IBM Security Fearless in the Face of Uncertainty — Chris Bontempo Vice President Marketing, Routes & Offerings

IBM Security Fearless in the face of uncertainty — Chris Bontempo Vice President Marketing, Routes & Offerings Where we are now

• Largest enterprise cybersecurity provider

• Leader in 12 security market segments

• 8,000+ security employees

• 20+ security acquisitions

• 70B+ security events monitored per day

Strategy Threat Digital and Risk Management Trust Advance Security Maturity Detect and Stop Advanced Threats Protect Critical Assets Secure Hybrid Cloud • Strategy and Planning • Security Operations Consulting • SDLC Consulting • Infrastructure and • Risk Assessments • X-Force Threat Mgmt. Services • Data Protection Services Endpoint Services • Advisory Services • X-Force Red • Guardium • Hybrid Cloud • QRadar • Data Risk Manager Security Services Build Leadership and Culture • X-Force Detect • Multi-cloud Encryption • QRadar Cloud Analytics • X-Force Cyber Range • Key Lifecycle Manager • Cloud Identity • X-Force Comes to You Orchestrate Incident Response • Guardium for Cloud • X-Force Cyber Tactical • Resilient Govern Users and Identities Operations Center • X-Force IRIS • Identity Mgmt. Services Unify Endpoint Management • Identity Governance • Endpoint Mgmt. Services Master Threat Hunting • Cloud Identity • MaaS360 • i2 Intelligence Analysis • Access Manager • QRadar Advisor with Watson • Secret Server Deliver Digital Identity Trust • Trusteer • Cloud Identity

What’s at stake… 20.8 billion 5 billion $6 trillion things we need personal data lost to cybercrime to secure records stolen over the next 2 years

What we face… Compliance updates Skills shortage Too many tools GDPR fines can cost By 2022, CISOs will face Organizations are using billions 1.8 million too many for large global companies unfulfilled tools from too cybersecurity jobs many vendors

Help me…

Modernize Respond to the Address increasing Maintain data Secure the journey security global security cyber attack privacy and to cloud and digital frameworks and skills shortage vectors including regulatory transformation controls IoT compliance

of organizations are concerned about cloud security, and are unable to accelerate their businesses fast enough

To prepare clients for • Understand security • Develop ‘secure by design’ their hybrid cloud and responsibilities and digital applications where to start cognitive journey, • Maintain the privacy of new IT leaders need to… • Rationalize existing customers and partners security investments to secure the cloud • Manage policies across distributed environments • Comply with changing regulatory mandates • Detect and respond to threats with • Secure access to cloud limited resources workloads and data IBM Security / © 2019 IBM Corporation Source: Cloud adoption to accelerate IT modernization article, McKinsey & Company, April 2018 6 Every client is on their own unique security journey

What clients tell Guidance Tools & Clarity us they need & Wisdom Resources & Action

IBM uniquely Global visibility and Integrated products and Leading analytics, delivers industry expertise services AI and orchestration

IBM Security / © 2019 IBM Corporation 7 Where are you on your journey? 5 Optimized 4 Continuous process Managed improvement 3 Detailed process metrics is enabled by quantitative feedback Defined are collected, 2 quantitatively understood Processes are and controlled Repeatable documented, 1 standardized, Basic project and integrated across the Automated and Proactive Ad-hoc management and organization discipline established Process is ad-hoc, chaotic, to repeat earlier success and poorly defined; success depends on individual effort and heroics

Manual and Reactive

Strategy Threat Digital and Risk Management Trust Unify business leaders with Identify and respond to threats with Govern and protect your business, security risk management speed and confidence data, users and assets

… …

Redefining Red Hat’s open hybrid cloud Together, IBM and Based on open source technologies are now paired Red Hat will accelerate technologies, such as Linux and the cloud market with the unmatched scale innovation by offering Kubernetes, the platform for business and depth of IBM’s innovation a next-generation enables businesses to securely and industry expertise, hybrid multicloud deploy, run and manage data and sales leadership platform and apps on-prem, on private, and multiple public clouds

Help clients build a cloud security strategy Help clients protect cloud data and and adoption roadmap for Red Hat and users with offerings that deploy on and our Hybrid Cloud stack integrate with the fabric of the cloud

Advise Move Build Manage

Open Hybrid Multicloud Platform

Help clients extend their security visibility, threat detection and response to cloud with new Red Hat specific integrations, content, and managed services

Unify business leaders with security risk management When you connect experts and proven frameworks with a deep understanding of business and compliance needs

What holds us back?

Not sure what A sea of Lack of alignment No end-to-end Constant “industry best” regulatory in assessment of organizational looks like frameworks the C-Suite your program changes

Privacy and Risk Assessments | Strategy and Planning | Training and Preparedness

IBM Security / © 2019 IBM Corporation 14 Strategic thinkers, risk experts We specialize in the following practices Benchmark your security strategy, • Security Strategy • Automated IT Risk Management compliance and risk posture and Planning • Critical Infrastructure Security • Proven, programmatic approach • C-Suite and Board Advisory • SAP Security Strategy • Experts on resilience, security, privacy and data quality • IT Risk Management and Assessments • Standard framework linking risk, regulations and controls and Compliance

IBM X-Force Command

Identify and respond to threats with speed and confidence When you connect people, process, and technologies with AI and continuous insights

What holds us back?

Attackers evading Empty seats and Too many events, No way to Not staffed rules-based churn not enough time operationalize to survive solutions in the SOC response a breach

Security Operations Consulting | Threat Management Services | Security Analytics | Response and Orchestration | Threat Hunting

IBM X-Force Threat Management Services Identify and protect critical assets, detect advanced threats, respond and recover faster from disruptions

Governance and Continuous Process Improvement

IBM X-Force Red IBM X-Force IRIS IBM Managed Security Services Hacking anything Gain the expertise needed Extend your coverage with to secure everything to deal with “Right of Boom” 24x7 security expertise

Renowned veteran $ + Savings when a breach is Years of experience through 170 hackers and experts 1M contained within 30 days 20+ thousands of engagements

Leading Technology and Partner Ecosystem

IBM QRadar User and entity profiling Statistical analysis Pattern identification Entity and user context Network-based anomaly detection External threat correlation Real-time analytics Risk-based analytics Threat hunting DNS analytics Business context

“3 billion security events per day are IBM i2 Enterprise Insight Analysis #1 SIEM for accurately analyzed and condensed Advanced Threat Defense into 25 prioritized offenses, Use intelligence to find the attacker - Gartner enabling analysts to focus on what • Ingest structured and unstructured data • Deliver actionable intelligence matters most.” including OSINT and the dark web and accelerate data to decision

- Large energy company • Uncover hidden connections and patterns

IBM QRadar User Behavior Analytics IBM QRadar Advisor with Watson

Detect insider threats with machine learning Force multiply your team’s effectiveness with AI • Continuously learns behaviors to predict malicious users • Automatically connect the dots for more decisive threat escalation • Generate detailed risk scores for individual users • Speed response and visualize attack stages using MITRE ATT&CK • 16K+ free downloads from X-Force App Exchange • Gain insights from Watson’s 10B+ security data points

clients trained in security + best practices using our immersive 2,500 state-of-the-art cyber range IBM Resilient Arm your team with the industry’s leading Incident Response Platform 40x Faster overall response using dynamic playbooks that orchestrate your people, process and technology

Govern and protect your business, data, users and assets When you connect policy, analytics, and controls across your entire business

What holds us back?

New privacy Not sure who has Customers Legacy security Can’t keep up regulation access demand better doesn’t work with business deadlines to what experiences for Cloud and IT projects

Data Protection and Privacy | Application Security | Identity Governance | Digital Identity Trust | Cloud and Mobile Security

IBM Guardium For Databases, Files, Big Data, Keys and Cloud

• Support your entire data • Ensure the security, privacy and protection journey with the same integrity of your critical data across IBM Guardium infrastructure and approach a full range of environments Multi-Cloud Data Protection Protect data in public clouds, hybrid clouds, and multi-clouds

IBM Guardium Analyzer Find regulated data and database weaknesses to reduce risk • Identify regulated data risks on-premises or in cloud • Classify data in cloud and on-premises databases • Build risk scores based on vulnerability scans and data classification

IBM Data Risk Manager Provide your C-Suite with a risk dashboard • Uncover high-value business data and associated risks • Analyze potential impact to information assets, data and processes • Use data visualization to align stakeholders and mitigate risks

IBM Critical Data Protection Services Protect your most critical data from compromise • Protect and prioritize critical data • Perform gap analysis on security processes and controls • Create a risk-remediation plan • Monitor security metrics and governance standards IBM Security / © 2019 IBM Corporation 25 Let the right people in

IBM Identity Management Services IBM Cloud Identity

3. 2.

IBM partners with you to provide customized IAM expertise Simplify your users’ access across web, mobile and cloud 1. Diagnose • Cloud-delivered single sign-on Strategy, planning, IAM design thinking • Multifactor risk-based authentication and identity federation 2. Transform • Thousands of pre-built app connectors and templates Technical architecture, design and build, accelerated deployment 3. Operate Advanced integration, process optimization, manage and operate

IBM Identity Governance IBM Secret Server IBM Trusteer Provision, audit and report Protect privileged accounts, ensure Stop fraud with AI-infused user access compliance and authorize access security capabilities • Increase end-user satisfaction • Discover privileged accounts • Continuous identity assurance • Achieve regulatory compliance • Manage and audit usage • Scalable and agile cloud platform • Reduce business risk and costs • Monitor and control access • Advanced AI and machine learning layered with intelligence services • Provide insight on risky users • Secure and protect critical assets

IBM X-Force Cloud Security Services

• Cloud Security Strategy Security transformation, strategy, and baselining

• In-the-Cloud-Security Managed Policy management and segmentation, shadow IT discovery, Security data security and more for your in-the-cloud workloads Service • Managed Security Services Core to X-Force Cloud Security Services – Our extensive and proven managed portfolio backed by best-of-breed partnerships plus threat management solutions

Open Security Ecosystem with unique partnerships and integrations

Public Private Clouds Cloud

On-Premises

Secure identity and networks Protect data and workloads Manage threats and compliance IBM Cloud Identity IBM Security Guardium IBM QRadar | IBM X-Force IRIS

IBM MaaS360 with Watson An open cloud-based • Gain insights to identify policy platform that uses and application improvements AI to simplify your • Proactively address management and security new vulnerabilities across mobile devices and IoT

Before 2011 2011-2018 2019+ Beyond… Bolt-on security Security intelligence Connected security for all, AI, quantum, blockchain for IT projects across the enterprise at the “speed of cloud” and IoT security

DATA

IDENTITY APPS & ACCESS

SECURITY MOBILE ADVANCED INTELLIGENCE FRAUD

ENDPOINT NETWORK

THREAT INTEL

IBM Security Connect

Connected ecosystem

Operational simplicity

Global-scale AI and analytics

Experts on-demand

Uncover new risks and strengthen your cybersecurity program with the only open, cloud-based security platform that doesn’t demand migrating your data IBM Security / © 2019 IBM Corporation 32 About the Connect Platform

Catalog Applications | Solutions | Services from IBM, Partners, Customers

Cloud IBM Security Connect AI and Open threat intel Platform AppDev Framework analytics and data connectors

Existing On-premises security tools Public and private Mobile devices and infrastructure clouds and endpoints infrastructure

Good AI Blockchain versus bad for security IBM researchers are finding IBM invented the ways to address the way to share threat weaknesses found intelligence that’s in AI systems anonymous and trusted

Post-quantum Securing the cryptography world of things Lattice cryptography IBM researchers are working on will protect organizations cryptographic algorithms and from quantum-enabled protocols, and key management to hackers enable end-to-end IoT security

IBM Security / © 2019 IBM Corporation 34 Who depends on IBM Security? 98% 95% 94% 50 70 12 of the top global of the top of the top global pharmaceutical state governments of the top US of the top US financial services and U.S. healthcare companiesand and all 5 branches colleges and aerospace and banking companies biotech companies of the US military universities defense companies 27 22 10 8 19 43 of the top global of the top U.S. of the largest of the top of the top of the top energy and utilities retail and consumer goods telecom companies airlines in global motor vehicle US industrial companies companies in the world the world and parts companies companies

We are invested to be the best

SIEM Identity as a Service Unified Endpoint Management

12 Security Analytics Identity Management Managed Security Services Market segments where analysts ranked IBM Security Web Fraud Detection Authentication Cybersecurity Incident as “Leader” Response Services Identity Governance Data Security and Database Security Access Management

Save Schedule Sign-up Visit X-Force IRIS’s number a consultation with for IBM X-Force Exchange the X-Force Cyber Range 1-888-241-9812 our security experts exchange.xforce.ibmcloud.com bit.ly/X-ForceCommand

Follow us on: © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or ibm.com/security both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, securityintelligence.com destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, ibm.com/security/community comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. xforce.ibmcloud.com

@ibmsecurity youtube/user/ibmsecuritysolutions Challenges we hear from CISOs in the Focus on regulatory Financial Services Sector compliance

Ensure workloads in the cloud meet new security standards

Increase investments for “right side of the boom”

Adopt standard security frameworks and controls

Design integrated risk, compliance and security analytics

Secure medical devices, sensors and IoT endpoints

Meet the demands of digital transformation

Maintain regulatory compliance

Secure medical images

Increased M&A activity affects interoperability of IT Systems

Maintain strict regulations and compliance mandates

Integrate cybersecurity of IT / OT / IoT devices

Protect from hacking and insider threats

Meet the demands of digital transformation

Ensure data privacy and compliance

Mitigate insider threats

Improve real-time visibility and continuous monitoring

Address insufficient IT administration

Meet the demands of digital transformation

Ensure data privacy and compliance

Respond to talent and funding shortage

Harmonize the approach to IT-OT convergence

Maintain regulatory compliance

Increase security efficiency for detection to response

Enable and protect digital transformation

Meet the demands of digital transformation

Maintain regulatory compliance

Adopt mobile technologies and leverage analytics

Exceed client expectations

Maintain regulatory compliance

Meet the demands of digital transformation

Address the rise in threats and attacks

Adopt new technologies and IoT

Meet the demands of digital transformation

Maintain regulatory compliance

Ensure interoperability of IT systems including IoT

Exceed client expectations

Manage identity governance / insider threats

Ensure data security

Meet the demands of digital transformation

Address enterprise security

Reduce rising operational costs

Ensure data security and regulatory compliance

Adopt and secure mobile technologies

Address organizational security

Meet the demands of digital transformation

Maintain regulatory compliance

Keep and/or retain security skills

Secure IP, research, and financial information

Outcome-driven security Prove Stop Grow Compliance Threats Business

Get Enhance Govern Detect & Stop Orchestrate Master Secure Protect Deliver Ahead of Security Users and Advanced Incident Threat Hybrid Critical Digital Compliance Hygiene Identities Threats Response Hunting Cloud Assets Trust

2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017…

Identity management Security services Enterprise Endpoint Cloud-enabled Incident Directory integration and network security single-sign-on management identity management response and security Identity governance

SOA management Application security Database monitoring Security Intelligence Advanced fraud protection Data-related and security Risk management and protection business risk Secure mobile mgmt. IBM Security management Data management Application security Systems

IBM Security Services

“…IBM Security is making all the right moves...” Forbes

Global Security Centers IBM X-Force Command Centers Solution Development Centers | Security Research Centers