IBM Security Fearless in the face of uncertainty — Chris Bontempo Vice President Marketing, Routes & Offerings Where we are now
• Largest enterprise cybersecurity provider
• Leader in 12 security market segments
• 8,000+ security employees
• 20+ security acquisitions
• 70B+ security events monitored per day
IBM Security / © 2019 IBM Corporation 2 IBM Security can help transform your security program
Strategy Threat Digital and Risk Management Trust Advance Security Maturity Detect and Stop Advanced Threats Protect Critical Assets Secure Hybrid Cloud • Strategy and Planning • Security Operations Consulting • SDLC Consulting • Infrastructure and • Risk Assessments • X-Force Threat Mgmt. Services • Data Protection Services Endpoint Services • Advisory Services • X-Force Red • Guardium • Hybrid Cloud • QRadar • Data Risk Manager Security Services Build Leadership and Culture • X-Force Detect • Multi-cloud Encryption • QRadar Cloud Analytics • X-Force Cyber Range • Key Lifecycle Manager • Cloud Identity • X-Force Comes to You Orchestrate Incident Response • Guardium for Cloud • X-Force Cyber Tactical • Resilient Govern Users and Identities Operations Center • X-Force IRIS • Identity Mgmt. Services Unify Endpoint Management • Identity Governance • Endpoint Mgmt. Services Master Threat Hunting • Cloud Identity • MaaS360 • i2 Intelligence Analysis • Access Manager • QRadar Advisor with Watson • Secret Server Deliver Digital Identity Trust • Trusteer • Cloud Identity
IBM Security / © 2019 IBM Corporation 3 Cybersecurity is a universal challenge
What’s at stake… 20.8 billion 5 billion $6 trillion things we need personal data lost to cybercrime to secure records stolen over the next 2 years
What we face… Compliance updates Skills shortage Too many tools GDPR fines can cost By 2022, CISOs will face Organizations are using billions 1.8 million too many for large global companies unfulfilled tools from too cybersecurity jobs many vendors
IBM Security / © 2019 IBM Corporation 4 What we’re hearing from customers
Help me…
Modernize Respond to the Address increasing Maintain data Secure the journey security global security cyber attack privacy and to cloud and digital frameworks and skills shortage vectors including regulatory transformation controls IoT compliance
IBM Security / © 2019 IBM Corporation 5 To innovate and grow, businesses must move to the cloud and drive digital transformation
of organizations are concerned about cloud security, and are unable to accelerate their businesses fast enough
To prepare clients for • Understand security • Develop ‘secure by design’ their hybrid cloud and responsibilities and digital applications where to start cognitive journey, • Maintain the privacy of new IT leaders need to… • Rationalize existing customers and partners security investments to secure the cloud • Manage policies across distributed environments • Comply with changing regulatory mandates • Detect and respond to threats with • Secure access to cloud limited resources workloads and data IBM Security / © 2019 IBM Corporation Source: Cloud adoption to accelerate IT modernization article, McKinsey & Company, April 2018 6 Every client is on their own unique security journey
What clients tell Guidance Tools & Clarity us they need & Wisdom Resources & Action
IBM uniquely Global visibility and Integrated products and Leading analytics, delivers industry expertise services AI and orchestration
IBM Security / © 2019 IBM Corporation 7 Where are you on your journey? 5 Optimized 4 Continuous process Managed improvement 3 Detailed process metrics is enabled by quantitative feedback Defined are collected, 2 quantitatively understood Processes are and controlled Repeatable documented, 1 standardized, Basic project and integrated across the Automated and Proactive Ad-hoc management and organization discipline established Process is ad-hoc, chaotic, to repeat earlier success and poorly defined; success depends on individual effort and heroics
Manual and Reactive
IBM Security / © 2019 IBM Corporation 8 IBM Security can help transform your security program
Strategy Threat Digital and Risk Management Trust Unify business leaders with Identify and respond to threats with Govern and protect your business, security risk management speed and confidence data, users and assets
IBM Security / © 2019 IBM Corporation 9 IBM Security can help transform your security program
Strategy Threat Digital and Risk Management Trust Advance Security Maturity Detect and Stop Advanced Threats Protect Critical Assets Secure Hybrid Cloud • Strategy and Planning • Security Operations Consulting • SDLC Consulting • Infrastructure and • Risk Assessments • X-Force Threat Mgmt. Services • Data Protection Services Endpoint Services • Advisory Services • X-Force Red • Guardium • Hybrid Cloud • QRadar • Data Risk Manager Security Services Build Leadership and Culture • X-Force Detect • Multi-cloud Encryption • QRadar Cloud Analytics • X-Force Cyber Range • Key Lifecycle Manager • Cloud Identity • X-Force Comes to You Orchestrate Incident Response • Guardium for Cloud • X-Force Cyber Tactical • Resilient Govern Users and Identities Operations Center • X-Force IRIS • Identity Mgmt. Services Unify Endpoint Management • Identity Governance • Endpoint Mgmt. Services Master Threat Hunting • Cloud Identity • MaaS360 • i2 Intelligence Analysis • Access Manager • QRadar Advisor with Watson • Secret Server Deliver Digital Identity Trust • Trusteer • Cloud Identity
IBM Security / © 2019 IBM Corporation 10 Supported by hundreds of open integrations
… …
IBM Security / © 2019 IBM Corporation 11 Together, IBM and RedHat will deliver the next-generation hybrid multicloud platform
Redefining Red Hat’s open hybrid cloud Together, IBM and Based on open source technologies are now paired Red Hat will accelerate technologies, such as Linux and the cloud market with the unmatched scale innovation by offering Kubernetes, the platform for business and depth of IBM’s innovation a next-generation enables businesses to securely and industry expertise, hybrid multicloud deploy, run and manage data and sales leadership platform and apps on-prem, on private, and multiple public clouds
IBM Security / IBM INTERNAL USE ONLY / © 2019 IBM Corporation 12 Three key areas to secure the hybrid multicloud platform
Help clients build a cloud security strategy Help clients protect cloud data and and adoption roadmap for Red Hat and users with offerings that deploy on and our Hybrid Cloud stack integrate with the fabric of the cloud
Advise Move Build Manage
Open Hybrid Multicloud Platform
Help clients extend their security visibility, threat detection and response to cloud with new Red Hat specific integrations, content, and managed services
IBM Security / © 2019 IBM Corporation 13 Strategy and Risk
Unify business leaders with security risk management When you connect experts and proven frameworks with a deep understanding of business and compliance needs
What holds us back?
Not sure what A sea of Lack of alignment No end-to-end Constant “industry best” regulatory in assessment of organizational looks like frameworks the C-Suite your program changes
Privacy and Risk Assessments | Strategy and Planning | Training and Preparedness
IBM Security / © 2019 IBM Corporation 14 Strategic thinkers, risk experts We specialize in the following practices Benchmark your security strategy, • Security Strategy • Automated IT Risk Management compliance and risk posture and Planning • Critical Infrastructure Security • Proven, programmatic approach • C-Suite and Board Advisory • SAP Security Strategy • Experts on resilience, security, privacy and data quality • IT Risk Management and Assessments • Standard framework linking risk, regulations and controls and Compliance
IBM Security / © 2019 IBM Corporation 15 Test the skills you have, learn the skills you need
IBM X-Force Command
X-Force Cyber Range X-Force Cyber Tactical Cambridge, Massachusetts Operations Center Mobile command center X-Force Comes to You Global IBM Security / © 2019 IBM Corporation 16 Threat Management
Identify and respond to threats with speed and confidence When you connect people, process, and technologies with AI and continuous insights
What holds us back?
Attackers evading Empty seats and Too many events, No way to Not staffed rules-based churn not enough time operationalize to survive solutions in the SOC response a breach
Security Operations Consulting | Threat Management Services | Security Analytics | Response and Orchestration | Threat Hunting
IBM Security / © 2019 IBM Corporation 17 Defend your business with end-to-end threat management Insight Protection Detection Response Recovery
IBM X-Force Threat Management Services Identify and protect critical assets, detect advanced threats, respond and recover faster from disruptions
Governance and Continuous Process Improvement
IBM X-Force Red IBM X-Force IRIS IBM Managed Security Services Hacking anything Gain the expertise needed Extend your coverage with to secure everything to deal with “Right of Boom” 24x7 security expertise
Renowned veteran $ + Savings when a breach is Years of experience through 170 hackers and experts 1M contained within 30 days 20+ thousands of engagements
Leading Technology and Partner Ecosystem
IBM Security / © 2019 IBM Corporation 18 Detect and stop threats
IBM QRadar User and entity profiling Statistical analysis Pattern identification Entity and user context Network-based anomaly detection External threat correlation Real-time analytics Risk-based analytics Threat hunting DNS analytics Business context
“3 billion security events per day are IBM i2 Enterprise Insight Analysis #1 SIEM for accurately analyzed and condensed Advanced Threat Defense into 25 prioritized offenses, Use intelligence to find the attacker - Gartner enabling analysts to focus on what • Ingest structured and unstructured data • Deliver actionable intelligence matters most.” including OSINT and the dark web and accelerate data to decision
- Large energy company • Uncover hidden connections and patterns
IBM Security / © 2019 IBM Corporation 19 Speed up your SOC with AI
IBM QRadar User Behavior Analytics IBM QRadar Advisor with Watson
Detect insider threats with machine learning Force multiply your team’s effectiveness with AI • Continuously learns behaviors to predict malicious users • Automatically connect the dots for more decisive threat escalation • Generate detailed risk scores for individual users • Speed response and visualize attack stages using MITRE ATT&CK • 16K+ free downloads from X-Force App Exchange • Gain insights from Watson’s 10B+ security data points
IBM Security / © 2019 IBM Corporation 20 How you respond matters IBM X-Force Command Center Test yourself in an immersive and safe environment
clients trained in security + best practices using our immersive 2,500 state-of-the-art cyber range IBM Resilient Arm your team with the industry’s leading Incident Response Platform 40x Faster overall response using dynamic playbooks that orchestrate your people, process and technology
IBM Security / © 2019 IBM Corporation 21 Threat Management in Action – protecting Wimbledon
IBM Security / © 2019 IBM Corporation 22 Digital Trust
Govern and protect your business, data, users and assets When you connect policy, analytics, and controls across your entire business
What holds us back?
New privacy Not sure who has Customers Legacy security Can’t keep up regulation access demand better doesn’t work with business deadlines to what experiences for Cloud and IT projects
Data Protection and Privacy | Application Security | Identity Governance | Digital Identity Trust | Cloud and Mobile Security
IBM Security / © 2019 IBM Corporation 23 Safeguard your data wherever it resides
IBM Guardium For Databases, Files, Big Data, Keys and Cloud
• Support your entire data • Ensure the security, privacy and protection journey with the same integrity of your critical data across IBM Guardium infrastructure and approach a full range of environments Multi-Cloud Data Protection Protect data in public clouds, hybrid clouds, and multi-clouds
IBM Security / © 2019 IBM Corporation 24 Find and mitigate data risks
IBM Guardium Analyzer Find regulated data and database weaknesses to reduce risk • Identify regulated data risks on-premises or in cloud • Classify data in cloud and on-premises databases • Build risk scores based on vulnerability scans and data classification
IBM Data Risk Manager Provide your C-Suite with a risk dashboard • Uncover high-value business data and associated risks • Analyze potential impact to information assets, data and processes • Use data visualization to align stakeholders and mitigate risks
IBM Critical Data Protection Services Protect your most critical data from compromise • Protect and prioritize critical data • Perform gap analysis on security processes and controls • Create a risk-remediation plan • Monitor security metrics and governance standards IBM Security / © 2019 IBM Corporation 25 Let the right people in
IBM Identity Management Services IBM Cloud Identity
1.
3. 2.
IBM partners with you to provide customized IAM expertise Simplify your users’ access across web, mobile and cloud 1. Diagnose • Cloud-delivered single sign-on Strategy, planning, IAM design thinking • Multifactor risk-based authentication and identity federation 2. Transform • Thousands of pre-built app connectors and templates Technical architecture, design and build, accelerated deployment 3. Operate Advanced integration, process optimization, manage and operate
IBM Security / © 2019 IBM Corporation 26 Keep the wrong people out
IBM Identity Governance IBM Secret Server IBM Trusteer Provision, audit and report Protect privileged accounts, ensure Stop fraud with AI-infused user access compliance and authorize access security capabilities • Increase end-user satisfaction • Discover privileged accounts • Continuous identity assurance • Achieve regulatory compliance • Manage and audit usage • Scalable and agile cloud platform • Reduce business risk and costs • Monitor and control access • Advanced AI and machine learning layered with intelligence services • Provide insight on risky users • Secure and protect critical assets
IBM Security / © 2019 IBM Corporation 27 Move to the cloud with confidence
IBM X-Force Cloud Security Services
• Cloud Security Strategy Security transformation, strategy, and baselining
• In-the-Cloud-Security Managed Policy management and segmentation, shadow IT discovery, Security data security and more for your in-the-cloud workloads Service • Managed Security Services Core to X-Force Cloud Security Services – Our extensive and proven managed portfolio backed by best-of-breed partnerships plus threat management solutions
IBM Security / © 2019 IBM Corporation 28 Unify and deploy your security controls across hybrid multicloud
Open Security Ecosystem with unique partnerships and integrations
Public Private Clouds Cloud
On-Premises
Secure identity and networks Protect data and workloads Manage threats and compliance IBM Cloud Identity IBM Security Guardium IBM QRadar | IBM X-Force IRIS
IBM Security / © 2019 IBM Corporation 29 Unify endpoint management with the power of AI
IBM MaaS360 with Watson An open cloud-based • Gain insights to identify policy platform that uses and application improvements AI to simplify your • Proactively address management and security new vulnerabilities across mobile devices and IoT
IBM Security / © 2019 IBM Corporation 30 The future of security
Before 2011 2011-2018 2019+ Beyond… Bolt-on security Security intelligence Connected security for all, AI, quantum, blockchain for IT projects across the enterprise at the “speed of cloud” and IoT security
DATA
IDENTITY APPS & ACCESS
SECURITY MOBILE ADVANCED INTELLIGENCE FRAUD
ENDPOINT NETWORK
THREAT INTEL
IBM Security / © 2019 IBM Corporation 31 The future of security is connected
IBM Security Connect
Connected ecosystem
Operational simplicity
Global-scale AI and analytics
Experts on-demand
Uncover new risks and strengthen your cybersecurity program with the only open, cloud-based security platform that doesn’t demand migrating your data IBM Security / © 2019 IBM Corporation 32 About the Connect Platform
Catalog Applications | Solutions | Services from IBM, Partners, Customers
Cloud IBM Security Connect AI and Open threat intel Platform AppDev Framework analytics and data connectors
Existing On-premises security tools Public and private Mobile devices and infrastructure clouds and endpoints infrastructure
IBM Security / © 2019 IBM Corporation 33 Ready for future battles Thousands of IBM Researchers in 12 labs across 6 continents are busy working on security projects that will shape our future
Good AI Blockchain versus bad for security IBM researchers are finding IBM invented the ways to address the way to share threat weaknesses found intelligence that’s in AI systems anonymous and trusted
Post-quantum Securing the cryptography world of things Lattice cryptography IBM researchers are working on will protect organizations cryptographic algorithms and from quantum-enabled protocols, and key management to hackers enable end-to-end IoT security
IBM Security / © 2019 IBM Corporation 34 Who depends on IBM Security? 98% 95% 94% 50 70 12 of the top global of the top of the top global pharmaceutical state governments of the top US of the top US financial services and U.S. healthcare companiesand and all 5 branches colleges and aerospace and banking companies biotech companies of the US military universities defense companies 27 22 10 8 19 43 of the top global of the top U.S. of the largest of the top of the top of the top energy and utilities retail and consumer goods telecom companies airlines in global motor vehicle US industrial companies companies in the world the world and parts companies companies
We are invested to be the best
SIEM Identity as a Service Unified Endpoint Management
12 Security Analytics Identity Management Managed Security Services Market segments where analysts ranked IBM Security Web Fraud Detection Authentication Cybersecurity Incident as “Leader” Response Services Identity Governance Data Security and Database Security Access Management
IBM Security / © 2019 IBM Corporation 35 Take your next steps with us
Save Schedule Sign-up Visit X-Force IRIS’s number a consultation with for IBM X-Force Exchange the X-Force Cyber Range 1-888-241-9812 our security experts exchange.xforce.ibmcloud.com bit.ly/X-ForceCommand
IBM Security / © 2019 IBM Corporation 36 Thank you
Follow us on: © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or ibm.com/security both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, securityintelligence.com destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, ibm.com/security/community comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. xforce.ibmcloud.com
@ibmsecurity youtube/user/ibmsecuritysolutions Challenges we hear from CISOs in the Focus on regulatory Financial Services Sector compliance
Ensure workloads in the cloud meet new security standards
Increase investments for “right side of the boom”
Adopt standard security frameworks and controls
Design integrated risk, compliance and security analytics
IBM Security / © 2019 IBM Corporation 38 Challenges we hear from CISOs in the Ensure patient privacy, Healthcare Sector safety and security
Secure medical devices, sensors and IoT endpoints
Meet the demands of digital transformation
Maintain regulatory compliance
Secure medical images
IBM Security / © 2019 IBM Corporation 39 Challenges we hear from CISOs in the Secure IP, research, clinical and Life Sciences Sector financial information
Increased M&A activity affects interoperability of IT Systems
Maintain strict regulations and compliance mandates
Integrate cybersecurity of IT / OT / IoT devices
Protect from hacking and insider threats
IBM Security / © 2019 IBM Corporation 40 Challenges we hear from CISOs in Federal Government Lack of sufficient skills Agencies and administration
Meet the demands of digital transformation
Ensure data privacy and compliance
Mitigate insider threats
Improve real-time visibility and continuous monitoring
IBM Security / © 2019 IBM Corporation 41 Challenges we hear from CISOs in State and Local Deal with aging Government Agencies infrastructures
Address insufficient IT administration
Meet the demands of digital transformation
Ensure data privacy and compliance
Respond to talent and funding shortage
IBM Security / © 2019 IBM Corporation 42 Challenges we hear from CISOs in the Energy and Address risks for Utility Industry IT, OT and IoT
Harmonize the approach to IT-OT convergence
Maintain regulatory compliance
Increase security efficiency for detection to response
Enable and protect digital transformation
IBM Security / © 2019 IBM Corporation 43 Challenges we hear from CISOs in the Retail and Consumer Address increasing cyber attack Products Sector vectors including IoT
Meet the demands of digital transformation
Maintain regulatory compliance
Adopt mobile technologies and leverage analytics
Exceed client expectations
IBM Security / © 2019 IBM Corporation 44 Challenges we hear from CISOs in Telecom and Ensure client Media & Entertainment privacy
Maintain regulatory compliance
Meet the demands of digital transformation
Address the rise in threats and attacks
Adopt new technologies and IoT
IBM Security / © 2019 IBM Corporation 45 Challenges we hear from CISOs in the Travel and Mitigate against malware Transportation Industry and advanced threats
Meet the demands of digital transformation
Maintain regulatory compliance
Ensure interoperability of IT systems including IoT
Exceed client expectations
IBM Security / © 2019 IBM Corporation 46 Challenges we hear from CISOs in the Automotive Industry Secure IoT integrations and mitigate cyber attacks
Manage identity governance / insider threats
Ensure data security
Meet the demands of digital transformation
Address enterprise security
IBM Security / © 2019 IBM Corporation 47 Challenges we hear from CISOs in the Manufacturing Mitigate IT/OT integration Industry and cyber attacks
Reduce rising operational costs
Ensure data security and regulatory compliance
Adopt and secure mobile technologies
Address organizational security
IBM Security / © 2019 IBM Corporation 48 Challenges we hear from CISOs in Ensure student privacy, Higher Education safety and security
Meet the demands of digital transformation
Maintain regulatory compliance
Keep and/or retain security skills
Secure IP, research, and financial information
IBM Security / © 2019 IBM Corporation 49 Let’s focus on the most critical security use cases
Outcome-driven security Prove Stop Grow Compliance Threats Business
Get Enhance Govern Detect & Stop Orchestrate Master Secure Protect Deliver Ahead of Security Users and Advanced Incident Threat Hybrid Critical Digital Compliance Hygiene Identities Threats Response Hunting Cloud Assets Trust
IBM Security / © 2019 IBM Corporation 50 We’ve built the largest security start-up in the world
2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017…
Identity management Security services Enterprise Endpoint Cloud-enabled Incident Directory integration and network security single-sign-on management identity management response and security Identity governance
SOA management Application security Database monitoring Security Intelligence Advanced fraud protection Data-related and security Risk management and protection business risk Secure mobile mgmt. IBM Security management Data management Application security Systems
IBM Security Services
“…IBM Security is making all the right moves...” Forbes
IBM Security / © 2019 IBM Corporation 51 Leverage a global network of protection and training
Global Security Centers IBM X-Force Command Centers Solution Development Centers | Security Research Centers
IBM Security / © 2019 IBM Corporation 52