IBM Security Strategy Intelligence,

© 2013 IBM Corporation

IBM Security Systems

1 1


IBM Security StrategyIntelligence, Integration and Expertise

Marc van ZadelhoffVP, WW Strategy and Product Management

Joe RuthvenIBM MEA Security Leader

IBM Security SystemsApril 2013



2 2

Bring your own IT

Social business

Cloud and virtualization

1 billion mobile workers

1 trillion connected

objects

Innovative technology changes everything



3 3

Motivations and sophistication are rapidly evolving

National Security

Nation-state actorsStuxnet

Espionage,Activism

Competitors and HacktivistsAurora

Monetary Gain

Organized crimeZeus

Revenge,Curiosity

Insiders and Script-kiddiesCode Red



4 4

IBM has tracked a massive rise in advanced and other attacks

2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

Source: IBM X-Force ® 2012 Trend and Risk Report



5 5

Influencers•Confident / prepared•Strategic focus

Protectors•Less confident•Somewhat strategic•Lack necessary structural elements

Responders•Least confident•Focus on protection and compliance

have a dedicated CISO

have a security/riskcommittee

have information securityas a board topic

use a standard set ofsecurity metrics to tracktheir progress

focused on improvingenterprise communication/ collaboration

focused on providingeducation and awareness

How they differ

Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment , May 2012

IBM’s 2012 Chief Information Security Officer Study revealed the changing role of the CISO



6 6

Security challenges are a complex, four-dimensional puzzle …

… that requires a new approach

ApplicationsWeb

ApplicationsSystems

ApplicationsWeb 2.0 Mobile

Applications

InfrastructureDatacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motionUnstructuredStructured

PeopleHackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0Systems Applications

Outsourcers

Structured In motion

Customers

Mobile Applications



7 7



8 8

Intelligence

Integration

Expertise

IBM delivers solutions across a security framework



9 9

Intelligence: A comprehensive portfolio of security solutions

Backed by GTS Managed and Professional Services

Enterprise Governance, Risk and Compliance Management

GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)

v13-02v13-02

Operational IT Security Domains and Capabilities

People Data Applications Network Infrastructure Endpoint

Federated Identity Manager

Guardium Database Security

AppScan SourceNetwork Intrusion

Prevention

Endpoint Manager (BigFix)

Enterprise Single Sign-On

Guardium Vulnerability Mgt

AppScan DynamicNextGen Network

IPSMobile Device Management

Identity and Access Management Suite

Dynamic Data Masking

DataPower WebSecurity Gateway

SiteProtectorManagement

System

Virtualization and Server Security

Privileged Identity Manager

Key Lifecycle Manager

Security Policy Manager

NetworkAnomaly Detection

Mainframe Security (zSecure, RACF)

Security Intelligence, Analytics, and Governance, Risk, and Compliance

QRadar SIEM QRadar Log Manager QRadar Risk Manager

IBM Security Portfolio



1010

Domain Segment / Report Analyst Recognition

Security Intelligence,

Analytics and GRC

Security Information & Event Management (SIEM) 2012 2010

Enterprise Governance Risk & Compliance Platforms 2011 2011

People

Identity & Access Governance 2012

User Provisioning / Administration 20122012***

2010

Role Management & Access Recertification 2011

Enterprise Single Sign-on (ESSO) 2011*

Web Access Management (WAM) 2012**

DataDatabase Auditing & Real-Time Protection 2011

Data Masking 2013

ApplicationsStatic Application Security Testing (SAST) 2010

2010Dynamic Application Security Testing (DAST) 2011

InfrastructureNetwork Intrusion Prevention Systems (NIPS) 2012 2010

EndPoint Protection Platforms (EPP) 2013

Analysts recognize IBM’s superior products and performance

ChallengerLeader Visionary Niche Player

Leader ContenderStrong Performer

Leader (#1, 2, or 3 in segment)

V13-05* Gartner MarketScope (discontinued in 2012)** Gartner MarketScope*** 2012 IDC MarketScape ranked IBM #1 in IAM

* Gartner MarketScope (discontinued in 2012)** Gartner MarketScope*** 2012 IDC MarketScape ranked IBM #1 in IAM



11 11

Customize protection capabilities to block specific vulnerabilities using scan results

Converge access management with web service gateways

Link identity information with database security

Stay ahead of the changing threat landscape

Designed to help detect the latest vulnerabilities, exploits and malware

Add security intelligence to non-intelligent systems

Consolidate and correlate siloed information from hundreds of sources

Designed to help detect, notify and respond to threats missed by other security solutions

Automate compliance tasks and assess risks

Integration: Increase security, collapse silos, and reduce complexity

JK 2012-04-26



12 12

Collaborative IBM teams monitor and analyze the latest threats

CoverageCoverage

20,000+ devices under contract

3,700+ managed clients worldwide

13B+ events managed per day

133 monitored countries (MSS)

1,000+ security related patents

DepthDepth

14B analyzed web pages & images

40M spam & phishing attacks

64K documented vulnerabilities

Billions of intrusion attempts daily

Millions of unique malware samples



13 13



14 14

Context and Correlation Drive Deepest Insight

Extensive Data Sources

Deep Intelligence

Exceptionally Accurate and Actionable Insight+ =

Suspected Incidents

Event Correlation

Activity Baselining & Anomaly Detection

• Logs• Flows

• IP Reputation• Geo Location

• User Activity• Database Activity• Application Activity• Network Activity

Offense Identification• Credibility• Severity• Relevance

Data Activity

Servers & Mainframes

Users & Identities

Vulnerability & Threat

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity

True Offense



15 15

Fully Integrated Security Intelligence

• Turn-key log management and reporting• SME to Enterprise• Upgradeable to enterprise SIEM

• Log, flow, vulnerability & identity correlation• Sophisticated asset profiling• Offense management and workflow

• Network security configuration monitoring• Vulnerability prioritization• Predictive threat modeling & simulation

SIEM

Log Management

Configuration & Vulnerability Management

Network Activity & Anomaly Detection

Network and Application

Visibility

• Network analytics• Behavioral anomaly detection• Fully integrated in SIEM

• Layer 7 application monitoring• Content capture for deep insight & forensics• Physical and virtual environments



16 16

Fully Integrated Security Intelligence

• Turn-key log management and reporting• SME to Enterprise• Upgradeable to enterprise SIEM

• Log, flow, vulnerability & identity correlation• Sophisticated asset profiling• Offense management and workflow

• Network security configuration monitoring• Vulnerability prioritization• Predictive threat modeling & simulation

SIEM

Log Management

Configuration & Vulnerability Management

Network Activity & Anomaly Detection

Network and Application

Visibility

• Network analytics• Behavioral anomaly detection• Fully integrated in SIEM

• Layer 7 application monitoring• Content capture for deep insight & forensics• Physical and virtual environments

One Console Security

Built on a Single Data Architecture



17 17

Key Themes

Advanced Threat Protection PlatformHelps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence

Expanded X-Force Threat IntelligenceIncreased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions

Security Intelligence IntegrationTight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

Log Manager SIEM

Network Activity Monitor

Risk Manager

Vulnerability Data

Malicious Websites

Malware Information

Intrusion Prevention

Content and DataSecurity

Web ApplicationProtection IBM Network

Security

SecurityIntelligencePlatform

Threat Intelligenceand Research

Advanced Threat Protection

Future

FutureNetwork Anomaly Detection

IP Reputation

Application Control

Future

Infrastructure Protection – Advanced Threat



18 18

Key Themes

Reduced Total Cost of OwnershipExpanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities

Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations

Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data

Data Security Vision

Across MultipleDeployment Models

QRadar Integration



19 19

Key Themes

Security for Mobile DevicesProvide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a single platform

Expansion of Security ContentContinued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices

Security Intelligence IntegrationImproved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform

Infrastructure Protection – Endpoint Vision



20 20

IBM Identity and Access Management Vision

Key Themes

Standardized IAM and Compliance ManagementExpand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure

Secure Cloud, Mobile, Social InteractionEnhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions

Insider Threat and IAM GovernanceContinue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management



21 21

Key Themes

Coverage for Mobile applications and new threatsContinue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing

Simplified interface and accelerated ROINew capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features

Security IntelligenceIntegrationAutomatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform

Application Security Vision



22 22

All domains feed Security Intelligence

Endpoint Management vulnerabilities enrich QRadar’s

vulnerability database

AppScan Enterprise

AppScan vulnerability results feed QRadar SIEM for improved

asset risk assessment

AppScan vulnerability results feed QRadar SIEM for improved

asset risk assessment

Tivoli Endpoint Manager

Guardium Identity and Access Management

IBM Security NetworkIntrusion Prevention System

Flow data into QRadar turns NIPS devices into activity sensors

Identity context for all security domains w/ QRadar as the dashboard

Identity context for all security domains w/ QRadar as the dashboard

Database assets, rule logic and database activity information

Correlate new threats based on X-Force IP reputation feeds

Hundreds of 3rd party information sources



23 23

Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed

Cloud Computing

In 2013 we will continue to focus on solving the big problems

Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures

Regulation and Compliance

Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence

Advanced Threats

Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility

Mobile Computing

Advanced Persistent Threats

Stealth Bots Targeted Attacks

Designer Malware Zero-days

EnterpriseCustomers

GLBAGLBA



24 24

Security Intelligence is enabling progress to optimized security

Optimized

Security Intelligence:Flow analytics / predictive analytics

Security information and event managementLog management

Identity governance

Fine-grained entitlements

Privileged user management

Data governance

Encryption key management

Fraud detection

Hybrid scanning and correlation

Multi-faceted network protection

Anomaly detection

Hardened systems

Proficient

User provisioning

Access management

Strong authentication

Data masking / redaction

Database activity monitoring

Data loss prevention

Web application protection

Source code scanning

Virtualization security

Asset management

Endpoint / network security management

BasicDirectory

management

Encryption

Database access control

Application scanning

Perimeter security

Host security

Anti-virus

People Data Applications Infrastructure

SecurityIntelligence

12-0

1



25 25

Security Intelligence, Analytics &

GRC

People

Data

Applications

Infrastructure

Intelligent solutions provide the DNA to secure a Smarter Planet



26 26

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Technology

IBM Security Strategy Intelligence,