IBM Security Systems Solutions
Agenda
Market opportunity
Where are companies investing in security today?
What do we offer?
Customer case studies and win reviews
Security and the Cloud
Call to action
3
The planet is getting more instrumented, interconnected, intelligent
Smart Supply Chains Smart Countries Smart Retail Smart Water Management Smart Weather Smart Energy Grids
Smart Oil Field Technologies Smart Regions Smart Healthcare Smart Traffic Systems Smart Cities Smart Food Systems
4
With it comes more targets and vulnerabilities
0 5000 10000 15000 20000 25000 30000 35000 2009 2010 2012 2013 2014 2015 2020 35,000 Zetabytes 1,800 Zetabytes
(1 Zetabyte = 1 Tillion Gigabytes)
60% CAGR 2 billion Internet users 50 billion connected objects (cars, appliances, cameras) 5 billion mobile phones 30 billion RFID tags
(products, passports, buildings, animals)
“There are security leaks involving mobile browsers that we don’t even know enough about yet.”
CIO, Media Company
End to end, IBM has a strong security competitive posture
7
HP EDS
CA Symantec McAfee EMC Oracle (Sun)
Cisco Verizon
People and Identity
Data and Information Application and
Process Network, Server
and End Point Physical Infrastructure
How Does the Framework Map to Our Products?
• IBM Tivoli Identity and Access
Assurance (TIAA) solution bundle
o IBM Tivoli Identity Manager (TIM)
o IBM Tivoli Access Manager for
Enterprise Single Sign-On (TAM E-SSO)
o IBM Tivoli Federated Identity Manager (TFIM)
o IBM Tivoli Access Manager for e-business (TAMeb)
o IBM Tivoli Security Information and Event Manager (TSIEM)
• IBM Tivoli Security Policy Manager
• IBM Tivoli Key Lifecycle Manager
• IBM Security Network
Intrusion Prevention (GX series)
• IBM Security Server
Protection
• IBM Virtual Server Protection
for VMware
• IBM Security SiteProtector
System
• IBM Tivoli Endpoint Manager
for Security and Compliance, built on BigFix technology
• IBM Security zSecure suite
Q1 Labs QRadar Solutions
Tivoli Identity Manager Identity change (add/del/mod) HR Systems/ Identity Stores Approvals gathered Accounts updated Accounts on 70+ different types of systems managed.
Plus, In-House Systems & portals Databases Operating Systems Databases Databases Operating Systems Operating Systems Applications Applications Networks & Physical Access Access policy evaluated Cost Complexity Reduce Costs • Self-service password reset • Automated user provisioning Manage Complexity • Consistent security policy • Quickly integrate
new users & apps
Detect and correct local privilege settings
Compliance Address Compliance • Closed-loop provisioning • Access rights
audit & reports
• Automate user privileges lifecycle across entire IT infrastructure
• Match your workflow processes
Tivoli Identity Manager
Automates, audits, and remediates user access rights across your IT infrastructure
TAM E-SSO Solution Overview
TAM E-SSO provides: Enterprise single sign-on Two-factor authentication
Automation to get users to productive point in their apps
Multi-user machines (e.g. kiosks) fast user switching
Identity management via TAM E-SSO or TIM
Audit/reporting via TAM E-SSO or TSIEM
Web single Sign-on Strong authentication
Security/protection High Availability Scalability
Compliance -- know and show who’s accessing what
#1 requirement addressed by TAMeb
We are recognized by the analysts…
IBM Tivoli Identity and Access Assurance (TIAA) beat out
Microsoft, Novell, CA and others to win SC Magazine's 2011
award for the
Best Identity Management Application
(
LINK
)
IBM named
Best Security Company
, winning the award for
2010’s #1 security company for 2010 by SC Magazine –
LINK
Gartner Magic Quadrant for Web Access Management – IBM is
ranked in the
leaders
quadrant – LINK
Gartner MarketScope for Enterprise Single Sign-On – IBM is
ranked as
Strong Positive
–
LINK
Gartner Magic Quadrant for SIEM – Q1 Labs is ranked in the
leaders
quadrant -
LINK
IDC Worldwide Identity and Access Management 2009-2013
Forecast Update and 2008 Vendor Shares – IDC ranks IBM
as the
overall worldwide identity and access management
security software revenue leader
for the third straight year –
Network Threat Management Business Scenario
A manufacturing company has a large global footprint, with 6 data centers.
They want to have thorough
knowledge of what traffic is running on their network, and make sure it is authorized and free from malicious content
They know many application
vulnerabilities do not have current patches and are looking for a solution to address this
They want a high performance solution that scales to meet their throughput needs
How does IBM address this scenario? IBM Security Network Intrusion
Prevention (NIPS) appliances provide
deep inspection of all network traffic.
With intelligence provided by IBM X-Force, these appliances can automatically update themselves, staying “Ahead of the Threat”. With IBM Security NIPS appliances
protecting the company’s websites, they will enjoy the best protection in the
industry.
These appliances provide true “situational awareness” of what is on the network, and with SiteProtector, prioritization of
remediation is easily achievable. The IBM Security “Virtual Patch” will
protect their infrastructure, even if no patch is ever available to fix vendors
IBM Intrusion Prevention—The Lineup
18
Network Protection
IBM Security Network IPS
IBM Security Network IPS Virtual Appliance
Virtual Infrastructure Protection
IBM Security Virtual Server Protection for VMware IBM Security Network IPS Virtual Appliance
Server Protection
IBM Security Server Protection & Server Sensor
Security Management
Managed Security Services IBM Security SiteProtector
Transparent, in-line network appliances (and virtual appliance versions) block attacks while allowing
legitimate traffic to flow unhindered • Preemptive intrusion prevention • Track user/admin behavior • File integrity monitoring • Host level controls for
compliance
• Command and control • Event analysis
• Reporting
Customer Value Delivered by Tivoli Endpoint Manager for
Security and Compliance, built on BigFix technology
Automated, effective, rapid patch deployment
Single agent addresses Microsoft, UNIX, Linux, Mac and 3
rd-party application patches (Adobe, Mozilla, Java, …)
Automated or manual network bandwidth throttling based on
network traffic . . . CPU impact <2%
Real-time reporting – know which patch went where
PATCH MANAGEMENT
Asset discovery – know what is owned (and not owned), so you
can be protected
Security configuration mgmt. – continuous assessment of
endpoint
security compliance . . . addresses audit concerns
Host-based vulnerability assessment – 99.9% accuracy
Automated, out-of-the-box checklists for assessing security
policy compliance – General (PCI, SOX, …) and U.S.
Government class (NIST 800-53, FDCC, DISA-STIGS,
CyberScope/FISMA…)
!
Tivoli Endpoint Manager for Security and Compliance
Competitive Positioning
Microsoft SCCM Symantec Altiris LANDesk TEM-SC IBM Asset discovery Continuous endpoint monitoringPatch management, incl.
3rd party applications
Security configuration management
Single agent for security, SW distribution, power, …
Cross-AV-vendor management
Performance: Manage up to 250K endpoints w/1 svr.
Endpoint OSs supported Win, Mac, UNIX, Windows
Client: Win, Mac, Linux, no UNIX
Server: Win, Linux, UNIX,
Recently Announced/Delivered: TEM for Core
Protection
What is it?
• Trend Micro’s cloud-based, endpoint anti-malware & firewall technology, tightly integrated
with TEM (no Trend Console or Servers)
• Sales compensation handled same as other TEM: 100% CRev and FRev credit for IBM sales
• Previously sold to customers as the BigFix Core Protection Module
• Sold as a stand-alone TEM product, similar to TEM for Power Management
• IBM delivers L1 and L2 support; Trend handles “error correction”
Sales Approach
Q: Do I get paid on sales of TEM for Core Protection?
A: Yes. IBM sales of TEM for Core Protection qualify as 100% CRev and FRev. Q: Do Trend reps get paid when IBM sells into their accounts?
A: Yes. Trend reps get paid on the net royalty revenue paid to Trend. Q: Do IBM reps get paid when Trend sells into our accounts?
A: Yes. See the TEM for Core Protection Sales FAQ in the TEM Sales Kit for details. Q: Should I collaborate with Trend account teams in my TEM-CP opportunities?
A: It’s up to you. Trend reps do receive compensation for IBM sales into their accounts, so there is incentive for them to support you. Both companies can compete directly in
TEM-CP . . . Customers love it!
• Poor AV signature compliance.
• Many systems with systematic AV engine failures.
• Performance issues on systems older than three years.
• Replaced existing McAfee/EPO system on 4,300 endpoints in 2 weeks with no issues.
• A/V signature compliance went from 60% to 95%+ since the migration to CPM.
• Older systems ran like new once TEM-CP was installed.
No centrally managed AV solution for Macs
No cross-platform AV solution
Need to manage/report on machines outside the
internal network
No additional hardware
Centralized AV management for Macs
Web reputation in Mac environment
SIEM
Risk Management
Log Management
Network behavior analytics
Security event management
User behavior analytics
Solving Customer Challenges with Total
Security Intelligence
Discovered 500 hosts with “Here You Have” virus, which all other security products missed
DETECTING THREATS OTHERS MISS
2 Billion log events per day reduced to 25 high priority offenses
CONSOLIDATING DATA SILOS
Caught an employee sending out internal designs
DETECTING INSIDER FRAUD
Automate the policy monitoring and evaluation process for configuration changes in the infrastructure
PREDICTING RISKS AGAINST YOUR BUSINESS
Real-time monitoring of all network activity, in addition to PCI mandates
Fully Integrated Security Intelligence
• Turnkey log management • SME to Enterprise
• Upgradeable to enterprise SIEM
• Integrated log, threat, risk & compliance mgmt. • Sophisticated event analytics
• Asset profiling and flow analytics • Offense management and workflow
• Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat visualization and impact analysis
• Network analytics
• Behavior and anomaly detection • Fully integrated with SIEM
• Layer 7 application monitoring • Content capture
• Physical and virtual environments
Broadest, most complete log and audit trail capture capability
Enterprise audit log Management – full life cycle
W7 log normalization & unique ability to monitor user behavior
Compliance management modules & regulation-specific
reports
Audit log management & reporting – multiple levels
• Applications (Rational AppScan)
• Virtualized Resources (VSP)
• Network (Network IPS) • Hosts (Host IPS)
• Tivoli Identity Manager • TAMeb
• Tivoli Federated ID Mgr. • Tivoli Security Policy Mgr. • Tivoli Security Operations
• Mainframe • Data and Applications • NW Ops Ctr. devices • System Ops • DB2 (Host/Distributed) • DB2/z • Sybase • Oracle Database • Teradata
“Manager of Managers” Level: Netcool
Omnibus, Tivoli Service Request Mgr., TEC,
Business Automation dashboards.
TSIEM: Tivoli’s
Enterprise
security audit
management
and reporting
system
Long-term storage/
archiving
Guardium
SiteProtector
IAM
Others
e.g. IBM
Information
Addressing Customer’s Virtualization Security Needs Today
Take advantage of IBM’s unique security expertise
and approach…
21 billion events monitored per day
4,000+ managed services customers
10 security development labs 9 security operations centers 6,000+ technical experts 20+ leadership recognitions 2010 Security Company of
the Year
