ibm internet systems security solution overview€¦selling ibm internet security systems solutions...
TRANSCRIPT
IBM Internet Security Systems™
© IBM Corporation 2010
Victor Chu
Senior Client Technical Specialist
Security, Identity & Compliance Management
IBM Malaysia
IBM Internet Systems SecuritySolution Overview
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
What is driving the need for Security?
1
Source: IDC Dec 2008 Security Survey
2 Source: http://www.internetretailer.com/dailyNews.asp?id=21007
Data Security– Web servers are most vulnerable to attack
– 60% of companies in a recent survey said they would not know they were breached for at least 12 hours1
– 56% said it would take 1-2 days to recover after that*
Regulatory Compliance– All industries need to meet regulatory compliance
issues which include server security such as Financial (SOX), Heath care (HIPAA), Govt(FISMA), and Retail (PCI)
– Ranges from $500K fines to imprisonment for non-compliance
Insider Threats– More than 5 million customer records have been
stolen in 2008 alone2
– Enterprises believe that 47% of threats* are Internal
2
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Web App Vulnerabilities Continue to Dominate
49% of all vulnerabilities are Web application vulnerabilities.
Cross-Site Scripting disclosures surpassed SQL injection to take the
top spot.
67% of web application vulnerabilities had no patch available at the end of
2009.
3
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20104
Solutions
IBM X-Force® R&D Drives IBM Security Innovation
Protection Technology Research
Threat Landscape Forecasting
Malware Analysis
Public Vulnerability Analysis
Original Vulnerability Research
Research Technology
The X-Force team delivers reduced operational complexity –helping to build integrated technologies that feature “baked-in” simplification
X-Force Protection Engines
Extensions to existing engines
New protection engine creation
X-Force XPU’s
Security Content Update
Development
Security Content Update QA
X-Force Intelligence
X-Force Database
Feed Monitoring and Collection
Intelligence Sharing
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
IBM’s Global Security Reach and Expertise
8 Security Operations
Centers
7 SecurityResearchCenters
133MonitoredCountries
20,000+Devices under
Contract
3,700+MSS ClientsWorldwide
4 Billion+EventsPer Day
Coming soon:
Bangalore, IN
5
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20106
IBM Superior Technology
Keeping Clients ―Ahead of the Threat‖ using the ―Virtual Patch‖
IBM X-Force displays “Ahead of the Threat” protection for the Top 38 vulnerabilities from Jan – Aug 2009.
90% of the time, IBM provides protection Before Patches can be applied!!!!
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20107
Top 38 Vulnerabilities263 Average days ahead of the threat
91 Median days ahead of the threat
25 Ahead of the threat
66% Percentage of Top Vulnerabilities –
Ahead of the threat
4 Protection released post
announcement
9 same day coverage
Security Effectiveness: Ahead of the Threat – Top Vulnerabilities of 1H 2009
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20108
4/13/2005IBM ISS implements protection for
Microsoft PnP vulnerability into
IBM ISS products. The IBM ISS
Virtual Patch protection begins.
4/13/2005Others do not have internal
research to find and
understand vulnerabilities;
therefore, they have no
knowledge of the Microsoft
Plug-and-play vulnerability.
8/9/2005Microsoft publicly
announces
vulnerability and
availability of a
patch.
8/11/2005Plug-and-play
exploits become
public.
8/13/2005Zotob Bot runs rampant and
causes damage to organizations
worldwide. IBM ISS customers
have enjoyed protection since
4/13/2005.
8/9/2005Other claim “preemptive
protection” through
broad blocking and
alerting methods which
are prone to false
positives and false
negatives.
8/11/2005Plug-and-play
exploits become
public.
8/13/2005Zotob Bot propagates; some
competition see the bot but
none of the (many) variants,
resulting in continuous
updates offering little to no
zero day coverage.
8/16/2005Exploit-based
signatures released to
reactively protect
against the Zotob Bot.
Saving Money with the Virtual Patch™
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20109
Ahead of the Threat: Conficker
DEC-08 JAN-09 FEB-09 MAR-09 APR-09
Nov 21, 2008
Conficker.A discoveredDec 29, 2008
Conficker.B discovered
Feb 20, 2009
Conficker.B++/C discovered
Mar 4, 2009
Conficker.C/D discovered
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
10
What is an Intrusion Prevention System?
IPS evolved from IDS - IDS identifies threats and sends alerts, IPS blocks attacks targeted at your network.
For accurate, preemptive protection, IPS products use multiple techniques to:
– Recognize and identify protocols
– Analyze traffic
No single intrusion prevention technique can offer acceptable protection
10
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Enterprises Require IPS at Perimeter and in Core NetworksThreats target assets across your network – often looking for the weakest link
Internet
BusinessPartner Network Perimeter
WAN
Wireless
Workstations
DMZ
Data Center
11
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Protocol analysis module (PAM) is the
foundation for converged network protection
Performs deep packet inspection
Performs deep protocol and
content analysis
Detects protocol and content anomalies
Simulates the protocol/content
stacks in vulnerable systems
Normalizes at each protocol and content layer
Provides the ability to add new security
functionality within the existing solution
12
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Virtual Patch™Enabled by Pre-Emption
ISS products provide a temporary shield or Virtual Patch for vulnerabilities
The “Virtual patch” prevents a
vulnerability from being exploited
Eliminates emergency patching
Removes the risk of patching
Enables patches to be applied
during normal maintenance
windows
Stop malicious attacks before
they impact your business
13
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Unified Enterprise Security
Console for all products
Vulnerability Scanning Appliance
Proventia MX UTM “All-in-One” Appliance
IDS/IPS
FW / VPN
AntiVirus (signature & behavioral)
AntiSpam
Web Filter
AntiS pyware
IBM Internet Security Systems Product Offerings
Proventia Network IPS GX Models
IBM Virtual Server Security
VMWare Protection
Integrated threat protection and security compliance for VMware
vSphere™ 4
Server Protection
Real Secure Server Sensor
Solaris, AIX, HP-UX & Windows
“Multi-layered” Protection
Windows & Linux
Network Protection Appliances
Network Protection Appliances
Server Protection
14
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201015
SiteProtector’s families of rich feature capabilities
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
IBM Proventia SiteProtector Integration with Rational AppScan
• A free extension
• Add AppScan-detected Web
application security issues to
the SiteProtector repository
• Broader view mean a more
complete understanding of
your security position, better
understand risks, and better
establish (or re-establish)
priorities
Virtual
16
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Management
Vulnerabilities
——————————
Secure storage of VMs
and the management data
Virtual sprawl
——————————
Dynamic relocation
——————————
VM stealing
Resource sharing
——————————
Single point of failureStealth rootkits in
hardware now possible
——————————
Virtual NICs & Virtual
Hardware are targets
Security Challenges with Virtualization: New Complexities
New complexities lead to OUT OF
COMPLIANCE ISSUES for clients
17
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
IBM Virtual Server Security for VMwareIntegrated threat protection for VMware vSphere 4
Helps customers to be more secure, compliant and cost-effective by
delivering integrated and optimized security for virtual data centers.
VMsafe Integration
Firewall and Intrusion
Prevention
Rootkit Detection/Prevention
Inter-VM Traffic Analysis
Automated Protection for
Mobile VMs (VMotion)
Virtual Network Segment
Protection
Virtual Network-Level
Protection
Virtual Infrastructure
Auditing (Privileged User)
Virtual Network Access
Control
IBM Virtual Server Security for VMware
18
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201019
Tivoli Security Focus Areas
Trusting Identities
Customers, partners, employees (known)
Managing Access
Securing Services
Protecting Data
IBM
H C R U6
IBM
Criminals, competitors, hackers (unknown)
Payroll
Online banking
Loan applications
Retail sales
Inventory
Tivoli IAM #1 in this space
COMPLIANCE
Manage those you know.
Protect against those you don’t.
Prove that you’re in control.
ISS Threat Mitigation
#1 in this space
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201020
Aligning Sales and Marketing for Security
Information Infrastructure
Service Management
Smart SOA Foundation
Dynamic Business Processes
Information Agenda
Virtualization Consolidation
Smarter Collaboration
Green Infrastructure
Managing Risk – Gain competitive advantage by deftly managing the risks to your business, securely leveraging technological innovation, and reducing the cost of security and resiliency of your infrastructure.
Scenario #1: Reduce
the Cost of Security &
Resiliency
Scenario #2: Protect
Data & Manage
Compliance
Scenario #3: Secure
Your Data Center
Introducing:
Managing Risk Sales Play
Coupled with IBM Security Solutions naming, risk marketing program and Security Tiger Team will ensure new awareness with customers.
IBM Sales Plays
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201021
Highlighted Solutions:Key Challenges:
Lower the costs of applying the latest security expertise, processes & technologies
Identity Access and Assurance
Managed Security Services
Virtual Patch
Mitigate, monitor and manage the latest security threats and vulnerabilities
Key Sales Play #1: Reduce Costs While Increasing Security & Resiliency
Tivoli Security Information and Event Management
IBM ISS Proventia Portfolio
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Identity and Access Assurance
Benefits:
Reduce help desk
operating expenses
Comply with regulations
Improve user
productivity
Reduce risk from
privileged insiders
Respond quickly to
business initiatives (e.g.
new applications, M&A,
restructuring)
Capabilities
• User provisioning & role
management
• Unified single-sign-on
• Privileged user activity audit &
reporting
• Directory and integration
services
• Log Management
• Self-service password reset
• Identity Assurance / Strong
authentication management
22
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010© 2010 IBM Corporation
Identity and Access Assurance
23
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201024
Data Security Services: IBM ISS enables business to reduce the
cost and complexity of data protection.
Highlighted IBM ISS Solutions:
Identify and mitigate the risks of regulatory noncompliance
Key Challenges:
Security Governance Services: IBM ISS enables business to
implement the management discipline needed to improve the
enterprise’s ability to control risk, e.g. compliance with PCI
Lower costs of limiting internal access to, and external release of, sensitive data
Data Leakage Protection and SIEM: Tivoli Security Information and
Event Manager (TSIEM) for enterprise audit logging and reporting,
and monitoring and correlation of events and internal access to
sensitive data. BigFix provides security configuration and vulnerability
management.
Infrastructure Protection: IBM ISS Network and Server products
can explore data flow to help determine if any potential risks exist.
and IBM Server security can protect data at the host.
Key Sales Play #2: Protect Data and Manage Compliance
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Data and Application Security
Benefits:
Data disclosure and
privacy compliance
Application security and
agility
Secure 3rd party
collaboration
Protect IP / data-in-use
Secure storage / data-at-
rest
Tivoli Capabilities
•Centralized key management
•Inter-organization data
collaboration
•Centralized, fine-grained
access control to information
•Audit and reporting of data
usage
•Security log management
•Centralized server
administration integrity,
including virtual servers
25
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010© 2010 IBM Corporation
Data & Application Security
26
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Our capabilities allow customers to start strong and grow into compliance
Increasing
Value
SIEM Capability TSIEM Capability
Exception Reporting/
Meeting compliance
head on
• Report when a privileged user is doing something suspicious
• PUMA reporting
• Reporting on compliance exceptions
Alerting/
Reacting to risk
• Near real time analytics
• Threshold alerting
• “Alert me when someone fails to logon multiple time to my
Oracle application”
Log Management/
Checkbox compliance
• Reliable, verifiable log management
• Log management reporting
• Collect Original log data
Threat Aware • ISS IDS/IPS
• Appliance based
• Reacting to and protecting from threat
27
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201028 © 2010 IBM Corporation
28
Tivoli Security Information and Event management
28
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201029
BigFix Product Portfolio
29
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201030
Highlighted IBM ISS Solutions:Key Challenges:
Key Sales Play #3: Secure your Data Center
Mitigate increasing
risks from
application level
vulnerabilities
Professional Security Services: IBM ISS Professional Security
Services deliver solutions for application and related security
assessments.
Rational AppScan: IBM Rational AppScan provides the industry’s
leading application vulnerability scanning solution.
Reduce the cost
of data leaks and
data exposure
from external and
internal threats
IBM Data Protection: Proventia Gx protects data from network
attacks, while BigFix and Proventia Server protects physical and
virtual systems.
Tivoli Identity and Access Assurance: IBM Tivoli Identity and Access
Assurance provides the industry’s leading solution for access
management and compliant access for the right people to the right
resources at the right time.
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201031
REQUIREMENTS CODE BUILD SECURITY PRODUCTIONQA
AppScan Standard(desktop)
AppScan Build (scanning agent)
AppScan Developer (desktop)
AppScan Tester(scan agent & clients)
Req’ts Definition (security templates)
AppScan OnDemand(SaaS)
AppScan Enterprise / Reporting Console (enterprise-wide scanning and reporting)
Security / compliance testing incorporated
into testing & remediation workflows
Security requirements defined before design
& implementation
Outsourced testing for security audits &
production site monitoring
Security & Compliance Testing, oversight, control,
policy, audits
Build security testing into the IDE*
Security for the development lifecycle- pre-dominantly non-security experts -
Security audit solutions for IT Security
Address security from the start
Application Security : Best Practices & Measured Capability Improvement Framework
Automate Security / Compliance testing in the Build Process
IBM Rational AppScan End-to-End Web Application Security
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201032
BigFix Product Portfolio
32
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 20103333
IBM ISS Proventia G Integrates Web Application Protection with Network Intrusion Prevention
Complementary technologies
– IBM ISS Proventia™ prevents intrusions, attacks and compromises on infrastructure and Applications
– Rational Appscan Product or Service finds Vulnerabilities in your web apps
– Federated Identity Manager manages the user base of the web applications
Comprehensive protection
– Inbound and outbound security for enterprise networks
– Asymmetrical depth of defense
– Protection of current data exposure!
33
Protect the infrastructure and the
application at the network layer
Application
Vulnerability
Mitigation
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
IBM Security Effectiveness: Validation from NSS
http://nsslabs.com/2008/ibm-iss-gx6116-intrusion-prevention-system-achieves-nss-labs-
gold-award-and-certification.html
Monthly Sum Testing
IBM committed to monthly testing to evaluate
effectiveness against evolving threat landscape
– Aug 2009 95%
– Jul 2009 98%
– Jun 2009 100%
– May 2009 100%
– Apr 2009 100%
– Mar 2009 99%
– Feb 2009 100%
– Jan 2009 100%
– Dec 2008 100%
– Nov 2008 100%
http://nsslabs.com/IBM
First IPS to receive NSS Gold Award in 5 years
Only vendor to win a Gold award
every quarter in 2009
Percentage decreased
because IBM requested
that the test be made
more difficult for
vendors.
34
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
Why IBM?Analysts recognize IBM leadership
IDC Market Share Leadership
– #1 Identity & Access Management (2009)
– #1 Application Vulnerability Assessment (2009)
– #1 Vulnerability Assessment (2009)
– #1 Intrusion Prevention Systems (IPS) Market Leader for
$100,000+ Systems (2009)
Frost & Sullivan Leadership
– Managed Security Services (2009)
– Latin American Managed Security Services Market Study
(2009)
– North American Network Security Infrastructure Protection
Company of the Year (2009)
– North American Video Surveillance Software Developer
Company of the Year (2009)
EMA Leadership
– Website Vulnerability Assessment Value Leader (2009)
Gartner Leadership
– Web Access Management Magic Quadrant
(November 2009)
– User Provisioning Magic Quadrant (September
2009)
– Enterprise Single Sign-On Marketscope –
Strong Positive (September 2009)
– Security Information & Event Management
Magic Quadrant (May 2009)
– Managed Security Services Providers, North
America Magic Quadrant (April 2009)
Forrester Leadership
– Managed Security Services Market Overview
(January 2010)
– Identity & Access Management Wave
(November 2009)
– Information Security and IT Risk Consulting
Wave (March 2009)
35
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 2010
IBM named Best Security Company
http://www.scmagazineus.com/best-security-company/article/164143/
36
Selling IBM Internet Security Systems Solutions in 2010
© IBM Corporation 201037
Starting Questions…
Does your security team rely on announcements from SW vendors
about vulnerabilities or do you find them before?
Does your company have IP that it considers a trade secret? Does
this IP reside on the network or can it be reverse engineered by
someone intruding on to your systems? Do you know where that
IP exists?
Does your security team run regular penetration/intrusion tests to
verify network integrity?
How deep do these tests go? Are they real? For example have
you asked your team to try to intrude and issue a check or send a
payment to a 3rd party?
To what extent do partners, suppliers and customers communicate
with your organization? How does that affect security?
Is your IT department virtualizing in order to save money? Did you
know there’s a big downside that no one seems to be talking
about?