© 2014 IBM Corporation
IBM Security
What IBM has to offer - IBM Security
Solution Portfolio
© 2014 IBM Corporation
IBM Security
2
Learning Objectives
Be able to describe the IBM Security
Framework
Understand IBM’s security solutions,
software and services, to address
security across the domains of the IBM
Security Framework
© 2014 IBM Corporation
IBM Security
3
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence
Integration
Expertise
© 2014 IBM Corporation
IBM Security
4
People Data Applications Network Infrastructure Endpoint
Identity
ManagementGuardium Data Security
and Compliance
AppScan
Source
Network
Intrusion PreventionTrusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile and Endpoint
Management
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Virtualization and
Server Security
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
IBM X-Force Research
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
IBM offers a comprehensive software portfolio of security products
© 2014 IBM Corporation
IBM Security
5
Helping our customers optimize security with additional
context, automation and integration
Security Intelligence and Analytics
Portfolio Overview
QRadar SIEM
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar Risk Manager
• Predictive threat modeling & simulation
• Scalable configuration monitoring and audit
• Advanced threat and impact analysis
QRadar Log Manager
• Turnkey log management
• Upgradeable to enterprise SIEM
Network Activity Collectors (QFlow / VFlow)
• Network analytics, behavior and anomaly detection
• Fully integrated with SIEM
© 2014 IBM Corporation
IBM Security
6
security intelligence
© 2014 IBM Corporation
IBM Security
7
People
Manage and extend enterprise identity context across all
security domains with end-to-end Identity Intelligence
Portfolio Overview
IBM Security Identity Manager *
• Automate the creation, modification, and
termination of users throughout the entire lifecycle
• Identity control including role management and
auditing
IBM Security Access Manager Family *
• Automates sign-on and authentication to enterprise
web applications and services
• Entitlement management for fine-grained access
enforcement
IBM Security zSecure suite *
• User friendly layer over RACF to improve
administration and reporting
• Monitor, audit and report on security events and
exposures on mainframes.
People
* Solution package purchase options available
© 2014 IBM Corporation
IBM Security
8
Manage Enterprise Identity Context Across Security Domains
IBM and CrossIdeas offerings to address Identity Analytics and Intelligence
Identity
MgrAccess
Mgr
QRadar
Priv. ID
Mgr
Dir. Intgr
& Server
© 2014 IBM Corporation
IBM Security
9
Data
Enterprise-wide solutions for assuring the privacy and
integrity of trusted information in your data center
Portfolio Overview
IBM InfoSphere Guardium Product Family
• Database Activity Monitoring - continuously monitor
and block unauthorized access to databases
• Privileged User Monitoring - detect or block
malicious or unapproved activity by DBAs,
developers and outsourced personnel
• Prevent Database Leaks - detect and block leakage
in the data center
• Database Vulnerability Assessment - scan
databases to detect vulnerabilities and take action
• Audit and Validate Compliance - simplify SOX, PCI-
DSS, and Data Privacy processes with pre-
configured reports and automated workflows
IBM Security Key Lifecycle Manager
• Centralize and automate the encryption key
management process
• Simplify administration with an intuitive user
interface for configuration and management
© 2014 IBM Corporation
IBM Security
10
Key Themes
Reduced Total Cost
of OwnershipExpanded support for databases and
unstructured data, automation, handling
and analysis of large volumes of audit
records, and new preventive
capabilities
Enhanced Compliance
Management Enhanced Database Vulnerability
Assessment (VA) and Database
Protection Subscription Service (DPS)
with improved update frequency, labels
for specific regulations, and product
integrations
Dynamic
Data Protection Data masking capabilities for databases
(row level, role level) and for
applications (pattern based, form
based) to safeguard sensitive and
confidential data
Data Security Vision
Across Multiple
Deployment
Models
QRadar
Integration
© 2014 IBM Corporation
IBM Security
11
Applications
Reducing the costs of developing secure applications and
assuring the privacy and integrity of trusted information Portfolio Overview
AppScan Enterprise Edition
• Enterprise-class solution for application security
testing and risk management with governance,
collaboration and security intelligence
• Multi-user solution providing simultaneous security
scanning and centralized reporting
AppScan Standard Edition
• Desktop solution to automate web application
security testing for IT Security, auditors, and
penetration testers
AppScan Source Edition
• Adds source code analysis to AppScan Enterprise
with static application security testing
© 2014 IBM Corporation
IBM Security
12
Applications
Build Systems
improve scan
efficiencies
Integrated
Defect Tracking
Systems
track remediation
IDEs
remediation assistance
Security Intelligence
raise threat level
Application Security: Helping to protect against the threat of attacks and data breaches
Key Themes
Coverage for Mobile
applications and new threatsContinue to identify and reduce risk by
expanding scanning capabilities to new
platforms such as mobile, as well as introducing
next generation dynamic analysis scanning and
glass box testing
Simplified interface and
accelerated ROINew capabilities to improve customer time to
value and consumability with out-of-the-box
scanning, static analysis templates and ease
of use features
Security Intelligence
IntegrationAutomatically adjust threat levels based on
knowledge of application vulnerabilities by
integrating and analyzing scan results with
SiteProtector and the QRadar Security
Intelligence Platform
Scanning
Techniques
Applications
Governance
and
Collaboration
Audience Development teams Security teams Penetration Testers
CODING BUILD QA SECURITY PRODUCTION
Static analysis
(white box)
Software
Development
LifecycleDynamic analysis
(black box)
Web Applications
Web Services
Mobile
Applications
Programming
Languages
Purchased
Applications
• Test policies, test templates and access control
• Dashboards, detailed reports and trending
• Manage regulatory requirements such as PCI, GLBA and HIPAA (40+ out-of-the-box compliance reports)
© 2014 IBM Corporation
IBM Security
13
Guard against sophisticated attacks using an Advanced
Threat Protection Platform with insight into users, content
and applications
Infrastructure (Network)
Portfolio Overview
IBM Security
Network Intrusion Prevention (IPS)
•Delivers Advanced Threat Detection and Prevention
to stop targeted attacks against high value assets
•Proactively protects systems with IBM Virtual Patch®
technology.
•Protects web applications from threats such as SQL
Injection and Cross-site Scripting attacks
•Integrated Data Loss Prevention (DLP) monitors data
security risks throughout your network
•Provides Ahead of the Threat® protection backed by
world renowned IBM X-Force Research
IBM Security SiteProtector
•Provides central management of security devices to
control policies, events, analysis and reporting for your
business
© 2014 IBM Corporation
IBM Security
14
Infrastructure
Advanced Threat Protection
System-level
Attacks
Client-side
Application
Protection
Extensible, Ahead-of-the-Threat Protection
backed by the power of IBM X-Force® to help protect against mutating threats
Users
Web Application
Attacks
Spear
Phishing
Malicious
AttachmentsWeb/Social Media
Risks
X
X
X
The XGS 5100 helps protect against a full spectrum of targeted attacks,
even in SSL-encrypted connections
Service-level
Attacks
© 2014 IBM Corporation
IBM Security
15
Mobile Device Security
Supports complete mobile device,
endpoint and transaction securityContainerization / app wrapping and an enterprise
app catalog with unified policy management
Security-as-a-ServiceCloud-based SaaS platform with easy to use, self-
service, instant-on, integrated device management,
advanced mobile app management (MAM),
including full lifecycle, license management, and
support for Apple VPP in an enterprise app store
Integration with the IBM MobileFirst
portfolioRapid integration of MDM with local directory / AD
environment, SDKs for apps and transactions to
extend customizable security and management
capabilities in BYOD and consumer environments
MaaS360 by FiberlinkIBM Security Framework
© 2014 IBM Corporation
IBM Security
16
Infrastructure Protection: EndpointProvides in-depth security across your network, servers, virtual servers, mainframes and endpoints
Key Themes
Security for
Mobile DevicesProvide security for and manage traditional
endpoints alongside mobile devices such as
Apple iOS, Google Android, Symbian, and
Microsoft Windows Phone - using a single
platform
Expansion of
Security ContentContinued expansion of security configuration
and vulnerability content to increase coverage
for applications, operating systems, and
industry best practices
Security Intelligence IntegrationImproved usage of analytics - providing valuable
insights to meet compliance and IT security
objectives, as well as further integration with
SiteProtector and the QRadar Security
Intelligence Platform
Infrastructure
© 2014 IBM Corporation
IBM Security
17
Trusteer Advanced Fraud and Malware ProtectionHelping to protect against financial fraud and advanced security threats
Capabilities Trusteer brings to IBMs security portfolio:
Web Fraud Protection
Leading web fraud capabilities for financial services
and web commerce
Secure Mobile Transactions
Embedded security for mobile devices
and applications helps enables
secure transactions from devices
to the back office
Advanced Malware Protection
Unique endpoint solution
for identifying and protecting
against Advanced Persistent Threats
Security-as-a-Service
Cloud based deployment enabling rapid
and real-time updates
Advanced Fraud
Protection
© 2014 IBM Corporation
IBM Security
18
IBM is uniquely positioned to offer integrated protection
Open Integrations
Ready for IBM Security
Intelligence Ecosystem
Planned Trusteer Apex
Endpoint Malware Protection
IBM Security Network
Protection XGS
Smarter Prevention
IBM Security QRadar
Security Intelligence
Security Intelligence
IBM Emergency
Response Services
IBM Security QRadar
Incident Forensics
Continuous Response
IBM X-Force
Threat Intelligence
New virtual real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X-Force
Global Threat Intelligence
New functionality from partners including FireEye, TrendMicro, Damballa and other protection vendors
1 2 3
5 4
Java Lockdown Protection -granular control of untrusted code, cloud-based file inspection, and QRadar integration
NEW
Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS
NEW
Data Node appliance, new flow and event APIs, and QRadar Vulnerability Manager scanning improvements
NEW Integrated forensics module with full packet search and visual reconstruction of threat actor relationships
NEW
NEWNEW
Increased global coverage and expertise related to malware analysis and forensics
NEW
© 2014 IBM Corporation
IBM Security
19© 2014 IBM Corporation
IBM Security Services Solutions
September 10, 2015
© 2014 IBM Corporation
IBM Security
20
Assessing your current
security posture
Identifying the gaps
Guidance for making
improvements
IBM Security Services support a customer’s end to end security lifecycle
Deliver the best solutions to
protect your data, network and
infrastructure
Provide comprehensive
methods, strategies and
services
Providing you assistance
for pro-actively preparing
for or responding to cyber
attacks
Help you recover in the
case of an incident, and
understand its impact
Hosted and cloud-based
device management delivers
the industry’s most effective
security operations and
intelligence
Managing your security
operations through integrated
tools, strategies, intelligence,
analytics and staff skills
© 2014 IBM Corporation
IBM Security
21
IBM offers a comprehensive portfolio of security services
IBM Security Services Portfolio
People Data Applications Infrastructure
Identity
Assessment & Strategy Crown Jewels Discovery & Protection SDLC Program Development Security Optimization
User Provisioning/Access Mgmt Database Security Dynamic and Static Testing Design, Deployment & Migration
Total Authentication SolutionEncryption and
Data Loss Prevention
Embedded Device TestingStaff Augmentation
Managed/Cloud Identity Mobile Application Testing
Strategy, Risk & Compliance
Security Maturity
Benchmarking
Security Strategy &
Roadmap Development
Security Risk Assessment &
Program Design
Industrial Controls
(NIST, SCADA)PCI Advisory
Firewall / Unified Threat
Management
Intrusion Detection &
Prevention
Web Protection & Managed
DDoS
Hosted E-Mail & Web
Vulnerability Mgmt
Managed SIEM &
Log Management
Powered by IBM’s Next Generation Threat Monitoring and Analytics Platform
Security Operations
Security Intelligence Operations Center Design & Build Out Services
Cloud and Managed Services
Built to address the Security Essentials, within context of the integrated Security Framework
Cybersecurity Assessment & Response
Threat Intelligence Advisory X-Force Threat Analysis Penetration Testing Incident Preparation Emergency Response
© 2014 IBM Corporation
IBM Security
22
We have comprehensive support for best-of-breed products from IBM and other leading security vendors
A Vast and Growing Partner Ecosystem
© 2014 IBM Corporation
IBM Security
23
Cloud and Managed Security Services
Portfolio Description Benefits Key Offerings
The increasing variety and complexity of security
threats have outpaced the ability of businesses
to protect themselves. IBM’s Managed,
Monitored and Cloud Security Services combine
deep security research, the industry’s broadest
solution portfolio, and a global cadre of skilled
professionals. These integrated offerings reduce
risk and protect assets such as intellectual
capital, customer information and the integrity
of your brand.
Helps reduce cost by offering flexible
consumption models, whether
do-it-yourself SaaS or enterprise grade
management and monitoring
Helps streamline compliance management
with regulatory controls
Offers a seamless lifecycle of security
services, whether month-to-month
management and monitoring or consultative
services
Services utilizing “on-prem” infrastructure
• SIEM, Firewall, IDPS, UTM,
• Secure Web Gateway
Services utilizing “cloud-based” infrastructure
• Hosted Web & Email Security
• Web Defense and DDoS Protection
• Hosted Vulnerability Mgmt and Application
Security
• X-Force® Threat Analysis
© 2014 IBM Corporation
IBM Security
24
Identity and Access Management Services
Portfolio Description Benefits Key Offerings
At IBM, we take a holistic approach to identity
and access management. We focus on
integrating and coordinating services throughout
your organization to help you maximize
investments and minimize threats. IBM’s Identity
and Access Management services provides
business and technology consulting to help
customers develop a clear, business-driven,
strategic roadmap for improving an
organization’s Identity and Access Management
maturity posture.
Enforce user access to data, applications, and
infrastructure
Secure cloud, mobile, and social interactions
Develop policy-based identity and access
governance
Strategy consulting
Design and implementation
Managed Services
© 2014 IBM Corporation
IBM Security
25
Data Security Services
Portfolio Description Benefits Key Offerings
Our services are designed to enable
organizations to protect their business
information, especially the “crown jewels”, over
the full data lifecycle – from acquisition to
disposal. Most important, it helps companies and
organizations stay current with data security best
practices in the constantly evolving threat
environment.
Supports an effective, maintainable data
security and compliance posture
Helps reduce the cost of data security and
compliance
Assists in protecting brand reputation through
protection of customer and
other sensitive or regulated information
Empowers organizations to more effectively
avert costly data breaches
Data Protection Program Development
Database Security Architecture
Data Security Solution Implementation
• Data Loss Prevention
• Data Encryption
• Database Activity Monitoring
© 2014 IBM Corporation
IBM Security
26
Application Security Services
Portfolio Description Benefits Key Offerings
IBM Application Security services help
customers create and maintain applications with
effective “built-in” security. The full range of
services – from secure engineering to code
testing – strengthens the software development
lifecycle (SDLC) with comprehensive and
sustainable security capabilities.
Allows organizations to streamline rigorous
application security functions to reduce costs,
accelerate time to market and boost customer
confidence
Helps foster and support a security-conscious
development culture
Strengthens app development and operations
Integrates with other security solutions across
the spectrum of enterprise activities, ranging
from data leakage prevention to incident
response
Tailored secure engineering framework,
development planning and education
consulting services
Evaluation of application security requirements
via threat modeling and risk assessment
Source code assessment and application
testing
Managed services for ongoing application
testing
© 2014 IBM Corporation
IBM Security
27
Security Operations Optimization Services
Portfolio Description Benefits Key Offerings
With a deep portfolio of consulting and
implementation services, IBM can help
design and deploy an advanced, world-class
SOC (Security Operations Center). Modeled
after our own industry-leading SOCs, it can
provide you the threat management capabilities
needed to protect the business, and enable you
to leverage the experience of IBM’s global SOC
network and threat intelligence collection.
Helps establish an optimized SOC within
limited budgets
Aids in improving security intelligence,
integration and reporting
Assists in enabling appropriate and timely
incident response
Helps demonstrate security contributions to
organizational objectives
Leverages the deep security experience and
resources of IBM
SOC Workshop
SOC Strategy and Assessment
SOC Design/Build and Deployment
SIEM Optimization
© 2014 IBM Corporation
IBM Security
28
Cybersecurity Assessment and Response Services
Portfolio Description Benefits Key Offerings
Security incidents are inevitable, but their impact
on your business can be mitigated. Our services
are designed to help you prepare for and rapidly
respond to an ever-growing variety of security
threats.
Our seasoned security consultants can deliver
cybersecurity assessments, planning, and
response services, with mature methodology and
proven expertise from mainframe to mobile.
Helps assure always-current security best
practices and insight
Delivers on-site response time of less than
24 hours to help stop attacks in progress and
reduce impact
Enables cost savings by potentially reducing
business disruption and facilitating regulatory
compliance
Security review and protection for the “Internet
of Things”
Emergency Response Service
Proactive Planning and Preparation
Dynamic and Static Testing for Mobile and
Web applications
Security Assessments for Smart and
Embedded Devices
© 2014 IBM Corporation
IBM Security
29
Security Strategy Risk & Compliance Services
Portfolio Description Benefits Key Offerings
IBM Security Services has developed
comprehensive approaches to measure the
effectiveness of the IT Risk & Security program,
and based on the findings define the strategy
and roadmap for improvement. This drives the
foundation for broader security program activities
including architecture, design, build and manage,
which enables the security organization to
address the changing landscape of threats and
continuously improve.
Enhances the organization’s capability to
manage and govern information security more
effectively and efficiently
Assists in effectively meeting both security and
regulatory compliance requirements
Build a risk aware culture through education
and awareness
Drives continuous growth and improvement
of security and compliance programs through
practical measurements
Improves operational security for critical
infrastructure
Security Strategy and Planning
Assessments and Compliance
Security Awareness
IT GRC Integration
Industrial Controls Cybersecurity Consulting
© 2014 IBM Corporation
IBM Security
30
IBM can help you effectively establish your security operations
© 2014 IBM Corporation
IBM Security
31
As a result of our experiences, we’ve learned not everyone is in the
same place in the journey to optimal security
ProficientSecurity is layered
into the IT fabric and
business operations
Reduce Risk
OptimizedOrganizations use
predictive and
automated security
analytics to drive
toward security
intelligence
BasicOrganizations
employ perimeter
protection, which
regulates access and
feeds manual
reporting
© 2014 IBM Corporation
IBM Security
32
Identity and Access
GovernanceGuardium
Data Security
AppScan
Source
Network
Intrusion PreventionTrusteer Apex
Identity and Access
Management
Guardium Database
Vulnerability Mgmt
AppScan
Dynamic
Next Generation
Network Protection
Mobile & Endpoint
Management
Privileged Identity
Management
Guardium / Optim Data
Masking
DataPower
SOA Security
SiteProtector
Threat Management
Virtualization and Server
Security
Federated
Access and SSO
Key Lifecycle
ManagerSecurity Policy Manager
Network
Anomaly Detection
Mainframe
Security
IBM X-Force and Trusteer Threat Intelligence
Advanced Fraud Protection
Trusteer RapportTrusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO DetectionTrusteer Mobile Risk Engine
Security Intelligence and Analytics
Strategy, Risk and Compliance
Security Maturity
Benchmarking
Security Strategy and
Roadmap Development
Security Risk Assessment
and Program Design
Industrial Controls
(NIST, SCADA)
Payment Card Advisory
(PCI)
Identity Strategy
and AssessmentData Security and Assessment Embedded Device Testing
Firewall / IDPS / UTM Management
Web Protection and Managed DDoS
User Provisioning
and Access MgmtEncryption Penetration Testing
Hosted Web, E-mail and Vulnerability Management
Deployment and Migration
Total Authentication
Solution Data Loss
Prevention
Application Security
AssessmentStaff Augmentation
Managed and
Cloud IdentityMobile Application Testing
People Data Applications Network Infrastructure Endpoint
Emergency Response Managed SIEM Incident Planning Cyber Threat Intel Security Operations Center Design Services
QRadar SIEM QRadar Log Manager QRadar Risk Mgr QRadar Vulnerability Mgr QRadar Incident Forensics
The IBM Security PortfolioServices
Products
Cybersecurity Assessment and Response
Threat Intelligence Advisory X-Force Threat Analysis Penetration Testing Incident Preparation Emergency Response