Managing security risks and vulnerabilities

Transcription

1 IBM Software Thought Leadership White Paper January 2014 Managing security risks and vulnerabilities Protect your critical assets with an integrated, cost-effective approach to vulnerability assessments and risk management

2 2 Managing security risks and vulnerabilities Contents 2 Introduction 2 Understanding the threat landscape 4 Getting proactive about security 5 Unifying security resources with IBM solutions 6 Unleashing the value of security intelligence 8 Improving security with vulnerability management 10 Combining vulnerability management with risk management 11 Closing the gaps in risk and vulnerability management 11 Conclusion 12 For more information 12 About IBM Security solutions Introduction While technology innovations are improving our everyday lives, cybercrime is also on the rise and the costs are higher than ever. A recent study found that the annual costs of cybercrime averaged USD11.6 million per large organization in 2013, which is an increase of 26 percent from the previous year. 1 In fact, even the most security-minded organizations can be exploited by today s operationally sophisticated attackers. And the impact can extend far beyond the bottom line. Security breaches can result in the loss of intellectual property, disrupt critical operations and damage an organization s image, brand and public reputation. Meanwhile, security teams often take approaches that are largely reactive instead of proactive; it is not uncommon for them to spend the majority of their time and budget deploying tools that can only detect and remediate breaches, rather than proactively examining and strengthening security defenses already in place. Plus, personnel are kept busy with activities such as vulnerability scanning that help ensure compliance with regulatory mandates, yet they lack the ability to add context to this data, such as which vulnerabilities create the greatest risk for the organization. As a result, many security products are designed to support reactive tasks, rather than the broader goal of detecting weaknesses and unauthorized behavior to help stay ahead of threats. Fortunately, today s organizations have a smarter option. The latest integrated security intelligence solutions use advanced labor-saving automation to deliver more value from security budgets and increase efficiency of IT staff while simultaneously strengthening their security posture. Organizations can automate management of security events, logs and network flows. In addition, they can compare network configurations to proactively identify security exposures, analyze firewall rules, simulate the potential impact of an attack, and quantify the risk from vulnerabilities. This white paper discusses how organizations can focus on protecting high-value assets and provide scalable, cost-effective, integrated security across the entire IT environment. It will explain how the right security intelligence platform can integrate vulnerability analysis, risk management and remediation support all from within a single console to proactively identify security weaknesses and minimize potential risks across a dynamic infrastructure. Understanding the threat landscape Security breaches are increasingly reported in the media, thanks to the growing number of attacks and their increasing severity. The IBM X-Force research and development team recently reported that the total number of security incidents for 2013 was on track to surpass the numbers from What s more, the organizations targeted by attackers have often deployed basic security measures. So why are the attacks successful?

3 IBM Software 3 Vulnerability disclosures growth by year 10,000 9,000 8,000 7,000 6,000 5,000 4,000 3,000 2,000 1, prediction of (first half doubled) Source: IBM X-Force 2013 Mid-Year Trend and Risk Report IBM X-Force reported that halfway through 2013, vulnerability disclosures were on track to surpass the total number disclosed in For one thing, disparate security solutions are sometimes just toolkits. They often lack the ability to perform real-time analysis of network flows, or to add context to network traffic and topologies. This means that IT security teams have limited visibility into what s really happening on the network. Vulnerability scans can reveal hundreds of thousands or even millions of exposures, and security administrators are typically faced with the near-impossible task of prioritizing their efforts and then manually mitigating and patching the weaknesses. To make matters worse, security threats keep escalating, compliance efforts don t go far enough, and organizations are hampered by inefficient, disparate tools for risk and vulnerability management. Security threats are escalating The quantity of vulnerabilities are exploding in today s dynamic environments, while attackers are exploiting them faster than ever before and with greater sophistication and stealth. In socalled zero-day attacks, exploits are created for vulnerabilities in which a patch has not been released. In fact, X-Force found that 77 percent of all exploitable vulnerabilities have a public exploit available on the very same day. 3 Then, in addition to the potential lag time between the disclosure of vulnerabilities and the availability of a patch, organizations need time to determine which systems are affected, prioritize their remediation, and take corrective action to patch those machines. At the same time, today s sophisticated attackers are becoming stealthier. Recent research, for example, shows that attackers are spending long periods of time in the victim s network an average of 243 days before being discovered. 4 And even after an incident is remediated, many targets are attacked again. To get ahead of these advanced threats, security teams need to be able to analyze network flows, detect anomalous behavior and identify malicious patterns of activity. They must be able to consider the complete network context of security events gathered from disparate sources to help prevent attackers from wreaking havoc.

4 4 Managing security risks and vulnerabilities Compliance efforts are not enough Many organizations deploy only enough security technology to satisfy compliance requirements relevant to their industry, such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), the North American Electric Reliability Corporation (NERC), Federal Energy Regulatory Commission (FERC) or the Federal Information Security Management Act (FISMA). In addition, they may have to comply with their own corporate security requirements. And yet, these organizations often realize that they are likely not doing enough. They typically understand the importance of vulnerability and risk management, but simply lack the proper tools and adequate staff to do a good job of it. By deploying security solutions just to maintain compliance, organizations are faced with: Lack of visibility: Disjointed security point solutions lack complete visibility. They produce results that must be reconciled, correlated and integrated in order to be useful. Today s organizations need solutions that are easy to install, provide rapid time to value, and deliver a consolidated view of the entire IT environment where all types of devices are susceptible to attack. Inconsistent information: Fragmented processes often provide conflicting or stale information about patches, malware signatures and configurations. This can make accurate compliance reporting a near-impossibility. In addition, different teams are often unable to work together to manage critical risks and vulnerabilities, since event correlation and prioritization across tools is often unsupported. Increased costs: Routine compliance audits with disparate tools can require more staff, which translates into higher costs. Audits frequently need to be repeated to help ensure that findings are addressed which adds to costs, extends exposure times and increases the vulnerability of noncompliant systems. The need for integrated risk management Today s organizations are forced to manage security products from many different vendors, using different types of tools. For example, they may have firewalls from Cisco, Check Point and Juniper Networks, to name a few. The challenge is being able to manage risk and compliance across this heterogeneous environment. What s more, as endpoints multiply across the organization, configuration errors and other vulnerabilities grow. Mitigating these risks and staying ahead of attackers is essential, particularly when critical assets with unpatched vulnerabilities are exposed to attackers, both inside and outside of the network perimeter. With disparate tools and siloed operations, organizations are unable to react in near real time to the changing risk landscape. Threats are continually evolving, and the network environment is constantly changing. But many vulnerability scanners and riskmanagement tools operate in isolation. They are not integrated with a security information and event management (SIEM) engine to gauge and reduce risks with real-time analytics. For example, firewall configuration errors are a gateway for attackers, and organizations struggle with addressing this risk. The ability to automatically collect, centralize, normalize and analyze firewall rules for errors and weaknesses is critical. Large organizations can have thousands of firewalls, each with thousands of firewall rules. Relying upon manual analysis of these firewall rules can be a waste of time and money, since it is usually ineffective. Even in small environments, manual analysis can consume precious IT resources that could be spent on more strategic activities. In contrast, the latest risk-management solutions can also model network configuration changes before they are made and simulate the potential spread of threats. Getting proactive about security To reduce the risk of exploits and compliance violations while also reducing the cost of manual labor and inefficient point solutions organizations need a comprehensive, proactive approach to security. On today s smarter planet, security teams

5 IBM Software 5 need to think like an attacker with a counter-intelligence mindset; they need to focus on managing vulnerabilities in terms of business risk and stop attacks before they occur. Rather than reacting to compliance mandates or media reports of high-profile attacks, organizations need to proactively: networks require monitoring of the entire environment in real time. In fact, forward-thinking organizations need proactive, predictive and automated analytics to help them understand normal patterns of use so they can quickly identify anomalies, suspicious activity and other threatening trends to help avoid data loss and service interruptions. Identify and protect high-value assets (people, applications, data and networks) at risk for attack Understand baseline behavior for systems and networks Detect anomalies, analyze data and remediate issues Gather and preserve evidence Assess the effectiveness of security defenses Understand, investigate and monitor network connections and topology Compare network device configurations, event counts and a history of rules Simulate attacks for proactive risk mitigation Unifying security resources with IBM solutions IBM offers integrated security solutions that can consolidate information from across your environment to help you strengthen your security posture, prioritize security activities and extend the value of your IT investments. While many security tools are available for security teams to perform vulnerability and risk assessments, these tools often lack the intelligence, automation and integration needed to make those assessments actionable. What s more, IBM security products not only integrate with each other, but also with other third-party solutions. With the latest integrated security intelligence solutions, organizations can use continuous monitoring and automated problem resolution to help improve their security posture. These solutions can generate meaningful data from activity associated with people, data, applications and infrastructure, and then pull all of that data into a single repository. What s more, organizations can apply advanced analytics to that data whether that data is traditional security data or nontraditional, unstructured big data, such as messages to connect different events to one another, identify activity that is out of the ordinary and automatically remediate the security threats that were discovered. Today, the wide variety of end-user devices, disparate backend systems and the dynamic nature of IT infrastructures presents challenges for traditional security technologies that is, the firewalls and signature-based intrusion detection systems that block known threats. Coupled with a new generation of sophisticated attacks that are hard to detect and prevent, today s ever-changing An integrated approach to security can deliver significant advantages, including: Real-time visibility: To help protect the entire IT environment, an integrated approach provides security administrators with the comprehensive, real-time visibility they need into the security state of any connected device, regardless of where the device is physically located. Consistent information: An integrated approach can help ensure that reports and assessments provide the same up-to-date and accurate information to multiple teams. Reduced costs: An integrated approach can minimize risk while also reducing the costs associated with managing security. A consolidated, proactive solution is much less expensive over the long term than traditional point tools that are often used for traditional security management.

6 6 Managing security risks and vulnerabilities Unleashing the value of security intelligence Organizations that take a barebones approach to security tend to deploy log management solutions with other standalone safeguards such as firewalls, intrusion detection, network encryption, vulnerability scanners and authentication systems. But these disparate point products do not provide the intelligence, automation and integration needed for proactive security management. IBM QRadar Security Intelligence Platform provides a highly integrated approach to security that can help improve operational efficiency, lower costs, and manage vulnerabilities and risk for the entire organization. By automating processes and consolidating information, these integrated IBM solutions enable companies to proactively and cost-effectively manage data privacy and protection rather than simply focusing on passing an audit. Using IBM Security QRadar solutions, organizations can make security a priority and deliver strategic value to the business. Log management Next-generation SIEM Network activity monitoring Risk management Vulnerability management Future Prioritized offenses Network, asset and identity context Categories Normalization and categorization Events, logs, configuration and flow data IBM QRadar Security Intelligence Platform provides an integrated approach to understanding the context of vulnerabilities and minimizing risk.

7 IBM Software 7 Anchored by powerful, next-generation SIEM technology, QRadar solutions enable organizations to achieve comprehensive security intelligence by integrating log event data from across the IT infrastructure with network flow data, configuration and vulnerability data, application events and activities, user identities, asset profiles, geolocation details and more. After performing distributed data collection, normalization and correlation analysis, QRadar solutions then forward actionable results to a central console for further review and remediation. QRadar Security Intelligence Platform provides a seamlessly integrated solution for: Log management: Most organizations generate huge volumes of logs, and analyzing them can pose significant challenges. With its customizable rules engine that includes thousands of out-of-the-box rules, IBM Security QRadar Log Manager can process each incoming event in real time; assign severity, credibility and relevance attributes; and then trigger an appropriate response. IT staff can analyze data and activity trends from a central dashboard, identify security anomalies and potential risks, and take action before any damage can occur. It can also be easily upgraded to a full SIEM solution with the use of a simple license key. SIEM technology: Security teams need to understand the nature of potential threats, including: Who is attacking? What is being attacked? What is the business impact? Where do we investigate? IBM Security QRadar SIEM captures data from hundreds of data sources, including event data, network flows, asset vulnerabilities and user identity information. It correlates these disparate types of data and categorizes them by risk severity, so IT staff can prioritize their remediation activities with a manageable list. Unlike an individual toolkit, QRadar SIEM is an integrated solution that is easy to install and easy to use, providing a rapid time to value. It features a single management interface and a common database for consistent results. Network activity monitoring: QRadar Security Intelligence Platform provides deep network monitoring with anomaly detection capabilities that can add rich context about potential threats. In addition, IT staff can also help detect and prevent advanced threats from the inappropriate use of protocols, to the unauthorized access of sensitive information, to the misuse of administrative passwords. Risk assessments: To proactively manage vulnerabilities and stay a step ahead of threats, IBM Security QRadar Risk Manager enables IT staff to visualize the network topology, review security device configuration data and detect configuration errors all from a single location. It features an automated policy engine that can quantify the risk of exploits by calculating attack paths to vulnerable assets and evaluate actual and potential network traffic for compliance with policy. IT staff can also simulate threat propagation and assess the potential impact of changes before they are made. Risk scoring enables the modification of vulnerability severity scores based on environmental factors like network reachability and asset configuration. Vulnerability management: Most vulnerability scanners simply identify large numbers of exposures and leave it up to security teams to manually determine the severity of risks. IBM Security QRadar Vulnerability Manager provides a single, fully integrated vulnerability assessment and analytics system that supports all major operating systems and devices. The product s distributed scanning architecture leverages existing QRadar hardware and can be quickly activated with a license key, reducing deployment time and costs. It also leverages integration with QRadar Security Intelligence Platform to support event-driven scans and deep correlations between QRadar SIEM and QRadar Risk Manager. This way, limited IT resources can be focused on protecting assets with the highest risk of attack. QRadar Security Intelligence Platform features a unified architecture that helps organizations improve security almost immediately. Using a single, familiar interface, security teams can quickly begin managing risks and vulnerabilities across a distributed, heterogeneous environment.

8 8 Managing security risks and vulnerabilities IBM Security QRadar SIEM makes it easy for security teams to manage vulnerabilities and exposures that pose the greatest risk all from a single dashboard. Improving security with vulnerability management Many organizations have implemented vulnerability management tools to comply with security policy and compliance regulations, but those tools are often siloed point solutions with separate scanners for networks, applications and databases which creates huge inefficiencies in both time and effort. These disparate tools typically identify a sea of vulnerabilities that are not correlated, categorized or prioritized, and do not result in actionable information. In fact, typical networks might have up to 30 vulnerabilities per IP address,2 resulting in overwhelmed patch management and remediation processes. IT staff need to be able to focus their efforts on the most critical vulnerabilities and catch hidden weaknesses that are missed by periodic scanning. QRadar Vulnerability Manager is designed to transform tedious monthly or quarterly vulnerability scanning and reporting into a fully integrated, continuous monitoring program that combines regularly scheduled vulnerability scans with the real-time capabilities of QRadar Security Intelligence Platform. The result is complete visibility across dynamic, multi-layered networks. Organizations can: Create, schedule, monitor and view the results of vulnerability scans directly from the QRadar user interface Leverage the QRadar rules engine to invoke event-driven vulnerability scans, such as when a new asset is attached to the network Perform comprehensive analysis into asset vulnerabilities (regardless of discovery source), including powerful searching and filtering capabilities

9 IBM Software 9 Save vulnerability searches for re-use by other QRadar applications, including QRadar Risk Manager Make faster, better-informed decisions with a risk-prioritized, consolidated view of vulnerability scan data Generate early-warning alerts that identify the systems that may be vulnerable to the latest exploits even before vulnerability data is published Help coordinate patching and virtual patching activities, including recommending intrusion prevention system (IPS) and next-generation firewall signatures to block potential attack paths QRadar Vulnerability Manager includes an embedded, PCIcertified scanning engine for running scheduled, on-demand and event-triggered scans, providing near real-time visibility to weaknesses that could otherwise remain hidden for weeks or months. The QRadar solution can detect and immediately scan any new asset that appears on the network. As a result, organizations can reduce their exposure to vulnerabilities between regular scanning cycles and help ensure compliance with the latest security regulations. Using the same rules-based approach as QRadar SIEM, QRadar Vulnerability Manager helps minimize false positives and filters out vulnerabilities already classified as non-threatening that is, vulnerabilities that can be given a low priority and be patched later. For example, applications may be installed on a server, but they may be inactive, and are therefore not an imminent security risk. Integration with QRadar Risk Manager can reveal when devices that appear exposed are actually protected by a firewall or intrusion protection device; likewise, integration with IBM Endpoint Manager can show which vulnerabilities are patchable, which endpoint vulnerabilities are already scheduled for patching, and which patches have been applied. Inactive Inactive: Network flow data can help identity if applications are active Patched Blocked Blocked: Firewall and IPS rules can identify what vulnerabilities are exposed Patched: Integration with patch management will reveal what vulnerabilities will be patched Critical At risk! Exploited! Exploited: Integration with threat platforms can alert when specific vulnerabilities are attacked Critical: Vulnerability knowledge base, remediation flow and policies inform about business-critical vulnerabilities At risk: Usage and threat data can be used to identify what vulnerabilities are at risk IBM Security QRadar Vulnerability Manager can help organizations understand the severity of vulnerabilities, including which systems are scheduled for patches or blocked by firewalls, so security personnel can prioritize remediation efforts efficiently.

10 10 Managing security risks and vulnerabilities QRadar Vulnerability Manager maintains a current view of all discovered vulnerabilities, including which vulnerabilities are still at risk of being exploited. The software also presents historic views of daily, weekly and monthly trends, and can produce the long-term trending reports required by many security compliance regulations. Combining vulnerability management with risk management QRadar SIEM enables organizations to centralize vulnerability data from many different sources, ranging from QRadar Vulnerability Manager to other IBM products, such as IBM Security AppScan, Endpoint Manager and IBM InfoSphere Guardium, as well as many third-party vulnerability assessment tools. With all of this vulnerability data at their fingertips, security professionals need to be able to risk-prioritize the data not only by using industry-standard benchmarks, such as the Common Vulnerability Scoring System (CVSS), but also by increasing or lowering risk scores based on local network activity and device configurations. Risk management can help. With the right risk-management solution, organizations can: Build a network topology Security teams can create a model of the network that not only depicts the relationships between network devices, but also shows the active application paths by understanding network security device configuration and routing information. Create and monitor risk policies With the QRadar Risk Manager policy engine, security teams can test compliance rules against actual network traffic, network configurations, asset configurations and vulnerabilities. For example, they can create policy-monitoring questions that test whether the network traffic crossing the DMZ is restricted to well-known and trusted protocols (such as HTTP or HTTPS on specified ports), test which users are communicating with critical network assets, and identify rules in a device that violate a defined policy or introduce risk into the environment. A very common occurrence is when servers that were not previously accessible from the Internet become inadvertently accessible due to a firewall change. Simulate threats Security teams can leverage the network topology, network traffic and vulnerability data to depict how an exploit could spread through the network. IBM Security QRadar Risk Manager enables organizations to visualize the relationships between network devices and simulate the impact of changes on high-value assets.

11 IBM Software 11 QRadar Risk Manager meets all of these requirements and more, complementing QRadar SIEM and QRadar Vulnerability Manager by helping organizations identify their most vulnerable, highest-risk assets. It can generate alerts when assets and devices engage in out-of-policy activities or if a firewall rule change could potentially expose them to exploit. Organizations can also create policies that calculate attack paths between the Internet and assets with unpatched vulnerabilities, automatically increasing the risk score of those assets so their remediation activities can be prioritized. Using the QRadar Risk Manager interface available from within the unified QRadar Security Intelligence Platform central console IT staff can: Easily create and maintain a network topology by leveraging security device configuration data and routing information Create policies that map directly to security mandates and compliance requirements, such as checking for the actual or potential use of insecure protocols, unapproved applications and communications between networks Develop policies that evaluate unpatched vulnerabilities, asset configurations and reachability by attackers in order to increase or decrease the risk score of those vulnerabilities and assets, enabling risk-prioritized remediation activities Simulate firewall rule changes and model the spread of potential exploits across the network QRadar Risk Manager is a fully integrated part of QRadar Security Intelligence Platform, which allows it to leverage a wide breadth and depth of security data that other products cannot match. This includes network events and flows, as well as asset vulnerabilities and configuration data. As a result, QRadar Risk Manager can automatically identify offenses and generate notifications when policies are not in compliance. And this is all accomplished through the unified console for QRadar solutions. Closing the gaps in risk and vulnerability management QRadar Risk Manager and QRadar Vulnerability Manager are designed to work together to provide smarter protection for high-value assets. While QRadar Vulnerability Manager provides the status of system vulnerabilities, QRadar Risk Manager adds the network context. It knows which network paths are active, which systems can be directly attacked via the Internet (or from other points inside the network, such as potentially exploited machines) and which ones are protected. Together, they provide a powerful solution for managing vulnerabilities and risks. To obtain early warnings of potential attacks, an organization can create a policy in QRadar Risk Manager that checks vulnerable assets for an attack path that could be used to exploit the machine. The policy can then be set to increase or decrease the risk score of the vulnerabilities on affected devices; for example, security teams can increase the risk score by 50 percent for devices that are directly attackable and decrease the risk score by 50 percent for devices that are not attackable. Users can then generate vulnerability reports sorted by risk score, which can then be used by patch managers to schedule remediation for the riskiest assets first. Dynamically increasing or decreasing the relative risk of a system s vulnerabilities, along with the relative need for patching, is a strategic advantage of linking QRadar Risk Manager with QRadar Vulnerability Manager. Conclusion With security threats exploding around the world, organizations need to be proactive about managing risks and vulnerabilities before any significant damage can occur. QRadar Security Intelligence Platform enables organizations to stay a step ahead of security threats and get more value from their security budget by focusing on critical assets that are truly at risk. Advanced labor-saving automation can increase efficiency of IT staff. Plus, QRadar solutions are easy to install and upgrade, often just requiring a simple license key to enable additional functionality.

12 By taking advantage of the integration between QRadar Vulnerability Manager and QRadar Risk Manager, IT teams have the power to proactivity identify vulnerabilities and minimize risks across a dynamic infrastructure. They can visualize the network environment, calculate risk scores, simulate attacks, prioritize vulnerabilities and take efficient, corrective action to take a bite out of cybercrime. For more information To learn more about the integrated products within IBM QRadar Security Intelligence Platform, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/software/products/us/en/qradar About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned X-Force research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world s broadest security research, development and delivery organizations, monitors 15 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. 1 Ponemon Institute, 2013 Cost of Cyber Crime Study: United States, October /2013_us_ccc_report_final_6-1_13455.pdf 2 IBM, IBM X-Force 2013 Mid-Year Trend and Risk Report, September IBM, IBM X-Force 2012 Trend and Risk Report, March Eduard Kovacs, It Takes a Company 243 Days to Discover a Sophisticated Attack, Study Shows, Softpedia, March 15, Discover-a-Sophisticated-Attack-Study-Shows shtml Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY Produced in the United States of America January 2014 IBM, the IBM logo, ibm.com, AppScan, InfoSphere, Guardium, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statements regarding IBM s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. Please Recycle WGW03049-USEN-00