management
Perimeter Log management
Centralized Encryption Application
Basic security Compliance
directory Access control scanning
Anti-virus reporting
11

12. IBM’s Comprehensive, Integrated Security Portfolio
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IT Security / Compliance Analytics & Reporting
QRadar QRadar Log QRadar Risk IBM Privacy, Audit and
SIEM Manager Manager Compliance Assessment Services
IT Infrastructure – Operational Security Domains
Security
Consulting
People Data Applications Network
Infrastructure Endpoint
Identity & Access Guardium AppScan Network Endpoint
Management Suite Database Security Source Edition Intrusion Prevention Manager (BigFix)
Managed
zSecure, Server and
Federated Optim AppScan DataPower Services
Virtualization
Identity Manager Data Masking Standard Edition Security Gateway
Security
Native Server
Enterprise Key Lifecycle Security QRadar Anomaly
Security (RACF, IBM
Single Sign-On Manager Policy Manager Detection / QFlow
Systems) X-Force
Data Security Application and IBM
Identity Assessment, Assessment Service Assessment Service Managed Firewall, Research
Unified Threat and Penetration
Deployment and
AppScan OnDemand Intrusion Prevention Testing Services
Hosting Services Encryption and
Software as a Services
DLP Deployment
Service
Products Services
12

13. How is IBM solving complex
security challenges?
13

14. Solutions for the Full Compliance and Security Intelligence
Timeline
Are we configured
What are the external and What is happening right
to protect against What was the impact?
internal threats? now?
these threats?
Prediction & Prevention Reaction & Remediation
Risk Management. Vulnerability Management. SIEM. Log Management. Incident Response.
Configuration Monitoring. Patch Management. Network and Host Intrusion Prevention.
X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Forensics.
Compliance Management. Reporting and Scorecards. Database Activity Monitoring. Data Loss Prevention.
14

15. IBM is integrating across IT silos with Security
Intelligence solutions
15

16. Solving complex problems that point solutions cannot
Discovered 500 hosts with “Here You
Improving threat
Have” virus, which all other security
detection products missed
Consolidating 2 billion log and events per day reduced
data silos to 25 high priority offenses
Predicting risks Automating the policy monitoring and
against your evaluation process for configuration
business changes in the infrastructure
Addressing Real-time monitoring of all network
regulatory mandates activity, in addition to PCI mandates
16

17. Solutions Integration
17 17
© 2011 IBM Corporation

18. Integration: Increasing security, collapsing silos,
and reducing complexity
Increased Awareness and Accuracy
 Detect advanced threats with real-time intelligence correlation across security domains
 Increase situational awareness by leveraging real-time feeds of X-Force® Research and global threat
intelligence across IBM security products, such as QRadar SIEM and Network Security appliances
 Conduct comprehensive incident investigations with unified identity, database, network and endpoint
activity monitoring and log management
Ease of Management
 Simplify risk management and decision-making
with automated reporting though a unified console
 Enhance auditing and access capabilities by sharing
Identity context across multiple IBM security products
18

19. Hundreds of 3rd party information sources
Increase security awareness and accuracy
QRadar SIEM consolidates siloed information to more
effectively detect and manage complex threats. Information is
normalized and correlated to quickly deliver intelligence that
allows organizations to detect, notify and respond to threats
missed by other security solutions with isolated visibility
Support for over 400+ information sources, including
many IBM products and technologies
User and Asset Context - Contextual data from IAM
products and vulnerability scanners
Application Logs - ERP, workflow, application databases,
management platforms, etc.
Network Events - Switches, routers, servers, hosts, etc.
Network Activity Context - Layer 7 application context
from network and application traffic
Security Events - Events from firewalls, VPNs, IPS, etc.
Automate compliance tasks and assess risks
QRadar Risk Manager leverages and extends the value of a
SIEM deployment to greatly improve the ability to automate risk
management functions in mission critical areas, including
network and security configuration, compliance management,
and vulnerability assessment
19

20. Stay ahead of the changing threat landscape
The X-Force team is one of the best-known commercial security
research groups in the world. These security experts research
vulnerabilities and security issues, collect worldwide threat data
and develop countermeasure technologies for IBM products
Examples of integrated X-Force research
X-Force Database - 63,000+ unique vulnerabilities,
threats and security checks
Virtual Patch - Eliminates fire drills for
new threats by mitigating vulnerabilities
through network intrusion prevention
X-Force Hosted threat analysis service - offers threat
information collected from globally networked security
operations centers
Intelligence to assess and harden databases
Guardium contains hundreds of preconfigured vulnerability
tests, encompassing CIS and STIG best practices, updated
regularly through IBM’s Knowledge Base service
Detect the latest web application
vulnerabilities
Global Threat
Information on the latest threats, updated automatically when
Intelligence you launch a AppScan product – including OWASP and SANS
top vulnerabilities
20

21. Customized protection to block web attacks
AppScan Enterprise Edition software integrates with the IBM
security solution for network and server security to protect
specific vulnerabilities using scan results
1 AppScan scans and tests web applications to
identify risks and vulnerabilities
2 SiteProtector consumes AppScan results and builds
recommended policies
3 Customized protection policies are pushed to IPS
appliances and server agents
Automated policy enforcement
IBM’s suite of Identity and Access Management tools are
leveraged by DataPower SOA gateways to provide central
policy management and user access enforcement across
web services deployments, including credentials for the
gateways themselves.
Identify users associated with database activity
InfoSphere Guardium leverages identity information for in-depth
database security analysis when monitoring suspicious activity
21

22. X-Force – Intelligence Research
22 22
© 2011 IBM Corporation

23. IBM Security: Delivering intelligence, integration and
expertise across a comprehensive framework
 Only vendor in the market with end-to-
end coverage of the security foundation
 6K+ security engineers and consultants
 Award-winning X-Force® research
 Largest vulnerability database in the
industry
Intelligence ● Integration ● Expertise
23

24. Expertise: Unmatched global coverage and security
awareness
Security Operations Centers
Security Research Centers
Security Solution Development Centers
Institute for Advanced Security Branches
World Wide Managed
IBM Research Security devices under contract
20,000+ Services Coverage
 3,700+ MSS clients worldwide
 9B+ events managed per day
 1,000+ security patents
 133 monitored countries (MSS)
24

25. Everything is Everywhere
Identity Web Application Virtualization Network Image & Patch Database
Federation Scanning Security Security Management Monitoring
IBM Security Intelligence
25

26. Security is Everywhere
26

27. Less a technical problem, More a business challenge
 Many of the breaches could have been prevented
 However, significant effort required to inventory, identify and close every vulnerability
 Financial & operational resistance is always encountered, so how much of an investment is enough?
27

28. Security Evolution
“It is not the strongest of the species
that survives, nor the most intelligent
that survives. It is the one that is the
most adaptable to change.”
Charles Darwin
28

29. ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 29

30. Please note:
• IBM’s statements regarding its plans, directions, and intent are
subject to change or withdrawal without notice at IBM’s sole discretion.
• Information regarding potential future products is intended to outline
our general product direction and it should not be relied on in making a
purchasing decision.
• The information mentioned regarding potential future products is not a
commitment, promise, or legal obligation to deliver any material, code or
functionality. Information about potential future products may not be
incorporated into any contract. The development, release, and timing of
any future features or functionality described for our products remains at
our sole discretion.
• Performance is based on measurements and projections using standard
IBM benchmarks in a controlled environment. The actual throughput or
performance that any user will experience will vary depending upon 30
many factors, including considerations such as the amount of