ibm security framework - askcypertaskcypert.org/sites/default/files/ibm security strategy...

© 2013 IBM Corporation

IBM Security Systems

1© 2013 IBM Corporation

IBM Security FrameworkIntelligence, Integration and Expertise

Sadu Bajekal,

Senior Technical Staff Member

Principal Security Architect


January 28, 2014



2

Agenda

Introduction: The evolving threat landscape

A new approach to security is needed

How the IBM Security Framework is positioned to help



3

M O

T I

V A

T I

O N

Motivations and sophistication are rapidly evolving

S O P H I S T I C A T I O N

National Security,

Economic Espionage

Notoriety, Activism,

Defamation

HacktivistsLulzsec, Anonymous

Monetary

Gain

Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack

Nuisance,

Curiosity

Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red

Nation-state actors, APTsStuxnet, Aurora, APT-1



4

Evolving threats and increasing payoffs

INTERNAL EXTERNAL PAYOFFS



5

X-Force Research: Attackers are taking advantage of the human factor

Source: IBM X-Force® Research 2013 Trend and Risk Report



6

IT Security is a board room discussion

Increasingly, companies are appointing CROs and CISOs

with a direct line to the Audit Committee

Loss of market

share and

reputation

Legal exposure

Audit failure

Fines and criminal

charges

Financial loss

Loss of data

confidentiality,

integrity and/or

availability

Violation of

employee privacy

Loss of customer

trust

Loss of brand

reputation

CEO CFO/COO CIO CHRO CMO

Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series



9

Security challenges are a complex, four-dimensional puzzle…

…that requires a new approach

ApplicationsWeb

ApplicationsSystems

ApplicationsWeb 2.0 Mobile

Applications

Infrastructure

Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motionUnstructuredStructured

PeopleAttackers Suppliers

Consultants Partners

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0Systems Applications

Outsourcers

Structured In motion

Customers

Mobile

Applications



10

Thinking differently about security

Collect and Analyze Everything

DataBasic-

control

Applications Bolt-on

InfrastructureThicker

walls

Insight

Now

People Administration

Then

Smarter

defenses

Built-in

Laser-

focused



11

Customers have a growing need to identify and protect against threats by building insights from broader data sets

Logs

Events Alerts

Configuration

information

System

audit trails

External threat

intelligence feeds

Network flows

and anomalies

Identity

context

Web page

text

Full packet and

DNS captures

E-mail and

social activity

Business

process data

Customer

transactions

Traditional Security

Operations and

Technology

Big Data

Analytics

New Considerations

Collection, Storage

and Processing

Collection and integration

Size and speed

Enrichment and correlation

Analytics and Workflow

Visualization

Unstructured analysis

Learning and prediction

Customization

Sharing and export



12

Reaching security maturity

13

-09

-17

Security Intelligence

Predictive Analytics, Big Data Workbench, Flow Analytics

SIEM and Vulnerability Management

Log Management

Advanced Fraud Protection

People Data Applications Infrastructure

Identity governance

Fine-grained entitlements

Privileged user management

Data governance

Encryption key management

Fraud detection

Hybrid scanning and correlation

Multi-facetednetwork protection

Anomaly detection

Hardened systems

User provisioning

Access management

Strong authentication

Data masking / redaction

Database activity monitoring

Data loss prevention

Web application protection

Source code scanning

Virtualization security

Asset management

Endpoint / network security management

Directorymanagement

Encryption

Database access control

Applicationscanning

Perimeter security

Host security

Anti-virus

Optimized

Proficient

Basic



13

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

Intelligence

Integration

Expertise



14

IBM Security Investment

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM security patents

• 4,000+ IBM managed security

services clients worldwide

• 25 IBM Security labs worldwide

IBM Security: Market-changing milestones

Mainframeand Server

Security

SOA Managementand Security

Network Intrusion Prevention

DatabaseMonitoring

Access Management

ApplicationSecurity

ComplianceManagement

1976

Resource Access Control Facility(RACF) is created, eliminating the need for each application to imbed security

1999

Dascom is acquired for access management capabilities

2006

Internet Security Systems, Inc. is acquired for security research and network protection capabilities

2007

Watchfire is acquired for security and compliance capabilities

Consul is acquired for risk management capabilities

Princeton Softech is acquired for data management capabilities

2008

Encentuateis acquired for enterprise single-sign-on capabilities

2009

Ounce Labs is acquired for application security capabilities

Guardium

is acquired

for enterprise

database

monitoring

and protection

capabilities

2010

Big Fix is acquired for endpoint security management capabilities

NISC is acquired for informationand analytics management capabilities

2005

DataPoweris acquired for SOA management and security capabilities

2013

Intent to

acquire

Trusteer for

mobile and

application

security,

counter-fraud

and malware

detection

2002

Access360is acquired for identity management capabilities

MetaMergeis acquired for directory integration capabilities

Identity Management

AdvancedFraud Protection

Security Analytics


IBM Security

Systems

division is

created

2011

Q1 Labs is

acquired for

security

intelligence

capabilities

2012



15

IBM Security Systems Portfolio

People Data Applications Network Infrastructure Endpoint

Identity

ManagementGuardium Data Security

and Compliance

AppScan

Source

Network

Intrusion PreventionTrusteer Apex

Access

Management

Guardium DB

Vulnerability

Management

AppScan

Dynamic

Next Generation

Network Protection

Mobile and Endpoint

Management

Privileged Identity

Manager

Guardium / Optim

Data Masking

DataPower Web

Security Gateway

SiteProtector

Threat Management

Virtualization and

Server Security

Federated

Access and SSO

Key Lifecycle

Manager

Security Policy

Manager

Network

Anomaly Detection

Mainframe

Security

IBM X-Force Research

Advanced Fraud Protection

Trusteer

Rapport

Trusteer Pinpoint

Malware Detection

Trusteer Pinpoint

ATO Detection

Trusteer Mobile

Risk Engine

Security Intelligence and Analytics

QRadar

Log Manager

QRadar

SIEM

QRadar

Risk Manager

QRadar

Vulnerability Manager

IBM offers a comprehensive portfolio of security products



16

Increase security, collapse silos, and reduce complexity

JK

2013-0

4-2

65

Consolidate and

correlate siloed

information from

hundreds of sources

Stay ahead of

the changing

threat

landscape

Link security and

vulnerability

information

across domains

Integrated Intelligence. Integrated Research. Integrated Protection.



17

Intelligent Security for the Cloud

13-04-02

Data and Application

Protection

Secure enterprise databases

Build, test and maintain secure

cloud applications

Threat

Protection

Prevent advanced threats

with layered protection

and analytics

Identity

Protection

Administer, secure, and extend

identity and access to and

from the cloud


Provide visibility, auditability and control for the cloud



18

Device

Management

Network, Data,

and Access Security

Application Layer

Security

Security for endpoint

device and data

Achieve visibility and

adaptive security policies

Develop and test

applications

Securing the Mobile Enterprise



19

Driving Compliance with Enhanced Visibility and Controls

IBM Confidential

Preventing insider

threat

Accessing Applications

on a need-to-know basis

Monitoring Data and

PII concerns

Managing end users and

Privacy concerns


Activity Monitoring, Anomaly Detection, Reporting



20

Security Intelligence: Integrating across IT silos

Extensive data sources

Deep intelligence

Exceptionally accurate and actionable insight+ =

V13-03

Data activity

Servers and mainframes

Users and identities

Vulnerabilities and threats

Configuration information

Security devices

Network and virtual activity

Application activity

Correlation• Logs/events

• Flows

• IP reputation

• Geographic location

Activity baselining

and anomaly detection• User activity

• Database activity

• Application activity

• Network activity

True offense

Suspected

incidents


and Analytics

Offense identification• Credibility

• Severity

• Relevance

Key Themes

Increased Data Sources

Data from 450+ security collectors and

Integration with X-Force intelligence

and other external feeds to use in analysis

for determining relevant vulnerabilities

and potential threats

Integrated Vulnerability Management

Comprehensive understanding of the

configuration and exposure of systems

in the environment, enabling contextual

analysis to determine vulnerabilities

against particular threats

Enhanced Identity Context

Integrated understanding of users, their roles,

level of privilege, geographical location and

their typical behaviors to enable enterprises

to identify abnormal activity that might indicate

insider threat



21

Integration: A unified architecture delivered in a single console Designed from scratch to deliver massive log management scale without any compromise on SIEM “Intelligence”

Log

Management

NextGenSIEM

ActivityMonitoring

RiskManagement

Vulnerability Management

NetworkForensics



22

PeopleIdentity and Access Management: Helping to extend secure user access across the enterprise

Key Themes

Standardized IAM

and Compliance ManagementExpand IAM vertically to provide identity and

access intelligence to the business; Integrate

horizontally to enforce user access to data, app,

and infrastructure

Secure Cloud, Mobile, Social

InteractionEnhance context-based access control for

cloud, mobile and SaaS access, as well as

integration with proofing, validation and

authentication solutions

Insider Threat

and IAM GovernanceContinue to develop Privileged Identity

Management (PIM) capabilities and enhanced

Identity and Role management



23

Deliver intelligentidentity and access

assurance

Safeguard mobile,cloud and social

interactions

Simplify identitysilos and cloud

integrations

Prevent insider threat and

identity fraud

• Validate “who is who” when users connect from outside the enterprise

• Enforce proactive access policies on cloud, social and mobile collaboration channels

• Manage shared accessinside the enterprise

• Defend applications and access against targeted web attacks and vulnerabilities

• Provide visibility into all available identities within the enterprise

• Unify “Universe of Identities” for security management

• Enable identity management for the line of business

• Enhance user activity monitoring and security intelligence across security domains

Announcing: Threat-Aware Identity and Access ManagementNew capabilities to help organizations secure enterprise identity as a new perimeter



24

Helping achieve secure transactions and graded trust Safeguard mobile, cloud

and social interactions

Eliminate use of passwords

to secure mobile application

access

Implement Risk Based access

posture for BYOD

Validate Customer Identity

interacting via Mobile and

Social channels

Enforce Identity context for

Mobile, SaaS and Cloud access

Eliminate use of passwords

to secure mobile app access

ISAM for Mobile



25

Prevent insider threatand identity fraud

Prevent insider breaches caused by privilegedidentity misuse

Audit privileged user activity

and sensitive data access

Address compliance, regulatory

and privacy requirements

Secure user access and content

against targeted attacks

Integrated security intelligence

Target Systems

Credential Vault

Administrative ID

Session Recording



26

Data

Key Themes

Expand to new platformsExpand beyond supporting databases to all

relevant data sources, including data

warehouses, file shares, file systems,

enterprise content managers, and Big Data

(Hadoop, NoSQL, in-memory DB),

wherever data is stored

Introduce new data protection

capabilitiesComplement discovery, classification, monitoring,

auditing, and blocking with though leadership

capabilities like cloud encryption/tokenization,

dynamic data masking, and fraud detection

Lead on scalability and lower

TCOContinue to improve on solution deployability

with improvements to scalability, performance,

simplification, automation, serviceability, and

ease of use

Data Security: Helping to secure structured, unstructured, online and offline data across the enterprise

Governance, Security Intelligence, Analytics

Data Discovery and Classification

Policy-based Access and Entitlements

Audit, Reporting, and Monitoring

Enforcement

Data in Motion

Network Loss

Prevention

Data at Rest

Protection &

Encryption

Data in Use

Endpoint Loss

Prevention

at Endpoint(workstations, laptops,

mobile,…)

over Network(SQL, HTTP, SSH, FTP,

email,. …)

Stored(Databases, File Servers, Big

Data, Data Warehouses,

Application Servers, Cloud/Virtual

..)

Se

curity

So

lution

s

IT &

Bu

sin

ess P

rocess

in

te

gr

at

e

in

te

gr

at

e

• Protect data in any form,

anywhere, from internal or

external threats

• Streamline regulation

compliance process

• Reduce operational costs

around data protection



28

Send security alerts from Guardium to QRadar

Send audit reports from Guardium to QRadar to enhance analytics

Send database vulnerability assessment status from Guardium to QRadar

InfoSphere Guardium integration with QRadar opens up new opportunities

Extensive Data SourcesDeep

IntelligenceExceptionally Accurate and

Actionable Insight+ =

Event

Correlation

Activity Baselining

& Anomaly Detection

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Offense

Identification

Security Devices

Network & Virtual Activity

Application Activity

Data Activity

In-depth data activity monitoring

and security insights from

InfoSphere Guardium

Vulnerability Information

Databases

Data warehouses

Big Data environments

File shares

Applications

NEW



29

Applications

Build Systems

improve scan

efficiencies

Integrated

Defect Tracking

Systems

track remediation

IDEs

remediation assistance


raise threat level

Application Security: Helping to protect against the threat of attacks and data breaches

Key Themes

Coverage for Mobile

applications and new threatsContinue to identify and reduce risk by

expanding scanning capabilities to new

platforms such as mobile, as well as introducing

next generation dynamic analysis scanning and

glass box testing

Simplified interface and

accelerated ROINew capabilities to improve customer time to

value and consumability with out-of-the-box

scanning, static analysis templates and ease

of use features


IntegrationAutomatically adjust threat levels based on

knowledge of application vulnerabilities by

integrating and analyzing scan results with

SiteProtector and the QRadar Security

Intelligence Platform

Scanning

Techniques

Applications

Governance

and

Collaboration

Audience Development teams Security teams Penetration Testers

CODING BUILD QA SECURITY PRODUCTION

Static analysis

(white box)

Software

Development

LifecycleDynamic analysis

(black box)

Web Applications

Web Services

Mobile

Applications

Programming

Languages

Purchased

Applications

• Test policies, test templates and access control

• Dashboards, detailed reports and trending

• Manage regulatory requirements such as PCI, GLBA and HIPAA (40+ out-of-the-box compliance reports)



30

Future

Future

Intrusion

Prevention

Content

and Data

Security

Web

Application

Protection IBM Network

Security

Security

Intelligence

Platform

Threat Intelligence

and Research

Advanced

Threat

Platform

Network

Anomaly

Detection

Application

Control

Infrastructure Protection: Network

Key Themes

Advanced Threat Protection

PlatformHelps to prevent sophisticated threats and

detect abnormal network behavior by using an

extensible set of network security capabilities -

in conjunction with real-time threat information

and Security Intelligence

Expanded X-Force

Threat IntelligenceIncreased coverage of world-wide threat

intelligence harvested by X-Force and the

consumption of this data to make smarter and

more accurate security decisions


IntegrationTight integration between the Advanced Threat

Protection Platform and QRadar Security

Intelligence platform to provide unique and

meaningful ways to detect, investigate and

remediate threats

LogManager

SIEMNetwork Activity Monitor

Risk Manager

Vulnerability Manager

FutureVulnerability

Data

Malicious

Websites

Malware

Information

IP

Reputation

Infrastructure



31

X-Force Threat Intelligence: The IBM Differentiator

IBM Confidential

URL/Web Filtering• Provides access to one of the world’s largest URL filter databases containing

more than 20 billion evaluated Web pages and images

Anti-Spam• Detect spam using known signatures, discover new spam types

automatically, 99.9% accurate, near 0% overblocking

IP Reputation• Categorize malicious websites via their IP address into different threat

segments, including malware hosts, spam sources, and anonymous proxies

Web Application Control• Identifying and providing actions for application traffic, both web-based,

such as Gmail, and client based, such as Skype

The mission of X-Force is to:

Monitor and evaluate the rapidly changing

threat landscape

Research new attack techniques and develop protection

for tomorrow’s security challenges

Educate our customers and the general public

Advanced Security

and Threat Research



32

Infrastructure Protection: EndpointProvides in-depth security across your network, servers, virtual servers, mainframes and endpoints

Key Themes

Security for

Mobile DevicesProvide security for and manage traditional

endpoints alongside mobile devices such as

Apple iOS, Google Android, Symbian, and

Microsoft Windows Phone - using a single

platform

Expansion of

Security ContentContinued expansion of security configuration

and vulnerability content to increase coverage

for applications, operating systems, and

industry best practices

Security Intelligence IntegrationImproved usage of analytics - providing valuable

insights to meet compliance and IT security

objectives, as well as further integration with

SiteProtector and the QRadar Security

Intelligence Platform

Infrastructure



33

IBM Security: Helping clients optimize IT security

Integrated Portfolio

Managed and Professional Services

Extensive Partner Ecosystem

IBM Research



34

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

http://www.ibm.com/security

http://www.ibm.com/security



35

Disclaimer

Please Note:

IBM’s statements regarding its plans, directions, and intent are subject to change

or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general

product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment,

promise, or legal obligation to deliver any material, code or functionality. Information

about potential future products may not be incorporated into any contract. The

development, release, and timing of any future features or functionality described

for our products remains at our sole discretion.



36

Customer successes across domains

Advanced Fraud

Protection

PeopleManage user access securely

and cost-effectively

DataEnsure privacy and integrity

of data

ApplicationsAutomate security testing

on web-based applications

InfrastructureProactively alert, simplify

monitoring and management

Protect against financial fraud

and advanced security threats


and Analytics

Improve overall security

and compliance

Major South American bank health reduced

the number of help desk calls by 30%,

resulting in annual savings of $450,000+

Major global bank saved $1.5 USD / year

on storage costs and reduced compliance

costs by $20M USD

Client added 225 new applications per year

to handle US$1 quadrillion in securities

transactions per year

Client monitored all devices and networks

across all sites with zero false positives

without blocking revenue-based traffic

Banking clients reduced online banking fraud

to near zero while complying with regulatory

compliance mandates for layered security

Global office products supplier achieved

greater visibility to potential security threats

and PCI compliance with $0 cost increase

ibm security framework - askcypertaskcypert.org/sites/default/files/ibm security strategy...

Documents