IBM IAM Security and Trends Intelligence, Integration and Expertise

1. © 2015 IBM Corporation
IBM Security
1© 2015 IBM Corporation
IBM IAM Security and Trends
Intelligence, Integration and Expertise
January 29, 2015

2. © 2015 IBM Corporation
IBM Security
2
Sophisticated attackers break through safeguards every day
SQL
injection
Watering
hole
Physical
access
MalwareThird-party
software
DDoSSpear
phishing
XSS Undisclosed
Attack types
Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
2011
Year of the breach
2012
40% increase
2013
500,000,000+ records breached
61% of organizations say
data theft and cybercrime
are their greatest threats
2012 IBM Global Reputational Risk & IT Study
$3.5M+ average cost
of a data breach
2014 Cost of Data Breach, Ponemon Institute

3. © 2015 IBM Corporation
IBM Security
3
New technologies introduce new risks…
83%
of enterprises have difficulty
finding the security skills they need
2012 ESG Research
85 security tools from
45 vendors
IBM client example
…and traditional security practices are unsustainable
of security executives have
cloud and mobile concerns
2013 IBM CISO Survey
70%
Mobile malware growth
in just one year
2012-2013 Juniper Mobile Threat Report
614%

4. © 2015 IBM Corporation
IBM Security
4
Security leaders are more accountable than ever before
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
Loss of market
share and
reputation
Legal exposure
Audit failure
Fines and
criminal charges
Financial loss
Loss of data
confidentiality,
integrity and/or
availability
Violation of
employee privacy
Loss of
customer trust
Loss of brand
reputation
CEO CFO/COO CIO CHRO CMO
Your board and CEO demand a strategy

5. © 2015 IBM Corporation
IBM Security
55

6. © 2015 IBM Corporation
IBM Security
6
More than half a billion records of PII were leaked in 2013

7. © 2015 IBM Corporation
IBM Security
7
Enterprise Security is only as strong as its weakest link – Identity
of scam and phishing incidents
are campaigns enticing users
to click on malicious links
55%
Criminals are
selling stolen or
fabricated accounts
Social media is fertile
ground for pre-attack
intelligence gathering
Source: IBM X-Force® Research 2013 Trend and Risk Report
Mobile and Cloud breaking
down the traditional
perimeter
IAM becomes fist line of
defense with Threat and
Context awareness

8. © 2015 IBM Corporation8
IBM is positioned
to help

9. © 2015 IBM Corporation
IBM Security
9
Applications
SYSTEMS
APPLICATIONS
WEB
APPLICATIONS
WEB 2.0
MOBILE
APPLICATIONS
DATACENTERS PCs LAPTOPS
Infrastructure
CLOUDMOBILE NON-TRADITIONALMOBILE
Enterprise Security will need to focus on Identity and Interactions
People
EMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS
CONSULTANTS PARTNES CONSUMERS
Data STRUCTURED UNSTRUCTURED AT REST IN MOTION
…a holistic approach is needed
CONSUMERS
IN MOTION
MOBILE
APPLICATIONS
MOBILE
EMPLOYEES
UNSTRUCTURED
WEB 2.0
CLOUDPCs
OUTSOURCERS
STRUCTURED
SYSTEMS
APPLICATIONS

10. © 2015 IBM Corporation
IBM Security
10
IBM Security strategy
Delivering intelligence, integration and expertise across a comprehensive framework
Advanced threats
Cloud
Mobile
Compliance
Skills shortage
Key Security TrendsCISO’s Changing Role
The IBM Security Framework

11. © 2015 IBM Corporation
IBM Security
11
IBM Security has global reach
monitored countries (MSS)
service delivery experts
devices under contract
+
endpoints protected
+
events managed per day
+
IBM Security by the Numbers
+
+

12. © 2015 IBM Corporation
IBM Security
12
Client Side Attacks
Botnets
Buffer Overflow Attacks
Distributed Denial of Service (DDoS)
SQL Injection
Backdoors
Cross-site Scripting (XSS)
Malicious Content
Protocol Tunneling
Reconnaissance
Trojans
Worms
Exploit Toolkits
Peer-to-Peer Networks
IBM X-Force delivers expert analysis and threat intelligence
 Cataloging, analyzing and researching vulnerabilities since 1997
 Providing zero-day threat alerts and exploit triage to IBM customers worldwide
 Building threat intelligence from collaborative data sharing across thousands of clients
 Analyzing malware and fraud activity from 270M+ Trusteer-protected endpoints
X-Force Keeps Customers Ahead of the Threat
IBM Security Operations Centers
and Security Products
Sharing real-time and
anonymized threat intelligence

13. © 2015 IBM Corporation13
Threat aware
Identity and Access

14. © 2015 IBM Corporation
IBM Security
14
1. Identity is a key security control for a multi-perimeter world
• Operational management
• Compliance driven
• Static, Trust-based
• Security risk management
• Business driven
• Dynamic, context-based
Today: Administration
Tomorrow: Assurance
IAM is centralized and internal
Enterprise
IAM
Cloud IAM
BYO-IDs
SaaS
Device-IDs
App IDs
IAM is decentralized and external
Enterprise
IAM
IaaS,
PaaS

15. © 2015 IBM Corporation
IBM Security
15
3. Evolving business –driven Identity Governance and Analytics
Wave 1: Administration
 Cost savings
 Automation
 User lifecycle
 Key on premise
applications and
employees
Wave 3: Analytics
 Application usage
 Privileged activity
 Risk-based control
 Baseline normal behavior
 Employees, partners,
consumers – anywhere
Wave 2: Governance
 Role management
 Access certification
 Extended enterprise
and business partners
 On and off-premise
applications
Identity Intelligence – Collect and Analyze Identity Data
Improved visibility
into how access
being utilized
Risk-based insights
for prioritized
compliance actions
Clear actionable
dashboards for better
business decision making
Identity and Governance Evolution

16. © 2015 IBM Corporation
IBM Security
16
IBM Security
Intelligence
Integration
Expertise
The IBM Security Framework

17. © 2015 IBM Corporation
IBM Security
17
www.ibm.com/security
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and
response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,
misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use
or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily
involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT
THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.