IBM Security Strategy Intelligence, Integration and Expertise

Transcription

1 IBM Security Strategy Intelligence, Integration and Expertise January IBM Corporation 1

2 Innovative technology changes everything 1 trillion connected objects 1 billion mobile workers Social business Bring your own IT Cloud and virtualization 2

3 Motivations and sophistication are rapidly evolving Nation-state actors Stuxnet National Security Espionage, Activism Monetary Gain Revenge, Curiosity 3 Competitors and Hacktivists Aurora Organized crime Zeus Insiders and Script-kiddies Code Red

4 4

5 Security challenges are a complex, four-dimensional puzzle People Employees Hackers Consultants Outsourcers Terrorists Suppliers Customers Data Structured Unstructured At rest In motion Applications Systems Applications Web Applications Web 2.0 Mobile Applications Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional that requires a new approach 5

6 Thinking differently about security Then Now People Administration Data Basiccontrol Laserfocused Applications Bolt-on Built-in Thicker Smarter defenses Infrastructure walls Insight Collect and Analyze Everything 6

7 Advanced Research Domain IP Address dogpile.com kewww.com.cn ynnsuue.com ynnsuue.com wpoellk.com moveinent.com Monitor moptesoft.com varygas.com Then: Reaction earexcept.com fullrow.com Read about the latest threats colonytop.com from blogs and news Match against known signatures and bad actors File Checksum c69d172078b439545dfff28f3d3aacc1 51e65e6c798b03452ef7ae3d03343d8f 51e65e6c798b03452ef7ae3d03343d8f 6bb6b9ce713a00d3773cfcecef515e02 6bb6b9ce713a00d3773cfcecef515e02 c5907f5e2b715bb66b7d4b87ba6e91e7 bf30759c3b0e482813f0d1c324698ae8 Everything ec103847c69646dcbc667df42 23c4dc14d14c5d54e14ea38db2da7115 Now: Situational Awareness ea6c0c4e875d777276a111543e Consume real-time intelligence 00b3bd8d75afd437c1939d8617edc22f 01e22cce71206cf01f9e863dcbf0fd3f about the latest threats Correlate alerts against external behavior and reputation Proactively block bad domains, IP address and malware 7

8 Security Intelligence Then: Collection Logs Events Alerts Configuration information System audit trails Network flows and anomalies External threat feeds Business process data 8 Identity context and social activity Malware information Log collection Signature-based detection Now: Intelligence Real-time monitoring Context-aware anomaly detection Automated correlation and analytics

9 9

10 IBM delivers solutions across a security framework Intelligence Integration Expertise 10

11 Intelligence: A comprehensive portfolio of products and services 11 New in 2012 Products Services

12 Analysts recognize IBM s superior products and performance Domain Segment / Report Analyst Recognition Security Security Information & Event Management (SIEM) Intelligence, Analytics and GRC Enterprise Governance Risk & Compliance Platforms Identity & Access Governance 2012 User Provisioning / Administration 2012 People Role Management & Access Recertification *** 2011 Enterprise Single Sign-on (ESSO) 2011* Web Access Management (WAM) 2012** Database Auditing & Real-Time Protection Data Applications Infrastructure Data Masking 2013 Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) 2011 Network Intrusion Prevention Systems (NIPS) 2012 EndPoint Protection Platforms (EPP) 2013 Leader Leader 12 Visionary Niche Player Strong Performer Leader (#1, 2, or 3 in segment) Challenger Contender ** Gartner Gartner MarketScope MarketScope (discontinued (discontinued in in 2012) 2012) ** ** Gartner Gartner MarketScope MarketScope *** *** IDC IDC MarketScape MarketScape ranked ranked IBM IBM #1 #1 in in IAM IAM 2010 V13-05

13 Integration: Increase security, collapse silos, and reduce complexity Stay ahead of the changing threat landscape Designed to help detect, notify and respond to threats missed by other security solutions Designed to help detect the latest vulnerabilities, exploits and malware Automate compliance tasks and assess risks Add security intelligence to non-intelligent systems Customize protection capabilities to block specific vulnerabilities using scan results Converge access management with web service gateways Link identity information with database security JK Consolidate and correlate siloed information from hundreds of sources

14 IBM Security A full range of security capabilities Consulting Services Managed Services Software Solutions security consultants and architects Globally available managed security services platform Market leading solutions across the IBM Security Framework Assess security risk and compliance, evolve security program Manage security ops, detect and respond to emerging risk Help secure identities, data, applications, network and endpoints Why IBM? Unique, practical approach based on our experience as an enterprise and service provider Why IBM? IBM s global coverage of security operations centers powered by unmatched cybersecurity analytics Why IBM? Integrated security portfolio, Cloud, mobile, threat security solutions, global threat research, and Security Intelligence Intelligence 14 Integration Expertise

15 Expertise: At IBM, the world is our Security lab 6,000 researchers, developers and subject matter experts working security initiatives worldwide 15

16 Collaborative IBM teams monitor and analyze the latest threats Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 13B+ events managed per day 14B analyzed web pages & images 40M spam & phishing attacks 64K documented vulnerabilities 133 monitored Billions of intrusion countries (MSS) attempts daily 1,000+ security related patents 16 Depth Millions of unique malware samples

17 IBM s 2012 Chief Information Security Officer Study revealed the changing role of the CISO How they differ Influencers Confident / prepared Strategic focus have a dedicated CISO have a security/risk committee Protectors Less confident Somewhat strategic Lack necessary structural elements Responders Least confident Focus on protection and compliance have information security as a board topic use a standard set of security metrics to track their progress focused on improving enterprise communication/ collaboration focused on providing education and awareness 17 Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment, May 2012

18 18

19 IBM Identity and Access Management Vision Key Themes Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure 19 Secure Cloud, Mobile, Social Interaction Insider Threat and IAM Governance Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management

20 Data Security Vision QRadar Integration Across Multiple Deployment Models Key Themes 20 Reduced Total Cost of Ownership Enhanced Compliance Management Dynamic Data Protection Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based ) to safeguard sensitive and confidential data

21 Application Security Vision Key Themes Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing 21 Simplified interface and accelerated ROI Security Intelligence Integration New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform

22 Infrastructure Protection Endpoint Vision Key Themes 22 Security for Mobile Devices Expansion of Security Content Security Intelligence Integration Provide security for and manage traditional endpoints alongside mobile devices such as Apple ios, Google Android, Symbian, and Microsoft Windows Phone - using a single platform Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform

23 Infrastructure Protection Advanced Threat Security Intelligence Platform Threat Intelligence and Research Advanced Threat Protection Log Manager SIEM Network Activity Monitor Risk Manager Future Vulnerability Data Malicious Websites Malware Information IP Reputation Future Intrusion Prevention Content and Data Security Web Application Protection Network Anomaly Detection Application Control Future IBM Network Security Key Themes 23 Advanced Threat Protection Platform Expanded X-Force Threat Intelligence Security Intelligence Integration Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

24 X-Force Threat Intelligence: The IBM Differentiator X-Force database - extensive catalog of vulnerabilities Web filter database malicious or infected websites IP Reputation botnets, anonymous proxies, bad actors Application Identification web application information X-Fo rc e Th re a t In te llig e n c e Clo u d 24 Vulnerability Research latest vulnerabilities and protections Security Services manage IPS for Customers

25 Security Intelligence: Integrating across IT silos Security Devices Servers & Hosts Network & Virtual Activity Event Correlation Database Activity Offense Activity Baselining & Identification Application Activity Configuration Info Vulnerability Info Anomaly Detection User Activity Extensive Data Sources + Deep Intelligence = Exceptionally Accurate and Actionable Insight JK High Priority Offenses

26 All domains feed Security Intelligence Correlate new threats based on X-Force IP reputation feeds Hundreds of 3rd party information sources Guardium Identity and Access Management Database assets, rule logic and database activity information Identity context for all security domains w/ QRadar as the dashboard Tivoli Endpoint Manager Endpoint Management vulnerabilities enrich QRadar s vulnerability database 26 IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment

27 2012 Highlights: IBM innovates in across the portfolio Security Intelligence Security Intelligence Platform People Privileged Identity Management Data Guardium for Big Data Integration with QRadar Applications AppScan for Mobile Network Network Anomaly Detection NextGen IPS Endpoint Endpoint Manager for Mobile Devices Mobile AppScan for Mobile ISAM for Cloud and Mobile Cloud SmartCloud Patch ISAM for Cloud and Mobile Advanced Threat Advanced Threat Platform 27 Momentum! IBM IPS tops in performance and features!

28 In 2013 we will continue to focus on solving the big problems Advanced Threats Cloud Computing Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days Mobile Computing Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility 28 Enterprise Customers Regulation and Compliance Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures GLBA

29 Better protection against sophisticated attacks Misconfigured Firewall 0day Exploit Malicious PDF Spammer Phishing Campaign Vulnerable Server Infected Website SQL Injection Botnet Communication On the Network 29 IBM Advanced Threat Protection Across the Enterprise IBM QRadar Security Intelligence Brute Force Malicious Insider Across the World IBM X-Force Threat Intelligence

30 Cloud-ready security solutions span the portfolio QRadar Security Intelligence Federating identities for public and hybrid cloud environments Security Application Scanning for cloud based applications Virtual IPS for VMware ESX / ESXi hosts and workloads Virtual IPS for virtual network edge protection Virtual IPS for virtual network edge protection Virtual IPS for virtual network edge protection Federated Identity Manager Business Gateway AppScan Static / Dynamic Analysis Virtual Server Protection Network IPS Virtual Applicance Endpoint Manager / SmartCloud Patch Guardium database monitoring and protection 30

31 Securing the Mobile Enterprise with IBM Solutions 31

32 Security Intelligence is enabling progress to optimized security Security Intelligence: Flow analytics / predictive analytics Security information and event management Log management Security Intelligence Optimized Identity governance Fine-grained entitlements Privileged user management User provisioning Proficient Access management Strong authentication Basic Directory management 32 Fraud detection Multi-faceted network protection Encryption key management Hybrid scanning and correlation Anomaly detection Data masking / redaction Database activity monitoring Data loss prevention Encryption Database access control Data Hardened systems Web application protection Virtualization security Source code scanning Endpoint / network security management Application scanning Applications Asset management Perimeter security Host security Anti-virus Infrastructure People Data governance

33 Intelligent solutions provide the DNA to secure a Smarter Planet Security Intelligence, Analytics & GRC People Data Applications Infrastructure 33

34 Disclaimer Please Note: IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 34

35 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. ibm.com/security Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United 35 States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.