cloud security enforcer - quick steps to avoid the blind spots of shadow it
TRANSCRIPT
IBM Security WebinarIBM Cloud Security EnforcerJOHAN LARKSATERSECURITY SAAS EUROPE – IBM SECURITYJUNE 2016
2 IBM Security 2© 2016 IBM Corporation
What we will cover
• Introductions
• The cloud is here, ready or not
• Cloud Security Enforcer overview
• Cloud app visibility, Qradar integration, and mobile
• Secure connectivity and IDaaS
• Protection and policies
• Wrap up and Q & A
3 IBM Security 3© 2016 IBM Corporation
Today’s Featured Guest
Sean BrownOffering ManagerCloud Security
4 IBM Security 4© 2016 IBM Corporation
Cloud is here to stay, are you ready to move with the business?
EMPLOYEES IT OPERATIONS YOUR BUSINESS
Look for better ways to get their jobs done
Find cloud services quick and easy to use
Wants to save money and reduce complexity
Wants to automate and consolidate IT
Loses visibility and control over IT
New risk requires new safeguards
5 IBM Security
Security and IT leaders face new challenges
CISO / CIO:
Uncover “Shadow IT” Gain visibility of all cloud app usage Simplify connecting to approved apps Remove mobile blind spots
Stop risky user behavior Quickly react to cloud threats Address compliance
and governance concerns
How does my organization?
“My team is not equipped to manage the increased employee usage
and demand for cloud”
6 IBM Security
IBM Cloud Security Enforcer
PROTECTAgainst cloud-related threats
CONNECTUsers to approved cloud apps
DETECTUsage of cloud apps and actions
7 IBM Security
A new SaaS solution to help securely deploy cloud services
Identity and Access Control
Threat Prevention
Policy Enforcement
Discovery and Visibility
Cloud Event Correlation
DETECT CONNECT PROTECT
MOBILE
BYOD
ON PREM
RISKY APPS
APPROVED APPS
EMPLOYEES
8 IBM Security 8© 2016 IBM Corporation
DETECTApp usage and user activity
9 IBM Security 9© 2016 IBM Corporation
Discover thousands of cloud apps View analytics and risk reports Chart progress over time
DETECT APPROVED / SHADOW APPS
10 IBM Security 10© 2016 IBM Corporation
Correlate cloud activity to employees Identify suspicious activities and trends See and respond to priority alerts
DETECT DETAILED USER ACTIVITY
11 IBM Security 11© 2016 IBM Corporation
IBM Cloud Security Enforcer QRadar Connector
• IBM Cloud Security Enforcer QRadar Connector offers SOC operators a view of the top offense, user, and application data from IBM Cloud Security Enforcer within QRadar itself, thus providing a streamlined view of security in one pane of glass.
• The application is configured via an admin plugin where the user can specify the hostname of the Cloud Security Enforcer assigned to them.
• From this point dashboard widgets are provided to view current day offense, user, and application data.
12 IBM Security 12© 2016 IBM Corporation
Visibility of high risk users and cloud applications Covers the “Mobile Blind Spot” that most SIEM tools miss Behavioral analysis for mobile users with alerting
Enhances QRadar with:
13 IBM Security 13© 2016 IBM Corporation
DemoIBM Cloud Security Enforcer QRadar Connector
14 IBM Security 14© 2016 IBM Corporation
IBM Cloud Security Enforcer – Discovery
Cloud, SaaS, & Private Apps
SecureGateway
. . .(plus many more)
Discovery
EnterpriseEmployees
Microsoft Active Directory
EventCollection
IDBridge
DirectorySync
15 IBM Security 15© 2016 IBM Corporation
IBM Cloud Security Enforcer – Mobile Protection
Home WiFi /Cellular DataNetwork
Cloud, SaaS, & Private Apps
. . .(plus many more)
Mobile ProtectionClient
Gateway(VPN/Proxy)
Traffic Inspection
<<Fl
ow d
ata
16 IBM Security 16© 2016 IBM Corporation
CONNECTUsers to approved cloud apps
17 IBM Security 17© 2016 IBM Corporation
September 30, 2015
GitHub Connecter
GitHub Connecter for NA Dev Team
On/Off toggles for cloud access Correct out of policy application usage
CONNECT THE BUSINESS TO APPROVED APPS, DISABLE OTHERS
18 IBM Security 18© 2016 IBM Corporation
Display approved app catalog Enable self-onboarding Find and use apps faster
CONNECT USERS TO CLOUD APPS
19 IBM Security 19© 2016 IBM Corporation
IBM Cloud Security Enforcer – Single Sign-On & Launchpad
Microsoft Active Directory
Cloud, SaaS, & Private Apps
SecureGateway
. . .(plus many more)
EventCollection
IDBridge
DirectorySync
SSO [Service Provider] Launchpad
& Catalog
SSO [Identity Provider]
EnterpriseEmployees
20 IBM Security 20© 2016 IBM Corporation
ProtectAgainst cloud-related threats
21 IBM Security 21© 2016 IBM Corporation
Understand cloud app reputation Prioritize apps based on past threats Limit interaction with unsafe apps
PROTECT AGAINST RISKY APPS
22 IBM Security 22© 2016 IBM Corporation
Establish user risk ratings Address “rogue” cloud app usage User risk score calculated by aggregate usage Send alerts when there’s risky behavior
PROTECT AGAINST RISKY BEHAVIOR
24 IBM Security
Key takeaways
First solution to combine cloud discovery, identity & access, and threat prevention
Focused on securely enabling the business for cloud apps
Protects against cloud threats using IBM’s network of threat intelligence
123
ibm.com/security/cloud-enforcer
25 IBM Security 25© 2016 IBM Corporation
130+countries where IBM delivers
managed security services
25 industry analyst reports rankIBM Security as a LEADER
No. 1 enterprise security software vendor in total revenue
12K+ clients protected
90% of the Fortune 100 companies
Visit our web page ibm.com/security/
Watch our videosIBM Security YouTube Channel
View upcoming webinars & blogssecurityintelligence.com
Follow us on Twitter@ibmsecurity
Join IBM X-Force Exchangexforce.ibmcloud.com
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.
IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
FOLLOW US ON:
THANK YOU