ibm security software solutions
TRANSCRIPT
Software Portfolio Summary
- June 2016 -
This document presents IBM Security Software solutions. It provides an overview of our portfolio, and includes
many references, which explain how our solutions provide value to our customers. An alphabetical index also takes you through our offerings, and provides a second reading grid to help you locate each offering in context.
Update: June 2016
Prepared by Thierry Matusiak - [email protected]
IBM® Software 1/26
This is a non-contractual document provided for information purposes only. The latest update is available online on the IBM Intranet and Internet.
http://www.slideshare.net/ThierryMatusiak/ibm-security-software
An interactive version is also available on the Internet.
https://prezi.com/mzqzeskv94pr/ibm-security-portfolio-v2016-june/
Please do not hesitate to contact us for further information.
Symbols used
IBM customers provide online testimonies
Additional resources are available online
Those solutions are available in SaaS mode (Software as a Service)
Acknowledgements
This document has been created with the active support of IBM Security technical community.
Special thanks to Alexis Bourbion, Dominique Bertin, Etienne Noiret, Frédéric Michel, Julien Cassignol,
Kamel Moulaoui, Nicolas Atger, and the other specialists who provided their inputs to create this version.
Trademarks
IBM is a registered trademark of International Business Machines Corporation in the United States and other countries.
The names of other companies, products and services may belong to third parties.
© Copyright IBM Corp. 2016 All Rights Reserved
IBM® Software 2/26
IBM Security 5
1. Infrastructure 6 Network Traffic & Public Cloud 7 Endpoints 8
2. People 9 Identities 10 Access To Applications 11 Users & Administrators 12
3. Data 13 Data Analysis 14 Activity Monitoring & Data Protection 15
4. Applications 16 Application Development 17 Mobile Apps Protection 18
5. Web Fraud 19 Risk Analysis 20 Endpoint Protection 21
6. Security Operations 22 Activity Monitoring & Incident Management 23 Risk and Vulnerabilites 24
7. Expertise 25
Index 26
IBM® Software 5/26
IBM SECURITY
Security takes care of the IT infrastructure. It carefully manages people digital identities and authorizations. It protects valuable data, ensures that deployed applications are securely designed, and actively fights against
fraud. Security operations collect all the associated information to identify threats early, respond to incidents, and help preserve a secure environment. Lastly, expertise is at the core of efficient security practices to ensure
that comprehensive and coherent security processes appropriately mitigate risks.
Security solutions integrate with each other and contribute to the creation of a real immune system that
protects the enterprise. So many integration points exist that it is difficult to present them in a PDF document. They are graphically depicted below and can be navigated online.
https://prezi.com/mzqzeskv94pr/ibm-security-portfolio-v2016-june/
IBM® Software 6/26
1. INFRASTRUCTURE
Security relies on network traffic control and endpoints protection. It also includes safeguarding the growing SaaS services professional usage. Besides, enterprises need to manage various mobile devices, which extend
the traditional workstations and servers infrastructure, including z Systems. Employees' workstations can also be monitored by enterprise protection solutions that complement classical antivirus to fight emerging threats.
IBM complements these Security solutions with a business operation center (Intelligent Operations Center) and a video analytics offering (Video Analytics).
IBM® Software 7/26
Network Traffic & Public Cloud
Intrusion Prevention Systems control the network traffic and protect the internal IT infrastructure from external
threats. Besides, enterprises rely more and more on Cloud resources to complement their internal applications.
IBM Intrusion Prevention Systems offer a financial services company 24x7 monitoring and management
of its networks along with access to IBM expertise and resources for a
comprehensive security solution
A healthcare company engaged IBM to implement an intrusion prevention system, which formed the solid first
step of its proactive security posture
Network Traffic Control Network Protection Intrusion Prevention System (IPS) XGS appliances are designed to stop constantly evolving
threats before they impact the business. They provide high levels of protection and performance, while lowering the overall cost and complexity associated with managing a large number of point solutions.
- scan network traffic to identify and block attacks
- achieve high level of performance without compromising breadth and depth of security - protect business-critical assets (networks, servers, endpoints and applications) from threats
Virtual XGS appliances can efficiently protect VMWare infrastructures.
SiteProtector System unifies management and analysis of security appliances. It provides a single interface to distribute security policies and updates to IPS across locations.
- provide central control of diverse security devices - monitor and measure the exposure to vulnerabilities and demonstrate regulatory compliance
- evaluate and communicate the risk posture through event analytics and flexible reporting
Network Active Bypass optimizes the availability of a network protected by IBM IPS appliances. In the unlikely
event that an IPS appliance fails, the bypass ensures the network remains functional and users have access to critical applications.
SaaS Services
Cloud Security Enforcer is a cloud-delivered solution that provides cloud application visibility, identity & access management, and threat prevention. Employees find and securely use approved cloud applications while IT
security has full visibility and control over application usage. - discover “shadow IT” as well as usage of approved applications
- simplify user access to cloud applications with identity and access controls
- monitor user activity to alert administrators of anomalous behavior - protect against cloud-based threats with IBM X-Force Threat Intelligence
- enforce policies and coach users on appropriate corporate usage of cloud applications
IBM® Software 8/26
Endpoints
Applications and business processes rely on a set of endpoints that need to be protected.
IBM relies on MaaS360 to manage and protect
its employees’ tablets and smartphones (180,000+ devices). This project had a
very good users adoption ratio: 16,000 employees registered during
the first day of the project launch
zSecure helps Swiss Re achieve their goal of
continuous compliance where risk exposures or compliance issues are
addressed in near real time. zSecure reduces their administrative overhead,
reduces manual processes, enhances security intelligence and
simplifies their report generation
Workstations and servers BigFix (Endpoint Manager) ensures physical and virtual servers management and security.
It also manages desktops and notebooks (patches, remote control, antivirus, malware detection…)
Inventory: assets discovery, software use, contract management Patch: assess, deploy and manage patches
Lifecycle: inventory of assets, distribution of OS, patches and software components, remote control Compliance: discovery of assets, patches, vulnerabilities, antivirus
Protection: Trend Micro antivirus, data loss prevention, malware detection, external devices control
Mobile Devices
MaaS360 (Fiberlink) is an Enterprise Mobility Management (EMM) solution, which manages mobile devices (MDM) and mobile applications (MAM) through an enterprise app catalog, and secures BYOD initiatives.
- provide a professional container, an enterprise applications catalog, secure mail, and secure browser - secure mails: limit transfers, control attached documents, limit copy-paste
- secure enterprise Apps: application wrapper and SDK, authentication, data leaks prevention, in-App VPN
- secure document sharing: access from the container to a large variety of content sources - integrate with on premise AD/LDAP, email server and PKI ("Cloud Extender")
- provide secure access to intranet resources ("Mobile Enterprise Gateway") - protect from mobile threats
Employees Protection Trusteer Apex Advanced Malware Protection protects workstations throughout the threat lifecycle. It provides a
non-intrusive protection against zero-day threats and malwares without impacting user productivity. - protect workstations from Advanced Persistent Threats (APT)
- prevent data leakage and external reuse from corporate passwords - identify Java - Adobe Flash/PDF - MS Office - and browsers vulnerabilities
- prevent the establishment of malicious connection channels between malware and the attacker
IBM also partners with Carbon Black to complement its Security platfom. Carbon Black’s next-gen endpoint
security integrates with X-Force Incident Response Services, BigFix and QRadar.
z Systems
Resource Access Control Facility (RACF) provides improved security for System Z. It protects the vital system resources and monitors users’ activity and protected resources.
zSecure tools facilitate z Systems administration (RACF, z/VM, CICS) with a graphical console (monitoring, audit and compliance) and can communicate with QRadar security intelligence platform.
IBM® Software 9/26
2. PEOPLE
User/password couples are stored in multiple synchronized directories. Those users are created, updated and deleted with an identity management solution, complemented by a governance component to manage the
lifecycle, compliance and analysis of existing credentials.
Applications can be accessed through a security gateway. Web Application Management components ensure a secure user access, and can federate identities across heterogeneous systems. They can also provide advanced
access control functions, and single-sign-on to corporate users.
Enterprise Single-Sign-On and identities self-service empower users and simplify passwords renewal processes,
while privileged users like server administrators must be carefully managed and controlled.
IBM® Software 10/26
Identities
Identity Lifecycle Management is at the core of efficient access policies.
E.ON Global Commodities has deployed Security Identity
Governance to prevent rogue trading. E.ON uses SIG to streamline IT audits
and preserve Separation of Duties
Whirlpool simplified their identity management
infrastructure with Security Identity Manager. The solution reduced
provisioning times, improved role assignments, and streamlined auditing
Identity Repository
Security Directory Suite is a scalable, standards-based identity platform that interoperates with a broad range of applications to simplify identity and directory management.
- federated LDAP directory to transform identity silos and support virtual directory-like deployments - strong scalability and flexibility to support hundreds of millions of entries (DB2 back-end store)
- virtual appliance form factor for fast time to value, and easier maintenance
- scalable directory backbone, for enterprise-wide identity and access management - simplified cloud integration for both enterprise-hosted and SaaS applications
- flexible, automated data manipulation to integrate disparate data sources - intelligent white pages search capabilities with social networking features
Identity Management Security Identity Manager (ISIM) manages identities for improved security and compliance. It automates the
creation, modification, recertification and termination of identities throughout the user lifecycle. - manage identities and passwords
- reduce complexity with centralized policies and integrated identity lifecycle management - monitor users’ activity and provide audit reports to ensure compliance
Identity Governance Identity Governance & Intelligence enables a business-centric approach to define, analyze and certify user
access. Rules, activities and processes empower line-of-business managers, auditors and risk managers to govern access and evaluate regulatory compliance. IGI consists in 3 modules.
Identity Compliance Module Access review and certification, including access revocation Least privilege policy & Segregation of Duties (configuration and validation)
Compliance reporting
Identity Lifecycle Module Policy-based contextual provisioning Applications and users on-boarding
Request-based provisioning (self-service or supervisor)
Audit reporting (history of the access)
Identity Analytics Module Role management, modeling, mining and lifecycle Access and roles optimization
Risk-based access classification
IBM® Software 11/26
Access To Applications
Companies control the access to their applications, internally and externally.
Westar Energy is a Electric Utility that relies on an IBM
partner to protect access to its systems. It leverages IBM’s Identity
and Access Management suite not only to protect the systems
from internal and external access but also demonstrate compliance
Digital Invoice utilizes DataPower
to power its transaction identity, improve security and implement
cryptography capabilities
Security Gateway You can implement a single security gateway, by combining the access management features of Security
Access Manager for DataPower with the message-level security and application integration capabilities of
DataPower Gateways (transfer of messages, security of XML feeds and web services). - provide web access management functions for web, mobile and cloud workloads
- ensure consistent, policy-based communication enforcement - offer seamless integration with advanced authentication, authorization and federation solutions
Web Access Management Security Access Manager (ISAM) enables secure user access, and defends applications against targeted web
attacks and vulnerabilities (WAF). The reverse proxy provides a coherent set of services: authentication (password, Kerberos, token, RSA), coarse-grained Authorization, security session management, ID propagation.
ISAM Federation Module provides web and federated Single-Sign-On (SSO) to users throughout multiple applications. It supports private, public and hybrid cloud deployments.
- provide federated SSO - propagate identities to internal applications and SaaS solutions
- open the internal information system to partners and SaaS solutions
Federated Identity Manager includes an identity mediation service that implements complex SSO scenarios.
ISAM Advanced Access Control Module provides secure access to mobile and web applications, and proactively
enforces access policies for web environments and mobile collaboration channels. - enable multi-factor Single-Sign-On and session management
- support flexible authentication schemes such as One-Time-Password (OTP), sent by SMS, mail...
- enforce fine-grain authorization: context-aware and 2-Factor authorization (2F) - implement Risk-Based Access (RBA) based on a score computed by a risk engine
- support OAuth to allow a third-party application to access a service
Online IAM Service Cloud Identity Services is a cloud-based identity & access management solution that protects and controls your
IT environment.
- identity management : lifecycle automation, governance, user provisioning, and self-service - web access management : authentication, SSO, centralized access control, strong authentication
- federation : SSO to SaaS applications, social network integration - reporting engine
IBM® Software 12/26
Users & Administrators
Security teams need to understand the risks associated with users and IT administrators, to meet their
compliance requirements. Users also need to be able to manage their identities and credentials efficiently.
The integration
of ObserveIT with Privileged Identity Manager
provides insight and oversight into the actions of an Enterprise's
most privileged users
Self-Service
Security Identity Manager features an intuitive user interface to simplify provisioning requests and help
managers make intelligent access decisions for their employees. - empower line of business managers to automate and define users’ access across the enterprise
- simplify access requests and improves user experience with a “Shopping Cart” metaphor - provide a password management self-service interface
Identity Governance & Intelligence manages access requests and delivers easy-to-implement, business-friendly, self-service access request functions
Enterprise Single-Sign-On Security Access Manager for Enterprise Single Sign-On (e-SSO) allows users to sign on from anywhere to the
enterprise network with one password and get secure access to all applications. It simplifies password
management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations.
- strengthen access control with single sign-on (SSO) to enterprise and mobile applications - eliminate multiple passwords and simplifies the user experience
- manage a password local vault and renew passwords before they expire
Privileged Users / Administrators Privileged Identity Manager protects, automates and audits the use of privileged identities to mitigate insider
threats and improve security across the enterprise. - manage shared accounts pools, and credentials check-out / check-in
- provide centralized privileged identity management to improve control and reduce risk
- provide automated password management and single-sign-on - record privileged user endpoint activities for improved visibility and compliance
- secure application-to-application credentials and track their use - address compliance, regulatory and privacy requirements
IBM® Software 13/26
3. DATA
Enterprises can automate the complete security and compliance lifecycle across the database infrastructure: - assess vulnerabilities
- crawl the network to detect and classify data - encrypt sensitive files
- monitor and enforce data access policies - block access or quarantine users to protect valuable data ... without changing the configuration of databases
Test Datasets coherence and confidentiality should also be managed carefully to protect sensitive data from exposure during application development.
IBM® Software 14/26
Data Analysis
Protecting valuable information starts with identifying sensible data, and where it resides.
Application development and testing also requires access to datasources that should remain protected.
A global manufacturer chose
Guardium DAM to produce an auditable record of all database access attempts,
changes and activity, and help it demonstrate compliance with
Sarbanes-Oxley (SOX) regulations
Guardium helps Westfield Insurance Group
automate data discovery and classification, continuously monitor
data access, and proactively uncover vulnerabilities and risks.
Westfield Insurance can now quickly identify where customer data is stored, who’s accessing it, and why to rapidly
respond to potential security threats
Data Discovery
Guardium Data Activity Monitor explores databases schema to discover sensitive data.
InfoSphere Discovery automates the discovery of data relationships across heterogeneous systems. It creates a 360-degree view of existing data assets, and reduces analysis time, giving greater accuracy and higher levels
of visibility into potential data problems.
Business Glossary specifies the functional description of data in a shared dictionary.
Watson Explorer federates search engines, indexes all types of internal and external data and integrates
external sources in real-time
Vulnerability Assessment
Guardium Vulnerability Assessment scans database infrastructures to identify threats and security holes, which could be exploited to gain access to sensitive data. It identifies exposures such as missing patches, weak
passwords, unauthorized changes, or misconfigured privileges, and suggests remedial actions. - scan the entire database infrastructure automatically
- provide full reports as well as suggestions to address all vulnerabilities
- detect account sharing, excessive administrative logins and unusual after-hours activity - evaluate and document the database security to help assess, escalate and resolve risks
Database Activity Baselining
Guardium Data Activity Monitor explores databases schema and identifies database nominal traffic, to establish
a relevant baseline before starting to monitor activity. Then it participates in activity monitoring and data protection.
Test Data Management
Optim Test Data Management creates coherent data sets, reducing the size of test environments. Optim Data Masking masks data, including big data platforms, and supports compliance initiatives.
IBM® Software 15/26
Activity Monitoring & Data Protection
Companies can monitor activity to control the access to databases and files.
Sensible data can be encrypted, and access can be denied to risky users.
Data security and
compliance are critical to the financial market. Santiago Stock
Exchange uses Guardium for maintaining database security and
protecting client data from unauthorized access
A Japanese railway operator
implemented Guardium DAM to identify potential threats quickly and
reliably so that it can take swift preventive measures
Database and File Activity Monitoring
Guardium Data Activity Monitor alerts on data changes or leaks to ensure data integrity, and automates compliance. Continuous monitoring and security policies protect enterprise data without impacting applications.
- enforce coherent security policies in real time - monitor and audit all data activity for a wide range of platforms and protocols, including big data
- create a centralized repository of audit data, for enterprise compliance, reporting and forensics
Guardium Data Privacy for Hadoop identifies and monitors sensitive data within big data environments.
- provide big data and enterprise data definitions to ensure a common understanding across the enterprise - monitor and audit big data activity
- mask or redact sensitive data based on business policies
Guardium for Files protects file systems, and prevents unauthorized file access.
File-level Encryption
Guardium Data Encryption provides encryption capabilities to safeguard structured and unstructured data and comply with regulatory requirements. It delivers a unified management system to help manage data security.
- encrypt any type of documents, log files and databases (at a file-level) with minimal performance impact
- require no changes to applications, the underlying database or hardware infrastructure - provide granular auditing and reporting to meet data governance requirements such as HIPAA and PCI DSS
Security Key Lifecycle Manager centralizes and automates the encryption key management process to help
minimize risk and reduce operational costs of encryption key management. - offer secure and robust key storage, key serving and key lifecycle management
- support IBM and non-IBM storage solutions
Database-Level Protection
Guardium Data Activity Monitor prevents unauthorized data access, to mitigate internal and external threats. - protect sensitive information in every database in real time
- ensure dynamic data masking of sensitive data
- block access to unauthorized data, and quarantine users when they violate specific security policies
Document-Level Protection Guardium Data Redaction automatically recognizes and removes sensitive content from unstructured data
sources. It transforms manual redaction into automated processes for speed, ccuracy and efficiency.
- protect sensitive data in documents, forms and files from unintentional disclosure, misuse and fraud - support many document formats, including scanned documents, PDF, TIFF, XML and MS Word
IBM® Software 16/26
4. APPLICATIONS
Secured applications shall implement coding best practices, which can be checked via static analysis. Runtime analysis and intrusion tests can also identify weaknesses through the application portfolio.
Mobile applications can specifically be hardened before deployment to resist to hackers and fraudulent usage.
IBM® Software 17/26
Application Development
The application layer should be secured, not to introduce weaknesses in the IT infrastructure.
This includes code analysis and deployed applications scanning.
“AppScan helped us (Cisco)
create a self-service model. We could take the product
and put it in the hands of the developers and QA testers so that they could identify and fix
security vulnerabilities before production”
A web and mobile application provider
uses AppScan to conduct security testing on its applications more often and earlier in the development cycle
to better protect client data
Best Practices AppScan Source promotes OWASP coding practices, and contributes to developers' continuous education.
Code Analysis
AppScan Source integrates application security testing into the software development lifecycle ("white-box
testing"). It identifies vulnerabilities early in the software development lifecycle, when they are inexpensive to remediate, so that they can be fixed before deployment.
- support automated scanning during the build process - support the various flavors of mobile applications, including mobile web, native and hybrid applications
Dynamic Analysis
AppScan enables organizations to strengthen application security and achieve regulatory compliance. Security
and development teams can collaborate, establish policies and scale testing through the application lifecycle. - test deployed applications ("Black-box testing")
- identify vulnerabilities in applications, including client-side JavaScript - support a variety of application security testing techniques
- provide test policies, scan templates and vulnerability remediation advisories
- leverage a server agent to capture additional context, like database access ("Glass-box testing")
Risks Management AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify
high-risk areas, to focus the remediation efforts.
IBM® Software 18/26
Mobile Apps Protection
Mobile Apps become critical in the IT infrastructure and introduce new risks.
West Virginia University uses AppScan
to identify vulnerabilities in web applications,
and reduce the risk of a data breach
IBM conducted penetration testing for a communication equipment
manufacturer to determine the threat posed by external attackers. The
solution also included AppScan to assess the target applications
Code Analysis
AppScan Source can analyze mobile applications source code.
Hardening Arxan Application Protection for IBM Solutions contributes to mobile application hardening and runtime
protection. It enables developers to incorporate application protection without modifying source code.
- rely on patented Guard Network technology - provide code obfuscation against decompilation
- prevent code modifications and preserve application integrity - protect local data and encryption keys of mobile applications
Online Testing Service
Application Security on Cloud provides online Security testing features.
- combine static and dynamic analysis - scan web applications and mobile applications (Android / iOS)
- deliver a detailed report that isolates critical issues and offers recommendations for remediation - permit to rescan applications to confirm that issues have been remediated
IBM® Software 19/26
5. WEB FRAUD
To fight financial web fraud, companies can leverage the Trusteer Fraud Protection Suite, which provides risk-analysis services and up-to-date insights.
IBM has also developed additional solutions to fight various types of Fraud: investigation (i2 Analyst’s Notebook), identity resolution (Identity Insight), machine learning (IRIS)...
IBM® Software 20/26
Risk Analysis
Trusteer SaaS services fight against fraud and protect transactions.
Trusteer solutions have helped ABANCA, a retail bank in Spain,
prevent online banking fraud and meet new European banking regulations
A regional bank struggled to identify true online fraud attempts against i
ts business banking customers. It implemented Trusteer to accurately detect malware-infected devices and
determines both the nature of the threat and the potential risk
Malwares & Accounts Take-Over
Trusteer Pinpoint Detect provides a unified malware and criminal detection offering. - evaluate fraud risk levels to help create a security-rich user experience
- detect malware-infected devices including personal computers, tablets and smartphones - alert for high-risk devices that can be sent directly to the fraud team of the organization
- analyse browsing behaviors to identify accounts take-over attempts
- include device fingerprinting that detects criminal devices - detect login anomaly to provide protection from fraudulent access to user accounts
- detect transaction anomaly to help safeguard payment (new payees, specific location, exceptional amounts) - report on phishing incidents and provides an accurate indication of compromised accounts
IBM® Software 21/26
Endpoint Protection
A software component can be installed on the device itself to improve risk analysis and mitigation.
A credit union deployed IBM advanced
fraud protection software that helps prevent malware and phishing attacks
on member endpoints. The solution automatically detects malware
and phishing attempts and enables members to remove the infection
without any technical support
A U.S. bank deployed Trusteer to detect, block and remediate malware and phishing threats
across both customer and employee endpoints. The solutions provide a layer of protection that helps stop
hackers before they can cause damage
Workstations
Trusteer Rapport helps prevent malware and phishing attacks that are the root cause of most financial fraud. It helps financial institutions to protect their customers and meet regulatory compliance requirements.
- protect user devices against malware infections and phishing attacks - protect web browser sessions to prevent tampering of customer transactions
- defense against identity fraud to safeguard personal information - prevent and remove existing malwares to create a safer online banking experience for customers
- protect against phishing of login credentials and payment card data to preserve private information
Mobile Devices
Trusteer Mobile Browser is a security-rich mobile browser that allows users to safely access banking websites. A risk-based analysis is performed on the device when a protected website is accessed, to detect fake banking
websites and man-in-the-middle attacks.
- prevent mobile users from accessing fraudulent websites - raise security alerts to warn the mobile user of potential risks and provide remediation guidance
- protect from pharming attacks (redirect website traffic from a legitimate website to a fake website)
Trusteer Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms, which
can be embedded in proprietary mobile banking and e-commerce applications. - detect compromised or vulnerable mobile devices
- generate a persistent mobile device ID, resilient to application reinstallation - detect and block many kinds of man-in-the-middle attacks
- enhance protection for rooted mobile devices to prevent attacks by cybercriminals - can integrate with Trusteer Pinpoint Detect to consolidate web and mobile channels
IBM® Software 22/26
6. SECURITY OPERATIONS
Security Operations give a consolidated view of security-related activities. They also identify vulnerabilities and risks, and prioritize incidents.
Beyond the Security domain, IBM also proposes an Enterprise Risk Management solution (OpenPages), which
allow companies to classify and monitor identified risks, produce interactive reports and adapt to new regulations to improve their performance.
IBM® Software 23/26
Activity Monitoring & Incident Management
Collect application events and network activity to identify and prioritize threats.
Understand the root cause of problems, and ensure they will not happen again.
KoҫSistem, one of the largest IT services
companies in Turkey, is complying with regulations using
QRadar. They removed a SIEM from another company, lowered costs,
improved performance, and benefited from greater ease of use
The University of
Saskatchewan faces security de-perimeterization challenges and has to re-think how to secure their
IT environment. They use QRadar to move to a data-intensive security
model, manage compliance, and deliver real-time analysis and alerting
Security Console
QRadar SIEM consolidates log sources and event data from devices and applications distributed throughout a network. It also aggregates the various flows existing on the network, and performs immediate normalization
and correlation activities to distinguish real threats (“offenses”) from false positives.
- deliver surveillance throughout the entire IT infrastructure - correlate system vulnerabilities with event and network data, helping to prioritize security incidents
- provide near real-time visibility for threat detection and prioritization - detect deviating behaviors to complement the analysis
- reduce and prioritize alerts to focus investigations on an actionable list of suspected incidents
- produce detailed data access and user activity reports to help manage compliance
Security Intelligence on Cloud brings the SIEM platform to the Cloud.
QRadar qFlow Collector gives visibility into Level-7 network activity.
QRadar vFlow Collector gives visibility into network activity associated to virtual infrastructures.
Log Management QRadar Log Manager collects, analyzes and stores large volumes of network and security event logs.
- scale to support hundreds of thousands of events per second - capture and process large volumes of event data from thousands of sources in near real-time
- provide visibility into developing threats and help meet compliance requirements
Incident Response
Resilient provides an Incident Response Platform (IRP) that empowers cyber security teams to orchestrate their IR processes, and resolve incidents faster, more effectively, and more intelligently.
- align people, process, and technology
- significantly decrease time to close an incident - automate the Incident Response process
- build with knowledge bases of global regulatory and privacy requirements - empower security teams to easily configure their own Incident Response plans
QRadar Incident Forensics allows to retrace the step-by-step actions of a potential attacker, play back the
events, and quickly conduct an in-depth forensics investigation of suspected malicious security incidents.
QRadar Packet Capture stores and manages data used by QRadar Incident Forensics if no other network
packet capture (PCAP) device is already deployed
IBM® Software 24/26
Risk and Vulnerabilites
Security Teams identify and prioritize existing vulnerabilities in the IT infrastructure, and evaluate risks to
ensure compliance and take proactive actions to protect the business.
A local government chose
QRadar to improve its security practices. This security tool was easy
to implement and manage for their security teams, and became a true
asset to their work process
A Vietnamese bank deployed IBM enterprise security intelligence solution
that uses advanced analytics to automatically pinpoint valid
security threats and rank them by their importance and urgency
Vulnerabilities QRadar Vulnerability Manager identifies existing vulnerabilities, and adds context to prioritize remediation and
mitigation activities: network asset information, security configurations, flow data, logs and threat intelligence. - perform scheduled and event-driven network scanning, asset discovery and asset profiling
- add context to identify key vulnerabilities associated to assets, and reduce false positives
- prevent security breaches by discovering dangerous default settings, misconfigurations, and software features
Risk Management QRadar Risk Manager enables IT staff to visualize the network topology, review security device configuration
data and detect configuration errors. It analyzes network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations to reduce risk, prevent attacks, and increase compliance.
- analyze firewall configurations to help identify errors and remove ineffective rules
- provide network topology visualization tools to view current and potential network traffic patterns - correlate vulnerabilities with network configuration and traffic to link active attack paths with high-risk assets
- simulate network attacks and configuration changes to assess their security impact
Application-Level Risks
AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, to focus the remediation efforts.
- security reports and dashboards provide visibility of risk and compliance - performance metrics monitor the progress of the application security program
IBM® Software 25/26
7. EXPERTISE
Security expertise feeds the whole security platform to keep it up-to-date and efficient with emerging threats. It mixes researchers and service experts, who participate in the broader security community.
Research Security is a continuously evolving topic, which requires continuous investments. The IBM X-Force team
analyzes vulnerabilities, publishes regular reports and develops new technologies, which can be included into IBM Security solutions. IBM also dedicates research teams to counter-fraud intelligence.
X-Force Threat Intelligence adds dynamic Internet threat data to the Security platform to gain more intelligent
and accurate security enforcement. It helps organizations see new threats more quickly, gain deeper insight
and context, prioritize security incidents and prevent or minimize attacks.
Service IBM Security Service teams provide Security solutions to our clients in 6 domains: Security Strategy, Risk and
Compliance, Security Intelligence and Operations, Cyber Security Assessment & Response, Identity and Access
Management, Application and Data Security, Infrastructure and Endpoint Security.
Ecosystem The Security Community is vital to share best practices and additional information about emerging threats.
X-Force Exchange shares security information: threats / IP lists / URLs ...
https://exchange.xforce.ibmcloud.com/
Security App Exchange is an AppStore, which allows customers, developers and business partners to share applications, security app extensions and enhancements to IBM Security products.
http://www.ibm.com/security/engage/app-exchange/
Cognitive Solutions
Cognitive functions like machine learning progressively integrate IBM Software portfolio: QRadar, AppScan ... IBM major investment in cognitive solutions will also produce new solutions:
- QRadar Advisor will crunch your data locally to provide additional insights for your QRadar platform - Watson for Cybersecurity will be a Security virtual expert, available online via X-Force Exchange APIs
IBM® Software 26/26
INDEX
- A - Application Security on Cloud ........................................................... 18 AppScan ............................................................................................ 17
AppScan Enterprise ..................................................................... 17, 24
AppScan Source........................................................................... 17, 18 Arxan Application Protection for IBM Solutions ............................... 18
- B - BigFix .................................................................................................. 8
Business Glossary .............................................................................. 14
- C - Carbon Black ....................................................................................... 8 Cloud Identity Services - CIS ............................................................ 11
Cloud Security Enforcer ...................................................................... 7
- D - DataPower ......................................................................................... 11
- E - Endpoint Manager (BigFix) ................................................................. 8
- F - Federated Identity Manager ............................................................... 11
Fiberlink (MaaS360) ............................................................................ 8
- G - Guardium Data Activity Monitor - Guardium DAM.................... 14, 15 Guardium Data Encryption ................................................................ 15
Guardium Data Privacy for Hadoop ................................................... 15
Guardium Data Redaction .................................................................. 15 Guardium for Files ............................................................................. 15
Guardium Vulnerability Assessment - Guardium VA ........................ 14
- I - i2 Analyst’s Notebook - ANB ............................................................ 19
Identity Governance & Intelligence - IGI .................................... 10, 12 Identity Analytics .......................................................................... 10
Identity Compliance ...................................................................... 10
Identity Lifecycle .......................................................................... 10 Identity Insight ................................................................................... 19
InfoSphere Discovery ........................................................................ 14
Intelligent Operation Center - IOC....................................................... 6 IRIS ................................................................................................... 19
- M - MaaS360 .............................................................................................. 8
MaaS360 Cloud Extender .................................................................... 8 MaaS360 Mobile Enterprise Gateway ................................................. 8
- N - Network Active Bypass ....................................................................... 7
- O - OpenPages ......................................................................................... 22
Optim Data Masking .......................................................................... 14
Optim Test Data Management - Optim TDM .................................... 14
- P - Privileged Identity Manager - PIM .................................................... 12
- Q - QRadar Advisor ................................................................................ 25
QRadar Incident Forensics - QRIF .................................................... 23 QRadar Log Manager ........................................................................ 23
QRadar Packet Capture ..................................................................... 23
QRadar qFlow Collector ................................................................... 23 QRadar Risk Manager ....................................................................... 24
QRadar SIEM ................................................................................. 8, 23
QRadar vFlow Collector ................................................................... 23 QRadar Vulnerability Manager ......................................................... 24
- R - RACF .................................................................................................. 8
Resilient ............................................................................................ 23
- S - Security Access Manager - Advanced Access Control ...................... 11 Security Access Manager - Federation .............................................. 11
Security Access Manager - ISAM ..................................................... 11
Security Access Manager for Datapower- ISAM for Datapower ....... 11 Security Access Manager for eSSO - ISAM for eSSO ...................... 12
Security App Exchange ..................................................................... 25
Security Directory Suite - SDS .......................................................... 10 Security Identity Manager - ISIM................................................. 10, 12
Security Intelligence on Cloud .......................................................... 23
Security Key Lifecycle Manager - SKLM ......................................... 15 Service Offerings .............................................................................. 25
SiteProtector System ........................................................................... 7
- T - Trusteer Apex ...................................................................................... 8 Trusteer Fraud Protection Suite ......................................................... 19
Trusteer Mobile Browser ................................................................... 21
Trusteer Mobile Risk Engine ............................................................. 20 Trusteer Mobile SDK ........................................................................ 21
Trusteer Pinpoint Detect .................................................................... 20
Trusteer Rapport................................................................................ 21
- V - Video Analytics - IVA ........................................................................ 6
- W - Watson Explorer................................................................................ 14
Watson for CyberSecurity ................................................................. 25
- X - X-Force ............................................................................................. 25
X-Force Exchange ............................................................................. 25 X-Force Threat Intelligence ........................................................... 7, 25
XGS Appliance ................................................................................... 7 XGS Virtual Appliance - XGS-V ........................................................ 7
- Z - zSecure ................................................................................................ 8