Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Risk and Enabling Business Transformation

Similar presentations


Presentation on theme: "Managing Risk and Enabling Business Transformation"— Presentation transcript:

1 Managing Risk and Enabling Business Transformation
Glen Gooding– Director, Institute for Advanced Security Asia Pacific August 2012

2 The Journey Toward a Smarter Planet Continues
Smart Supply Chains Smart Countries Smart Retail Smart Water Management Smart Weather Smart Energy Grids INSTRUMENTED INTERCONNECTED INTELLIGENT Smart Oil Field Technologies Smart Regions Smart Healthcare Smart Traffic Systems Smart Cities Smart Food Systems The planet is getting Smarter. And as all of you probably know, at IBM we are spending an inordinate amount of time with customers to help them realize the awesome potential of this new instrumented, interconnected and intelligent reality. Hopefully in the ads we’ve put out you’ve seen cities, grids, hospitals and police departments be able to innovative in amazing new ways. But the truth is, at least two of these three terms, namely interconnected and instrumented, are a security guy’s worst nightmare. So every time we work with customers, we need to think about security and the risks out there. So what are those risks? Smart Customer Case Studies Dubai Gold & Commodities Exchange "Our entire business depends on the availability of our network and its performance, and the IBM product helps maintain our uptime. In fact, since we put it in place three years ago, we have maintained system uptimes of over 99.9 percent." - Basab Banerjee, head of technology, Dubai Gold & Commodities Exchange Dubai Gold & Commodities Exchange works with IBM to better secure its online trading services without sacrificing overall performance. Challenge Strengthen the overall security of an online trading system without sacrificing system performance Solution Work with IBM Internet Security Systems to protect key IT systems with IBM Proventia® appliances Key benefits - Helps secure 99.9 percent system availability - Increases the security of financial data, preventing outside intrusions or virus attacks - Encourages higher customer-service levels As Dubai has been distinguishing itself as an epicenter for trade in the Middle East and surrounding regions for the past several years, it seemed only logical to the Dubai Multi Commodities Centre (DMCC), Financial Technologies (India) Limited and the Multi Commodity Exchange of India Ltd. (MCX) to form the region’s first commodity derivatives exchange—the Dubai Gold & Commodities Exchange (DGCX). This exchange, trading in gold, silver, currency and oil futures, supports electronic trades from its 230 member organizations located around the globe. An avoidable sacrifice At its founding, DGCX (www.dgcx.ae) distinguished itself as an innovative commodities exchange by deploying a complex online trading system to support members from Japan to New York. And, with transactions coming from so many locations, DGCX had deployed a high performance network infrastructure designed to offer responsive, uninterrupted service to traders. Of course, accompanying this demand for performance was an equal need for data security. “This is financial data, so obviously we need to protect against any unauthorized access,” explains Basab Banerjee, head of technology at DGCX. And, to this end, the business had taken steps to deploy a firewall solution to protect this critical data. However, with the security of its trading data as a priority, DGCX felt that it could do more. An obvious choice Staff from IBM Internet Security Systems deployed the IBM Proventia® Network Intrusion Prevention System within the exchange’s existing infrastructure, leveraging its integrable functionality. The Proventia appliances protect against zero-day attacks and help prevent unauthorized network intrusions. DGCX also signed an ongoing services contract with IBM that secures regular update and tuning support to better enable the security solution to deal with recently identified threats and vulnerabilities. Since the Proventia solution was put in place, DGCX has seen a steady growth in its business, attributing much of its success to its ability to meet uptime targets and customer service levels. And Banerjee feels that part of this high service quality was a result of the IBM solution. He explains, “Our entire business depends on the availability of our network and its performance, and the IBM product helps maintain our uptime. In fact, since we put it in place three years ago, we have maintained system uptimes of over 99.9 percent.” Over that same time period, the client has also avoided any security breaches or any outages associated with worms or viruses. Gruppo Intergea Gruppo Intergea protects its infrastructure with behavior-based, automated security monitoring tools, boosting the reliability and continuity of key business systems. Business need: The organization wanted to strengthen its security processes to protect its IT environment from outside intrusions, as well as spam, virus attacks and related threats. Solution: Working with IBM Internet Security Systems, the organization deployed a behavior-based, automated security platform that proactively scans its network environment to identify virus-like and suspicious behavior and then takes the appropriate steps to resolve it. Overview Gruppo Intergea, Turin, Italy 460 Employees Automotive industry Products • IBM Internet Security Systems • IBM Internet Scanner® • IBM Proventia® Desktop Endpoint Security • IBM Proventia Intrusion Prevention System GX3002 A well-recognized Italian business, Gruppo Intergea offers sales and support services to European automobile manufacturers. The company’s 17 dealership chains, 36 showrooms and 225 repair and body shops support a variety of brands, including Fiat, Alfa Romeo and Lancia. Challenge Gruppo Intergea relies heavily on its desktop environment and supporting network to perform day-to-day business operations. Realizing the importance of these systems, the organization wanted to strengthen its security processes to protect its IT environment from outside intrusions, as well as spam, virus attacks and related threats. Furthermore, the company needed a proactive solution because it lacked the internal resources to constantly monitor its IT infrastructure. Solution Working with IBM Internet Security Systems, the organization deployed a behavior-based, automated security platform that proactively scans its network environment to identify virus-like and suspicious behavior and then takes the appropriate steps to resolve it. The solution analyzes security data collected from throughout the network, comparing it with known threats and extrapolating similar behaviors to recognize new, undocumented threats. The solution leverages IBM Proventia® Desktop Endpoint Security technology to protect the client’s personal computers, while an IBM Proventia Intrusion Prevention System GX3002 device and IBM Internet Scanner® software monitor the overall network. Benefits • Strengthens IT security by analyzing process and user behaviors to identify and address threats that have not been formally recognized • Helps reduce and prevent network downtime • Boosts the reliability and continuity of key business systems with a proactive monitoring system 2 PULSE_2012_SK4-Security.pptx

3 ATTACK SOPHISTICATION
The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to terrorism to state-sponsored intrusions 3 PULSE_2012_SK4-Security.pptx

4 IBM PULSE 2011 3/25/2017 3/25/2017 1:09 PM CLOUD Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more First, Everything is Everywhere. Where did the boarders of your business go? Is your company’s data sored in the Cloud? Is it the provider you selected? Or a Cloud an employee just likes to post stuff too? We recently asked a room of software developers using Rational tools how many of them posted source code to Drop Box vs. how many of their companies knew they’re doing it? How many employees forward to Gmail when they’re on vacation? Easier to keep u that way. Everything is everywhere. Your data’s in the Cloud. 4 Steve Robinson_v11 PULSE_2012_SK4-Security.pptx 4

5 IBM PULSE 2011 3/25/2017 3/25/2017 1:09 PM CONSUMERIZATION OF IT With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared 5 PULSE_2012_SK4-Security.pptx Steve Robinson_v11 5

6 DATA EXPLOSION The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere Data explosion is the other dimension. There’s just more and more diverse types of data out there. Social media is fueling this… analytics is fueling it… where is your data? Which is confidential and how do you secure what matters? Tricky topics. Data explosion examples: Data explosion: Every day we create 2.5 quintillion bytes of data – so much that 90 percent of the world’s data today has been created in the last two years alone. The increasing volume, variety and velocity of data available from new digital sources like social networks, in addition to traditional sources such as sales data and market research, tops the list of CMO challenges. The difficulty is how to analyze these vast quantities of data to extract the meaningful insights, and use them effectively to improve products, services and the customer experience. Social platforms: Social media enables anyone to become a publisher, broadcaster and critic. Facebook has more than 750 million active users, with the average user posting 90 pieces of content a month. Twitter users send about 140 million tweets a day. And YouTube’s 490 million users upload more video content in a 60-day period than the three major U.S. television networks created in 60 years. (http://www.ibm.com/news/kw/en/2011/10/11/l763372q70838d17.html) Case Study Data Security and Compliance in Healthcare Published on 31-Jan-2011 Customer: Leading Healthcare Payer Organization Industry: Healthcare Deployment country: United States Solution: Information Governance, Integrated Data Management, Security: Governance, Risk and Compliance Overview Case Study: Implementing database activity monitoring and auditing in a leading healthcare payer organization. Business need: Finding a cost effective means of implementing controls to protect sensitive data and validating compliance with multiple mandates. Solution: This organization evaluated multiple vendors and chose the IBM InfoSphere Guardium solution. IBM’s appliance-based technology allows companies to secure their enterprise data and rapidly address auditors’ requirements without affecting performance or requiring changes to databases or applications. Benefits: InfoSphere Guardium centralizes and automates controls across distributed heterogeneous database environments, while streamlining compliance process with centralized workflow automation. A leading healthcare payer organization with more than 500,000 members needed to implement database auditing in order to comply with SOX and HIPAA regulatory requirements. The organization wanted to: • Monitor access to all critical databases, including access by privileged insiders. • Create a centralized audit trail for all their database systems. • Produce detailed compliance reports (SOX and HIPAA) for their auditors. • Implement proactive security via real-time alerts for critical events. • Acquire a solution that integrated easily with their existing environment (LDAP, SIM/SEM, Cisco switches, MOM, etc.) and could be managed remotely. • Select a solution that does not rely on database-resident functions (such as triggers, trace or transaction logs, etc.) which can affect database performance and stability. Environment The healthcare payer infrastructure includes nearly 50 database instances in Production, Staging, Test, and Development environments, that need to be monitored for unauthorized or suspicious access. These databases support a range of financial, customer, and patient applications. The InfoSphere Guardium solution is complementary to existing security investments such as perimeter firewalls, SSL VPNs, identity management, SIM/SEM, IDS, and configuration policy management. About IBM InfoSphere Guardium InfoSphere Guardium is the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data. It is installed in more than 400 customers worldwide, including 5 of the top 5 global banks; 4 of the top 6 insurers; top government agencies; 2 of the top 3 retailers; 20 of the world’s top telcos; 2 of the world’s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software. InfoSphere Guardium was the first solution to address the core data security gap by providing a scalable, cross-DBMS enterprise platform that both protects databases in real-time and automates the entire compliance auditing process. Guardium is part of IBM InfoSphere; an integrated platform for defining, integrating, protecting and managing trusted information across your systems. The InfoSphere Platform provides all the foundational building blocks of trusted information, including data integration, data warehousing, master data management, and information governance, all integrated around a core of shared metadata and models. The portfolio is modular, allowing you to start anywhere, and mix and match InfoSphere software building blocks with components from other vendors, or choose to deploy multiple building blocks together for increased acceleration and value. The InfoSphere Platform provides an enterprise-class foundation for information-intensive projects, providing the performance, scalability, reliability and acceleration needed to simplify difficult challenges and deliver trusted information to your business faster. 6 PULSE_2012_SK4-Security.pptx

7 Security Threats Are Accelerating
7 PULSE_2012_SK4-Security.pptx

8 Targeted attacks shake businesses and governments
Source: IBM X-Force® 2011 Trend and Risk Report JK

9 IT Security Is a Board Room Discussion
Business Results Brand Image Supply Chain Legal Exposure Impact of Hacktivism Audit Risk Sony estimates potential $1B long term impact – $171M / 100 customers HSBC data breach discloses 24K private banking customers Epsilon breach impacts 100 national brands TJX estimates $150M class action settlement in release of credit / debit card info Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony … Zurich Insurance PLc fined £2.275M ($3.8M) for the loss and exposure of 46K customer records Sources Sony breach: HSBC breach: Epsilon breach: TJX breach: TJX Companies, Inc. press release, 8/14/2007, Lulzec breach: Zurich Insurance breach: (Financial Services Authority of Britain) IT Security Is a Board Room Discussion 9 PULSE_2012_SK4-Security.pptx

10

11 IBM’s Security Strategy
11 PULSE_2012_SK4-Security.pptx

12 Solving a Security Issue Is a Complex, four-dimensional Puzzle
People Data Applications Infrastructure Employees Hackers Outsourcers Suppliers Consultants Terrorists Customers Structured Unstructured At rest In motion Systems applications Web applications Web 2.0 Mobile apps Attempting to protect the perimeter is not enough – siloed point products cannot adequately secure the enterprise

13 Intelligence Integration Expertise
Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Systems End-to-end coverage of the security foundation 6K+ security engineers and consultants Award-winning X-Force® research One of the largest vulnerability databases in the world Intelligence Integration Expertise

14 Intelligence: A comprehensive portfolio of products and services across security domains

15 Integration: Increased security, collapsed silos, reduced complexity
Consolidate and correlate siloed information Detect, notify and respond to threats Automate compliance tasks and assess risks Detect the latest exploits, vulnerabilities, and malware Automatically update SW Add security intelligence to non-intelligent systems Block specific vulnerabilities using scan results Converge access mgmt with web service gateways Link identity information with database security

16 World Wide Managed Security Services Coverage
Expertise: Global coverage and security awareness 9 Security Operations Centers 9 Security Research Centers 14 Security Solution Development Centers 3 Institute for Advanced Security Branches World Wide Managed Security Services Coverage 20K+ devices under contract 3,700+ MSS clients worldwide 13B+ events managed per day 1,000+ security patents 133 monitored countries (MSS) 14B analyzed Web pages & images 40M spam & phishing attacks 54K documented vulnerabilities Billions of intrusion attempts daily Millions of unique malware samples IBM Research

17 The Path to Security Intelligence
17 PULSE_2012_SK4-Security.pptx

18 Regulation and Compliance
IBM is investing in solutions to key trends driving the next wave of security innovation Advanced Threats Cloud Computing Advanced Persistent Threats. Designer Malware. Stealth Bots. Zero-days. Targeted Attacks. Enterprise Customers Mobile Computing Regulation and Compliance GLBA

19 Security Intelligence is enabling progress to optimized security

20 Helping define the new role of the information security leader and tracking security trends
https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-Tivoli_Organic&S_PKG=xforce-trend-risk-report


Download ppt "Managing Risk and Enabling Business Transformation"

Similar presentations


Ads by Google