8/11/2019 Security Strategy April2013
1/26
2013 IBM Corporation
IBM Security Systems
1
2012 IBM Corporation
IBM Security Strategy
Intelligence, Integration and
ExpertiseMarc van Zadelhoff
VP, WW Strategy and Product Management
Joe Ruthven
IBM MEA Security Leader
IBM Security Systems
April 2013
8/11/2019 Security Strategy April2013
2/26
2013 IBM Corporation
IBM Security Systems
2
Bring yourown IT
Socialbusiness
Cloud and
virtualization
1 billion mobileworkers
1 trillionconnected
objects
Innovative technology changes everything
8/11/2019 Security Strategy April2013
3/26
2013 IBM Corporation
IBM Security Systems
3
Motivations and sophistication are rapidly evolving
National
Security
Nation-stateactorsStuxnet
Espionage,Activism
Competitors andHacktivistsAurora
Monetary
Gain
Organizedcrime
Zeus
Revenge,
Curiosity
Insiders andScript-kiddiesCode Red
8/11/2019 Security Strategy April2013
4/26
2013 IBM Corporation
IBM Security Systems
4
IBM has tracked a massive rise in advanced and other attacks
2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjectureof relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Source: IBM X-Force 2012 Trend and Risk Report
8/11/2019 Security Strategy April2013
5/26
2013 IBM Corporation
IBM Security Systems
5
Influencers
Confident / prepared
Strategic focus
Protectors Less confident Somewhat strategic
Lack necessary structural
elements
Responders Least confident
Focus on protection and
compliance
have a dedicated CISO
have a security/risk
committee
have information security
as a board topic
use a standard set of
security metrics to track
their progress
focused on improving
enterprise communication/
collaboration
focused on providing
education and awareness
How they differ
Source: IBM Center for Applied Insights, Finding a Strategic Voice: Insights from
the 2012 IBM Chief Information Security Officer Assessment , May 2012
IBMs 2012 Chief Information Security Officer Study revealed thechanging role of the CISO
8/11/2019 Security Strategy April2013
6/26
2013 IBM Corporation
IBM Security Systems
6
Security challenges are a complex, four-dimensional puzzle
that requires a new approach
ApplicationsWeb
ApplicationsSystems
ApplicationsWeb 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
DataAt rest In motionUnstructuredStructured
PeopleHackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0SystemsApplications
Outsourcers
Structured In motion
Customers
Mobile
Applications
8/11/2019 Security Strategy April2013
7/26 2013 IBM Corporation
IBM Security Systems
7
8/11/2019 Security Strategy April2013
8/26 2013 IBM Corporation
IBM Security Systems
8
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
8/11/2019 Security Strategy April2013
9/26 2013 IBM Corporation
IBM Security Systems
9
Intelligence:A comprehensive portfolio of security solutions
Backed b y GTS Managed and Professional Services
Enterprise Governance, Risk and Compliance Management
GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)
v13-02
Operational IT Security Domains and CapabilitiesPeople Data Applications Network Infrastructure Endpoint
Federated
Identity Manager
Guardium
Database SecurityAppScan Source
Network
Intrusion
Prevention
Endpoint
Manager (BigFix)
Enterprise Single
Sign-On
Guardium
Vulnerability MgtAppScan Dynamic
NextGen Network
IPS
Mobile Device
Management
Identity and Access
Management Suite
Dynamic Data
Masking
DataPower Web
Security Gateway
SiteProtector
Management
System
Virtualization and
Server Security
Privileged Identity
Manager
Key Lifecycle
Manager
Security
Policy Manager
Network
Anomaly Detection
Mainframe Security
(zSecure, RACF)
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager
IBM Security Portfolio
8/11/2019 Security Strategy April2013
10/26 2013 IBM Corporation
IBM Security Systems
10
Domain Segment / Report Analyst Recognition
Security
Intelligence,Analytics and
GRC
Security Information & Event Management (SIEM) 2012 2010
Enterprise Governance Risk & Compliance Platforms 2011 2011
People
Identity & Access Governance 2012
User Provisioning / Administration 20122012***
2010
Role Management & Access Recertification 2011
Enterprise Single Sign-on (ESSO) 2011*
Web Access Management (WAM) 2012**
DataDatabase Auditing & Real-Time Protection 2011
Data Masking 2013
ApplicationsStatic Application Security Testing (SAST) 2010
2010Dynamic Application Security Testing (DAST) 2011
Infrastructure
Network Intrusion Prevention Systems (NIPS) 2012 2010
EndPoint Protection Platforms (EPP) 2013
Analysts recognize IBMs superior products and performance
ChallengerLeader Visionary Niche Player
Leader ContenderStrong Performer
Leader (#1, 2, or 3 in segment)
V13-05* Gartner MarketScope (discontinued in 2012)
** Gartner MarketScope
*** 2012 IDC MarketScape ranked IBM #1 in IAM
8/11/2019 Security Strategy April2013
11/26 2013 IBM Corporation
IBM Security Systems
11
Customize protection
capabilities to block specific
vulnerabilities using scan
results
Converge access management
with web service gateways
Link identity information with
database security
Stay ahead of the changing
threat landscape
Designed to help detect the
latest vulnerabilities, exploits
and malware
Add security intelligence to
non-intelligent systems
Consolidate and correlatesiloed information from
hundreds of sources
Designed to help detect, notify
and respond to threats missed
by other security solutions
Automate compliance tasks
and assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK2012-04-2
6
8/11/2019 Security Strategy April2013
12/26
2013 IBM Corporation
IBM Security Systems
12
Collaborative IBM teams monitor and analyze the latest threats
Coverage
20,000+ devicesunder contract
3,700+ managedclients worldwide
13B+ eventsmanaged per day
133monitoredcountries (MSS)
1,000+ securityrelated patents
Depth
14Banalyzedweb pages & images
40M spam &phishing attacks
64Kdocumentedvulnerabilities
Billionsof intrusionattempts daily
Millions of uniquemalware samples
8/11/2019 Security Strategy April2013
13/26
2013 IBM Corporation
IBM Security Systems
13
8/11/2019 Security Strategy April2013
14/26
2013 IBM Corporation
IBM Security Systems
14
Context and Correlation Drive Deepest Insight
Extensive DataSources
DeepIntelligence
Exceptionally Accurate andActionable Insight+ =
Suspected Incidents
Event Correlation
Activity Baselining & Anomaly
Detection
Logs
Flows IP Reputation
Geo Location
User Activity
Database Activity
Application Activity
Network Activity
Offense Identification Credibility Severity
Relevance
Data Activity
Servers & Mainframes
Users & Identities
Vulnerability & Threat
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
True Offense
8/11/2019 Security Strategy April2013
15/26
2013 IBM Corporation
IBM Security Systems
15
Fully Integrated Security Intelligence
Turn-key log management and reporting
SME to Enterprise
Upgradeable to enterprise SIEM
Log, flow, vulnerability & identity correlation
Sophisticated asset profiling
Offense management and workflow
Network security configuration monitoring
Vulnerability prioritization
Predictive threat modeling & simulation
SIEM
LogManagement
Configuration
& Vulnerability
Management
Network
Activity &Anomaly
Detection
Network and
Application
Visibility
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Layer 7 application monitoring
Content capture for deep insight & forensics
Physical and virtual environments
8/11/2019 Security Strategy April2013
16/26
2013 IBM Corporation
IBM Security Systems
16
Fully Integrated Security Intelligence
Turn-key log management and reporting
SME to Enterprise
Upgradeable to enterprise SIEM
Log, flow, vulnerability & identity correlation
Sophisticated asset profiling
Offense management and workflow
Network security configuration monitoring
Vulnerability prioritization
Predictive threat modeling & simulation
SIEM
LogManagement
Configuration
& Vulnerability
Management
Network
Activity &Anomaly
Detection
Network and
Application
Visibility
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Layer 7 application monitoring
Content capture for deep insight & forensics
Physical and virtual environments
One Console Security
Built on a Single Data Architecture
8/11/2019 Security Strategy April2013
17/26
2013 IBM Corporation
IBM Security Systems
17
Key Themes
Advanced ThreatProtection PlatformHelps to prevent sophisticated threats
and detect abnormal network behavior
by using an extensible set of network
security capabilities - in conjunction with
real-time threat information and Security
Intelligence
Expanded X-ForceThreat IntelligenceIncreased coverage of world-wide threat
intelligence harvested by X-Force and
the consumption of this data to make
smarter and more accurate security
decisions
Security IntelligenceIntegrationTight integration between the Advanced
Threat Protection Platform and QRadar
Security Intelligence platform to provide
unique and meaningful ways to detect,
investigate and remediate threats
LogManager
SIEMNetworkActivityMonitor
RiskManager
Vulnerability
Data
Malicious
Websites
Malware
Information
Intrusion
Prevention
Content
and Data
Security
Web
Application
Protection IBM NetworkSecurity
Security
Intelligence
Platform
ThreatIntelligenceand Research
AdvancedThreat
Protection
Future
FutureNetwork
Anomaly
Detection
IP Reputation
Application
Control
Future
Infrastructure ProtectionAdvanced Threat
8/11/2019 Security Strategy April2013
18/26
2013 IBM Corporation
IBM Security Systems
18
Key Themes
Reduced Total Cost
of OwnershipExpanded support for databases and
unstructured data, automation, handlingand analysis of large volumes of audit
records, and new preventive
capabilities
Enhanced Compliance
ManagementEnhanced Database Vulnerability
Assessment (VA) and DatabaseProtection Subscription Service (DPS)
with improved update frequency, labels
for specific regulations, and productintegrations
Dynamic
Data ProtectionData masking capabilities for databases
(row level, role level) and forapplications (pattern based, form
based) to safeguard sensitive and
confidential data
Data Security Vision
Across Multiple
Deployment
Models
QRadar
Integration
8/11/2019 Security Strategy April2013
19/26
2013 IBM Corporation
IBM Security Systems
19
Key Themes
Security for
Mobile DevicesProvide security for and manage
traditional endpoints alongside mobile
devices such as Apple iOS, Google
Android, Symbian, and Microsoft
Windows Phone - using a single
platform
Expansion of
Security ContentContinued expansion of security
configuration and vulnerability content
to increase coverage for applications,
operating systems, and industry best
practices
Security Intelligence
IntegrationImproved usage of analytics - providing
valuable insights to meet compliance
and IT security objectives, as well as
further integration with SiteProtector
and the QRadar Security Intelligence
Platform
Infrastructure ProtectionEndpoint Vision
8/11/2019 Security Strategy April2013
20/26
2013 IBM Corporation
IBM Security Systems
20
IBM Identity and Access Management Vision
Key Themes
Standardized IAM
and Compliance
ManagementExpand IAM vertically to provide identity
and access intelligence to the business;
Integrate horizontally to enforce user
access to data, app, and infrastructure
Secure Cloud, Mobile,
Social InteractionEnhance context-based access control
for cloud, mobile and SaaS access, aswell as integration with proofing,
validation and authentication solutions
Insider Threat
and IAM GovernanceContinue to develop Privileged Identity
Management (PIM) capabilities andenhanced Identity and Role management
8/11/2019 Security Strategy April2013
21/26
2013 IBM Corporation
IBM Security Systems
21
Key Themes
Coverage for Mobile
applications and new
threatsContinue to identify and reduce risk byexpanding scanning capabilities to new
platforms such as mobile, as well as
introducing next generation dynamicanalysis scanning and glass box testing
Simplified interface and
accelerated ROINew capabilities to improve customer
time to value and consumability with
out-of-the-box scanning, static analysis
templates and ease of use features
Security Intelligence
IntegrationAutomatically adjust threat levels
based on knowledge of application
vulnerabilities by integrating and
analyzing scan results with
SiteProtector and the QRadar SecurityIntelligence Platform
Application Security Vision
8/11/2019 Security Strategy April2013
22/26
2013 IBM Corporation
IBM Security Systems
22
All domains feed Security Intelligence
Endpoint Management
vulnerabilities enrich QRadars
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed
QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security Network
Intrusion Prevention System
Flow data into QRadar turns NIPS
devices into activity sensors
Identity context for all security
domains w/ QRadar as the dashboard
Database assets, rule logic and
database activity information
Correlate new threats based on
X-Force IP reputation feeds
Hundreds of 3rdparty
information sources
8/11/2019 Security Strategy April2013
23/26
2013 IBM Corporation
IBM Security Systems
23
Cloud security is a key concern as
customers rethink how IT resources are
designed, deployed and consumed
Cloud Computing
In 2013 we will continue to focus on solving the big problems
Regulatory and compliance pressures are
mounting as companies store more data
and can become susceptible to audit
failures
Regulation and Compliance
Sophisticated, targeted attacks designed
to gain continuous access to critical
information are increasing in severity and
occurrence
Advanced Threats
Securing employee-owned devices and
connectivity to corporate applications are
top of mind as CIOs broaden support for
mobility
Mobile Computing
Advanced Persistent ThreatsStealth Bots Targeted Attacks
Designer Malware Zero-days
Enterprise
Customers
GLBA
8/11/2019 Security Strategy April2013
24/26
2013 IBM Corporation
IBM Security Systems
24
Security Intelligence is enabling progress to optimized security
Optimized
Security Intelligence:
Flow analytics / predictive analytics
Security information and event managementLog management
Identity governance
Fine-grainedentitlements
Privileged user
management
Data governance
Encryption keymanagement
Fraud detection
Hybrid scanningand correlation
Multi-faceted networkprotection
Anomaly detection
Hardened systems
Proficient
User provisioning
Accessmanagement
Strongauthentication
Data masking /redaction
Database activitymonitoring
Data loss
prevention
Web applicationprotection
Source codescanning
Virtualization security
Asset management
Endpoint / networksecurity management
BasicDirectory
management
Encryption
Database accesscontrol
Applicationscanning
Perimeter security
Host security
Anti-virus
People Data Applications Infrastructure
SecurityIntelligence
12-01
8/11/2019 Security Strategy April2013
25/26
2013 IBM Corporation
IBM Security Systems
25
SecurityIntelligence,
Analytics &
GRC
People
Data
Applications
Infrastructure
Intelligent solutions provide the DNA to secure a Smarter Planet
8/11/2019 Security Strategy April2013
26/26
2013 IBM Corporation
IBM Security Systems
26
ibm.com/security
Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBMs sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.