We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byPaloma Norland
Modified about 1 year ago
© 2010 IBM Corporation Document number A New Security Blue Print- Smart Security for a Smarter Planet Vaidy Iyer (Leader, IBM Security Solutions)
© 2010 IBM Corporation Why Security? FEAR? Insurance? Business Enabler 2
© 2010 IBM Corporation What is Security? Anti Virus? Fire Wall? IPS? Products? Process? 3
© 2010 IBM Corporation Evolution of IT Security Mainframes PC Client Server Thin Clients, hand helds Remote Management Smarter Systems 4
© 2010 IBM Corporation5 Agenda Is the Smarter Planet secure? IT security challenges Smart Security Solutions Client value and benefits Introducing IBM Security Solutions
© 2010 IBM Corporation6 Is the smarter planet secure? Introducing IBM Security Solutions Pervasive instrumentation creates vast amounts of data New services built using that data, raises Privacy and Security concerns… Critical physical and IT infrastructure Sensitive information protection New denial of service attacks Increasing risks of fraud The planet is getting more Instrumented, Interconnected and Intelligent. New possibilities. New risks...
© 2010 IBM Corporation7 Security challenges in a smarter planet Introducing IBM Security Solutions Source http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html Increasing Complexity Rising Costs Ensuring Compliance Key drivers for security projects Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billion in 2010 The cost of a data breach increased to $204 per compromised customer record Soon, there will be 1 trillion connected devices in the world, constituting an “internet of things”
© 2010 IBM Corporation Cost, complexity and compliance Data and information explosion Rising Costs: Do more with less Compliance fatigue Emerging technology Death by point products People are becoming more and more reliant on security IBM believes that security is progressively viewed as every individual’s right Introducing IBM Security Solutions
© 2010 IBM Corporation9 The IBM Security Framework foundation addresses your challenges of cost, complexity and compliance Introducing IBM Security Solutions Create and sustain security governance Manage risk Ensure compliance Build a strong foundation for IT security Click for more information
© 2010 IBM Corporation DATA AND INFORMATION Understand, deploy, and properly test controls for access to and usage of sensitive data PEOPLE AND IDENTITY Mitigate the risks associated with user access to corporate resources APPLICATION AND PROCESS Keep applications secure, protected from malicious or fraudulent use, and hardened against failure NETWORK, SERVER AND END POINT Optimize service availability by mitigating risks to network components PHYSICAL INFRASTRUCTURE Provide actionable intelligence on the desired state of physical infrastructure security and make improvements In addition to the foundational elements, the Framework identifies five security focus areas as starting points Click for more information GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE Design, and deploy a strong foundation for security & privacy Introducing IBM Security Solutions 9 GRCGRC
© 2010 IBM Corporation11 IBM Security portfolio can help you meet challenges in each security focus area Introducing IBM Security Solutions Framework Click for more information Typical enterprise activities Provide Video Surveillance Establish Command and Control PHYSICAL INFRASTRUCTURE Capture video analytics Manage security across all assets Audit, report and manage access to resources PEOPLE AND IDENTITY Manage identities Control access to applications Monitor & manage data access Prevent Data Loss Encrypt sensitive data DATA AND INFORMATION Protect Critical Databases Messaging Security and Content Filtering Embed App Access Controls Provide SOA Security Ensure Security in App Development Discover App Vulnerabilities APPLICATION AND PROCESS Protect Servers, Endpoints, Networks, Mainframes NETWORK, SERVERS & ENDPOINTS Security Compliance Assessment Incident Response GOVERNANCE, RISK MGMT, COMPLIANCE Security Strategy Design Pen Testing & Vulnerability Assessment GRCGRC
© 2010 IBM Corporation12 Security governance, risk management and compliance This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Ensure comprehensive management of security activities and compliance with all security mandates Security Strategy Design Pen Testing & Vuln. Assessment Sec. Compliance Assessment Incident Response Business Challenge Design and implement secure deployment strategies for advanced technologies such as Cloud, virtualization, etc. Identify and eliminate security threats that enable attacks against systems, applications and devices Perform security compliance assessments against PCI, ISO and other standards and regulations Design and implement policy and processes for security governance, incident response; perform timely response and computer forensics Software Rational® AppScan®; Guardium Database Monitoring & Protection Tivoli Security Information and Event Manager; Guardium Database Monitoring & Protection; Tivoli zSecure suite Tivoli® Security Information and Event Manager; Tivoli zSecure suite Professional Services Consulting Services; Security Design Ethical hacking and AppSec assessment Qualified Security Assessors Policy definition services; CERT team Managed Services App Vulnerability and Source Code Scanning OnDemand Managed Protection Services BUSINESS VALUE
© 2010 IBM Corporation13 People and identity This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Lower costs and mitigate the risks associated with managing user access to corporate resources Cost and Complexity of Managing Identities Providing Access to Applications Auditing, reporting and managing access to resources Business Challenge On average, enterprises spend 2 weeks to setup new users on all systems and about 40% of accounts are invalid 30% of help desk calls are for password resets, at $20 per call “We would need to spend $60k on each of our 400 applications to implement security access rules” – Global financial services firm Privileged users cause 87% of internal security incidents, while firms cannot effectively monitor thousands of security events generated each day Role management, recertification, etc. Software Tivoli® Identity and Access Assurance, Tivoli zSecure suite Tivoli Access Manager, Tivoli Federated Identity Manager Tivoli Identity and Access Assurance, Tivoli Security Information and Event Manager Professional Services Identity and Access Management Professional Services Compliance Assessment Services, Privileged Identity Management Managed Services Managed Identity and Access Management Managed User Monitoring and Log Management BUSINESS VALUE
© 2010 IBM Corporation14 Data and information This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Understand, deploy and properly test controls for access to and usage of sensitive business data BUSINESS VALUE Protecting Critical Databases Messaging Security and Content Filtering Managing Data Access and Encryption Monitoring Data Access and Preventing Data Loss Business Challenge Mitigate threats against databases from external attacks and internal privileged users Spam and inappropriate Web sites pose major productivity drains, resource capacity strains, and leading attack vector for malware Over 82% of firms have had more than one data breach in the past year involving loss or theft of 1,000+ records with personal information; cost of a data breach increased to $204 per compromised customer record * 42% of all cases involved third- party mistakes and flubs… magnitude of breach events ranged from about 5,000 to 101,000 lost or stolen customer records * Software Guardium Database Monitoring & Protection Multi-Function Security appliance, Lotus Protector Tivoli® Key Lifecycle Manager, Tivoli Security Policy Manager, Tivoli Federated Identity Manager Data Loss Prevention; Tivoli Security Information and Event Manager Professional Services Data Security Assessment Services Data Security, Compliance Assessment Services * "Fifth Annual U.S. Cost of Data Breach Study”, Ponemon Institute, Jan 2010
© 2010 IBM Corporation15 Application and process This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Keep applications secure, protected from malicious or fraudulent use, and hardened against failure BUSINESS VALUE Security in App Development Discovering App Vulnerabilities Embedding App Access Controls Providing SOA Security Business Challenge Vulnerabilities caught early in the development process are orders of magnitude cheaper to fix versus after the application is released 74% of vulnerabilities in applications have no patch available today* 80% of development costs are spent identifying and correcting defects, costing $25 during coding phase vs. $16,000 in post-production** According to customers, up to 20% of their application development costs can be for coding custom access controls and their corresponding infrastructure Establishing trust and high performance for services that span corporate boundaries is a top priority for SOA-based deployments Software Rational® AppScan®; Ounce Rational AppScan; OunceTivoli® Identity and Access Assurance WebSphere® DataPower®; Tivoli Security Policy Manager Professional Services Secure App Dev Process Enablement, App Vulnerability and Source Code Scanning App Vulnerability and Source Code Scanning Application Access Services Managed Services Managed Vulnerability Scanning Managed Access Control * IBM X-Force Annual Report, Feb 2009 ** Applied Software Measurement, Caper Jones, 1996
© 2010 IBM Corporation16 Network, server and end point This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Optimize service availability by mitigating risks while optimizing expertise, technology and process BUSINESS VALUE * Gartner Desktop Total Cost of Ownership: 2008 Update, Jan 2008 Systems Storage Virtual Network Protecting ServersProtecting Endpoints Protecting Networks Protecting Mainframes Business Challenge Mitigate threats against servers; prevent data loss Effective management can cut total cost of ownership for secured desktops by 42%* Mitigate network based threats and prevent data loss Mitigate threats against mainframes; protect against vulnerabilities from configuration; contain the privileged users Software Server Protection, Server Protection for VMWare Desktop security platform; encryption Network Intrusion Prevention System (IPS) Tivoli® zSecure suite Professional Services Server security, data security assessment services Desktop security, data security assessment services Network security assessment services Managed Services Managed IDS, Privileged User Mgmt Managed Desktop security platform Managed Network IPS
© 2010 IBM Corporation17 Physical infrastructure This is not intended to be a comprehensive list of all IBM products and services Introducing IBM Security Solutions Provide actionable intelligence and improve effectiveness of physical infrastructure security BUSINESS VALUE Video SurveillanceVideo AnalyticsCommand and Control Business challenge Legacy analog video systems with proprietary interfaces are hard to integrate with IT infrastructure Video information from many cameras present an information overload to human security personnel, detection is often after the fact and response management is problematic IT and physical security operate in silos and do not integrate. It is increasingly difficult and expensive to consolidate security information across locations for effectiveness and compliance Software IT infrastructure, Logical Security products, and DVS partner products Smart Vision SuiteCommand Control Center Solution Professional Services Base Digital Video Surveillance Infrastructure services Design, Implementation, Optimization services Command Control Center Solution Services
© 2010 IBM Corporation18 The IBM Security Framework foundation addresses your challenges of cost, complexity and compliance Introducing IBM Security Solutions Create and sustain security governance Manage risk Ensure compliance Build a strong foundation for IT security Click for more information
© 2010 IBM Corporation Some possible scenarios…. Attack on GPS –GPS is connected to public networks –An outsourced contractor’s kid down loading an innocuous software could bring the system down! Attack on carrier hotels –Location where all communication points meet up –Eg: One Wilshire, LA, California! Cyber-Hijacking, Blackmail, Ransom –Control the software on pacemaker! Solar Cycle expected in 2012 –CME (Coronal Magnetic Emission) could cripple satellite communication Polar Shift 19
© 2010 IBM Corporation20 Introducing IBM Security Solutions
© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?
Website Hardening HUIT IT Security | Sep
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
© 2011 IBM Corporation Building a Smarter Planet Smarter Approach to Stop Threats Before They Impact Your Business Hong Kong 22 Sep 2011 Venkatesh Sadayappan.
© 2012 IBM Corporation Click here for Table of Contents This document is for IBM and IBM Business Partner use only. It is not intended for client distribution.
Sam Chughtai IBM Security Solutions Executive The Challenging State of Cyber Security September 20 th, 2012.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Identity Assurance Emory University Security Conference March 26, 2008.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2012 Accenture & Symantec. All rights reserved. This Sales Accelerator presentation is intended to provide sales teams fast facts on solutions.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Unified Communications Bill Palmer ADNET Technologies, Inc.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
1 Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
NUAGA May 22, IT Specialist, Utah Department of Technology Services (DTS) Assigned to Department of Alcoholic Beverage Control PCI Professional.
The State of Security Management By Jim Reavis January 2003.
CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Why IT auditing is a must in your security strategy ?
Accelerating Development Using Open Source Software Black Duck Software Company Presentation.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Manage your technology for optimal return on investment (ROI) The Tivoli ® Configuration & Operations management solution from IBM.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 2 Network Security Basics.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2017 SlidePlayer.com Inc. All rights reserved.