IBM Security Systems Solutions

1 IBM Security Systems Solutions

Agenda Market opportunity Where are companies investing in security today? What do we offer? Customer case studies and win reviews Security and the Cloud Call to action Contacts and resources 2

3 The planet is getting more instrumented, interconnected, intelligent Smart Supply Chains Smart Countries Smart Retail Smart Water Management Smart Weather Smart Energy Grids INSTRUMENTED INTERCONNECTED INTELLIGENT Smart Oil Field Technologies Smart Regions Smart Healthcare Smart Traffic Systems Smart Cities Smart Food Systems 3

4 With it comes more targets and vulnerabilities A target-rich environment Worldwide data explosion (1 Zetabyte = 1 Tillion Gigabytes) 30 billion RFID tags (products, passports, buildings, animals) 2 billion Internet users 35000 30000 35,000 Zetabytes 25000 20000 15000 60% CAGR 10000 50 billion connected objects (cars, appliances, cameras) 5 billion mobile phones 5000 0 1,800 Zetabytes 2009 2010 2012 2013 2014 2015 2020 There are security leaks involving mobile browsers that we don t even know enough about yet. CIO, Media Company 4

5 IBM Security Framework

6 Comprehensive Security Solutions

7 End to end, IBM has a strong security competitive posture HP EDS CA Symantec McAfee EMC Oracle (Sun) Cisco Verizon People and Identity Data and Information Application and Process Network, Server and End Point Physical Infrastructure Updated January 2011 7

How Does the Framework Map to Our Products? IBM Tivoli Identity and Access Assurance (TIAA) solution bundle o o o IBM Tivoli Identity Manager (TIM) IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO) IBM Tivoli Federated Identity Manager (TFIM) o IBM Tivoli Access Manager for e- business (TAMeb) o IBM Tivoli Security Information and Event Manager (TSIEM) IBM Tivoli Security Policy Manager IBM Tivoli Key Lifecycle Manager IBM Security Network Intrusion Prevention (GX series) IBM Security Server Protection IBM Virtual Server Protection for VMware IBM Security SiteProtector System IBM Tivoli Endpoint Manager for Security and Compliance, built on BigFix technology IBM Security zsecure suite Q1 Labs QRadar Solutions IBM Tivoli Security Information and Event Manager (TSIEM) 8

Tivoli Identity Manager Automates, audits, and remediates user access rights across your IT infrastructure Identity change (add/del/mod) HR Systems/ Identity Stores Access policy evaluated Approvals gathered Detect and correct local privilege settings Know the people behind the accounts and why they have the access they do Fix non-compliant accounts Tivoli Identity Manager Accounts updated Accounts on 70+ different types of systems managed. Plus, In-House Systems & portals Applications Databases Operating Systems Networks & Physical Access Automate user privileges lifecycle across entire IT infrastructure Match your workflow processes Cost Complexity Compliance Reduce Costs Self-service password reset Automated user provisioning Manage Complexity Consistent security policy Quickly integrate new users & apps Address Compliance Closed-loop provisioning Access rights audit & reports 10

TAM E-SSO Solution Overview TAM E-SSO provides: Enterprise single sign-on Two-factor authentication Automation to get users to productive point in their apps Multi-user machines (e.g. kiosks) fast user switching Identity management via TAM E-SSO or TIM Audit/reporting via TAM E-SSO or TSIEM with no change to the target applications 11

12 Web Single Sign-On

Web SSO and More with IBM Tivoli Access Mgr. for e-business (TAMeb) #1 requirement addressed by TAMeb Web single Sign-on Strong authentication Compliance -- know and show who s accessing what Security/protection High Availability Scalability 13

Complete SSO Coverage Federated SSO Federated Targets Multi-Domain SOA Internet Extranet Intranet/Kiosk Web SSO Enterprise SSO Web SSO Targets Web Servers Web Applications Portals, e.g. WP Enterprise Targets Web Windows Mainframe Java 14

We are recognized by the analysts IBM Tivoli Identity and Access Assurance (TIAA) beat out Microsoft, Novell, CA and others to win SC Magazine's 2011 award for the Best Identity Management Application (LINK) IBM named Best Security Company, winning the award for 2010 s #1 security company for 2010 by SC Magazine LINK Gartner Magic Quadrant for Web Access Management IBM is ranked in the leaders quadrant LINK Gartner MarketScope for Enterprise Single Sign-On IBM is ranked as Strong Positive LINK Gartner Magic Quadrant for SIEM Q1 Labs is ranked in the leaders quadrant - LINK IDC Worldwide Identity and Access Management 2009-2013 Forecast Update and 2008 Vendor Shares IDC ranks IBM as the overall worldwide identity and access management security software revenue leader for the third straight year LINK 15

16

Network Threat Management Business Scenario A manufacturing company has a large global footprint, with 6 data centers. They want to have thorough knowledge of what traffic is running on their network, and make sure it is authorized and free from malicious content They know many application vulnerabilities do not have current patches and are looking for a solution to address this They want a high performance solution that scales to meet their throughput needs How does IBM address this scenario? IBM Security Network Intrusion Prevention (NIPS) appliances provide deep inspection of all network traffic. With intelligence provided by IBM X-Force, these appliances can automatically update themselves, staying Ahead of the Threat. With IBM Security NIPS appliances protecting the company s websites, they will enjoy the best protection in the industry. These appliances provide true situational awareness of what is on the network, and with SiteProtector, prioritization of remediation is easily achievable. The IBM Security Virtual Patch will protect their infrastructure, even if no patch is ever available to fix vendors vulnerabilities. 17

18 IBM Intrusion Prevention The Lineup Network Protection IBM Security Network IPS IBM Security Network IPS Virtual Appliance Transparent, in-line network appliances (and virtual appliance versions) block attacks while allowing legitimate traffic to flow unhindered Server Protection IBM Security Server Protection & Server Sensor Virtual Infrastructure Protection IBM Security Virtual Server Protection for VMware IBM Security Network IPS Virtual Appliance Preemptive intrusion prevention Track user/admin behavior File integrity monitoring Host level controls for compliance VMsafe (Security) API integration Intrusion Prevention & firewall Rootkit detection/prevention Inter-VM traffic analysis And more Security Management Managed Security Services IBM Security SiteProtector Command and control Event analysis Reporting 18

19

Customer Value Delivered by Tivoli Endpoint Manager for Security and Compliance, built on BigFix technology PATCH MANAGEMENT Automated, effective, rapid patch deployment Single agent addresses Microsoft, UNIX, Linux, Mac and 3 rd - party application patches (Adobe, Mozilla, Java, ) Automated or manual network bandwidth throttling based on network traffic... CPU impact <2% Real-time reporting know which patch went where! SECURITY CONFIGURATION & POLICY COMPLIANCE Asset discovery know what is owned (and not owned), so you can be protected Security configuration mgmt. continuous assessment of endpoint security compliance... addresses audit concerns Host-based vulnerability assessment 99.9% accuracy Automated, out-of-the-box checklists for assessing security policy compliance General (PCI, SOX, ) and U.S. Government class (NIST 800-53, FDCC, DISA-STIGS, CyberScope/FISMA ) 20

Tivoli Endpoint Manager for Security and Compliance Competitive Positioning IBM TEM-SC Microsoft SCCM Symantec Altiris LANDesk Asset discovery Continuous endpoint monitoring Patch management, incl. 3 rd party applications Security configuration management Single agent for security, SW distribution, power, Cross-AV-vendor management Performance: Manage up to 250K endpoints w/1 svr. Endpoint OSs supported Win, Mac, UNIX, Linux, VMware Windows Partners for others Client: Win, Mac, Linux, no UNIX Server: Win, Linux, UNIX, VMware Win, Mac, Linux, UNIX (minus AIX) 21

Recently Announced/Delivered: TEM for Core Protection What is it? Trend Micro s cloud-based, endpoint anti-malware & firewall technology, tightly integrated with TEM (no Trend Console or Servers) Sales compensation handled same as other TEM: 100% CRev and FRev credit for IBM sales Previously sold to customers as the BigFix Core Protection Module Sold as a stand-alone TEM product, similar to TEM for Power Management IBM delivers L1 and L2 support; Trend handles error correction Sales Approach Q: Do I get paid on sales of TEM for Core Protection? A: Yes. IBM sales of TEM for Core Protection qualify as 100% CRev and FRev. Q: Do Trend reps get paid when IBM sells into their accounts? A: Yes. Trend reps get paid on the net royalty revenue paid to Trend. Q: Do IBM reps get paid when Trend sells into our accounts? A: Yes. See the TEM for Core Protection Sales FAQ in the TEM Sales Kit for details. Q: Should I collaborate with Trend account teams in my TEM-CP opportunities? A: It s up to you. Trend reps do receive compensation for IBM sales into their accounts, so there is incentive for them to support you. Both companies can compete directly in accounts there are no restrictions in this regard. 22

TEM-CP... Customers love it! Poor AV signature compliance. Many systems with systematic AV engine failures. Performance issues on systems older than three years. Replaced existing McAfee/EPO system on 4,300 endpoints in 2 weeks with no issues. A/V signature compliance went from 60% to 95%+ since the migration to CPM. Older systems ran like new once TEM-CP was installed. No centrally managed AV solution for Macs No cross-platform AV solution Need to manage/report on machines outside the internal network No additional hardware Centralized AV management for Macs Web reputation in Mac environment Easy installation; only had to package uninstall of existing AV solution 23

SIEM Risk Management Log Management Network behavior analytics Security event management User behavior analytics Compliance reporting 24

Solving Customer Challenges with Total Security Intelligence DETECTING THREATS OTHERS MISS Discovered 500 hosts with Here You Have virus, which all other security products missed CONSOLIDATING DATA SILOS 2 Billion log events per day reduced to 25 high priority offenses DETECTING INSIDER FRAUD Caught an employee sending out internal designs PREDICTING RISKS AGAINST YOUR BUSINESS Automate the policy monitoring and evaluation process for configuration changes in the infrastructure ADDRESSING REGULATION MANDATES Real-time monitoring of all network activity, in addition to PCI mandates 25

26 Solutions for the Full Compliance and Security Intelligence Timeline

Fully Integrated Security Intelligence Log Management Turnkey log management SME to Enterprise Upgradeable to enterprise SIEM SIEM Integrated log, threat, risk & compliance mgmt. Sophisticated event analytics Asset profiling and flow analytics Offense management and workflow Risk Management Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysis Network Activity & Anomaly Detection Network analytics Behavior and anomaly detection Fully integrated with SIEM Network and Application Visibility Layer 7 application monitoring Content capture Physical and virtual environments 27

TSIEM Addresses Customers Audit Log Management and Reporting Needs Broadest, most complete log and audit trail capture capability Enterprise audit log Management full life cycle W7 log normalization & unique ability to monitor user behavior Compliance management modules & regulation-specific reports 28

Audit log management & reporting multiple levels Manager of Managers Level: Netcool Omnibus, Tivoli Service Request Mgr., TEC, Business Automation dashboards. Long-term storage/ archiving TSIEM: Tivoli s Enterprise security audit management and reporting system e.g. IBM Information Archive Guardium SiteProtector IAM Others DB2 (Host/Distributed) DB2/z Sybase Oracle Database Teradata SQL Server 30 Applications (Rational AppScan) Virtualized Resources (VSP) Network (Network IPS) Hosts (Host IPS) Tivoli Identity Manager TAMeb Tivoli Federated ID Mgr. Tivoli Security Policy Mgr. Tivoli Security Operations Manager Mainframe Data and Applications NW Ops Ctr. devices System Ops Ctr. devices

Cloud Ready, Cloud Capable Security Solutions Addressing Customer s Virtualization Security Needs Today 31

Take advantage of IBM s unique security expertise and approach UNIQUE EXPERTISE ABILITY TO SECURITY DELIVER APPROACH 21 billion events monitored per day 4,000+ managed services customers 10 security development labs 9 security operations centers 6,000+ technical experts 20+ leadership recognitions 2010 Security Company of the Year 32

33

34