Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© 2013 IBM Corporation
IBM Security Systems
1© 2014 IBM Corporation
IBM mobile security
Intelligence, innovation and integ...
© 2014 IBM Corporation
IBM Security Systems
2
As mobile grows, so do security threats
Mobile downloads
will increase to
10...
© 2014 IBM Corporation
IBM Security Systems
3
Business must adapt and redefine security for mobile
2013 IBM CISCO
Assessme...
© 2014 IBM Corporation
IBM Security Systems
4
Weak security can have significant financial impact on your brand
Costs
$52,...
© 2014 IBM Corporation
IBM Security Systems
5
Intelligence
Innovation
Integration
IBM® Security: Delivering intelligence, ...
© 2014 IBM Corporation
IBM Security Systems
6
Mobile is changing the way we view the perimeter
Security is no longer contr...
© 2014 IBM Corporation
IBM Security Systems
7
Device Security Content Security Application Security Transaction Security
•...
© 2014 IBM Corporation
IBM Security Systems
8
IBM Security capabilities for the mobile enterprise
Device Security Content ...
© 2014 IBM Corporation
IBM Security Systems
9
Security Intelligence
Enterprise Applications
and Cloud Services
Identity, F...
© 2014 IBM Corporation
IBM Security Systems
10
Security solutions for the mobile enterprise
Enterprise Applications
and Cl...
© 2014 IBM Corporation
IBM Security Systems
11
Fiberlink - MaaS360 Enterprise Mobility Management
 Challenge: Businesses ...
© 2014 IBM Corporation
IBM Security Systems
12
Trusteer Mobile
 Challenge: Compromised devices and applications create fr...
© 2014 IBM Corporation
IBM Security Systems
13
IBM Security AppScan 9.0
 Challenge: Build in security during development ...
© 2014 IBM Corporation
IBM Security Systems
14
IBM Worklight
 Challenge: Create an open, comprehensive, secure platform t...
© 2014 IBM Corporation
IBM Security Systems
15
IBM Security Access Manager for Mobile 8.0
 Challenge: Provide secure acce...
© 2014 IBM Corporation
IBM Security Systems
16
IBM QRadar Security Intelligence
 Challenge: Prioritize security events th...
© 2014 IBM Corporation
IBM Security Systems
17
IBM Security Services for Mobile
 Challenge: To address the latest transfo...
© 2014 IBM Corporation
IBM Security Systems
18
Large retail bank in Europe strengthens security for its mobile money
trans...
© 2014 IBM Corporation
IBM Security Systems
19
IBM security experts apply custom tools and a hacker’s approach to
help pro...
© 2014 IBM Corporation
IBM Security Systems
20
• Own the security
agenda for innovation
• Embed security on
day one
• Leve...
© 2014 IBM Corporation
IBM Security Systems
21
1
Learn more about IBM Security and MobileFirst :
Visit our website
Stay co...
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials i...
Prochain SlideShare
Chargement dans…5
×

IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mobile Enterprise

4 493 vues

Publié le

81% of companies have employee owned devices accessing their networks, but only 48% claim to have a well-defined mobile security strategy. To secure today’s mobile workforce businesses must consider adopting a framework to enable the use of mobile technology while minimizing the risks to both their employees and their customers. In this presentation, we review the unique challenges we all face and IBM’s approach to securing and managing the mobile enterprise.

http://securityintelligence.com/events/live-from-impact-2014-ibm-mobile-security-a-comprehensive-approach-to-securing-and-managing-the-mobile-enterprise/#.VMvT2vMo6Mo

Publié dans : Technologie
  • Soyez le premier à commenter

IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mobile Enterprise

  1. 1. © 2013 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation IBM mobile security Intelligence, innovation and integration IBM Security Systems April 2014
  2. 2. © 2014 IBM Corporation IBM Security Systems 2 As mobile grows, so do security threats Mobile downloads will increase to 108 billion by 2017. 2 Mobile malware is growing. Malicious code is infecting more than 11.6 million mobile devices at any given time. 3 In 2014 the number of cell phones (7.3 billion) will exceed the number of people on the planet (7 billion).1 Mobile devices and the apps we rely on are under attack. 90%of the top mobile apps have been hacked. 4
  3. 3. © 2014 IBM Corporation IBM Security Systems 3 Business must adapt and redefine security for mobile 2013 IBM CISCO Assessment Findings “Mobile security is the #1 technology investment area.” “76% of responders say that the loss of a mobile device with access to corporate data could result in a significant security event.” “Although many are planning to develop an enterprise strategy for mobile security (39%), a significant number have not done so yet (29%).”
  4. 4. © 2014 IBM Corporation IBM Security Systems 4 Weak security can have significant financial impact on your brand Costs $52,646 per minute Lasts 19.7 minutes Minor event chance of happening 69% Lasts about 2 hours Costs $38,069 per minute Moderate event chance of happening* 37% *The IBM 2013 Global Study on the Economic Impact of IT Risk Study. Lasts about 7.5 hours Costs $30,995 per minute Substantial event chance of happening* 23% Most security breaches go undetected for eight months
  5. 5. © 2014 IBM Corporation IBM Security Systems 5 Intelligence Innovation Integration IBM® Security: Delivering intelligence, innovation and integration across a comprehensive framework IBM Security Framework
  6. 6. © 2014 IBM Corporation IBM Security Systems 6 Mobile is changing the way we view the perimeter Security is no longer controlled and enforced through the network perimeter
  7. 7. © 2014 IBM Corporation IBM Security Systems 7 Device Security Content Security Application Security Transaction Security • Manage the mobile enterprise with BYOD, BYOA, secure e-mail and document sharing • Secure file and document sharing across devices and employees including integration with SharePoint • Instrument applications with security protection by design • Identify vulnerabilities in new, existing or purchased applications • Secure mobile transactions from customers, partners and suppliers Security Intelligence Correlate mobile security events with broader infrastructure including log management, anomaly detection and vulnerability management for proactive threat avoidance IT Operations Line-of-Business Application Developer Security Specialist Imperatives to securing the mobile enterprise • Mitigate security risk across devices, applications, content and transactions • Monitor enterprise security across all endpoints • Manage mobility across the enterprise CISO / CIO Chief Information Security Officer Chief Information Officer
  8. 8. © 2014 IBM Corporation IBM Security Systems 8 IBM Security capabilities for the mobile enterprise Device Security Content Security Application Security Transaction Security • Solutions to manage a diverse set of mobile devices from corporate owned assets to BYOD, all from the cloud • Solutions to help secure file and document sharing across devices and SharePoint • Solutions to develop applications with security by design • Protect enterprise data in both the applications you build and the applications you buy • Solutions to help protect mobile transactions with customers, business partners and temporary workers that are not part of your enterprise mobile management framework Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise
  9. 9. © 2014 IBM Corporation IBM Security Systems 9 Security Intelligence Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Content Security Application Security Transaction Security Device Security DATA Personal and Consumer Enterprise Device Security Content Security Application Security Transaction Security • Enroll, provision and configure devices, settings and mobile policy • Fingerprint devices with a unique and persistent mobile device ID • Remotely Locate, Lock and Wipe lost or stolen devices • Enforce device security compliance: passcode, encryption, jailbreak / root detection • Restrict copy, paste and share • Integration with Connections, SharePoint, Box, Google Drive, Windows File Share • Secure access to corporate mail, calendar and contacts • Secure access to corporate intranet sites and network Software Development Lifecycle • Integrated Development Environment • iOS / Android Static Scanning Application Protection • App Wrapping or SDK Container • Hardening & Tamper Resistance IBM Business Partner (Arxan) • Run-time Risk Detection Malware, Jailbreak / Root, Device ID, and Location • Whitelist / Blacklist Applications Access • Mobile Access Management • Identity Federation • API Connectivity Transactions • Mobile Fraud Risk Detection • Cross-channel Fraud Detection • Browser Security / URL Filtering • IP Velocity Security Intelligence Advanced threat detection with greater visibility Security features capabilities for the mobile enterprise
  10. 10. © 2014 IBM Corporation IBM Security Systems 10 Security solutions for the mobile enterprise Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device Security Content Security Application Security Transaction Security IBM Security AppScan IBM Security Access Manager IBM Mobile Security Solutions IBM Mobile Security Services Security Intelligence IBM Mobile First powered by… IBM QRadar Security Intelligence Platform
  11. 11. © 2014 IBM Corporation IBM Security Systems 11 Fiberlink - MaaS360 Enterprise Mobility Management  Challenge: Businesses need flexible and efficient ways to promote their mobile initiatives while protecting data and privacy.  Solution: Deliver comprehensive mobile management and security capabilities for users, devices, apps, documents, email, web and networks. Instantly deploy, manage and secure devices, apps and content in the enterprise  Key benefits – Support corporate and employee-owned devices – Promote dual persona with full containerization and BYOD privacy – Take automated action to ensure compliance with policies – Control emails and attachments to prevent data leakage – Distribute, secure and manage mobile applications – Allow corporate documents on mobile devices securely – Filter and control access to the web and corporate intranet sites More Information • Data Sheets • Videos • Case Studies • White Papers • Free 30-day Trial
  12. 12. © 2014 IBM Corporation IBM Security Systems 12 Trusteer Mobile  Challenge: Compromised devices and applications create fraud risk and an insecure environment.  Solution: Dynamically detect device risk factors and capture the underlying device. Risk-aware mobile application and risk-based mobile transaction assessment More Information  Key benefits – Accurately detects device risk factors – Allows or restricts sensitive mobile application functions based on risks – Mobile transaction risk can be correlated with cross-channel risk factors to detect complex fraud schemes. – Promotes comprehensive risk assessment and secure application development – Helps secure transactions from devices to the back office – Integrates with IBM Worklight projects • Website • Whitepaper • Trusteer Mobile SDK • Trusteer Mobile App
  13. 13. © 2014 IBM Corporation IBM Security Systems 13 IBM Security AppScan 9.0  Challenge: Build in security during development of an application as well as assess the security of existing applications.  Solution: Mitigate application security risk and establish policies, scale testing and prioritization and remediation of vulnerabilities. Static, dynamic and interactive application security testing More Information  Key benefits – Promotes secure mobile application development – Provides enhanced mobile application scanning – Delivers comprehensive application security assessments to measure and communicate progress to stakeholders – Prioritizes application assets based on business impact and highest risk – Integrates with IBM Worklight projects • Free Trial • Client Brochure • Analyst Report • Solution Brief
  14. 14. © 2014 IBM Corporation IBM Security Systems 14 IBM Worklight  Challenge: Create an open, comprehensive, secure platform that manages HTML5, hybrid and native mobile apps.  Solution: Secure the application, reduce both development and maintenance costs, improve time-to-market and enhance mobile app governance and security. Build and manage mobile applications with security More Information  Key benefits – Support multiple mobile operating environments and devices with the simplicity of a single, shared code base – Connect and synchronize with enterprise data, applications and cloud services – Safeguard mobile security at the device, application and network layer – Govern your mobile app portfolio from a central interface • Website • Case Study • Datasheet
  15. 15. © 2014 IBM Corporation IBM Security Systems 15 IBM Security Access Manager for Mobile 8.0  Challenge: Provide secure access to mobile apps and reduce the risks of user access and transactions from the mobile devices.  Solution: Deliver mobile single sign-on and session management, enforce context-aware access and improve identity assurance. Safeguard mobile, cloud and social interactions More Information  Key benefits – Protects the enterprise from high risk mobile devices by integrating with Trusteer Mobile SDK – Built-in support to seamlessly authenticate and authorize users of Worklight developed mobile applications – Enhances security intelligence and compliance through integration with QRadar Security Intelligence – Protects web and mobile applications against OWASP Top 10 web vulnerabilities with integrated XForce threat protection – Reduces TCO and time to value with an “all-in-one” access appliance that allows flexible deployment of web and mobile capabilities as needed • Website • Whitepaper • Datasheet • Demo Video • Webinar
  16. 16. © 2014 IBM Corporation IBM Security Systems 16 IBM QRadar Security Intelligence  Challenge: Prioritize security events that require further investigation.  Solution: Use event correlation to identify high probability incidents and eliminate false positive results. Automation, intelligence and integration provide visibility and clarity to defeat advance threats and spot malicious insiders More Information  Key benefits – Document user, application and data activity to satisfy industry and governmental compliance reporting requirements – Protect private data and intellectual property by detecting advanced persistent threats and other malicious activities – Inspect network device configurations, visualize connections and perform attack path simulations to understand assets at risk – Perform scheduled and real time asset vulnerability scanning and prioritization to apply available patches and stay ahead of possible attacks • Executive Guide • Platform Data Sheet • Managing Risks • PCI Compliance
  17. 17. © 2014 IBM Corporation IBM Security Systems 17 IBM Security Services for Mobile  Challenge: To address the latest transformation of virtualization, mobility, social business and attack sophistication, you need to start by assessing your overall security and risk management.  Solution: IBM security services takes you from planning and design through implementation, testing, monitoring and management of multi-vendor environments. Our dedicated team of experts can help you better understand your requirements and risk tolerance in order to securely adopt mobile technology. Delivers the expertise, skills, and technology to help you reduce the risk of going mobile IBM Confidential More Information  Key benefits – Assessment and Design: Analysis of network security architecture, designing a framework that leverages the cloud, optimizes cost, reduces risk and improves visibility – Deployment and Integration: Working with clients to deploy new security controls, both on premise and within the cloud, while optimizing security policies – Management and Monitoring: Consolidating hybrid security to deliver threat monitoring and global intelligence. • Cyber Security Intelligence Index • Website • Resource Map • IBM Mobile Security Services
  18. 18. © 2014 IBM Corporation IBM Security Systems 18 Large retail bank in Europe strengthens security for its mobile money transfers and banking applications with Trusteer SDK Business problem: A retail bank in the EU sought a secure means to allow its users to perform the same functions they performed online with their mobile devices. Solution: Trusteer Mobile SDK helped protect the organizations' existing mobile banking application by adding device risk analysis and providing a persistent mobile device ID. Benefits: •Detects high risk access from compromised or vulnerable devices •Generates a persistent mobile device ID for unique device identification Featured Security Offering: Trusteer Mobile SDK $1 million in fraud stopped in the first week $60 million in fraud stopped in the first year
  19. 19. © 2014 IBM Corporation IBM Security Systems 19 IBM security experts apply custom tools and a hacker’s approach to help protect the mobile enterprise Business problem: An industry leader is providing a wide range of smart devices to the world. The solution team was looking for a trusted partner to assist them with securing their line of products. Solution: IBM used both source code analysis and a hacker’s approach to assess the security of the smart device and its modules. IBM experts developed customized tools, a test methodology adapted to suit the client’s needs and defined a threat model, re-usable on all their smart devices. Benefits: • increase integrity and availability of their devices, • address stability issues, and most importantly, • prevent hackers from gaining root access to the devices Featured Security Offering: IBM Security Services – Smart and Embedded Device Security • Uncovered vulnerabilities • Reduced development cost • Improved brand image • Protected intellectual property Customer Results:
  20. 20. © 2014 IBM Corporation IBM Security Systems 20 • Own the security agenda for innovation • Embed security on day one • Leverage cloud, mobile, social, and big data to improve security • Develop a risk-aware security strategy • Deploy a systematic approach to security • Harness the knowledge of professionals • Use intelligence and anomaly detection across every domain • Build an intelligence vault around your crown jewels • Prepare your response for the inevitable IBM helps customers thwart attackers and seize new opportunities Develop an integrated approach to stay ahead of the threat 3 Proactively implement and optimize security to innovate faster 2 Use insights and analytics to build smarter defenses 1
  21. 21. © 2014 IBM Corporation IBM Security Systems 21 1 Learn more about IBM Security and MobileFirst : Visit our website Stay connected – read the latest blogs and visit us at: Security Intelligence/Mobile Security 2 3 Find all the answers to your Mobile Security Questions in one place. Bookmark our Mobile Security Solutions Finder Tool Three ways to get started with IBM Mobile Security
  22. 22. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

×