ibm internet systems security solution overview€¦selling ibm internet security systems solutions...

IBM Internet Security Systems™

© IBM Corporation 2010

Victor Chu

Senior Client Technical Specialist

Security, Identity & Compliance Management

IBM Malaysia

IBM Internet Systems SecuritySolution Overview

Selling IBM Internet Security Systems Solutions in 2010


What is driving the need for Security?

1

Source: IDC Dec 2008 Security Survey

2 Source: http://www.internetretailer.com/dailyNews.asp?id=21007

Data Security– Web servers are most vulnerable to attack

– 60% of companies in a recent survey said they would not know they were breached for at least 12 hours1

– 56% said it would take 1-2 days to recover after that*

Regulatory Compliance– All industries need to meet regulatory compliance

issues which include server security such as Financial (SOX), Heath care (HIPAA), Govt(FISMA), and Retail (PCI)

– Ranges from $500K fines to imprisonment for non-compliance

Insider Threats– More than 5 million customer records have been

stolen in 2008 alone2

– Enterprises believe that 47% of threats* are Internal

2



Web App Vulnerabilities Continue to Dominate

49% of all vulnerabilities are Web application vulnerabilities.

Cross-Site Scripting disclosures surpassed SQL injection to take the

top spot.

67% of web application vulnerabilities had no patch available at the end of

2009.

3



Solutions

IBM X-Force® R&D Drives IBM Security Innovation

Protection Technology Research

Threat Landscape Forecasting

Malware Analysis

Public Vulnerability Analysis

Original Vulnerability Research

Research Technology

The X-Force team delivers reduced operational complexity –helping to build integrated technologies that feature “baked-in” simplification

X-Force Protection Engines

Extensions to existing engines

New protection engine creation

X-Force XPU’s

Security Content Update

Development

Security Content Update QA

X-Force Intelligence

X-Force Database

Feed Monitoring and Collection

Intelligence Sharing



IBM’s Global Security Reach and Expertise

8 Security Operations

Centers

7 SecurityResearchCenters

133MonitoredCountries

20,000+Devices under

Contract

3,700+MSS ClientsWorldwide

4 Billion+EventsPer Day

Coming soon:

Bangalore, IN

5



IBM Superior Technology

Keeping Clients ―Ahead of the Threat‖ using the ―Virtual Patch‖

IBM X-Force displays “Ahead of the Threat” protection for the Top 38 vulnerabilities from Jan – Aug 2009.

90% of the time, IBM provides protection Before Patches can be applied!!!!



Top 38 Vulnerabilities263 Average days ahead of the threat

91 Median days ahead of the threat

25 Ahead of the threat

66% Percentage of Top Vulnerabilities –

Ahead of the threat

4 Protection released post

announcement

9 same day coverage

Security Effectiveness: Ahead of the Threat – Top Vulnerabilities of 1H 2009



4/13/2005IBM ISS implements protection for

Microsoft PnP vulnerability into

IBM ISS products. The IBM ISS

Virtual Patch protection begins.

4/13/2005Others do not have internal

research to find and

understand vulnerabilities;

therefore, they have no

knowledge of the Microsoft

Plug-and-play vulnerability.

8/9/2005Microsoft publicly

announces

vulnerability and

availability of a

patch.

8/11/2005Plug-and-play

exploits become

public.

8/13/2005Zotob Bot runs rampant and

causes damage to organizations

worldwide. IBM ISS customers

have enjoyed protection since

4/13/2005.

8/9/2005Other claim “preemptive

protection” through

broad blocking and

alerting methods which

are prone to false

positives and false

negatives.

8/11/2005Plug-and-play

exploits become

public.

8/13/2005Zotob Bot propagates; some

competition see the bot but

none of the (many) variants,

resulting in continuous

updates offering little to no

zero day coverage.

8/16/2005Exploit-based

signatures released to

reactively protect

against the Zotob Bot.

Saving Money with the Virtual Patch™



Ahead of the Threat: Conficker

DEC-08 JAN-09 FEB-09 MAR-09 APR-09

Nov 21, 2008

Conficker.A discoveredDec 29, 2008

Conficker.B discovered

Feb 20, 2009

Conficker.B++/C discovered

Mar 4, 2009

Conficker.C/D discovered



10

What is an Intrusion Prevention System?

IPS evolved from IDS - IDS identifies threats and sends alerts, IPS blocks attacks targeted at your network.

For accurate, preemptive protection, IPS products use multiple techniques to:

– Recognize and identify protocols

– Analyze traffic

No single intrusion prevention technique can offer acceptable protection

10



Enterprises Require IPS at Perimeter and in Core NetworksThreats target assets across your network – often looking for the weakest link

Internet

BusinessPartner Network Perimeter

WAN

Wireless

Workstations

DMZ

Data Center

11



Protocol analysis module (PAM) is the

foundation for converged network protection

Performs deep packet inspection

Performs deep protocol and

content analysis

Detects protocol and content anomalies

Simulates the protocol/content

stacks in vulnerable systems

Normalizes at each protocol and content layer

Provides the ability to add new security

functionality within the existing solution

12



Virtual Patch™Enabled by Pre-Emption

ISS products provide a temporary shield or Virtual Patch for vulnerabilities

The “Virtual patch” prevents a

vulnerability from being exploited

Eliminates emergency patching

Removes the risk of patching

Enables patches to be applied

during normal maintenance

windows

Stop malicious attacks before

they impact your business

13



Unified Enterprise Security

Console for all products

Vulnerability Scanning Appliance

Proventia MX UTM “All-in-One” Appliance

IDS/IPS

FW / VPN

AntiVirus (signature & behavioral)

AntiSpam

Web Filter

AntiS pyware

IBM Internet Security Systems Product Offerings

Proventia Network IPS GX Models

IBM Virtual Server Security

VMWare Protection

Integrated threat protection and security compliance for VMware

vSphere™ 4

Server Protection

Real Secure Server Sensor

Solaris, AIX, HP-UX & Windows

“Multi-layered” Protection

Windows & Linux

Network Protection Appliances

Network Protection Appliances

Server Protection

14



SiteProtector’s families of rich feature capabilities



IBM Proventia SiteProtector Integration with Rational AppScan

• A free extension

• Add AppScan-detected Web

application security issues to

the SiteProtector repository

• Broader view mean a more

complete understanding of

your security position, better

understand risks, and better

establish (or re-establish)

priorities

Virtual

16



Management

Vulnerabilities

——————————

Secure storage of VMs

and the management data

Virtual sprawl

——————————

Dynamic relocation

——————————

VM stealing

Resource sharing

——————————

Single point of failureStealth rootkits in

hardware now possible

——————————

Virtual NICs & Virtual

Hardware are targets

Security Challenges with Virtualization: New Complexities

New complexities lead to OUT OF

COMPLIANCE ISSUES for clients

17



IBM Virtual Server Security for VMwareIntegrated threat protection for VMware vSphere 4

Helps customers to be more secure, compliant and cost-effective by

delivering integrated and optimized security for virtual data centers.

VMsafe Integration

Firewall and Intrusion

Prevention

Rootkit Detection/Prevention

Inter-VM Traffic Analysis

Automated Protection for

Mobile VMs (VMotion)

Virtual Network Segment

Protection

Virtual Network-Level

Protection

Virtual Infrastructure

Auditing (Privileged User)

Virtual Network Access

Control

IBM Virtual Server Security for VMware

18



Tivoli Security Focus Areas

Trusting Identities

Customers, partners, employees (known)

Managing Access

Securing Services

Protecting Data

IBM

H C R U6

IBM

Criminals, competitors, hackers (unknown)

Payroll

Online banking

Loan applications

Retail sales

Inventory

Tivoli IAM #1 in this space

COMPLIANCE

Manage those you know.

Protect against those you don’t.

Prove that you’re in control.

ISS Threat Mitigation

#1 in this space



Aligning Sales and Marketing for Security

Information Infrastructure

Service Management

Smart SOA Foundation

Dynamic Business Processes

Information Agenda

Virtualization Consolidation

Smarter Collaboration

Green Infrastructure

Managing Risk – Gain competitive advantage by deftly managing the risks to your business, securely leveraging technological innovation, and reducing the cost of security and resiliency of your infrastructure.

Scenario #1: Reduce

the Cost of Security &

Resiliency

Scenario #2: Protect

Data & Manage

Compliance

Scenario #3: Secure

Your Data Center

Introducing:

Managing Risk Sales Play

Coupled with IBM Security Solutions naming, risk marketing program and Security Tiger Team will ensure new awareness with customers.

IBM Sales Plays



Highlighted Solutions:Key Challenges:

Lower the costs of applying the latest security expertise, processes & technologies

Identity Access and Assurance

Managed Security Services

Virtual Patch

Mitigate, monitor and manage the latest security threats and vulnerabilities

Key Sales Play #1: Reduce Costs While Increasing Security & Resiliency

Tivoli Security Information and Event Management

IBM ISS Proventia Portfolio



Identity and Access Assurance

Benefits:

Reduce help desk

operating expenses

Comply with regulations

Improve user

productivity

Reduce risk from

privileged insiders

Respond quickly to

business initiatives (e.g.

new applications, M&A,

restructuring)

Capabilities

• User provisioning & role

management

• Unified single-sign-on

• Privileged user activity audit &

reporting

• Directory and integration

services

• Log Management

• Self-service password reset

• Identity Assurance / Strong

authentication management

22


© IBM Corporation 2010© 2010 IBM Corporation

Identity and Access Assurance

23



Data Security Services: IBM ISS enables business to reduce the

cost and complexity of data protection.

Highlighted IBM ISS Solutions:

Identify and mitigate the risks of regulatory noncompliance

Key Challenges:

Security Governance Services: IBM ISS enables business to

implement the management discipline needed to improve the

enterprise’s ability to control risk, e.g. compliance with PCI

Lower costs of limiting internal access to, and external release of, sensitive data

Data Leakage Protection and SIEM: Tivoli Security Information and

Event Manager (TSIEM) for enterprise audit logging and reporting,

and monitoring and correlation of events and internal access to

sensitive data. BigFix provides security configuration and vulnerability

management.

Infrastructure Protection: IBM ISS Network and Server products

can explore data flow to help determine if any potential risks exist.

and IBM Server security can protect data at the host.

Key Sales Play #2: Protect Data and Manage Compliance



Data and Application Security

Benefits:

Data disclosure and

privacy compliance

Application security and

agility

Secure 3rd party

collaboration

Protect IP / data-in-use

Secure storage / data-at-

rest

Tivoli Capabilities

•Centralized key management

•Inter-organization data

collaboration

•Centralized, fine-grained

access control to information

•Audit and reporting of data

usage

•Security log management

•Centralized server

administration integrity,

including virtual servers

25



Our capabilities allow customers to start strong and grow into compliance

Increasing

Value

SIEM Capability TSIEM Capability

Exception Reporting/

Meeting compliance

head on

• Report when a privileged user is doing something suspicious

• PUMA reporting

• Reporting on compliance exceptions

Alerting/

Reacting to risk

• Near real time analytics

• Threshold alerting

• “Alert me when someone fails to logon multiple time to my

Oracle application”

Log Management/

Checkbox compliance

• Reliable, verifiable log management

• Log management reporting

• Collect Original log data

Threat Aware • ISS IDS/IPS

• Appliance based

• Reacting to and protecting from threat

27



BigFix Product Portfolio

29



Highlighted IBM ISS Solutions:Key Challenges:

Key Sales Play #3: Secure your Data Center

Mitigate increasing

risks from

application level

vulnerabilities

Professional Security Services: IBM ISS Professional Security

Services deliver solutions for application and related security

assessments.

Rational AppScan: IBM Rational AppScan provides the industry’s

leading application vulnerability scanning solution.

Reduce the cost

of data leaks and

data exposure

from external and

internal threats

IBM Data Protection: Proventia Gx protects data from network

attacks, while BigFix and Proventia Server protects physical and

virtual systems.

Tivoli Identity and Access Assurance: IBM Tivoli Identity and Access

Assurance provides the industry’s leading solution for access

management and compliant access for the right people to the right

resources at the right time.



REQUIREMENTS CODE BUILD SECURITY PRODUCTIONQA

AppScan Standard(desktop)

AppScan Build (scanning agent)

AppScan Developer (desktop)

AppScan Tester(scan agent & clients)

Req’ts Definition (security templates)

AppScan OnDemand(SaaS)

AppScan Enterprise / Reporting Console (enterprise-wide scanning and reporting)

Security / compliance testing incorporated

into testing & remediation workflows

Security requirements defined before design

& implementation

Outsourced testing for security audits &

production site monitoring

Security & Compliance Testing, oversight, control,

policy, audits

Build security testing into the IDE*

Security for the development lifecycle- pre-dominantly non-security experts -

Security audit solutions for IT Security

Address security from the start

Application Security : Best Practices & Measured Capability Improvement Framework

Automate Security / Compliance testing in the Build Process

IBM Rational AppScan End-to-End Web Application Security



BigFix Product Portfolio

32



IBM ISS Proventia G Integrates Web Application Protection with Network Intrusion Prevention

Complementary technologies

– IBM ISS Proventia™ prevents intrusions, attacks and compromises on infrastructure and Applications

– Rational Appscan Product or Service finds Vulnerabilities in your web apps

– Federated Identity Manager manages the user base of the web applications

Comprehensive protection

– Inbound and outbound security for enterprise networks

– Asymmetrical depth of defense

– Protection of current data exposure!

33

Protect the infrastructure and the

application at the network layer

Application

Vulnerability

Mitigation



IBM Security Effectiveness: Validation from NSS

http://nsslabs.com/2008/ibm-iss-gx6116-intrusion-prevention-system-achieves-nss-labs-

gold-award-and-certification.html

Monthly Sum Testing

IBM committed to monthly testing to evaluate

effectiveness against evolving threat landscape

– Aug 2009 95%

– Jul 2009 98%

– Jun 2009 100%

– May 2009 100%

– Apr 2009 100%

– Mar 2009 99%

– Feb 2009 100%

– Jan 2009 100%

– Dec 2008 100%

– Nov 2008 100%

http://nsslabs.com/IBM

First IPS to receive NSS Gold Award in 5 years

Only vendor to win a Gold award

every quarter in 2009

Percentage decreased

because IBM requested

that the test be made

more difficult for

vendors.

34

http://nsslabs.com/2008/ibm-iss-gx6116-intrusion-prevention-system-achieves-nss-labs-gold-award-and-certification.html

























http://nsslabs.com/IBM



Why IBM?Analysts recognize IBM leadership

IDC Market Share Leadership

– #1 Identity & Access Management (2009)

– #1 Application Vulnerability Assessment (2009)

– #1 Vulnerability Assessment (2009)

– #1 Intrusion Prevention Systems (IPS) Market Leader for

$100,000+ Systems (2009)

Frost & Sullivan Leadership

– Managed Security Services (2009)

– Latin American Managed Security Services Market Study

(2009)

– North American Network Security Infrastructure Protection

Company of the Year (2009)

– North American Video Surveillance Software Developer

Company of the Year (2009)

EMA Leadership

– Website Vulnerability Assessment Value Leader (2009)

Gartner Leadership

– Web Access Management Magic Quadrant

(November 2009)

– User Provisioning Magic Quadrant (September

2009)

– Enterprise Single Sign-On Marketscope –

Strong Positive (September 2009)

– Security Information & Event Management

Magic Quadrant (May 2009)

– Managed Security Services Providers, North

America Magic Quadrant (April 2009)

Forrester Leadership

– Managed Security Services Market Overview

(January 2010)

– Identity & Access Management Wave

(November 2009)

– Information Security and IT Risk Consulting

Wave (March 2009)

35



IBM named Best Security Company

http://www.scmagazineus.com/best-security-company/article/164143/

36



Starting Questions…

Does your security team rely on announcements from SW vendors

about vulnerabilities or do you find them before?

Does your company have IP that it considers a trade secret? Does

this IP reside on the network or can it be reverse engineered by

someone intruding on to your systems? Do you know where that

IP exists?

Does your security team run regular penetration/intrusion tests to

verify network integrity?

How deep do these tests go? Are they real? For example have

you asked your team to try to intrude and issue a check or send a

payment to a 3rd party?

To what extent do partners, suppliers and customers communicate

with your organization? How does that affect security?

Is your IT department virtualizing in order to save money? Did you

know there’s a big downside that no one seems to be talking

about?

ibm internet systems security solution overview€¦selling ibm internet security systems solutions...

Documents