IBM Security Framework Intelligence, Integration and Expertise

IBM Security Systems

Sadu Bajekal, Senior Technical Staff Member Principal Security Architect IBM Security Systems

January 28, 2014

. Introduction: The evolving threat landscape

. A new approach to security is needed

. How the IBM Security Framework is positioned to help

Nation-state National Security, actors, APTs Stuxnet, Economic Espionage Aurora, APT-1

Notoriety, Activism, Hacktivists Lulzsec, Defamation Anonymous

Monetary Organized crime Zeus, ZeroAccess, M O T I V A I T ON A O M I T V Gain Blackhole Exploit Pack

Nuisance, Insiders, Spammers, Script-kiddies Curiosity Nigerian 419 Scams, Code Red

S O P H I S T I C A T I O N

INTERNAL EXTERNAL PAYOFFS

CEO CFO/COO CIO CHRO CMO

Loss of market Audit failure Loss of data Violation of Loss of customer share and confidentiality, employee privacy trust reputation Fines and criminal integrity and/or charges availability Loss of brand Legal exposure reputation Financial loss

Increasingly, companies are appointing CROs and CISOs with a direct line to the Audit Committee

6 Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series © 2013 IBM Corporation 8 © 20122013 IBM Corporation IBM Security Systems Security challenges are a complex, four-dimensional puzzle…

Employees Attackers Outsourcers Suppliers People Consultants Partners Customers

Data Structured Unstructured At rest In motion

Web Systems Web 2.0 Mobile Applications Applications Applications Applications

Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional

…that requires a new approach

Then Now

People Administration Insight

Basic- Laser- Data control focused

Applications Bolt-on Built-in

Thicker Smarter Infrastructure walls defenses

Collect and Analyze Everything

Traditional Security New Considerations Operations and Logs Events Alerts Technology Collection, Storage and Processing Configuration information . Collection and integration . Size and speed System Identity audit trails context . Enrichment and correlation

Network flows Analytics and Workflow and anomalies . Visualization External threat Full packet and . Unstructured analysis intelligence feeds DNS captures . Learning and prediction Web page Business . Customization text process data . Sharing and export

Big Data E-mail and Customer Analytics social activity transactions

Security Intelligence Predictive Analytics, Big Data Workbench, Flow Analytics SIEM and Vulnerability Management Log Management Advanced Fraud Protection

People Data Applications Infrastructure

Identity governance Multi-faceted Fine-grained Data governance Fraud detection network protection entitlements Optimized Encryption key Hybrid scanning Anomaly detection Privileged user management and correlation Hardened systems management

Data masking / redaction Virtualization security User provisioning Database activity Web application protection Asset management Proficient Access management monitoring Source code scanning Endpoint / network Strong authentication Data loss prevention security management

Perimeter security Directory Encryption Application Basic Host security management Database access control scanning

Anti-virus 13

- 17

Intelligence

Integration

Expertise

Advanced Fraud Protection 2013 Intent to acquire Security 2012 Intelligence Trusteer for mobile and application 2011 Security Analytics security, Q1 Labs is counter-fraud Application 2010 acquired for and malware security Security Big Fix is detection acquired for intelligence 2009 Database endpoint capabilities IBM Security Ounce Labs security Monitoring is acquired management Systems Compliance 2008 for application capabilities division is security Encentuate NISC is Management capabilities created is acquired acquired for Network Intrusion 2007 for enterprise Guardium information Prevention Watchfire is single-sign-on is acquired and analytics SOA Management 2006 acquired for capabilities for enterprise management and Security Internet security and database capabilities compliance 2005 Security monitoring Identity Systems, Inc. capabilities and protection Management DataPower is acquired for Consul is acquired capabilities 2002 is acquired Access security for risk management Access360 for SOA research and capabilities Management 1999 is acquired management network Princeton Softech Dascom is for identity and security IBM Security Investment protection is acquired for data acquired for management capabilities capabilities management Mainframe access capabilities 1976 capabilities and Server management MetaMerge • 6,000+ IBM Security experts worldwide Resource Access Security capabilities is acquired Control Facility for directory (RACF) is created, • 3,000+ IBM security patents integration eliminating the capabilities need for each • 4,000+ IBM managed security application services clients worldwide to imbed security • 25 IBM Security labs worldwide

IBM Security Systems Portfolio

Security Intelligence and Analytics QRadar QRadar QRadar QRadar Log Manager SIEM Risk Manager Vulnerability Manager

Advanced Fraud Protection

Trusteer Trusteer Pinpoint Trusteer Pinpoint Trusteer Mobile Rapport Malware Detection ATO Detection Risk Engine

People Data Applications Network Infrastructure Endpoint

Identity AppScan Network Guardium Data Security Trusteer Apex Management and Compliance Source Intrusion Prevention Guardium DB Access AppScan Next Generation Mobile and Endpoint Vulnerability Management Dynamic Network Protection Management Management Privileged Identity Guardium / Optim DataPower Web SiteProtector Virtualization and Manager Data Masking Security Gateway Threat Management Server Security Federated Key Lifecycle Security Policy Network Mainframe Access and SSO Manager Manager Anomaly Detection Security

IBM X-Force Research

Integrated Intelligence. Integrated Research. Integrated Protection.

Consolidate and Stay ahead of Link security and

correlate siloed the changing vulnerability JK 2013

04 - information from threat information 265 hundreds of sources landscape across domains

Security Intelligence Provide visibility, auditability and control for the cloud

13-04-02

Identity Data and Application Threat Protection Protection Protection Administer, secure, and extend Secure enterprise databases Prevent advanced threats identity and access to and Build, test and maintain secure with layered protection from the cloud cloud applications and analytics

Device Network, Data, Application Layer Management and Access Security Security Security for endpoint Achieve visibility and Develop and test device and data adaptive security policies applications

Security Intelligence Activity Monitoring, Anomaly Detection, Reporting

Preventing insider Monitoring Data and threat PII concerns

Managing end users and Accessing Applications Privacy concerns on a need-to-know basis

Security Intelligence Security Intelligence: Integrating across IT silos and Analytics

Security devices

Servers and mainframes Correlation True offense • Logs/events • Flows Network and virtual activity • IP reputation • Geographic location Data activity Offense identification • Credibility Activity baselining • Severity Application activity and anomaly detection • Relevance • User activity Suspected Configuration information • Database activity incidents • Application activity Vulnerabilities and threats • Network activity

Users and identities

Extensive Deep Exceptionally accurate data sources + intelligence = and actionable insight

V13-03 Key Themes Increased Data Sources Integrated Vulnerability Management Enhanced Identity Context Data from 450+ security collectors and Comprehensive understanding of the Integrated understanding of users, their roles, Integration with X-Force intelligence configuration and exposure of systems level of privilege, geographical location and and other external feeds to use in analysis in the environment, enabling contextual their typical behaviors to enable enterprises for determining relevant vulnerabilities analysis to determine vulnerabilities to identify abnormal activity that might indicate and potential threats against particular threats insider threat

20 © 2013 IBM Corporation IBM Security Systems Integration: A unified architecture delivered in a single console Designed from scratch to deliver massive log management scale without any compromise on SIEM “Intelligence”

Log NextGen Activity Risk Vulnerability Network Management SIEM Monitoring Management Management Forensics

Identity and Access Management: Helping to extend People secure user access across the enterprise

Key Themes Standardized IAM Secure Cloud, Mobile, Social Insider Threat and Compliance Management Interaction and IAM Governance Expand IAM vertically to provide identity and Enhance context-based access control for Continue to develop Privileged Identity access intelligence to the business; Integrate cloud, mobile and SaaS access, as well as Management (PIM) capabilities and enhanced horizontally to enforce user access to data, app, integration with proofing, validation and Identity and Role management and infrastructure authentication solutions

Safeguard mobile, Prevent insider cloud and social threat and interactions identity fraud

• Validate “who is who” • Manage shared access when users connect from inside the enterprise outside the enterprise • Defend applications and • Enforce proactive access access against targeted web policies on cloud, social and attacks and vulnerabilities mobile collaboration channels

Deliver intelligent Simplify identity identity and access silos and cloud assurance integrations

• Enable identity management • Provide visibility into all available for the line of business identities within the enterprise • Enhance user activity monitoring • Unify “Universe of Identities” and security intelligence across for security management security domains

. Eliminate use of passwords to secure mobile application access . Implement Risk Based access posture for BYOD . Validate Customer Identity interacting via Mobile and Social channels . Enforce Identity context for Mobile, SaaS and Cloud access . Eliminate use of passwords to secure mobile app access

ISAM for Mobile

. Audit privileged user activity and sensitive data access . Address compliance, regulatory and privacy requirements . Secure user access and content against targeted attacks . Integrated security intelligence

Session Recording

Administrative ID

Credential Vault

Target Systems

Data Security: Helping to secure structured, unstructured, Data online and offline data across the enterprise

Governance, Security Intelligence, Analytics Audit, Reporting, and Monitoring

Policy-based Access and Entitlements

• Protect data in any form, Data Discovery and Classification anywhere, from internal or external threats Enforcement Data at Rest Data in Motion Data in Use • Streamline regulation Protection & Network Loss Endpoint Loss

compliance process Encryption Prevention Prevention i n t e g r a t e • Reduce operational costs i n t e g r a t e

around data protection Solutions Security IT & Business Process Business & IT Stored over Network at Endpoint (Databases, File Servers, Big (SQL, HTTP, SSH, FTP, (workstations, laptops, Data, Data Warehouses, email,. …) mobile,…) Application Servers, Cloud/Virtual ..)

Key Themes Expand to new platforms Introduce new data protection Lead on scalability and lower Expand beyond supporting databases to all capabilities TCO relevant data sources, including data Complement discovery, classification, monitoring, Continue to improve on solution deployability warehouses, file shares, file systems, auditing, and blocking with though leadership with improvements to scalability, performance, enterprise content managers, and Big Data capabilities like cloud encryption/tokenization, simplification, automation, serviceability, and (Hadoop, NoSQL, in-memory DB), dynamic data masking, and fraud detection ease of use wherever data is stored

In-depth data activity monitoring and security insights from Security Devices InfoSphere Guardium

Servers & Hosts Event Network & Virtual Activity Correlation

. Databases DataDatabase Activity Activity Offense . Data warehouses Identification Application Activity Activity Baselining . Big Data environments & Anomaly Detection . File shares Configuration Info

. Applications Vulnerability Info

User Activity

Vulnerability Information

Deep Exceptionally Accurate and Extensive Data Sources + Intelligence = Actionable Insight

 Send security alerts from Guardium to QRadar NEW  Send audit reports from Guardium to QRadar to enhance analytics  Send database vulnerability assessment status from Guardium to QRadar

Application Security: Helping to protect against the threat Applications of attacks and data breaches Audience Development teams Security teams Penetration Testers

Software CODING BUILD QA SECURITY PRODUCTION Development Lifecycle Dynamic analysis (black box) Scanning Static analysis Techniques (white box)

Programming Web Applications Mobile Purchased Applications Languages Web Services Applications Applications

• Test policies, test templates and access control Governance • Dashboards, detailed reports and trending and Collaboration • Manage regulatory requirements such as PCI, GLBA and HIPAA (40+ out-of-the-box compliance reports)

Build Systems Defect Tracking IDEs Security Intelligence Integrated improve scan Systems remediation assistance raise threat level efficiencies track remediation

Key Themes Coverage for Mobile Simplified interface and Security Intelligence applications and new threats accelerated ROI Integration Continue to identify and reduce risk by New capabilities to improve customer time to Automatically adjust threat levels based on expanding scanning capabilities to new value and consumability with out-of-the-box knowledge of application vulnerabilities by platforms such as mobile, as well as introducing scanning, static analysis templates and ease integrating and analyzing scan results with next generation dynamic analysis scanning and of use features SiteProtector and the QRadar Security glass box testing Intelligence Platform

Infrastructure Protection: Network Infrastructure

Security Network Log Risk Vulnerability SIEM Activity Intelligence Manager Manager Manager Future Platform Monitor

Threat Vulnerability Malicious Malware IP Intelligence Future and Research Data Websites Information Reputation

Advanced Content Web Network Intrusion Application Threat and Data Application Anomaly Future Prevention Control Platform Security Protection Detection IBM Network Security

Key Themes Advanced Threat Protection Expanded X-Force Security Intelligence Platform Threat Intelligence Integration Helps to prevent sophisticated threats and Increased coverage of world-wide threat Tight integration between the Advanced Threat detect abnormal network behavior by using an intelligence harvested by X-Force and the Protection Platform and QRadar Security extensible set of network security capabilities - consumption of this data to make smarter and Intelligence platform to provide unique and in conjunction with real-time threat information more accurate security decisions meaningful ways to detect, investigate and and Security Intelligence remediate threats

Advanced Security X-Force Threat Intelligence: The IBM Differentiator and Threat Research

The mission of X-Force is to: . Monitor and evaluate the rapidly changing threat landscape . Research new attack techniques and develop protection for tomorrow’s security challenges . Educate our customers and the general public

• Provides access to one of the world’s largest URL filter databases containing URL/Web Filtering more than 20 billion evaluated Web pages and images

• Detect spam using known signatures, discover new spam types Anti-Spam automatically, 99.9% accurate, near 0% overblocking

• Categorize malicious websites via their IP address into different threat IP Reputation segments, including malware hosts, spam sources, and anonymous proxies

• Identifying and providing actions for application traffic, both web-based, Web Application Control such as Gmail, and client based, such as Skype

Infrastructure Protection: Endpoint Infrastructure Provides in-depth security across your network, servers, virtual servers, mainframes and endpoints

Key Themes Security for Expansion of Security Intelligence Integration Mobile Devices Security Content Improved usage of analytics - providing valuable Provide security for and manage traditional Continued expansion of security configuration insights to meet compliance and IT security endpoints alongside mobile devices such as and vulnerability content to increase coverage objectives, as well as further integration with Apple iOS, Google Android, Symbian, and for applications, operating systems, and SiteProtector and the QRadar Security Microsoft Windows Phone - using a single industry best practices Intelligence Platform platform

Integrated Portfolio

Managed and Professional Services

Extensive Partner Ecosystem

IBM Research

33 © 2013 IBM Corporation IBM Security Systems Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 34 © 2013 IBM Corporation IBM Security Systems Disclaimer

Please Note:

IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Global office products supplier achieved Security Intelligence Improve overall security greater visibility to potential security threats and compliance and Analytics and PCI compliance with $0 cost increase

Banking clients reduced online banking fraud Protect against financial fraud Advanced Fraud to near zero while complying with regulatory and advanced security threats Protection compliance mandates for layered security

Major South American bank health reduced Manage user access securely People the number of help desk calls by 30%, and cost-effectively resulting in annual savings of $450,000+

Major global bank saved $1.5 USD / year Ensure privacy and integrity on storage costs and reduced compliance Data of data costs by $20M USD

Client added 225 new applications per year Automate security testing Applications to handle US$1 quadrillion in securities on web-based applications transactions per year

Client monitored all devices and networks Proactively alert, simplify Infrastructure across all sites with zero false positives monitoring and management without blocking revenue-based traffic