© 2015 IBM Corporation

Security has an intrinsic value, how to mitigate risks

Domenico RaguseoManager of Europe Technical Sales and Solutions

Follow @domenicoraguseoContact dom.raguseo@it.ibm.comConnect https://www.linkedin.com/in/draguseo

IBM approach to Cyber Security

2© 2015 IBM Corporation

SQL Injection

Dos or Ddos

Malware or Botnet

Scanning

Spam

Command and Control

Watering Hole

Disefranchised

Vulnerabilities ( i.e ShellShock ... )

3© 2015 IBM Corporation

Security teams are using multiple sources of intelligence

65%of enterprise firms use external threat intelligence

to enhance their security decision making 1

However, security teams lack critical support to make the most of these resources

It takes too long to make information actionable

Data is gathered from untrusted sources

Analysts can’t separatethe signal from the noise

1 Source: ESG Global

4© 2015 IBM Corporation

Backed by the reputation and scale of IBM X-Force

Introducing IBM X-Force Exchange

Research and collaboration platform and API

Security Analysts and Researchers

Security Operations

Centers (SOCs)

Security Products and Technologies

OPENa robust platform with access to a wealth of threat intelligence data

SOCIALa collaborative platform for sharing threat intelligence

ACTIONABLEan integrated solution to help quickly stop threats

A new platform to consume, share, and act on threat intelligence

IBM X-Force Exchange is:

5© 2015 IBM Corporation

OPEN

A robust platform with access to a wealth of threat intelligence data

• Over 700 terabytes of machine-generated intelligence from crawler robots, honeypots, darknets, and spamtraps

• Multiple third party and partner sources of intelligence

• Up to thousands of malicious indicators classified every hour

Quickly gain access to threat data from curated

sources:

Leverage the scale of IBM Security and partner ecosystem

Human intelligence adds context to machine-

generated data:

• Insights from security experts, including industry peers, IBM X-Force, and IBM Security professionals

• Collaborative interface to organize and annotate findings, bringing priority information to the forefront

6© 2015 IBM Corporation

IBM Security Network Protection

XGSIBM Security QRadar Security Intelligence

IBM Security Trusteer Apex

Malware Protection

ACTIONABLEAn integrated solution to help quickly stop threats

STIX / TAXII(future feature)

API

• Integration between IBM Security products and X-Force Exchange-sourced actionable intelligence

• Designed for third-party integration with planned future support for STIX and TAXII, the established standard for automated threat intelligence sharing

• Leverage the API to connect threat intelligence to security products

Push intelligence to enforcement

points for timely protection

3rd Party Products

7© 2015 IBM Corporation

SOCIALA collaborative platform for sharing threat intelligence

Add context to threats

via peer collaboration

• Connect with industry peers to validate findings

• Share a collection of Indicators of Compromise (IOCs) to aid in forensic investigations

Discovers a new malware domain and marks it as malicious in the X-Force Exchange

INCIDENTRESPONDE

R

1

Finds the domain and applies blocking rules to quickly stop malicious traffic. Shares with his CISO using the Exchange

SECURITYANALYST

2

Adds the domain to a public collection named “Malicious Traffic Sources Targeting Financial Industry” to share with industry peersCISO

3

For the first time, clients can interact with IBM X-Force security researchers and experts directly

IBM X-FORCE

4

8© 2015 IBM Corporation

IBM Security Systems division is created

IBM Security Investment

• 6,000+ IBM Security experts worldwide• 3,000+ IBM security patents• 4,000+ IBM managed security

services clients worldwide• 25 IBM Security Labs worldwide

IBM Security: Market-changing milestones

Managed Security Services

Mainframeand Server

Security

SOA Managementand Security

Network Intrusion

Prevention

DatabaseMonitoring

Access Management

ApplicationSecurity

ComplianceManagement

1976

Resource Access

Control Facility(RACF) is created, eliminating the

need for each application to imbed security

1999

Dascom is

acquired for access management

capabilities

2006

Internet

Security Systems, Inc. is acquired for

security research and network

protection capabilities

2007

Watchfire is

acquired for security and compliance

capabilities

Consul is acquired for risk management capabilities

Princeton Softech

is acquired for data management capabilities

2008

Encentuate

is acquired for enterprise single-sign-on

capabilities

2009

Ounce Labs

is acquired for application security capabilities

Guardium

is acquired

for enterprise

database

monitoring

and protection

capabilities

2010

Big Fix is

acquired for endpoint security management

capabilities

NISC is acquired for informationand analytics

management capabilities

2011

Q1 Labs is

acquired for

security

intelligence

capabilities

2005

DataPower is

acquired for SOA management

and security capabilities

2013

Trusteer is

acquired for

mobile and

application

security,

counter-fraud

and malware

detection

2002

Access360

is acquired for identity management

capabilities

MetaMergeis acquired for directory

integration capabilities

Identity Management

AdvancedFraud Protection

SecurityAnalytics

SecurityIntelligence

2013

Trusteer is acquired for

mobile and application security, counter-fraud

and malware detection

2014

Crossidea is acquired

for ID Governance ID Governance

9© 2015 IBM Corporation

Helping customers to protect from advance fraud, malware, mobile and application attacks

Helping financial institutions to protect customer

transactions from advanced frauds

Helping financial institutions to protect customer

transactions from advanced frauds

Enterprise-wide solutions for helping secure the privacy

and integrity of trusted information in your data center

Reducing the cost of developing more secure applications

Help guard against sophisticated attacks with insight into users, content and applications

JK

2012-0

4-2

6

IBM Security Framework

10© 2015 IBM Corporation

Helping customers to protect from advance fraud, malware, mobile and application attacks

Security Intelligence and Analytics

Portfolio Overview

QRadar SIEM

• Integrated log, threat, compliance management

• Asset profiling and flow analytics

• Offense management and workflow

QRadar Risk Manager

• Predictive threat modeling and simulation

• Scalable configuration monitoring and audit

• Advanced threat and impact analysis

QRadar Log Manager

• Turnkey log management

• Upgradeable to enterprise SIEM

Vulnerability Manager

Forensic

JK

2012-0

4-2

6

11© 2015 IBM Corporation

Helping financial institutions to protect customer transactions from advanced frauds

Advanced Fraud ProtectionPortfolio Overview

Trusteer Pinpoint Malware

• 100% accurate clientless detection of active MitB

malware on users’ devices

• Minimum impact on existing infrastructure

Trusteer Pinpoint ATO

• Detect and protect from Account Take Over frauds

• Conclusive criminal access detection by correlating device fingerprint and account compromise history

• Minimum impact on existing infrastructure

Trusteer Rapport

• Compact software agent that prevents malware and Phishing attacks

Trusteer Mobile

•Endpoint solutions for detecting malware, jailbreak, and other mobile risk factors

•Out-of-Band Authentication

JK

2012-0

4-2

6

12© 2015 IBM Corporation

Manage and extend enterprise identity context across security domains with comprehensive Identity

Intelligence

Portfolio Overview

IBM Security Identity Manager *

• Automate the creation, modification, and termination of users throughout the lifecycle

• Identity control including role management and auditing

IBM Security Access Manager Family *

• Automates sign-on and authentication to enterprise web applications and services

• Entitlement management for fine-grained access enforcement

IBM Security zSecure suite *

• User friendly layer over RACF to improve administration and reporting

• Monitor, audit and report on security events and exposures on mainframes

IBM Security Identity Governance

PeopleJK

2012-0

4-2

6

13© 2015 IBM Corporation

Data

Enterprise-wide solutions for helping secure the privacy and integrity of trusted information in your data center

Portfolio Overview

IBM InfoSphere Guardium Product Family

• Database Activity Monitoring – continuously monitor and block unauthorized access to

databases

• Privileged User Monitoring – detect or block malicious or unapproved activity by DBAs, developers and outsourced personnel

• Database Leak Prevention – help detect and block leakage in the data center

• Database Vulnerability Assessment – scan databases to detect vulnerabilities and take action

• Audit and Validate Compliance – simplify SOX, PCI-DSS, and Data Privacy processes with pre-configured reports and automated workflows

IBM Security Key Lifecycle Manager

• Centralize and automate the encryption key management process

• Simplify administration with an intuitive user interface for configuration and management J

K 2

012-0

4-2

6

14© 2015 IBM Corporation

Applications

Reducing the cost of developing more secure applicationsPortfolio Overview

AppScan Enterprise Edition

• Enterprise-class solution for application security testing and risk management with governance and collaboration

• Multi-user solution providing simultaneous security scanning and centralized reporting

AppScan Standard Edition

• Desktop solution to automate web application security testing for IT Security, auditors, and penetration testers

AppScan Source Edition

• Adds source code analysis to AppScan Enterprise with static application security testing

JK

2012-0

4-2

6

15© 2015 IBM Corporation

Help guard against sophisticated attacks with insight into users, content and applications

Infrastructure (Network)

Portfolio Overview

IBM Security Network Intrusion Prevention (IPS)

• Delivers Advanced Threat Detection and Prevention to help stop targeted attacks against high value assets

• Proactively improves protection with IBM Virtual Patch® technology

• Helps protect web applications from threats such as SQL Injection and Cross-site Scripting attacks

• Integrated Data Loss Prevention (DLP) monitors data security risks throughout your network

• Provides Ahead of the Threat® protection backed by world renowned IBM X-Force Research

IBM Security SiteProtector

• Provides central management of security devices to control policies, events, analysis and reporting for your business

Endpoint Management & Fiberlink

JK

2012-0

4-2

6

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied.

IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or

representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products,

programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are

trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper

access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT

ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security