Presentation is loading. Please wait.

Presentation is loading. Please wait.

Selling the IBM Security Portfolio

Similar presentations


Presentation on theme: "Selling the IBM Security Portfolio"— Presentation transcript:

1 Selling the IBM Security Portfolio
Agenda Selling the IBM Security Portfolio Beginning Part 3 of 3 Landscape/Background Opportunity Issues CIO perspective IBM Security Framework Selling IBM Security Solutions for: Security Intelligence, Analytics and GRC People (Identity and Access Management) Data Security Application Protection Infrastructure - Network, Server and Endpoint A Postscript to Boost Sales Possibilities For More Information . . . Welcome to the 3rd and final module of the “Selling the IBM Security Portfolio” presentation. Thus far, we've covered the security landscape, and offered insights into how the IBM Security Framework can help CIOs get out ahead of their security issues. And in the solution section thus far, we've covered Security Intelligence, People, Data and Application security sections and we pick up in the middle of the Infrastructure section specifically, we’re about to get into security for endpoints.

2 Managing Security for Endpoints - Challenges
How do I maintain the security and compliance of all my endpoints, regardless of where they are located or how they are connected, against a 24/7 ever evolving threat landscape? How do I achieve a high level or patch compliance across OS’s and applications within days of a patch release while lowering end-user impact and operational costs? In the event of a security incident, how do I ensure I can reach all my endpoints quickly enough to prevent further intrusion or disruption? Endpoint management brings many challenges to our customers, and in turn, they bring those problems to us looking for a solution. You can hear endpoint-focused security problems expressed in many different ways: The first point deals with achieving and maintaining compliance, and the catch is that very often, endpoints are mobile and widely distributed. You’ll hear about patch distribution and installation many tools have a failure percentage that is wayy too high for the requirements of our customers. And they're sensitive to this, because this is a huge cost factor for them. Policy changes and attack countermeasures need to be deployed extremely quickly companies can't afford to wait weeks for the distribution of patches or policy changes to take place, whether the company has locations world-wide as depicted on this slide, or even if the distribution is within a few buildings in a city. Finally, to cover something we can all relate to the proliferation of smartphones and tablets is here and is still on the rise they have flooded our customers’ environments and their security needs to be managed efficiently. How do I ensure the security of mobile devices as they access more and more sensitive systems?

3 Endpoint Manager, built on BigFix technology
Endpoint Manager IT Operations Solutions Endpoint Manager IT Security Solutions Unifying IT operations and security Endpoint Manager for Lifecycle Management Endpoint Manager for Security and Compliance Endpoint Manager for Mobile Device Management Endpoint Manager for Core Protection Endpoint Manager for Mobile Device Management Endpoint Manager for Patch Management This slide helps identify the various packages of Tivoli Endpoint Manager. On the left hand side we have the ones that are more suited to targeting IT Operations and are sold by our friends in Tivoli System The ones that are more interesting for IT Security are shown on the right-hand side of these the first three can be sold also by IBM Security Systems division and its Business Partners. Notice that Patch Management is a part of both solution sets For sellers of security, understand that Endpoint Manager for Patch Management is a part of the Endpoint Manager for Security and Compliance package. However, IBM Security Systems sellers do not sell Endpoint Manager for Patch Management as a stand-alone offering. Endpoint Manager for Power Management Endpoint Manager for Patch Management Endpoint Manager for Software Use Analysis

4 Tivoli Endpoint Manager for Security and Compliance
Microsoft Windows • Mac OSX • IBM AIX • HP-UX • Solaris • VMware ESX Server • 7 versions of Linux • iOS • Android • Symbian • Windows Mobile IT Asset Management IT Security and Compliance IT Operations Green IT Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Patch management Software distribution OS deployment Remote control Server management Patch management Software distribution OS deployment Remote control Server management Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Windows power management Mac power management Wake-on-LAN Windows power management Mac power management Wake-on-LAN All the features of the full Endpoint Manager family can be grouped in four areas: First, IT Asset Management Here we find features aimed at analyzing the status of the endpoints. Next IT Operations. Here we find features aimed at making changes: deploying patches, deploying and removing software and so on IT Security and Compliance. These are the features strictly relating to security: policy for security configuration, network quarantine, Anti-Malware, etcetera. Green IT. All these features are related to power management. The outlined areas show the components that are part of the Endpoint Manager for Security and Compliance product. As you can see, Endpoint Manager for Security and Compliance has features that go beyond just IT Security and Compliance. These include network discovery (for the identification of the complete set of systems on the network) and Patch Management, which applies as much to IT Security as it does to IT Operations. 1 console, 1 agent, 1 server, many OSs

5 Endpoint Manager for Security and Compliance
Patch Management Security Configuration Management Vulnerability Management Asset Management Software Use Analysis Network Self Quarantine Multi-Vendor Endpoint Protection Management Anti-Malware and Web Reputation Service Discover 10% - 30% more assets than previously reported Library of 5,000+ compliance settings, including support for FDCC SCAP, DISA STIG IBM Endpoint Manager Having a quick peek at how the Security and Compliance process works, we can identify these four steps: Step Assess - As soon as a system boots, it will look for any updates to the policy, then the systems is assessed. Steps 2 and 3 Remediate and Enforce - With Endpoint Manager, remediation and enforcement happen locally, with no need to communicate with any other system; this is a huge benefit as it guarantees that a system can be in compliance without the need for a connection to a separate system somewhere. Finally, Step 4 – Report Reporting is hugely beneficial to management as it gives visibility to the status quo of the infrastructure. A system that doesn’t report to the server is still going to proceed with its cycle; information will be stored locally and transferred at the first opportunity. Automatically and continuously enforce policy at the end point Achieve 95%+ first-pass success rates within hours of policy or patch deployment

6 Endpoint Manager and endpoint compliance
Traditional compliance Continuous compliance The security team develops compliance policies The security team runs an assessment tool (or tools) against that policy The security team forwards findings to operations Operations makes corrections as workload allows, one item at a time using different tools from security (which generates different answers to questions like “how many endpoints do I have?”) Users make changes causing endpoints to fall out of compliance again Start assessment all over again Security and operations work together to formulate policies and service-level agreements (SLAs) Operations implements the baseline (patch, configuration, anti-virus, etc.) across all endpoints in the organization Policy compliance is continuously monitored and enforced at the endpoint; changes are reported immediately The security team can instantly check on the current state of security and compliance anytime Security and operations teams work together to continually strengthen security and adjust to evolving requirements Customers derive a good number of benefits from Endpoint Manager for Security and Compliance, especially because Endpoint Manager can be and often is used by a combination of operations-focused and security focused administrators. 2 benefits that result and that we highlight here are return on investment or ROI and improved compliance. ROI derives from the fact that the security and operations teams can collaborate to set a baseline for security policy and to continually strengthen it, adjusting the policy for the requirements that evolve over time. Capturing each policy adjustment ensures that the policy evolves and improves over time, and is constantly used for all future evaluations. This is not a trivial aspect because many customers expect the systems to get worse over time, so showing that this won’t be the case is can be a game changer for the customer. Improved compliance is achieved simply due to the fact that with operations and security collaborating, steps need to be defined once the customer’s risk diminishes, due to actual implementation of the security policies: there’s less data loss, fewer exploitable vulnerabilities, and less room for the end-user to put the company at risk, whether maliciously or otherwise.

7 Endpoint Manager for Core Protection
Microsoft Windows • Mac OSX • IBM AIX • HP-UX • Solaris • VMware ESX Server • 7 versions of Linux • iOS • Android • Symbian • Windows Mobile IT Asset Management IT Security and Compliance IT Operations Green IT Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Patch management Software distribution OS deployment Remote control Server management Patch management Software distribution OS deployment Remote control Server management Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Windows power management Mac power management Wake-on-LAN Windows power management Mac power management Wake-on-LAN Let’s look again at all the overall features of TEM, this time, with a focus on what the piece parts are for Tivoli Endpoint Manager for Core Protection or TEM-CP. TEM-CP includes network discovery (for the identification of new systems on the network) but note that it does not include Patch Management. The main security features of TEM-CP are shown in the IT Security and Compliance column and they include third-party anti-malware management and Web, file, reputation services for Data Loss Prevention. 1 console, 1 agent, 1 server, many OSs

8 Endpoint Manager for Core Protection Protecting endpoints from viruses, malware and other malicious threats Overview Delivers single-console, integrated cloud-based protection from viruses, malware and other malicious threats via capabilities such as file and web reputation, personal firewall, and behavior monitoring Highlights Delivers real-time endpoint protection against viruses, Trojan horses, spyware, rootkits and other malware Protects through cloud-based file and web reputation, behavior monitoring and personal firewall Provides virtualization awareness to reduce resource contention issues on virtual infrastructures Leverages industry-leading IBM® and Trend Micro™ technologies with a single-console management infrastructure Drilling down in the main features of TEM for Core Protection we find: anti-virus/anti-malware protection cloud-based file and web reputation to protect the end user from being infected while browsing Behavior monitoring and a personal firewall to identify anomalies and stop unsolicited traffic. Virtualization awareness to optimize resources. The third-party agent built into TEM is a Trend Micro agent; being “built-into” means that there will be only one agent running on the systems and only the TEM Console for management will be needed. That is, the same console that can be managing the other aspects of endpoint management such as power management, software distribution and license compliance, for examples. This is our Data Loss Prevention or DLP solution for Data in use. The DLP-light solution for Data in motion over the network is our Network IPS portfolio. And for Data at rest we have multiple encryption options, both hardware and software. 8

9 Key Benefits & Features of Data Protection Add-on
Real-time content scanning of sensitive data Out-of-the-box compliance templates to detect credit card numbers, social security numbers, among other sensitive data Monitoring and enforcement of multiple egress points ( , browser, USB, etc) Low TCO – Addresses baseline data protection requirements with minimal cost and investment; scales to 250,000 endpoints on a single server In addition to the base TEM-CP solution, there is an optional purchase that is sometimes referred to as DLP + Device Control. Let’s look at some of the key benefits of this add-on. It allows for real-time analysis and content scanning. The use of the numerous provided compliance templates makes our customers’ experience much nicer; they don’t have to reinvent the wheel and can re-use IBM’s experience-derived compliance policy suggestions. It goes beyond mere monitoring, and is capable of enforcing security measures this helps ensure that the security level never worsens. Scalability is already an important feature of TEM. Two aspects of this need to be underlined here: The Low TCO is even greater due to the fact that the Trend Micro console (which doesn’t scale to these sizes) is not necessary. 250,000 endpoints refers to a company of 60,000 to 80,000 employees; it is easy to imagine a couple of systems, a smartphone and a tablet per employee. IBM is in the midst of a TEM deployment internally, and is expecting to deploy 1,250,000 agents for a little bit more that 420,000 employees.

10 Tivoli Endpoint Manager for Mobile Device Management
Microsoft Windows • Mac OSX • IBM AIX • HP-UX • Solaris • VMware ESX Server • 7 versions of Linux • iOS • Android • Symbian • Windows Mobile IT Asset Management IT Security and Compliance IT Operations Green IT Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Network discovery Managed endpoint hardware inventory Managed endpoint software inventory Software use Analysis PC software license compliance analysis Patch management Software distribution OS deployment Remote control Server management Patch management Software distribution OS deployment Remote control Server management Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Security configuration baselines Vulnerability assessment Network self- quarantine Personal firewall Multi-vendor anti- malware management Third-party anti- malware management Web, file, reputation services Windows power management Mac power management Wake-on-LAN Windows power management Mac power management Wake-on-LAN Looking one last time at all the features of TEM, we can see that Tivoli Endpoint Manager for Mobile Devices has strengths that are different from yet complimentary to the other Endpoint Manager security offerings. There is Hardware and Software inventory capability, allowing customers to know exactly what is running on the smartphone or tablet. Software distribution capability installs and/or removes mobile apps. And Like TEM for Security and Compliance, Endpoint Manager for Mobile Devices offers security configuration baselines to enforce compliance according to corporate requirements. 1 console, 1 agent, 1 server, many OSs

11 Managing Mobile Devices – The Solution
iCloud iCloud Sync iTunes Sync End User VPN / WiFi Corporate Network Access Personal Mail / Calendar Personal Apps Corporate Profile Enterprise Mail / Calendar Enterprise Access (VPN/WiFi) Enterprise Apps (App store or Custom) Secured by BigFix policy Encryption Enabled Endpoint Manager for Mobile Devices Enable password policies Enable device encryption Force encrypted backup Disable iCloud sync Access to corporate , apps, VPN, WiFi contingent on policy compliance! Selectively wipe corporate data if employee leaves company Fully wipe if lost or stolen Mobile Devices are with no doubt the biggest challenge in IT; their mobility (no pun intended) and their variety and the social aspects of these devices (much more apt to be shared, for example) makes it really hard to find a solution that scales and is easy to manage. TEM for Mobile Devices extends the existing TEM offering and offers these advantages: Managers don’t have to learn a new systems Password policies can be enforced (you’ll be amazed how many people have extremely weak passwords on their mobile endpoint). Outside of a work context, the impact is the loss of personal information; including a work context, the impact of data loss can be extremely costly. The solution can be set up to enforce encryption On iPhone, IBM disables iCloud to avoid data leaving the phone without consent Security measures/policies are enforced whenever the mobile device is used to access corporate . And a very critical feature: Selectively wipe corporate data but not the owner’s private data.

12 PCs and mobile devices have many of the same management needs
Traditional Endpoint Management Mobile Device Management OS provisioning Patching Power Mgmt Anti-Virus Mgmt Device inventory Security policy mgmt Application mgmt Device config (VPN/ /Wifi) Encryption mgmt Roaming device support Integration with internal systems Scalable/Secure solution Easy-to-deploy Multiple OS support Consolidated infrastructure Device Wipe Location info Jailbreak/Root detection Enterprise App store Self-service portal We are comparing here the management needs of traditional endpoints (servers, workstations/PCs and laptops) with the management needs related to mobile devices. It is very clear that there is a long list of common aspects, more than there are differences. It is important to notice that what’s not included among the Mobile Device Management features are OS provisioning and patching because it is usually done by the vendor or service provider. Nor is power management included, as mobiles are almost always on. Antivirus management means that we don’t have an interface to any AV solution to date, but we can enforce its deployment via the application management. As for the features specific to Endpoint Manager for Mobile Devices, Jailbreak and Root Detection only work if there is a local agent installed and not via an -based approach.

13 How does Endpoint Manager manage mobile devices?
Agent-based Management Android via native BigFix agent iOS via Apple’s MDM APIs Full management -based management through Exchange and Lotus Traveler Supported platforms: iOS, Android, Windows Phone, Windows Mobile, Symbian Subset of management - management of on the device and the ability to lock and wipe the device Category Endpoint Manager Capabilities Platform Support Apple iOS, Google Android, Nokia Symbian, Windows Phone, Windows Mobile Management Actions Selective wipe, full wipe, deny access, remote lock, user notification, clear passcode End-User Services Self-service portal, enterprise app store, authenticated enrollment (AD/LDAP) Application Management Application inventory, enterprise app store, whitelisting, blacklisting, Apple VPP Policy & Security Management Password policies, device encryption, jailbreak & root detection Location Services Track devices and locate on map Enterprise Access Management Configure , VPN, and Wi-Fi; certificate management Expense Management Enable/disable voice and data roaming Not all customers want to secure all of their mobile devices in the same way. And not all platforms are covered the same way. On Android for example, it’s possible to install a local agent that communicates directly with the TEM manager (the same server that manages all other endpoints). iOS can have an app running locally that talks to the TEM manager via Apple’s MDM APIs. All the other supported platforms talk to the TEM manager only via the mail servers (for this, there is a component called Management Extender); this solution, which is similar to what’s been possible with Blackberry phones for several years now, offers a level of security but is not as precise nor as powerful as the local agent. In the future, we expect to have more platforms supported with a local agent (in particular Windows). Both iOS and Android can be managed via as well as with a local agent. If it sounds counter-intuitive that you can manage a phone via the explanation is this: systems allow some control over the and access of the , and it also applies to the device. You can see the wider range of devices that can be supported for this subset of management possibilities – iOS, Android, Windows Phone, Windows Mobile and Symbian. So you can wipe , wipe contacts, as well as lock and wipe the device itself, via Lotus Traveler/Notes as well as MS Exchange. TEM links into these interfaces and can call these functions. If you want more control, such as detailed info on the phone, installed apps, corporate app store, remove individual apps, selectively wipe, set VPN credentials, etc. etc. etc., then you would use either the Apple integration or the Android agent.

14 Endpoint Manager extends the value proposition for existing endpoint and server security customers
Endpoint Manager Family Value-Add Proventia Desktop (PD) and Endpoint Secure Control (ESC) Robust, scalable BigFix platform for delivering full lifecycle and security applications and content Core PD applications move to BigFix Upgrade 400+ PD customers to Endpoint Manager Lifecycle and Security Management suites Tivoli Security Compliance Manager (TSCM) Vulnerability assessment and patch management for remediation Lightweight, flexible platform SCAP certifications for US Federal TSCM is at end-of-market; so, TEM SC is not an upsell, per se. Upgrade 400 SCM clients (200 individual, 200 ITD) to patch management to remediate configuration & vulnerability issues Upgrade to full Endpoint Manager Family Proventia Server (IBM Security Server Protection) & RealSecure Server Sensor Integrated platform for management, patching, config compliance and threat prevention Ability to sell/manage anti-malware Add patch, configuration and vulnerability management Anti-malware (via Trend Micro) for more complete compliance/ protection IBM Security Access Manager for Enterprise Single Sign-On (E-SSO) Extend endpoint management value delivered by SAM E-SSO, to include Endpoint Manager deployment Strengthens endpoint ROI case Extend ROI / productivity gains from ESSO (450+ installs) by adding Endpoint Manager Lifecycle Management Up-Sell Opportunity There already are many IBM solutions running on endpoints; for all of them, the deployment of TEM as an additional component is a natural up-sell opportunity (or even a necessary one, in the case of replacing TSCM). TEM won’t replace Proventia Desktop or Proventia Server, but it will make sure it is up-and-running, and monitor if it is up-to-date. So now our focus is back on Tivoli Endpoint Manager for Security and Compliance. This product is the natural upsell for all host-based solutions. Proventia Desktop. With this upsell customers can make sure Proventia Desktop is installed and running, they can monitor which version is running and which policy is applied. Tivoli Security Compliance Manager customers TSCM is at an end-of-market stage. So, there’s not an up-sell situation here, per se. TEM-SC is TSCM’s alternative/strategic solution; it might also be a services opportunity, as services are required to port TSCM collector functionality to TEM-SC Proventia Server, RealSecure Server Sensor. Same as for the desktop, customers can make sure that the security agent is installed and running, they can monitor which version is running and which policy is applied Enterprise SSO. Again, TEM can be used to make sure that it runs and then TEM can be leveraged every time there is an update to roll out.

15 EndPoint Security Sales Insights (including Competition)
IBM Internal/Business Partner Use Only – Not for Use with Clients EndPoint Security Sales Insights (including Competition) Endpoint continuous compliance, monitoring, visibility and “take remediary action” focus is a big play in these days of compliance focus and audit and intrusion fears Don’t accept “We don’t need this product because “We already have security products for our endpoints” (e.g. NAV for anti-virus, SCCM for patch management) A Endpoint Manager proof of concept can dramatically demonstrate: Wow! We have more OSs, devices, endpoints than we thought, and we need to protect them! (Some weren’t installed, weren’t up-to-date, weren’t up and running, …) Wow! This product works! It’s up and running quickly, it is accurate, it has a wealth of capabilities and there is really fast time to value! Look for the following – large scale deployments - tool consolidation, 3rd-party patching, continuous compliance focus, anti-virus consolidation/replacement. Continuous compliance through local enforcement Speed of policy updates Support for heterogeneous OS’s (Windows, Macs, *nix) and applications (Microsoft apps, Adobe, Java, Firefox, etc.) Scalability is a big plus for us ,000 endpoints per single Endpoint management server vs. Microsoft (e.g. 175 SCCM servers and 30 administrators for a 100,000 endpoint customer) One system for ALL endpoints, including mobile. Our competitors don’t have the same integration for platforms & DLP without an expensive infrastructure When you go to customers you’re likely to get some rejection as they feel they already have the area of endpoint security covered. Don’t despair!! Ask them what it is that they cannot do but really would make their life easier. After some digging, you’re likely to find a spot where you can introduce TEM and WOW them with a demo. Remember the strong points: Continuous compliance through local enforcement Speed at reaching each endpoint for policy updates or patch distribution Platform support. Often they have a Microsoft solution that doesn’t cover a wide range of platforms; this is your way in. Scalability; 250,000 agents with one server (this for between 60,000 and 70,000 employees) One solution for all kind of endpoints: servers, desktops, tablets and smartphones

16 Security Challenges Specific to the Mainframe
Compliance: Compliance verification is a manual task with alerts coming after a problem has occurred, if at all Complexity: The mainframe is an integral component of many large business services, making the identification and analysis of threats very complex and creating a higher risk to business services Systems are vulnerable to the unmanaged activities of privileged users. Cost: Mainframe security administration is usually a manual operation, or relies upon old, poorly documented scripts. Administration is done by highly skilled mainframe resources that are usually in short supply. Verifying Compliance Ensuring Compliance Increasing Complexity OK switching gears from a distributed endpoint discussion to the extra large extra powerful endpoint that many of our customers know and love System z. All z/OS customers have an identity and access management solution in place. Therefore, they all have some security in place. The challenges for these customers, however, is that native RACF has serious limitations in addressing compliance requirements, and because of its cryptic nature, it can be very complexity and costly to administer. Compliance is a major issue in today’s more integrated and more visible, IT infrastructures. Governments are implementing regulations that require our customers to report on how secure their environments are. Internal and external auditors are increasingly requiring that our customer produce regular reports detailing access to sensitive data and produce reports validating the security of their infrastructures. It is very hard to respond to these requests in a mainframe environment with either RACF or ACF2 or Top Secret. As such, most customers either fail in responding to these requirements or try to implement time consuming and error prone manual responses. Also, mainframe customers have to deal with the inherent complexity of RACF. Configuring RACF is very complicated, requiring multiple steps to implement simple tasks, with very cryptic commands. Understanding and reporting on these complexities is very challenging. Thus, many customers make liberal use of privileged user access. That is often the easiest route to address the access needs for users with complex requirements. And as we understand, granting privileged, or root, access opens a variety of access and reporting exposures. Finally, cost. Because the cryptic nature of configuring RACF, customers end up relying on highly skilled, and increasingly scarce, mainframe resources. This makes mainframe security administration inherently costly. And, as these administrators are often times older employees and organizations understand that they will need to replaced at some point and will look to automated solutions. Rising Costs Rising Costs 16

17 zSecure suite Capabilities
Auditing & Compliance Reporting Vulnerability analysis for your mainframe infrastructure. Automatically analyze and report on security events and detect security exposures Enhanced Administration Enables more efficient and effective RACF administration, using significantly fewer resources Visual Administration Helps reduce the need for scarce, RACF-trained expertise through a Microsoft Windows–based GUI for RACF administration Event Alerting Real-time mainframe threat monitoring permits you to monitor intruders and identify misconfigurations that could hamper your compliance efforts CICS based Administration Provides access RACF command & APIs from a CICS environment, allowing for additional administrative flexibility Command Verification Policy enforcement solution that helps enforce compliance to company and regulatory policies by preventing erroneous commands The zSecure suite provides a variety of important capabilities for customers to address the challenges that we discussed on the previous slide Let’s briefly discuss each of these capabilities. Auditing & Compliance reporting: This is likely to be the most attractive capability of the suite. Simply, it provides vulnerability analysis of customers’ mainframe infrastructure. It allows customers to quickly and easily analyze their infrastructure to identify and report on exposures. These capabilities help customers address the various, and increasing, audit requirements that are coming their way. Event alerting: These capabilities help customers implement real time threat monitoring. And with the customization capabilities of the suite, customers can implement monitoring of a wide range of security issues and data access. And, the data gathered from both the alerting and auditing capabilities can be automatically fed into security intelligence solutions such as ArcSight and QRadar SIEM to help customers implement enterprise wide security intelligence. Command verification: Because of the cryptic nature of RACF commands, and the likely large number of privileged users, customers are likely concerned about the integrity of their configurations. That is where the command verification of the suite comes in. These capabilities help customers implement policies and best practices to ensure that RACF is being configured in ways that protect the access to their critical assets. Enhanced Administration: This is another very important value for the suite. These capabilities greatly simplify the day to day administration of RACF, bringing greater efficiency and effectiveness, and reducing the reliance on skilled resources. Visual Administration: Some customers want to simplify administration even further. With the visual administrative capabilities of the suite, customers can administer RACF from a Windows based GUI. Among other things, this helps customers decentralize the administration of RACF. CICS-based Administration: CICS is the primary transaction facility on z/OS. It provides the infrastructure for most online applications on z/OS. The suite can expose RACF commands and APIs to the CICS environment, thus giving customers new flexibilities for implementing application level security. And finally, Administration and Auditing for z/VM. z/VM is another operating environment on the mainframe. Analogous to VMware, but on the mainframe. z/VM allows customers to implement a variety of virtualized environments that can exploit the scalability and reliability of the mainframe hardware. Most notably, customers use z/VM to implement many instances of Linux on System z. These customers have the same issues of compliance, complexity, and cost. The suite offers capabilities to addresses these same challenges for z/VM and Linux for System z. Administration & Auditing for z/VM Combined audit and administration for RACF in the VM environment including auditing Linux on System z

18 zSecure suite Business Benefits
Helps to reduce cost and improves resource utilization Task automation reduces labor cost to perform essential z/OS and RACF security functions Simplified UI allows less experienced resources to perform key security functions, freeing up skilled mainframe resources and allowing administer to manage security rather than using system programmer skills. Improved system availability with automated analysis and detection of threats and configuration changes. Proactive compliance monitoring Automated compliance monitoring, customized to fit your business, issues real time alerts on external threats, inappropriate data access or misconfiguration Real-time blocking of dangerous RACF commands helps prevent privileged user abuse Automated data collection for compliance reporting, audit trail analysis and forensic research. Improves efficiency and quality Automated functions reduce mistakes that lead to data exposure and costly outages Single point of administration easily manages large and small z/OS environments, and multiple RACF databases Streamlined management of privileged users quickly identifies & removes unnecessary access to information With the capabilities noted on the previous slide, the zSecure suite provides a variety of benefits for customers. It can help them reduce a variety of labor costs, particularly those associated with their highly skilled mainframe security administrators, by simplifying administration and by automating a variety of reporting and analysis tasks. With proactive compliance monitoring, zSecure can help customers address audits and regulatory requirements, while automating the identification of security exposures and enforcing best practices for RACF command usage. Finally, zSecure improves efficiency and quality via automation, streamlined administration, and improved management of privileged users.

19 Solving Customer Security Challenges in Mainframe Environments z/OS, z/VM and Linux on System z
Automate continuous compliance to address worldwide industry standards and regulations Illustrated to auditors that preventative, detective and corrective controls are installed Improve administrator effectiveness with built-in best practices Reduced identity and access security management overhead and costs with integrated security management Here are a few customer success stories: Norwich Union uses the zSecure suite to provide continuous compliance. Allied Irish Bank uses the zSecure suite to reduce their costs of mainframe security administration. Aviva uses the zSecure suite to validate the integrity of access to critical business data A major health care organization uses the zSecure suite to address compliance & governance issues in their mainframe environments. So, you can see compliance, cost savings, access control and governance there are all kinds of reasons that can compel a customer to take advantage of this mainframe security product. Protect the integrity of sensitive enterprise data Used IBM technologies to track and redact medical information from imaged documents. Major healthcare organization Simplify mainframe administration and auditing for compliance and governance Establish user identification services for compliance and governance 19

20 zSecure provides customers with significant business value
IBM's Significant Product Capabilities IBM's Business Value Enhanced Administration Automated cleanup of orphan accounts Off line change management & change modeling RACF DB merges Cascading permissions for Group Tree Structures Helps improve security at lower labor cost Aids in reducing costs by avoiding configuration mistakes Eases labor cost for directory merges Helps reduce labor cost by more efficient group management Auditing & Compliance Customizable reports Automated risk classification Broad coverage of audit control points Security Intelligence to identify and manage Trusted Users Exceptional coverage of security event records Can provide report that match business model / business requirements Helps optimize labor utilization by prioritizing tasks Aids in reducing cost by helping eliminate outages not detected by non-IBM solutions Address business risk by helping to find segregation of duties exposure The zSecure suite offers a variety of capabilities that you can highlight to your customers when you are competing with other solutions. Consider this slide and the next slide as a good reference as you talk with your customers. I won’t cover all of the points; but rather, I’ll highlight a few key items. The offline change management capabilities help customers improve the quality of their day to day administrative tasks by helping them identify configuration issues before they are work their way into production. And the suite can automatically capture important security & data access events from the mainframe and feed them directly into enterprise security intelligence solutions such as QRadar SIEM, HP ArcSight and others.

21 zSecure provides customers with significant business value
IBM's Significant Product Capabilities IBM's Business Value Alerting Can capture unauthorized back door changes to RACF, Security Policies Extensive coverage of real time audit control points, especially network Can reduce cost by helping eliminate outages not detected by competition Command Verification Auditing of RACF changes by Privileged Users Can complete audit in seconds, not days, reducing labor cost Visual Administration Real time, on line updates Integrates w/ HR Systems (PeopleSoft, SAP, etc.) Roles based administration for separation of duties Manage from a single screen Permits changes in minutes, not overnight Enables better business control by providing access for only current employees & contractors Helps minimize business risk by enabling segregation of duties Aids in reducing labor cost and errors CICS based administration Externalizes authentication from the application Can lower application development and maintenance costs And again covering some highlights on this slide . . . zSecure’s alerting capabilities can identify unauthorized changes to RACF. The command verification capabilities can protect organizations against unauthorized changes by privileged users. The CICS capabilities of the suite help customers exploit RACF to implement application level security.

22 IBM Security zSecure suite products
Combined audit and administration for RACF in the VM environment including auditing Linux on System z Vulnerability analysis for your mainframe infrastructure. Automatically analyze and report on security events and detect security exposures Enables more efficient and effective RACF administration, using significantly fewer resources Real-time mainframe threat monitoring permits you to monitor intruders and identify misconfigurations that could hamper your compliance efforts Helps reduce the need for scarce, RACF-trained expertise through a Microsoft Windows–based GUI for RACF administration We’ve discussed a broad range of capabilities in the suite in this discussion As it turns out, these capabilities are available as separately licensed products as well as in attractively priced bundles. zSecure Audit provides vulnerability analysis zSecure Alert provides real time monitoring, zSecure Command Verifier provided policy enforcement zSecure Admin provides enhanced administration zSecure Visual provides the Windows GUI for administration zSecure CICS Toolkit provides RACF commands and APIs to the CICS environment, zSecure Manager for RACF z/VM provides key auditing & administrative capabilities for the RACF z/VM environment. And, these products are also available in attractive bundles. zSecure Audit, Alert, & Command Verifier are available in the zSecure Audit & Compliance bundle. zSecure Admin & Visual are available in the zSecure Administration bundle. And zSecure Audit, Alert, Command Verifier, Admin & Visual are available in the “uber” Administration & Compliance bundle. These bundles all have compelling value propositions for customers and are attractively priced. Policy enforcement solution that helps enforce compliance to company and regulatory policies by preventing erroneous commands Provides access RACF command & APIs from a CICS environment, allowing for additional administrative flexibility Note: ACF2 and Top Secret are either registered trademarks or trademarks of CA, Inc. or one of its subsidiaries.

23 You Survived the Security Gauntlet . . . Time for a Knowledge Check
IBM Internal/Business Partner Use Only – Not for Use with Clients You Survived the Security Gauntlet Time for a Knowledge Check Match customer need with IBM security solution: “Provisioning and managing users” “Comprehensive single sign-on” “Proactive threat mitigation” “RACF administration ease of use” “Patch management, endpoint protection asset discovery and mobile device security” C C A, B, C, D B A D OK so that covers the main IBM Security Solutions, we want you to be knowledgeable about, and we’ve covered them for you in the context of the IBM Security Framework. So before we move on and finish up the presentation, let’s take a little break and as it says on the title of this slide, you’ve survived the security gauntlet and it’s time to quickly check on your level of retention of some of this material. A – IBM Security zSecure suite B – IBM Security Network IPS C – IBM Security Identity & Access Assurance D – Endpoint Manager Family

24 Move Up the “Food Chain” Whenever You Can
IBM Internal/Business Partner Use Only – Not for Use with Clients 24 Move Up the “Food Chain” Whenever You Can Individual Product IBM Security Solution Bundle Cross-IBM Many customer security requirements interrelate They need threat mitigation and they need identity and access management. They need data security and they need security intelligence. For this reason, we recommend you move up the food chain whenever you can, and move from a sale focused on a single product to one involving a bundle or family of solutions and that you consider getting to into cross-brand sales Some of which we’ve described as very desirable (such as a WebSphere SOA sale possibly needing to include FIM and TSPM in the equation). 24 24

25 P.S. – Tivoli Directory Server
25 P.S. – Tivoli Directory Server A registry/directory/repository For multiple applications to share consistent, up-to-date info about users World-class technology (DB2 underpinnings) Aids IBM Security Sales, by being in the package (limited use license) comes in the AMeb, TIM, TFIM,. packages. Can compete on its own with other Directory/Registry providers: Performance/scalability Did we mention “performance/scalability”? Wide platform coverage. (AIX, Solaris, HP-UX, Linux (zSeries, iSeries, xSeries, pSeries), Windows 2003/2008, z/OS) OpenGroup LDAP v2 certified (Only TDS and Apache are listed at ) Common Criteria evaluation of EAL 4+ (2009) (Oracle is 4+ (2008), CA is 3 (2007)) Price. Can beat Sun, for example, on price. Good in large deployments. Some vendor LDAP servers (e.g. Sun) have an architecture requiring all directory entries to be cached in memory to give good performance. TDS offers good performance in configurations where the number of directory entries is too large to be cached in memory. The last 2 products we’ll talk about are Tivoli Directory Server and Tivoli Directory Integrator products that are packaged with a number of the Tivoli Security Identity and Access Management and compliance products. These are 2 infrastructure type products and both involve great technology that really enhance Tivoli security sales. The first is Tivoli Directory Server. What is it? It’s LDAP directory technology that customers use to create a directory or registry or repository (customers use those terms and more to describe the thing they deploy to share information) and the basic purpose is to share information across applications. The shared information can be lots of things, but one very primary class of shared information is shared information about users. Thus it’s really important to security solutions, as an understanding of who the user is and what their attributes are is really important in a security context. Tivoli Directory Server is very good directory technology and the basic reason why is its DB2 underpinnings. So, looking quickly one by one at the points why TDS is a very competitive technology as compared to other directories from other vendors (CA, Microsoft, Sun/Oracle and so on) The first couple are directly attributable to DB2 Performance and Scalability Performance and Scalability And performance and scalability Oh, did I forget to mention performance and scalability? DB2’s been honed, tuned, refined and sanctified over the years, and it just flat out performs. It’s also great a supporting multiple operating system platforms and thus TDS is as well. When it comes to being LDAP certified, TDS is there, and it has the highest and most recent EAL4+ (very high) Common criteria evaluation. Pricewise, it can be Sun Some other vendors given theirs away (for example, Microsoft with their quasi-LDAP technology Active Directory) And finally, to pick on sun again, they are an example of a vendor who has to sometimes “cheat a bit” by caching all directory entries, in order to achieve good performance in large deployments. We don’t require that the entries be cached and so when the number of directory entries is too large to be cached in memory, Sun and others falter, but we shine. An interesting side note on this Way back in the TAMeb description I mentioned a nice 1-page overview paper with brief descriptions of TAMeb customers who had achieved multi-million user implementations. Because of TAMeb’s open directory support, each of the companies could have chosen Sun or Microsoft’s AD or Novell, or whatever as their registry, but in every case, the directory technology chosen was Tivoli Directory Server. 25 25

26 P.S. – Tivoli Directory Integrator
26 P.S. – Tivoli Directory Integrator Lotus Connections Maps/maintains enterprise users into Connections DBs (various sources) Sametime Unified Telephony Integrates w/PBX middleware that controls physical telephone switches Help desk integration Integration between TSRM 3rd party helpdesk systems Tivoli Identity Manager TIM’s integration platform for new supported adapters. Customers use TDI as their extension point for customization. WebSphere Commerce Server Automatically add customers to Lotus Connections through published WWW interface into TDI IBM Mashup Center Provides WWW access to enterprise data such as SAP, Domino, and other TDI-accessible resources Compliance Management TSIEM scans audit & log files. TDI reads from custom systems in the field to create W7 format logs. Tivoli Directory Server TDI acts as an SNMP agent for TDS, IBM’s great LDAP server. TADDM – Service Management IT infrastructure discovery Custom integration of asset information into TADDM and CCMDB using the IdML XML format Network Monitoring drives TSRM ticket generation Working with IBM products (Netcool Omnibus, TEC, NetView) and HP OpenView, TDI monitors events in real-time and drives selected events into TSRM. Optionally synchronizes status back to monitoring consoles. Tivoli Federated Identity Manager TFIM provides federated (multi-domain) single sign-on. TDI can be called at run-time to augment security tokens with custom data “Blue Glue” - Closes the gaps between products WebSphere RFID Information Center Which products? TAMeb TIM Lotus Domino Tivoli Svc. Req. Mgr. Connections Tivoli CCMDB and many more … Quickr The other great infrastructure technology that comes with many of our solutions is Tivoli Directory Integrator. The development and architecture team for this product calls TDI “IBM Blue Glue” And that’s apt, because it is glue code that’s always needed for the final fit and finish to make sure products are well integrated, working together optimally, and of course to ensure that if a user has information that’s kept in 25 different databases, application files, registries and other repositories throughout a company, that if a change is made to some information that they share, the update gets populated everywhere that the change is relevant. TDI is Java code so it runs anywhere And it really addresses these requirements well. Like TDS, a limited use license of TDI is part of many IBM packages Here is a short list of which ones And to give you an idea of what types of customer requirements TDI addresses as it works with some of these products (the full list is much larger), I’ve listed some examples here for you to peruse. 1 quick security example to highlight is that TDI is used in Tivoli Identity Manager adapters, to enable TIM to provision targets in its long target support list. TDI tends to be most useful in out of band, admin level, keep things in synch type scenarios I’ll leave it as “you can get into some interesting discussions” if you want to extend its uses into run-time transactions. 26 26

27 IBM Internal/Business Partner Use Only – Not for Use with Clients
To successfully sell security, you must include the right stakeholders during the sales cycle: LOB owners SOA/App Architects Security Admin Network / Operations Identity and Access Management Application/Db Authorization Federation Web Security User Account Provisioning Key Management And of course as you’re out there selling, it’s best to match up as best you can who you’re selling to with the kind of technologies that they’re interested in. This chart offers a generalized view on this point. So, for example, if you’re selling encryption key management, you might be talking more to the network operations side of the business. If you’re selling Tivoli Security Policy Manger, and its authorization capabilities, you might be talking to the SOA architects or even Line of Business people. It’s just a generalized chart These things vary from company to company and from geo to geo and from sale to sale. But again if you’re involved in a compliance oriented sale, it might be an admin group you’ll be primarily dealing with. But keep in mind that this is not hard and fast. Some line of business people can get involved in compliance discussions as well. You can probably debate this chart until the cows come home, but the bottom line is that it’s a general guide intended to ensure you’re selling the right technology to the right focal people in the course of your engagements. Compliance Threat Mitigation (The solution categories shown typically move right over time – (For ex. - Federation and Web Security both started more in the “SOA/Application Architects” domain))

28 IBM Internal/Business Partner Use Only – Not for Use with Clients
Resources – IBM – Putting Collateral at Your Fingertips “Top of mind” items: Sales Plays, SVSA, Security Talk replays Single “landing page” URL to bookmark Links to all non-SSD Sales Kits We’ve made a consolidated effort to ensure you get quick access to the information you need for a successful sale. So both for IBM sellers and for Business Partners, we’ve ensured there is a “landing page” where you can get quick access to the sales kits with all the assets you need to get your hands on. This is the IBM Software Sellers Workplace landing page for security sellers . . . Links to all SSD Sales Kits and more . . .

29 Business Partner Security Collateral - PartnerWorld
IBM Internal/Business Partner Use Only – Not for Use with Clients Business Partner Security Collateral - PartnerWorld Key Resources: Sales Plays, Security Talk Replays, Sales Kits, Top Gun Preparation Single “landing page” URL to bookmark ibm.com/partnerworld/security And this is the PartnerWorld version. One URL to bookmark, as an entre to all of the information you should need.

30 IBM Internal/Business Partner Use Only – Not for Use with Clients
Resources – IBM – Leverage the Power of the Full IBM Security Team w3 Connections “IBM security contacts” PPT PartnerWorld “IBM Security contacts” PPT And we’ve also made a special effort to keep up to date our security “scorecard” A powerpoint presentation that lists all of the key players from a security standpoint, including product managers, sales enablement people, channels contacts, Tiger and SWAT team members, geo by geo and much more (more than 40 pages of contacts!). So we often recommend that sellers involve others in their sales efforts at any critical junctures where that help is needed. This “Security Contacts” asset should help you quickly figure out who can help you. Partners should keep in mind, of course, that this asset is an aid, but shouldn’t replace their relationship with their channel contacts within their geo. This slide includes links to both the w3 page and the PartnerWorld page where that powerpoint can be found. Plus Tiger Team, SWAT, Sales, contacts (incl. non SSD)

31 IBM Security Sales Kits
IBM Internal/Business Partner Use Only – Not for Use with Clients IBM Security Sales Kits A Sales Kit for each IBM Security Product Linked to from the IBM Security “Landing” pages (see previous chart) 80-20 approach (The 20% of the collateral you need 80% of the time) Easy “One Stop Shopping” Ongoing sweeps are done, to ensure relevance, “up-to-datedness” Includes up-to-date contact info * * Value proposition Benefits Average Deal Size/Pricing Lead Passing Guidelines Cross Selling Target Audience Pain Points Key Questions Seller Call to Action Competitive Differentiators References Platform Announcement letters Case studies Client presentation Client References Contacts Data Sheets Demos Education – offering & solution Education - skills & knowledge building FAQ Presentations for IBM Sellers Press releases Pricing information Proof of concept Proposal Support Materials Redbooks Request a quote Return on Investment (ROI) Solution/product information Technical sales Web sites/blogs/wikis Wins and successes The sales kits are intended to be your 1-stop shopping place for collateral. This slide lists the A to Z for the material you can find in each of the products’ sales kits and describes the value of having product assets collected in one, easy-to-find location. * Self explanatory

32 IBM Security References
IBM Internal/Business Partner Use Only – Not for Use with Clients IBM Security References IBM sales professionals contribute Through successful sales (revenue) Through references Expand the impact/scope of your sales successes Assist your peers Thereby positively impacting IBM Security revenue, your salary, variable pay We ask that you Review your customers in terms of their willingness to be a reference Submit information about the reference customers who you identify and negotiate online here. Need help in explaining the reference process to your client? Either visit the Client Reference wiki for information, or contact your Client References Specialist for help. All client references are welcome. In particular, we need of references for: TSPM, SIAA and zSecure Any questions, please feel free to contact us. (See Client References Specialist .) Since I have your attention, let me make a quick request of the IBMers listening to this recording. IBM professionals are expected to broaden their scope of influence and contribute to the success of their organization. Everyone at every level should begin working on ways to contribute to their success at IBM, and it can help differentiate you from your peers during the PBC review. One of the ways you can contribute to your and IBM's success is by getting clients to become references. Client references are the number one way to secure a positive experience in your sales initiatives. If you have a customer that is willing to be a reference, you can submit the information online here. If you would like help in explaining the reference process to your client, please either visit the Client Reference wiki for information, or contact your Client References Specialist for help. All client references are welcome, but we are in particular need of references for Tivoli Security Policy Manager, IBM Security Identity and Access Assurance and IBM Security zSecure Admin or zSecure suite in general. Feel free to work with Business Partners that were involved in your sales and remember that for any submitted references, they become all the more powerful when they highlight quantifiable benefits. Any questions, please feel free to contact us.

33 33 You’ve Made It! So you’ve made it to the finish line! It involved roughly 3 hours of listening and learning for you. I hope it provided you with some insights and at least enough recallable information that you’ll have not trouble passing any exam you might need to take. So long for now, good luck and I wish you much success in your sales efforts.


Download ppt "Selling the IBM Security Portfolio"

Similar presentations


Ads by Google