IBM Security Systems Solutions for banking Industry Hammamet, le 23 Avril 2013

EL ASKRI Med Enis

Software Sales Leader IBM West Africa & Senegal Hub enis.askri@tn.ibm.com

Service Management for a Smarter Planet

Agenda
Addressing banking industry imperatives through: Visibility Control Automation Challenges facing decision makers in the banking industry today Potential benefits from addressing these challenges IBM Security Solutions for banking Industry

2012 IBM Corporation

Service Management for a Smarter Planet

Realities of an integrated world three interwoven issues

Across many industries there is a need to implement bold strategies that provide visibility of how systems are operating, control of IT and fixed asset management and automation of both physical and cloud infrastructures in order to meet the demands of clients worldwide.

Business environments in every industry need to adapt and thrive in the face of change

All industries remain focused on controlling cost while increasing the utilization of everything

Strengthening the supporting infrastructures to enable industry strategies is required

2012 IBM Corporation

Service Management for a Smarter Planet

Market forces driving the transformation of the banking industry

Capital inadequacy depressing profit margins Emboldened customers expect rapidly evolving new services and offerings Fierce competition for customers spawns industry consolidation, entrance of non traditional firms Changing business model shifts from product-centric to customer-centric Enhanced regulation increases government oversight and intervention Increasing social and government pressure for financial inclusion

2012 IBM Corporation

Service Management for a Smarter Planet

Meeting the service management needs of banking clients worldwide

Visibility Real time access to business analytics tailored to meet the needs of your bank.

Control Efficient management of cost and optimization of banking processes and assets.

Automation Streamline banking processes and automate banking infrastructures.

IBM can help you gather, synthesize, and improve information to help improve the way your bank operates turning mountains of data into real time decisions.

2012 IBM Corporation

Service Management for a Smarter Planet

Visibility Control Automation project areas for banking

Create a customer- Increase flexibility focused enterprise and streamline operations Drive innovation while managing costs Optimize enterprise risk and compliance

Operational IT Risk

Regulatory Audit

IT Transformation

Payment System Monitoring

2012 IBM Corporation

Service Management for a Smarter Planet

IBM customer examples of successful regulatory audit processes

SMART IS
Increasing efficiency and automating audit processes

SMART IS
Gaining complete compliance with regulations while reducing costs and processes

Banco Mercantil do Brasil, Brazil: The bank reduced the time and cost of managing user access across the entire account lifecycle - 80% reduction in provisioning time , 35% reduction in passwordrelated help desk calls, 7 to 1 reduction in number of managed passwords for each user
7

A US Financial bank, US: While complying with numerous regulatory requirements, the IBM solution the bank implemented also saved $60,000 per application by centralizing its security policy, in part by reducing the number of help-desk calls by 61%
2012 IBM Corporation

IBM Security Framework

Comprehensive Security Solutions

10

End to end, IBM has a strong security competitive posture

HP EDS

CA

Symantec

McAfee

EMC

Oracle (Sun)

Cisco

Verizon

People and Identity Data and Information Application and Process Network, Server and End Point Physical Infrastructure

Updated January 2011

10

How Does the Framework Map to Our Products?

IBM Tivoli Identity and Access Assurance (TIAA) solution bundle
o o

IBM Tivoli Identity Manager (TIM) IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO) IBM Tivoli Federated Identity Manager (TFIM) IBM Tivoli Access Manager for ebusiness (TAMeb) IBM Tivoli Security Information and Event Manager (TSIEM)

IBM Security Network Intrusion Prevention (GX series) IBM Security Server Protection IBM Virtual Server Protection for VMware IBM Security SiteProtector System IBM Tivoli Endpoint Manager for Security and Compliance, built on BigFix technology IBM Security zSecure suite

IBM Tivoli Security Policy Manager

IBM Tivoli Key Lifecycle Manager

Q1 Labs QRadar Solutions IBM Tivoli Security Information and Event Manager (TSIEM)

11

IBM Tivoli Identity and Access Assurance (TIAA) beat out Microsoft, Novell, CA and others to win SC Magazine's 2011 award for the Best Identity Management Application (article found here http://www.scmagazineus.com/best-identity-managementapplication/article/196008/)

In addition, SC Magazine named IBM Tivoli Access Manager for Enterprise Single Sign-On a finalist for the Best Multi-Factor award (LINK) and IBM Security Network IPS a finalist for the Best Web Application Firewall award (LINK).

12

Tivoli Identity Manager

Automates, audits, and remediates user access rights across your IT infrastructure
Identity change (add/del/mod) Access policy evaluated Approvals gathered Accounts updated

Reduce Costs
Cost

Detect and correct local privilege settings

Accounts on 70+ different Accounts on 70+ different types of systems managed. types of systems managed. Plus, In-House Systems & Plus, In-House Systems & portals portals

Self-service password reset Automated user provisioning Manage Complexity Consistent security policy Quickly integrate new users & apps Address Compliance

Tivoli Identity Manager

Applications

Complexity
Databases

Operating Systems

HR Systems/ Identity Stores

Networks & Physical Access

Know the people behind the accounts and why they have the access they do Fix non-compliant accounts

Automate user privileges lifecycle across entire IT infrastructure Match your workflow processes

Compliance

Closed-loop provisioning Access rights audit & reports

13

TAM E-SSO Solution Overview

TAM E-SSO provides: Enterprise single sign-on Two-factor authentication Automation to get users to productive point in their apps Multi-user machines (e.g. kiosks) fast user switching Identity management via TAM E-SSO or TIM Audit/reporting via TAM E-SSO or TSIEM with no change to the target applications

14

Web Single Sign-On

15

Web SSO and More with IBM Tivoli Access Mgr. for e-business (TAMeb)
#1 requirement addressed by TAMeb

Web single Sign-on Strong authentication Compliance -- know and show whos accessing what

Security/protection High Availability Scalability

16

Complete SSO Coverage

Federated SSO Internet Web SSO

Federated Targets
Multi-Domain SOA

Web SSO Targets

Web Servers Web Applications

Extranet

Portals, e.g. WP

Enterprise Targets Enterprise SSO Intranet/Kiosk

Windows Web Java

Mainframe

17

We are recognized by the analysts

IBM Tivoli Identity and Access Assurance (TIAA) beat out Microsoft, Novell, CA and others to win SC Magazine's 2011 award for the Best Identity Management Application (LINK) IBM named Best Security Company, winning the award for 2010s #1 security company for 2010 by SC Magazine LINK Gartner Magic Quadrant for Web Access Management IBM is ranked in the leaders quadrant LINK Gartner MarketScope for Enterprise Single Sign-On IBM is ranked as Strong Positive LINK Gartner Magic Quadrant for SIEM Q1 Labs is ranked in the leaders quadrant - LINK IDC Worldwide Identity and Access Management 2009-2013 Forecast Update and 2008 Vendor Shares IDC ranks IBM as the overall worldwide identity and access management security software revenue leader for the third straight year LINK

18

19

Network Threat Management Business Scenario

A manufacturing company has a large global footprint, with 6 data centers. They want to have thorough knowledge of what traffic is running on their network, and make sure it is authorized and free from malicious content They know many application vulnerabilities do not have current patches and are looking for a solution to address this They want a high performance solution that scales to meet their throughput needs How does IBM address this scenario? IBM Security Network Intrusion Prevention (NIPS) appliances provide deep inspection of all network traffic. With intelligence provided by IBM X-Force, these appliances can automatically update themselves, staying Ahead of the Threat. With IBM Security NIPS appliances protecting the companys websites, they will enjoy the best protection in the industry. These appliances provide true situational awareness of what is on the network, and with SiteProtector, prioritization of remediation is easily achievable. The IBM Security Virtual Patch will protect their infrastructure, even if no patch is ever available to fix vendors vulnerabilities.

20

21

IBM Intrusion PreventionThe Lineup

Network Protection
IBM Security Network IPS IBM Security Network IPS Virtual Appliance

Transparent, in-line network appliances (and virtual appliance versions) block attacks while allowing legitimate traffic to flow unhindered Preemptive intrusion prevention Track user/admin behavior File integrity monitoring Host level controls for compliance

Server Protection
IBM Security Server Protection & Server Sensor

VMsafe (Security) API integration Virtual Infrastructure Protection Intrusion Prevention & firewall IBM Security Virtual Server Protection for VMware Rootkit detection/prevention IBM Security Network IPS Virtual Appliance Inter-VM traffic analysis And more Command and control Event analysis Reporting

Security Management
Managed Security Services IBM Security SiteProtector

21

22

Customer Value Delivered by Tivoli Endpoint Manager for Security and Compliance, built on BigFix technology
PATCH MANAGEMENT Automated, effective, rapid patch deployment Single agent addresses Microsoft, UNIX, Linux, Mac and 3rdparty application patches (Adobe, Mozilla, Java, ) Automated or manual network bandwidth throttling based on network traffic . . . CPU impact <2% Real-time reporting know which patch went where SECURITY CONFIGURATION & POLICY COMPLIANCE Asset discovery know what is owned (and not owned), so you can be protected Security configuration mgmt. continuous assessment of endpoint security compliance . . . addresses audit concerns Host-based vulnerability assessment 99.9% accuracy Automated, out-of-the-box checklists for assessing security policy compliance General (PCI, SOX, ) and U.S. Government class (NIST 800-53, FDCC, DISA-STIGS, CyberScope/FISMA)

23

Tivoli Endpoint Manager for Security and Compliance

Competitive Positioning
igFix B n o Built nology tech

TEM-SC Asset discovery Continuous endpoint monitoring Patch management, incl. 3rd party applications Security configuration management Single agent for security, SW distribution, power, Cross-AV-vendor management Performance: Manage up to 250K endpoints w/1 svr. Endpoint OSs supported
24

Microsoft SCCM

Symantec Altiris

LANDesk

Win, Mac, UNIX, Linux, VMware

Windows
Partners for others

Client: Win, Mac, Linux, no UNIX Server: Win, Linux, UNIX, VMware

Win, Mac, Linux, UNIX (minus AIX)

Recently Announced/Delivered: TEM for Core Protection

What is it? Trend Micros cloud-based, endpoint anti-malware & firewall technology, tightly integrated with TEM (no Trend Console or Servers) Sales compensation handled same as other TEM: 100% CRev and FRev credit for IBM sales Previously sold to customers as the BigFix Core Protection Module Sold as a stand-alone TEM product, similar to TEM for Power Management IBM delivers L1 and L2 support; Trend handles error correction Sales Approach
Q: Do I get paid on sales of TEM for Core Protection? A: Yes. IBM sales of TEM for Core Protection qualify as 100% CRev and FRev. Q: Do Trend reps get paid when IBM sells into their accounts? A: Yes. Trend reps get paid on the net royalty revenue paid to Trend. Q: Do IBM reps get paid when Trend sells into our accounts? A: Yes. See the TEM for Core Protection Sales FAQ in the TEM Sales Kit for details. Q: Should I collaborate with Trend account teams in my TEM-CP opportunities? A: Its up to you. Trend reps do receive compensation for IBM sales into their accounts, so there is incentive for them to support you. Both companies can compete directly in accounts there are no restrictions in this regard.

25

TEM-CP . . . Customers love it!

Poor AV signature compliance. Many systems with systematic AV engine failures. Performance issues on systems older than three years.

Replaced existing McAfee/EPO system on 4,300 endpoints in 2 weeks with no issues. A/V signature compliance went from 60% to 95%+ since the migration to CPM. Older systems ran like new once TEM-CP was installed. No centrally managed AV solution for Macs No cross-platform AV solution Need to manage/report on machines outside the internal network No additional hardware Centralized AV management for Macs Web reputation in Mac environment Easy installation; only had to package uninstall of existing AV solution
26

SIEM Risk Management Log Management Network behavior analytics Security event management User behavior analytics Compliance reporting

27

Solving Customer Challenges with Total Security Intelligence

DETECTING THREATS OTHERS MISS Discovered 500 hosts with Here You Have virus, which all other security products missed

CONSOLIDATING DATA SILOS

2 Billion log events per day reduced to 25 high priority offenses

DETECTING INSIDER FRAUD

Caught an employee sending out internal designs

PREDICTING RISKS AGAINST YOUR BUSINESS ADDRESSING REGULATION MANDATES

Automate the policy monitoring and evaluation process for configuration changes in the infrastructure

Real-time monitoring of all network activity, in addition to PCI mandates

28

Solutions for the Full Compliance and Security Intelligence Timeline

29

Fully Integrated Security Intelligence

Log Management
Turnkey log management SME to Enterprise Upgradeable to enterprise SIEM

SIEM

Integrated log, threat, risk & compliance mgmt. Sophisticated event analytics Asset profiling and flow analytics Offense management and workflow

Risk Management

Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysis

Network Activity & Anomaly Detection

Network analytics Behavior and anomaly detection Fully integrated with SIEM

Network and Application Visibility

Layer 7 application monitoring Content capture Physical and virtual environments

30

TSIEM Addresses Customers Audit Log Management and Reporting Needs

Broadest, most complete log and audit trail capture capability Enterprise audit log Management full life cycle

W7 log normalization & unique ability to monitor user behavior

Compliance management modules & regulation-specific reports

31

Assessing compliance: Tivoli Security Information and Event Manager 2.0

Manage logs and monitor privileged users for insider threat and compliance initiatives

Tivoli Security Information and Event Manager provides a single, integrated product that delivers insider threat, audit and compliance

Highlights
Single, integrated product Log Management Reporting Unique ability to monitor user behavior Enterprise compliance dashboard Compliance management modules and regulation-specific reports Broadest, most complete log and audit trail capture capability W7 log normalization translates your logs into business terms Easy ability to compare behavior to regulatory and company policies
32

Audit log management & reporting multiple levels

Manager of Managers Level: Netcool Omnibus, Tivoli Service Request Mgr., TEC, Business Automation dashboards. Long-term storage/ archiving

TSIEM: Tivolis Enterprise security audit management and reporting system Guardium
DB2 (Host/Distributed) DB2/z Sybase Oracle Database Teradata SQL Server
33

M E I TS

ive h c Ar

e.g. IBM Information Archive IAM

SiteProtector
Applications (Rational AppScan) Virtualized Resources (VSP) Network (Network IPS) Hosts (Host IPS)

Others
Mainframe Data and Applications NW Ops Ctr. devices System Ops Ctr. devices

Tivoli Identity Manager TAMeb Tivoli Federated ID Mgr. Tivoli Security Policy Mgr. Tivoli Security Operations Manager

Cloud Ready, Cloud Capable Security Solutions

Addressing Customers Virtualization Security Needs Today

34

Take advantage of IBMs unique security expertise and approach

UNIQUE EXPERTISE
21 billion events monitored per day 4,000+ managed services customers 10 security development labs 9 security operations centers 6,000+ technical experts 20+ leadership recognitions 2010 Security Company of the Year

ABILITY TO SECURITY DELIVER APPROACH

35

36

37