ibm security software solutions

Software Portfolio Summary

- June 2016 -

This document presents IBM Security Software solutions. It provides an overview of our portfolio, and includes

many references, which explain how our solutions provide value to our customers. An alphabetical index also takes you through our offerings, and provides a second reading grid to help you locate each offering in context.

Update: June 2016

Prepared by Thierry Matusiak - [email protected]

IBM® Software 1/26

This is a non-contractual document provided for information purposes only. The latest update is available online on the IBM Intranet and Internet.

http://www.slideshare.net/ThierryMatusiak/ibm-security-software

An interactive version is also available on the Internet.

https://prezi.com/mzqzeskv94pr/ibm-security-portfolio-v2016-june/

Please do not hesitate to contact us for further information.

Symbols used

IBM customers provide online testimonies

Additional resources are available online

Those solutions are available in SaaS mode (Software as a Service)

Acknowledgements

This document has been created with the active support of IBM Security technical community.

Special thanks to Alexis Bourbion, Dominique Bertin, Etienne Noiret, Frédéric Michel, Julien Cassignol,

Kamel Moulaoui, Nicolas Atger, and the other specialists who provided their inputs to create this version.

Trademarks

IBM is a registered trademark of International Business Machines Corporation in the United States and other countries.

The names of other companies, products and services may belong to third parties.

© Copyright IBM Corp. 2016 All Rights Reserved





IBM® Software 2/26

IBM Security 5

1. Infrastructure 6 Network Traffic & Public Cloud 7 Endpoints 8

2. People 9 Identities 10 Access To Applications 11 Users & Administrators 12

3. Data 13 Data Analysis 14 Activity Monitoring & Data Protection 15

4. Applications 16 Application Development 17 Mobile Apps Protection 18

5. Web Fraud 19 Risk Analysis 20 Endpoint Protection 21

6. Security Operations 22 Activity Monitoring & Incident Management 23 Risk and Vulnerabilites 24

7. Expertise 25

Index 26

IBM® Software 3/26

IBM® Software 4/26

IBM® Software 5/26

IBM SECURITY

Security takes care of the IT infrastructure. It carefully manages people digital identities and authorizations. It protects valuable data, ensures that deployed applications are securely designed, and actively fights against

fraud. Security operations collect all the associated information to identify threats early, respond to incidents, and help preserve a secure environment. Lastly, expertise is at the core of efficient security practices to ensure

that comprehensive and coherent security processes appropriately mitigate risks.

Security solutions integrate with each other and contribute to the creation of a real immune system that

protects the enterprise. So many integration points exist that it is difficult to present them in a PDF document. They are graphically depicted below and can be navigated online.



IBM® Software 6/26

1. INFRASTRUCTURE

Security relies on network traffic control and endpoints protection. It also includes safeguarding the growing SaaS services professional usage. Besides, enterprises need to manage various mobile devices, which extend

the traditional workstations and servers infrastructure, including z Systems. Employees' workstations can also be monitored by enterprise protection solutions that complement classical antivirus to fight emerging threats.

IBM complements these Security solutions with a business operation center (Intelligent Operations Center) and a video analytics offering (Video Analytics).

IBM® Software 7/26

Network Traffic & Public Cloud

Intrusion Prevention Systems control the network traffic and protect the internal IT infrastructure from external

threats. Besides, enterprises rely more and more on Cloud resources to complement their internal applications.

IBM Intrusion Prevention Systems offer a financial services company 24x7 monitoring and management

of its networks along with access to IBM expertise and resources for a

comprehensive security solution

A healthcare company engaged IBM to implement an intrusion prevention system, which formed the solid first

step of its proactive security posture

Network Traffic Control Network Protection Intrusion Prevention System (IPS) XGS appliances are designed to stop constantly evolving

threats before they impact the business. They provide high levels of protection and performance, while lowering the overall cost and complexity associated with managing a large number of point solutions.

- scan network traffic to identify and block attacks

- achieve high level of performance without compromising breadth and depth of security - protect business-critical assets (networks, servers, endpoints and applications) from threats

Virtual XGS appliances can efficiently protect VMWare infrastructures.

SiteProtector System unifies management and analysis of security appliances. It provides a single interface to distribute security policies and updates to IPS across locations.

- provide central control of diverse security devices - monitor and measure the exposure to vulnerabilities and demonstrate regulatory compliance

- evaluate and communicate the risk posture through event analytics and flexible reporting

Network Active Bypass optimizes the availability of a network protected by IBM IPS appliances. In the unlikely

event that an IPS appliance fails, the bypass ensures the network remains functional and users have access to critical applications.

SaaS Services

Cloud Security Enforcer is a cloud-delivered solution that provides cloud application visibility, identity & access management, and threat prevention. Employees find and securely use approved cloud applications while IT

security has full visibility and control over application usage. - discover “shadow IT” as well as usage of approved applications

- simplify user access to cloud applications with identity and access controls

- monitor user activity to alert administrators of anomalous behavior - protect against cloud-based threats with IBM X-Force Threat Intelligence

- enforce policies and coach users on appropriate corporate usage of cloud applications

IBM® Software 8/26

Endpoints

Applications and business processes rely on a set of endpoints that need to be protected.

IBM relies on MaaS360 to manage and protect

its employees’ tablets and smartphones (180,000+ devices). This project had a

very good users adoption ratio: 16,000 employees registered during

the first day of the project launch

zSecure helps Swiss Re achieve their goal of

continuous compliance where risk exposures or compliance issues are

addressed in near real time. zSecure reduces their administrative overhead,

reduces manual processes, enhances security intelligence and

simplifies their report generation

Workstations and servers BigFix (Endpoint Manager) ensures physical and virtual servers management and security.

It also manages desktops and notebooks (patches, remote control, antivirus, malware detection…)

Inventory: assets discovery, software use, contract management Patch: assess, deploy and manage patches

Lifecycle: inventory of assets, distribution of OS, patches and software components, remote control Compliance: discovery of assets, patches, vulnerabilities, antivirus

Protection: Trend Micro antivirus, data loss prevention, malware detection, external devices control

Mobile Devices

MaaS360 (Fiberlink) is an Enterprise Mobility Management (EMM) solution, which manages mobile devices (MDM) and mobile applications (MAM) through an enterprise app catalog, and secures BYOD initiatives.

- provide a professional container, an enterprise applications catalog, secure mail, and secure browser - secure mails: limit transfers, control attached documents, limit copy-paste

- secure enterprise Apps: application wrapper and SDK, authentication, data leaks prevention, in-App VPN

- secure document sharing: access from the container to a large variety of content sources - integrate with on premise AD/LDAP, email server and PKI ("Cloud Extender")

- provide secure access to intranet resources ("Mobile Enterprise Gateway") - protect from mobile threats

Employees Protection Trusteer Apex Advanced Malware Protection protects workstations throughout the threat lifecycle. It provides a

non-intrusive protection against zero-day threats and malwares without impacting user productivity. - protect workstations from Advanced Persistent Threats (APT)

- prevent data leakage and external reuse from corporate passwords - identify Java - Adobe Flash/PDF - MS Office - and browsers vulnerabilities

- prevent the establishment of malicious connection channels between malware and the attacker

IBM also partners with Carbon Black to complement its Security platfom. Carbon Black’s next-gen endpoint

security integrates with X-Force Incident Response Services, BigFix and QRadar.

z Systems

Resource Access Control Facility (RACF) provides improved security for System Z. It protects the vital system resources and monitors users’ activity and protected resources.

zSecure tools facilitate z Systems administration (RACF, z/VM, CICS) with a graphical console (monitoring, audit and compliance) and can communicate with QRadar security intelligence platform.

https://www.carbonblack.com/company/news/press-releases/carbon-black-and-ibm-security-partner-to-enable-businesses-to-protect-against-and-respond-faster-to-cyber-attacks-2/

IBM® Software 9/26

2. PEOPLE

User/password couples are stored in multiple synchronized directories. Those users are created, updated and deleted with an identity management solution, complemented by a governance component to manage the

lifecycle, compliance and analysis of existing credentials.

Applications can be accessed through a security gateway. Web Application Management components ensure a secure user access, and can federate identities across heterogeneous systems. They can also provide advanced

access control functions, and single-sign-on to corporate users.

Enterprise Single-Sign-On and identities self-service empower users and simplify passwords renewal processes,

while privileged users like server administrators must be carefully managed and controlled.

IBM® Software 10/26

Identities

Identity Lifecycle Management is at the core of efficient access policies.

E.ON Global Commodities has deployed Security Identity

Governance to prevent rogue trading. E.ON uses SIG to streamline IT audits

and preserve Separation of Duties

Whirlpool simplified their identity management

infrastructure with Security Identity Manager. The solution reduced

provisioning times, improved role assignments, and streamlined auditing

Identity Repository

Security Directory Suite is a scalable, standards-based identity platform that interoperates with a broad range of applications to simplify identity and directory management.

- federated LDAP directory to transform identity silos and support virtual directory-like deployments - strong scalability and flexibility to support hundreds of millions of entries (DB2 back-end store)

- virtual appliance form factor for fast time to value, and easier maintenance

- scalable directory backbone, for enterprise-wide identity and access management - simplified cloud integration for both enterprise-hosted and SaaS applications

- flexible, automated data manipulation to integrate disparate data sources - intelligent white pages search capabilities with social networking features

Identity Management Security Identity Manager (ISIM) manages identities for improved security and compliance. It automates the

creation, modification, recertification and termination of identities throughout the user lifecycle. - manage identities and passwords

- reduce complexity with centralized policies and integrated identity lifecycle management - monitor users’ activity and provide audit reports to ensure compliance

Identity Governance Identity Governance & Intelligence enables a business-centric approach to define, analyze and certify user

access. Rules, activities and processes empower line-of-business managers, auditors and risk managers to govern access and evaluate regulatory compliance. IGI consists in 3 modules.

Identity Compliance Module Access review and certification, including access revocation Least privilege policy & Segregation of Duties (configuration and validation)

Compliance reporting

Identity Lifecycle Module Policy-based contextual provisioning Applications and users on-boarding

Request-based provisioning (self-service or supervisor)

Audit reporting (history of the access)

Identity Analytics Module Role management, modeling, mining and lifecycle Access and roles optimization

Risk-based access classification


Access To Applications

Companies control the access to their applications, internally and externally.

Westar Energy is a Electric Utility that relies on an IBM

partner to protect access to its systems. It leverages IBM’s Identity

and Access Management suite not only to protect the systems

from internal and external access but also demonstrate compliance

Digital Invoice utilizes DataPower

to power its transaction identity, improve security and implement

cryptography capabilities

Security Gateway You can implement a single security gateway, by combining the access management features of Security

Access Manager for DataPower with the message-level security and application integration capabilities of

DataPower Gateways (transfer of messages, security of XML feeds and web services). - provide web access management functions for web, mobile and cloud workloads

- ensure consistent, policy-based communication enforcement - offer seamless integration with advanced authentication, authorization and federation solutions

Web Access Management Security Access Manager (ISAM) enables secure user access, and defends applications against targeted web

attacks and vulnerabilities (WAF). The reverse proxy provides a coherent set of services: authentication (password, Kerberos, token, RSA), coarse-grained Authorization, security session management, ID propagation.

ISAM Federation Module provides web and federated Single-Sign-On (SSO) to users throughout multiple applications. It supports private, public and hybrid cloud deployments.

- provide federated SSO - propagate identities to internal applications and SaaS solutions

- open the internal information system to partners and SaaS solutions

Federated Identity Manager includes an identity mediation service that implements complex SSO scenarios.

ISAM Advanced Access Control Module provides secure access to mobile and web applications, and proactively

enforces access policies for web environments and mobile collaboration channels. - enable multi-factor Single-Sign-On and session management

- support flexible authentication schemes such as One-Time-Password (OTP), sent by SMS, mail...

- enforce fine-grain authorization: context-aware and 2-Factor authorization (2F) - implement Risk-Based Access (RBA) based on a score computed by a risk engine

- support OAuth to allow a third-party application to access a service

Online IAM Service Cloud Identity Services is a cloud-based identity & access management solution that protects and controls your

IT environment.

- identity management : lifecycle automation, governance, user provisioning, and self-service - web access management : authentication, SSO, centralized access control, strong authentication

- federation : SSO to SaaS applications, social network integration - reporting engine


Users & Administrators

Security teams need to understand the risks associated with users and IT administrators, to meet their

compliance requirements. Users also need to be able to manage their identities and credentials efficiently.

The integration

of ObserveIT with Privileged Identity Manager

provides insight and oversight into the actions of an Enterprise's

most privileged users

Self-Service

Security Identity Manager features an intuitive user interface to simplify provisioning requests and help

managers make intelligent access decisions for their employees. - empower line of business managers to automate and define users’ access across the enterprise

- simplify access requests and improves user experience with a “Shopping Cart” metaphor - provide a password management self-service interface

Identity Governance & Intelligence manages access requests and delivers easy-to-implement, business-friendly, self-service access request functions

Enterprise Single-Sign-On Security Access Manager for Enterprise Single Sign-On (e-SSO) allows users to sign on from anywhere to the

enterprise network with one password and get secure access to all applications. It simplifies password

management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations.

- strengthen access control with single sign-on (SSO) to enterprise and mobile applications - eliminate multiple passwords and simplifies the user experience

- manage a password local vault and renew passwords before they expire

Privileged Users / Administrators Privileged Identity Manager protects, automates and audits the use of privileged identities to mitigate insider

threats and improve security across the enterprise. - manage shared accounts pools, and credentials check-out / check-in

- provide centralized privileged identity management to improve control and reduce risk

- provide automated password management and single-sign-on - record privileged user endpoint activities for improved visibility and compliance

- secure application-to-application credentials and track their use - address compliance, regulatory and privacy requirements


3. DATA

Enterprises can automate the complete security and compliance lifecycle across the database infrastructure: - assess vulnerabilities

- crawl the network to detect and classify data - encrypt sensitive files

- monitor and enforce data access policies - block access or quarantine users to protect valuable data ... without changing the configuration of databases

Test Datasets coherence and confidentiality should also be managed carefully to protect sensitive data from exposure during application development.


Data Analysis

Protecting valuable information starts with identifying sensible data, and where it resides.

Application development and testing also requires access to datasources that should remain protected.

A global manufacturer chose

Guardium DAM to produce an auditable record of all database access attempts,

changes and activity, and help it demonstrate compliance with

Sarbanes-Oxley (SOX) regulations

Guardium helps Westfield Insurance Group

automate data discovery and classification, continuously monitor

data access, and proactively uncover vulnerabilities and risks.

Westfield Insurance can now quickly identify where customer data is stored, who’s accessing it, and why to rapidly

respond to potential security threats

Data Discovery

Guardium Data Activity Monitor explores databases schema to discover sensitive data.

InfoSphere Discovery automates the discovery of data relationships across heterogeneous systems. It creates a 360-degree view of existing data assets, and reduces analysis time, giving greater accuracy and higher levels

of visibility into potential data problems.

Business Glossary specifies the functional description of data in a shared dictionary.

Watson Explorer federates search engines, indexes all types of internal and external data and integrates

external sources in real-time

Vulnerability Assessment

Guardium Vulnerability Assessment scans database infrastructures to identify threats and security holes, which could be exploited to gain access to sensitive data. It identifies exposures such as missing patches, weak

passwords, unauthorized changes, or misconfigured privileges, and suggests remedial actions. - scan the entire database infrastructure automatically

- provide full reports as well as suggestions to address all vulnerabilities

- detect account sharing, excessive administrative logins and unusual after-hours activity - evaluate and document the database security to help assess, escalate and resolve risks

Database Activity Baselining

Guardium Data Activity Monitor explores databases schema and identifies database nominal traffic, to establish

a relevant baseline before starting to monitor activity. Then it participates in activity monitoring and data protection.

Test Data Management

Optim Test Data Management creates coherent data sets, reducing the size of test environments. Optim Data Masking masks data, including big data platforms, and supports compliance initiatives.


Activity Monitoring & Data Protection

Companies can monitor activity to control the access to databases and files.

Sensible data can be encrypted, and access can be denied to risky users.

Data security and

compliance are critical to the financial market. Santiago Stock

Exchange uses Guardium for maintaining database security and

protecting client data from unauthorized access

A Japanese railway operator

implemented Guardium DAM to identify potential threats quickly and

reliably so that it can take swift preventive measures

Database and File Activity Monitoring

Guardium Data Activity Monitor alerts on data changes or leaks to ensure data integrity, and automates compliance. Continuous monitoring and security policies protect enterprise data without impacting applications.

- enforce coherent security policies in real time - monitor and audit all data activity for a wide range of platforms and protocols, including big data

- create a centralized repository of audit data, for enterprise compliance, reporting and forensics

Guardium Data Privacy for Hadoop identifies and monitors sensitive data within big data environments.

- provide big data and enterprise data definitions to ensure a common understanding across the enterprise - monitor and audit big data activity

- mask or redact sensitive data based on business policies

Guardium for Files protects file systems, and prevents unauthorized file access.

File-level Encryption

Guardium Data Encryption provides encryption capabilities to safeguard structured and unstructured data and comply with regulatory requirements. It delivers a unified management system to help manage data security.

- encrypt any type of documents, log files and databases (at a file-level) with minimal performance impact

- require no changes to applications, the underlying database or hardware infrastructure - provide granular auditing and reporting to meet data governance requirements such as HIPAA and PCI DSS

Security Key Lifecycle Manager centralizes and automates the encryption key management process to help

minimize risk and reduce operational costs of encryption key management. - offer secure and robust key storage, key serving and key lifecycle management

- support IBM and non-IBM storage solutions

Database-Level Protection

Guardium Data Activity Monitor prevents unauthorized data access, to mitigate internal and external threats. - protect sensitive information in every database in real time

- ensure dynamic data masking of sensitive data

- block access to unauthorized data, and quarantine users when they violate specific security policies

Document-Level Protection Guardium Data Redaction automatically recognizes and removes sensitive content from unstructured data

sources. It transforms manual redaction into automated processes for speed, ccuracy and efficiency.

- protect sensitive data in documents, forms and files from unintentional disclosure, misuse and fraud - support many document formats, including scanned documents, PDF, TIFF, XML and MS Word


4. APPLICATIONS

Secured applications shall implement coding best practices, which can be checked via static analysis. Runtime analysis and intrusion tests can also identify weaknesses through the application portfolio.

Mobile applications can specifically be hardened before deployment to resist to hackers and fraudulent usage.


Application Development

The application layer should be secured, not to introduce weaknesses in the IT infrastructure.

This includes code analysis and deployed applications scanning.

“AppScan helped us (Cisco)

create a self-service model. We could take the product

and put it in the hands of the developers and QA testers so that they could identify and fix

security vulnerabilities before production”

A web and mobile application provider

uses AppScan to conduct security testing on its applications more often and earlier in the development cycle

to better protect client data

Best Practices AppScan Source promotes OWASP coding practices, and contributes to developers' continuous education.

Code Analysis

AppScan Source integrates application security testing into the software development lifecycle ("white-box

testing"). It identifies vulnerabilities early in the software development lifecycle, when they are inexpensive to remediate, so that they can be fixed before deployment.

- support automated scanning during the build process - support the various flavors of mobile applications, including mobile web, native and hybrid applications

Dynamic Analysis

AppScan enables organizations to strengthen application security and achieve regulatory compliance. Security

and development teams can collaborate, establish policies and scale testing through the application lifecycle. - test deployed applications ("Black-box testing")

- identify vulnerabilities in applications, including client-side JavaScript - support a variety of application security testing techniques

- provide test policies, scan templates and vulnerability remediation advisories

- leverage a server agent to capture additional context, like database access ("Glass-box testing")

Risks Management AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify

high-risk areas, to focus the remediation efforts.


Mobile Apps Protection

Mobile Apps become critical in the IT infrastructure and introduce new risks.

West Virginia University uses AppScan

to identify vulnerabilities in web applications,

and reduce the risk of a data breach

IBM conducted penetration testing for a communication equipment

manufacturer to determine the threat posed by external attackers. The

solution also included AppScan to assess the target applications

Code Analysis

AppScan Source can analyze mobile applications source code.

Hardening Arxan Application Protection for IBM Solutions contributes to mobile application hardening and runtime

protection. It enables developers to incorporate application protection without modifying source code.

- rely on patented Guard Network technology - provide code obfuscation against decompilation

- prevent code modifications and preserve application integrity - protect local data and encryption keys of mobile applications

Online Testing Service

Application Security on Cloud provides online Security testing features.

- combine static and dynamic analysis - scan web applications and mobile applications (Android / iOS)

- deliver a detailed report that isolates critical issues and offers recommendations for remediation - permit to rescan applications to confirm that issues have been remediated


5. WEB FRAUD

To fight financial web fraud, companies can leverage the Trusteer Fraud Protection Suite, which provides risk-analysis services and up-to-date insights.

IBM has also developed additional solutions to fight various types of Fraud: investigation (i2 Analyst’s Notebook), identity resolution (Identity Insight), machine learning (IRIS)...


Risk Analysis

Trusteer SaaS services fight against fraud and protect transactions.

Trusteer solutions have helped ABANCA, a retail bank in Spain,

prevent online banking fraud and meet new European banking regulations

A regional bank struggled to identify true online fraud attempts against i

ts business banking customers. It implemented Trusteer to accurately detect malware-infected devices and

determines both the nature of the threat and the potential risk

Malwares & Accounts Take-Over

Trusteer Pinpoint Detect provides a unified malware and criminal detection offering. - evaluate fraud risk levels to help create a security-rich user experience

- detect malware-infected devices including personal computers, tablets and smartphones - alert for high-risk devices that can be sent directly to the fraud team of the organization

- analyse browsing behaviors to identify accounts take-over attempts

- include device fingerprinting that detects criminal devices - detect login anomaly to provide protection from fraudulent access to user accounts

- detect transaction anomaly to help safeguard payment (new payees, specific location, exceptional amounts) - report on phishing incidents and provides an accurate indication of compromised accounts


Endpoint Protection

A software component can be installed on the device itself to improve risk analysis and mitigation.

A credit union deployed IBM advanced

fraud protection software that helps prevent malware and phishing attacks

on member endpoints. The solution automatically detects malware

and phishing attempts and enables members to remove the infection

without any technical support

A U.S. bank deployed Trusteer to detect, block and remediate malware and phishing threats

across both customer and employee endpoints. The solutions provide a layer of protection that helps stop

hackers before they can cause damage

Workstations

Trusteer Rapport helps prevent malware and phishing attacks that are the root cause of most financial fraud. It helps financial institutions to protect their customers and meet regulatory compliance requirements.

- protect user devices against malware infections and phishing attacks - protect web browser sessions to prevent tampering of customer transactions

- defense against identity fraud to safeguard personal information - prevent and remove existing malwares to create a safer online banking experience for customers

- protect against phishing of login credentials and payment card data to preserve private information

Mobile Devices

Trusteer Mobile Browser is a security-rich mobile browser that allows users to safely access banking websites. A risk-based analysis is performed on the device when a protected website is accessed, to detect fake banking

websites and man-in-the-middle attacks.

- prevent mobile users from accessing fraudulent websites - raise security alerts to warn the mobile user of potential risks and provide remediation guidance

- protect from pharming attacks (redirect website traffic from a legitimate website to a fake website)

Trusteer Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms, which

can be embedded in proprietary mobile banking and e-commerce applications. - detect compromised or vulnerable mobile devices

- generate a persistent mobile device ID, resilient to application reinstallation - detect and block many kinds of man-in-the-middle attacks

- enhance protection for rooted mobile devices to prevent attacks by cybercriminals - can integrate with Trusteer Pinpoint Detect to consolidate web and mobile channels


6. SECURITY OPERATIONS

Security Operations give a consolidated view of security-related activities. They also identify vulnerabilities and risks, and prioritize incidents.

Beyond the Security domain, IBM also proposes an Enterprise Risk Management solution (OpenPages), which

allow companies to classify and monitor identified risks, produce interactive reports and adapt to new regulations to improve their performance.


Activity Monitoring & Incident Management

Collect application events and network activity to identify and prioritize threats.

Understand the root cause of problems, and ensure they will not happen again.

KoҫSistem, one of the largest IT services

companies in Turkey, is complying with regulations using

QRadar. They removed a SIEM from another company, lowered costs,

improved performance, and benefited from greater ease of use

The University of

Saskatchewan faces security de-perimeterization challenges and has to re-think how to secure their

IT environment. They use QRadar to move to a data-intensive security

model, manage compliance, and deliver real-time analysis and alerting

Security Console

QRadar SIEM consolidates log sources and event data from devices and applications distributed throughout a network. It also aggregates the various flows existing on the network, and performs immediate normalization

and correlation activities to distinguish real threats (“offenses”) from false positives.

- deliver surveillance throughout the entire IT infrastructure - correlate system vulnerabilities with event and network data, helping to prioritize security incidents

- provide near real-time visibility for threat detection and prioritization - detect deviating behaviors to complement the analysis

- reduce and prioritize alerts to focus investigations on an actionable list of suspected incidents

- produce detailed data access and user activity reports to help manage compliance

Security Intelligence on Cloud brings the SIEM platform to the Cloud.

QRadar qFlow Collector gives visibility into Level-7 network activity.

QRadar vFlow Collector gives visibility into network activity associated to virtual infrastructures.

Log Management QRadar Log Manager collects, analyzes and stores large volumes of network and security event logs.

- scale to support hundreds of thousands of events per second - capture and process large volumes of event data from thousands of sources in near real-time

- provide visibility into developing threats and help meet compliance requirements

Incident Response

Resilient provides an Incident Response Platform (IRP) that empowers cyber security teams to orchestrate their IR processes, and resolve incidents faster, more effectively, and more intelligently.

- align people, process, and technology

- significantly decrease time to close an incident - automate the Incident Response process

- build with knowledge bases of global regulatory and privacy requirements - empower security teams to easily configure their own Incident Response plans

QRadar Incident Forensics allows to retrace the step-by-step actions of a potential attacker, play back the

events, and quickly conduct an in-depth forensics investigation of suspected malicious security incidents.

QRadar Packet Capture stores and manages data used by QRadar Incident Forensics if no other network

packet capture (PCAP) device is already deployed


Risk and Vulnerabilites

Security Teams identify and prioritize existing vulnerabilities in the IT infrastructure, and evaluate risks to

ensure compliance and take proactive actions to protect the business.

A local government chose

QRadar to improve its security practices. This security tool was easy

to implement and manage for their security teams, and became a true

asset to their work process

A Vietnamese bank deployed IBM enterprise security intelligence solution

that uses advanced analytics to automatically pinpoint valid

security threats and rank them by their importance and urgency

Vulnerabilities QRadar Vulnerability Manager identifies existing vulnerabilities, and adds context to prioritize remediation and

mitigation activities: network asset information, security configurations, flow data, logs and threat intelligence. - perform scheduled and event-driven network scanning, asset discovery and asset profiling

- add context to identify key vulnerabilities associated to assets, and reduce false positives

- prevent security breaches by discovering dangerous default settings, misconfigurations, and software features

Risk Management QRadar Risk Manager enables IT staff to visualize the network topology, review security device configuration

data and detect configuration errors. It analyzes network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations to reduce risk, prevent attacks, and increase compliance.

- analyze firewall configurations to help identify errors and remove ineffective rules

- provide network topology visualization tools to view current and potential network traffic patterns - correlate vulnerabilities with network configuration and traffic to link active attack paths with high-risk assets

- simulate network attacks and configuration changes to assess their security impact

Application-Level Risks

AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, to focus the remediation efforts.

- security reports and dashboards provide visibility of risk and compliance - performance metrics monitor the progress of the application security program


7. EXPERTISE

Security expertise feeds the whole security platform to keep it up-to-date and efficient with emerging threats. It mixes researchers and service experts, who participate in the broader security community.

Research Security is a continuously evolving topic, which requires continuous investments. The IBM X-Force team

analyzes vulnerabilities, publishes regular reports and develops new technologies, which can be included into IBM Security solutions. IBM also dedicates research teams to counter-fraud intelligence.

X-Force Threat Intelligence adds dynamic Internet threat data to the Security platform to gain more intelligent

and accurate security enforcement. It helps organizations see new threats more quickly, gain deeper insight

and context, prioritize security incidents and prevent or minimize attacks.

Service IBM Security Service teams provide Security solutions to our clients in 6 domains: Security Strategy, Risk and

Compliance, Security Intelligence and Operations, Cyber Security Assessment & Response, Identity and Access

Management, Application and Data Security, Infrastructure and Endpoint Security.

Ecosystem The Security Community is vital to share best practices and additional information about emerging threats.

X-Force Exchange shares security information: threats / IP lists / URLs ...

https://exchange.xforce.ibmcloud.com/

Security App Exchange is an AppStore, which allows customers, developers and business partners to share applications, security app extensions and enhancements to IBM Security products.

http://www.ibm.com/security/engage/app-exchange/

Cognitive Solutions

Cognitive functions like machine learning progressively integrate IBM Software portfolio: QRadar, AppScan ... IBM major investment in cognitive solutions will also produce new solutions:

- QRadar Advisor will crunch your data locally to provide additional insights for your QRadar platform - Watson for Cybersecurity will be a Security virtual expert, available online via X-Force Exchange APIs

https://exchange.xforce.ibmcloud.com/

http://www.ibm.com/security/engage/app-exchange/


INDEX

- A - Application Security on Cloud ........................................................... 18 AppScan ............................................................................................ 17

AppScan Enterprise ..................................................................... 17, 24

AppScan Source........................................................................... 17, 18 Arxan Application Protection for IBM Solutions ............................... 18

- B - BigFix .................................................................................................. 8

Business Glossary .............................................................................. 14

- C - Carbon Black ....................................................................................... 8 Cloud Identity Services - CIS ............................................................ 11

Cloud Security Enforcer ...................................................................... 7

- D - DataPower ......................................................................................... 11

- E - Endpoint Manager (BigFix) ................................................................. 8

- F - Federated Identity Manager ............................................................... 11

Fiberlink (MaaS360) ............................................................................ 8

- G - Guardium Data Activity Monitor - Guardium DAM.................... 14, 15 Guardium Data Encryption ................................................................ 15

Guardium Data Privacy for Hadoop ................................................... 15

Guardium Data Redaction .................................................................. 15 Guardium for Files ............................................................................. 15

Guardium Vulnerability Assessment - Guardium VA ........................ 14

- I - i2 Analyst’s Notebook - ANB ............................................................ 19

Identity Governance & Intelligence - IGI .................................... 10, 12 Identity Analytics .......................................................................... 10

Identity Compliance ...................................................................... 10

Identity Lifecycle .......................................................................... 10 Identity Insight ................................................................................... 19

InfoSphere Discovery ........................................................................ 14

Intelligent Operation Center - IOC....................................................... 6 IRIS ................................................................................................... 19

- M - MaaS360 .............................................................................................. 8

MaaS360 Cloud Extender .................................................................... 8 MaaS360 Mobile Enterprise Gateway ................................................. 8

- N - Network Active Bypass ....................................................................... 7

- O - OpenPages ......................................................................................... 22

Optim Data Masking .......................................................................... 14

Optim Test Data Management - Optim TDM .................................... 14

- P - Privileged Identity Manager - PIM .................................................... 12

- Q - QRadar Advisor ................................................................................ 25

QRadar Incident Forensics - QRIF .................................................... 23 QRadar Log Manager ........................................................................ 23

QRadar Packet Capture ..................................................................... 23

QRadar qFlow Collector ................................................................... 23 QRadar Risk Manager ....................................................................... 24

QRadar SIEM ................................................................................. 8, 23

QRadar vFlow Collector ................................................................... 23 QRadar Vulnerability Manager ......................................................... 24

- R - RACF .................................................................................................. 8

Resilient ............................................................................................ 23

- S - Security Access Manager - Advanced Access Control ...................... 11 Security Access Manager - Federation .............................................. 11

Security Access Manager - ISAM ..................................................... 11

Security Access Manager for Datapower- ISAM for Datapower ....... 11 Security Access Manager for eSSO - ISAM for eSSO ...................... 12

Security App Exchange ..................................................................... 25

Security Directory Suite - SDS .......................................................... 10 Security Identity Manager - ISIM................................................. 10, 12

Security Intelligence on Cloud .......................................................... 23

Security Key Lifecycle Manager - SKLM ......................................... 15 Service Offerings .............................................................................. 25

SiteProtector System ........................................................................... 7

- T - Trusteer Apex ...................................................................................... 8 Trusteer Fraud Protection Suite ......................................................... 19

Trusteer Mobile Browser ................................................................... 21

Trusteer Mobile Risk Engine ............................................................. 20 Trusteer Mobile SDK ........................................................................ 21

Trusteer Pinpoint Detect .................................................................... 20

Trusteer Rapport................................................................................ 21

- V - Video Analytics - IVA ........................................................................ 6

- W - Watson Explorer................................................................................ 14

Watson for CyberSecurity ................................................................. 25

- X - X-Force ............................................................................................. 25

X-Force Exchange ............................................................................. 25 X-Force Threat Intelligence ........................................................... 7, 25

XGS Appliance ................................................................................... 7 XGS Virtual Appliance - XGS-V ........................................................ 7

- Z - zSecure ................................................................................................ 8