IBM Insight 2015 - Security Sessions Roadmap

Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 1

@A New Way to Think About Security

#ibm

insight

Conference General SessionWednesday, October 28Mandalay Bay South Convention Center Level 3 South Seas F

Time Session number Session type Location

10:30 AM – 11:30 AM ISP-3143 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon J

Session title Speaker Abstract

Forrester: Total Economic Impact of IBM Security Guardium

Jon Erickson, Forrester Research

In August 2015, IBM commissioned Forester consulting to conduct a Total Economic Impact (TEI) study to examine the potential return on investment (ROI) that organizations may realize by deploying IBM Security Guardium. Join this session to hear directly from our guest, Forrester TEI consultant and director Jon Erickson, about the results of study. Based on online interviews conducted with existing IBM Security Guardium customers, the study uncovered that organizations may acheive results like cost reduction, risk reduction, and productivity increases, as well as tactical efficiencies and strategic benefits from implementations on a common platform.

Time Session number Session type

10:30 AM – 11:30 AM SUP-4052 Super Session

Session title Abstract

Stop unknown threats: Apply analytics to the challenge of security

As organizations drive innovation and engage with customers in new ways, protecting against cyberattacks becomes more critical. Traditional security tools focus on the known. You need a different approach to stop advanced attacks, unknown or never-before-seen threats from outside the organization, and to deter risky behavior of insiders as well. We will explore how analytics and a big data approach to security can help you proactively protect your most critical assets.

Data Security and PrivacyMonday, October 26



1:00 PM – 2:00 PM ISP-3364 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon J


Nationwide Case Study: Data Security and Security Intelligence Equals Better Results

Lee March, Nationwide Sandeep Shah, IBM Patrice Bordron, Nationwide

Nationwide, a Fortune 100 company based in Columbus, Ohio, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. Nationwide deeply values customer loyalty and the security of customer data: They have been a leader in considering how to prevent data loss. In this session, representatives from Nationwide share their views on data security, security intelligence, and why these two capabilities should be used together for a more complete and robust data security system, their lessons learned, and the benefits they gain from deploying IBM Security Guardium and IBM Security QRadar together.

Data Security and Privacy (continued)Monday, October 26




Cloud Has Torn Down the Firewalls: Do You Have What It Takes to Protect Your Data?

Luis Casco-Arias, IBM As clients embrace cloud environments, firewalls come down and new types of users start accessing data. Join this session to learn about data security challenges in this exciting new world and learn how IBM can help you to address these issues. Learn about traditional and emerging data security requirements, and hear specific client use cases with common problems as well as the best solutions.

Tuesday, October 27




Data Security Architecture: Best Practices, Tips and Tricks

Nir Carmel, IBM Yosef Rozenblit, IBM

This session will cover the IBM Data Security architecture, and provide useful hints and guidelines to help you understand how this solution can provide you with maximum return on investment. Typical use cases will be demonstrated to show how functionality can be applied to solve many customer requirements.


Data Security and Privacy (continued)Tuesday, October 27




The IBM Security Guardium Environment: Going Virtual in the 21st Century

James Albright, Athene Mitch Glass, Athene USA

As physical hardware ages, costs will only continue to rise. Virtual environments avoid those costs and offer additional advantages. Join this session to learn how Athene has deployed IBM Security Guardium virtually to capitalize on resources, improve performance and reduce data center costs. This session will provide details on how robust reporting and documentation can keep your organization in compliance with both company policy and regulation. The presentation will also examine the value of using Guardium professional services in your next project or health check.


4:00 PM – 5:00 PM ISP-2249 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon J


Yazaki Case Study: Real Time Data Security With IBM InfoSphere Guardium for SAP Solutions

Juergen Laudien, Yazaki Europe Ltd. Karsten Stoehr, IBM

Today’s economy seeks a fast performing environment for analytic and transactional workloads, all while being sensitive to database security. Join this session to learn how IBM InfoSphere Guardium enabled Yazaki Europe to build a real time platform that deals with the security challenges of their SAP and non SAP data environments.


10:30 AM – 11:30 AM ISP-3327 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon E


Who’s in My Data? Securing User Access Rights with IBM Security Guardium

Eric Bryan, Great American Insurance Group Tim Tait, Great American Insurance Group

Securely managing the assignment of user access rights is critical to good IT security and governance. In fact, it is increasingly becoming required by many regulations. As the cost of compliance increases with new regulations, and as IT environments become more heterogeneous and complex, tools must be used to ensure user access rights are kept to ‘least privilege access’ while not unintentionally removing any privileges that are needed for business use. Join this session to learn how Great American Insurance has used IBM Security Guardium to review and secure user access rights, including entitlement reporting, ‘last used’ field use, as well as to streamline and manage access reviews using Guardium’s built in workflow system.





Introducing IBM Guardium v10 and the Data Security Road Map

Nir Carmel, IBM This session discusses the market requirements around data security and privacy and introduces you to what’s new in IBM Guardium v10. It also describes the IBM data security vision and product road map.

Data Security and Privacy (continued)Wednesday, October 28




How to Get the Most From IBM InfoSphere Guardium S TAP Installation for DB2 z/OS

Peter Bongiovanni, American International Group

Is your security officer asking about auditing your DB2 on z/OS environment? Are you concerned about the impact of auditing on application performance and availability? Are you looking for guidance from someone who has “been there, done that?” In this presentation, you will learn AIG’s best practices for installing and tuning the InfoSphere Guardium S-TAP for DB2 on z/OS in a data sharing environment. The presentation includes critical planning information and upgrade steps. There will also be an overview of the business value provided by InfoSphere Guardium for providing granular auditing capabilities for security mandates and federal regulation. The presentation will be given by IBMer, Ernie Mancil.


10:30 AM – 11:30 AM ISP-3092 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon E


Big Data: Monitoring Usage and Implementing Security and Privacy Controls

Leslie Wiggins, IBM Big data is the rage in the marketplace with lots of potential to solve a myriad of customer and corporate issues. With this opportunity comes a new set of issues around security and privacy. The more data we have and want to use, the more potential there is for cyber criminals to attempt to harvest that same data. In this session, you will discover the latest strategies for monitoring big data usage and implementing controls to ensure your sensitive data is not exploited.



11:15 AM – 12:15 PM ISP-2813 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon J


Dynamic Data Protection with Fine Grained Access Control and Masking From InfoSphere Guardium

Sundari Voruganti, IBM Steve Tallant, IBM

Do new privacy regulations have you confused about how to make a legacy ad hoc query application conform? Is making application changes a risky proposition? Is the access control in the application inadequate to protect leakage? Are there data elements in your legacy web applications you’d like to mask from certain classes of users? In this session, learn about exciting new technology from IBM InfoSphere Guardium that can help you address such challenging situations across different kinds of database management systems.

Data Security and Privacy (continued)Wednesday, October 28




Who Is Accessing Your Files and IP? Keep Control With IBM Security Guardium File Activity Monitoring

Dan Stanca, IBM Up to 80 percent of enterprise data is unstructured and includes text files, spreadsheets, presentations, source code files, log files and the ubiquitous PDFs. Do you know which of your files contain proprietary or sensitive data? Is your organization doing enough to protect this valuable intellectual capital? Are you able to prevent PII data leakage? In this session, you will learn about the many aspects of unstructured data protection and how IBM Security Guardium for Files can help you protect yourself. The presenter will also share a use case that highlights how this feature helps IBM protect our own source code.




Avoid the Headlines: Proactively Protect Your Data By Creating Appropriate Controls

Steve Tallant, IBM In a world where data breaches are happening with increasing frequency, you need a plan to proactively protect your data, before you end up reacting to a breach. This session will cover the seven most common use cases that help customers operationalize security controls within their environment.

Thursday, October 29


Data Security and Privacy (continued)Thursday, October 29




Bridging the Gap Between Security Intelligence and Data Protection

Walid Rjaibi, IBM Johan Varno, IBM

Hardly a week goes by without headlines about a data security breach. Staying a step ahead of these increasing and sophisticated attacks requires a comprehensive and proactive approach to data security that helps organizations identify risks and automatically adjust the security defenses before any serious damage can occur. IBM QRadar and IBM Guardium are trusted by many organiza-tions worldwide as comprehensive security intelligence and data protection platforms. This session will thoroughly explore how these solutions integrate to enhance business agility and resiliency by automating the process of adjusting the Guardium data defenses in response to real time security intelligence events from QRadar.



1:00 PM – 2:00 PM ISY-3516 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon G


Cloud Security: A New Approach to Embrace the Cloud

Dan Wolff, IBM There are thousands of cloud applications out there. How can I enable my users and not just say no? Attend this session and learn about the IBM strategy for securing cloud environments, new techniques and solutions for addressing security threats, how hosted cloud security services can help, and techniques for using the shift to the cloud as an opportunity to improve the security of your organization.

Security Trends and InnovationMonday, October 26


4:00 PM – 5:00 PM ISY-1535 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon J


IBM z Systems Mainframe: The Ultimate Data Security Hub

Julie Bergh, IBM Traditionally up to 80 percent of mission critical data either originates or resides on mainframes, especially for financial institutions. The mainframe offers integrated hardware and software security capabilities that have been evaluated at EAL 5+ including high speed encryption. Mainframes offer many levels of data protection from masking and encryption to data classification, data access controls, storage protection for data at rest, and secure communication for data in motion. All these capabilities combine to make the mainframe the ultimate secure data repository hub for your enterprise. Come learn how IBM security solutions integrate to provide the ultimate data security hub with RACF, DB2, zSecure, Guardium, QRadar and SKLM.


1:00 PM – 2:00 PM ISY-1137 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon E


Trends in Encryption of Data and Key Management, On Premises and in the Cloud

Rick Robinson, IBM Data is everywhere; on premise, mobile and cloud systems. These are the initial applications of data propagation across a boundless world of storage. As the storage of data across these seamless platforms becomes ubiquitous, the need for protecting the data, re-gardless of its location, also needs to be protected through the use of encryption (and that means centralized key management). The person who controls the keys to encryption of data holds control over the data itself. But how has the industry adopted encryption? What are the standards? Where are we missing adoption? This presentation looks at trends in encryption and key management, and presses the questions on where we need improvement.


Security Trends and Innovation (continued)Tuesday, October 27


4:00 PM – 5:00 PM ISY-3528 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon G


IBM Security Business Unit: Helping Organizations Meet Security Challenges

Patrick Vandenberg, IBM This session provides an overview of the security business challenges faced by organizations today, and discusses how the IBM Security Business Unit can help you meet these challenges and protect your data.


2:30 PM – 3:30 PM ISY-3468 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon L


Common Themes in Targeted Attacks and Counter Tactics

Etay Maor, IBM Are current security measures enough to stop targeted attacks? Could common security practices even aid an attacker? This presentation will review the common themes of targeted attacks, specifically focusing on infections and access to internal networks, exploitation of software vulnerabilities and the use of remote access tools. The techniques attackers use will be explored along with the weak points (both in technologies and in humans) they look for and discuss possible choke points. The session will include multiple live demos and case studies as well as strategies and tactics for coun-tering the threats discussed.


10:30 AM – 11:30 AM ISY-3454 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon L


Community Countermeasures: The Need for Collaborative Threat Protection

Patrick Vandenberg, IBM Defending against today’s threats requires collaboration on a scale never seen before in our industry. Security professionals must turn to new strategies, employing community based defenses, shared threat intelligence, and integrated systems of capabilities to disrupt advanced attacks. A well coordinated system can shift the balance back to our teams to effectively prevent, detect and respond to these attacks. Join us to hear how IBM is helping chart a way forward with coordinated and open security technology, services and threat intelligence.

Wednesday, October 28



4:00 PM – 5:00 PM ISY-2629 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon G


Using IBM Security Intelligence and Analytics to Protect Your Business Data

Roger J. Hellman, IBM Matt Carle, IBM

Your organization is at risk of attack every day, and security threats continue to grow in sophistication and severity. Fortunately IBM offers solutions that use intelligence and advanced analytics to help keep your data safe. Attend this session and learn more about how IBM Security QRadar detects threats, identifies vulnerabilities, performs forensic analysis, manages risks and compliance, and can be deployed in the Cloud. We will also cover the open extension framework API, and how IBM is creating new opportunities for Business Partners, developers, and clients to collaborate and enhance the capabilities of QRadar.

Security Trends and Innovation (continued)Wednesday, October 28


4:00 PM – 5:00 PM AIM-2243 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon E


Surviving the Mobile Phenomenon: Reduce Risk While Deploying Mobile Access to the Enterprise

Jason Hardy, IBM The number of mobile cyber security attacks is continuing to grow. At any given time, malicious code is infecting more than 11.6 million mobile devices. Recent research shows that nearly 40 percent of large companies, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile applications they build for customers. The alarming state of mobile insecurity expands beyond applications, to gaps in mobile device management, data and content and user access. In this session, learn how you can simplify and streamline mobile security and understand how a holistic approach to mobile security can help you tackle known risks and address the unique interdependencies between them.



2:00 PM – 3:00 PM ISY-3525 Breakout Session – Technical Mandalay Bay South Convention Center Level 2 Lagoon J


Protect Your Business Critical Data with Intelligent Access Management Solutions

Jason Keenaghan, IBM With web applications under constant attack, organizations need more secure ways to adopt web, mobile and cloud technologies, protect online resources, and address compliance requirements. Intelligent Identity and Access Management solutions, leveraging information such as user analytics, threat data, and other metrics, can help reduce risk and mitigate internal/external threats. Join this session to learn how user auditing data, device fraud and malware indicators, and threat awareness can highlight user anomalies and enable appropriate access decisions.

Security Trends and Innovation (continued)Thursday, October 29


9:45 AM – 10:45 PM ISY-3912 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon E


Critical Data Protection Program Nev Zunic, IBM This session discusses how to have visibility into, and manage, sensitive data assets across the organization. There are troves of sensitive data spread across an organization’s environment. Understanding the critical nature and value of the sensitive data assets is vital to apply necessary controls to protect these assets. Identifying, discovering, and classifying sensitive data needs to become an established business process that is performed on an ongoing basis. The classification of sensitive assets allows controls to be defined and implemented for data according to its value to the organization. Understanding the risks associated with sensitive data enables proactive actions to be taken to mitigate any potential risks.


Security Trends and Innovation (continued)Thursday, October 29


3:30 PM – 4:30 PM ISY-2687 Breakout Session – Business Mandalay Bay South Convention Center Level 2 Lagoon J


Ensuring Your Mission Critical Data Stays Protected in the Digital Age: Mobile to the M

Robert Kennedy, IBM In today’s mobile era, there are over 10 billion devices accessing information. Enterprises are challenged with integrating new mobile services with existing organizational processes, while retaining security of mission critical assets. IBM z Systems provides you with an enterprise backbone for mobility solutions, which can scale to handle the huge volumes, deliver proven mobile end to end integration with reliability, availability, and security, and ensure that your data is protected. But some of that security is dependent on effective deployment strategies. This session will review the security challenges for mobile deployments and discuss the broad set of solutions that IBM can offer to help with your mobile deployments.

GovernanceMonday, October 26


2:00 PM – 5:00 PM LCG-1640 Lab Mandalay Bay South Convention Center Level 1 Bayside F – 06


Simplify Data Security and Compliance for Big Data Using IBM Security Guardium

Tina Chen, IBM Sundari Voruganti, IBM

This year has seen a significant increase in the level of interest in the topic of security and auditing for Hadoop. Hadoop vendors are responding with better security features and by partnering with the market-leading data security and compliance solution for Hadoop, IBM Security Guardium provides organizations the value of real-time monitoring, alerting, reports, compliance workflow, and more for Hadoop. Get hands-on experience with Guardium and IBM BigInsights and see how to configure real-time alerts for suspicious behavior, customize prebuilt reports, and use other Guardium features such as quick search and compliance workflow.


DataThursday, October 29


2:00 PM – 5:00 PM LCD-3535 Lab Mandalay Bay South Convention Center Level 1 Bayside F – 07


IBM InfoSphere Guardium: An Enterprise Data Security and Auditing Solution

Martin Dizon, IBM Raki Roberts, IBM

Organizations of all types must secure their data to meet compliance regulations and to minimize data attacks. This session discusses the extensive database auditing and security capabilities of IBM InfoSphere Guardium and how they help meet data security and auditing needs. This session includes a business and technical overview of the Guardium solution and its ability to scale across the enterprise. It also prepares attendees to help their organization reduce the cost of compliance by implementing Guardium’s auditing features, mitigating internal threats using data level access control, and integrating with enterprise security and monitoring systems.

Technology

IBM Insight 2015 - Security Sessions Roadmap