© 2015 IBM Corporation

IBM Security

1© 2015 IBM Corporation

IBM IAM Security and TrendsIntelligence, Integration and Expertise

January 29, 2015

© 2015 IBM Corporation

IBM Security

2

Sophisticated attackers break through safeguards every day

SQL

injectionWatering

hole

Physical

access

MalwareThird-party

software

DDoSSpear

phishing

XSS Undisclosed

Attack types

Note: Size of circle estimates relative impact of incident in terms of cost to business Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014

2011

Year of the breach

2012

40% increase

2013

500,000,000+ records breached

61% of organizations say

data theft and cybercrime

are their greatest threats2012 IBM Global Reputational Risk & IT Study

$3.5M+ average cost

of a data breach2014 Cost of Data Breach, Ponemon Institute

© 2015 IBM Corporation

IBM Security

3

New technologies introduce new risks…

83%

of enterprises have difficulty

finding the security skills they need2012 ESG Research

85 security tools from

45 vendorsIBM client example

…and traditional security practices are unsustainable

of security executives have

cloud and mobile concerns2013 IBM CISO Survey

70%Mobile malware growth

in just one year2012-2013 Juniper Mobile Threat Report

614%

© 2015 IBM Corporation

IBM Security

4

Security leaders are more accountable than ever before

Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series

Loss of market

share and

reputation

Legal exposure

Audit failure

Fines and

criminal charges

Financial loss

Loss of data

confidentiality,

integrity and/or

availability

Violation of

employee privacy

Loss of

customer trust

Loss of brand

reputation

CEO CFO/COO CIO CHRO CMO

Your board and CEO demand a strategy

© 2015 IBM Corporation

IBM Security

55

© 2015 IBM Corporation

IBM Security

6

More than half a billion records of PII were leaked in 2013

© 2015 IBM Corporation

IBM Security

7

Enterprise Security is only as strong as its weakest link – Identity

of scam and phishing incidents

are campaigns enticing users

to click on malicious links55%

Criminals are

selling stolen or

fabricated accounts

Social media is fertile

ground for pre-attack

intelligence gathering

Source: IBM X-Force® Research 2013 Trend and Risk Report

Mobile and Cloud breaking down the traditional

perimeter

IAM becomes fist line of defense with Threat and

Context awareness

© 2015 IBM Corporation8

IBM is positionedto help

© 2015 IBM Corporation

IBM Security

9

ApplicationsSYSTEMS

APPLICATIONSWEB

APPLICATIONSWEB 2.0

MOBILEAPPLICATIONS

DATACENTERS PCs LAPTOPS

InfrastructureCLOUDMOBILE NON-TRADITIONALMOBILE

Enterprise Security will need to focus on Identity and Interactions

People

EMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS

CONSULTANTS PARTNES CONSUMERS

Data STRUCTURED UNSTRUCTURED AT REST IN MOTION

…a holistic approach is needed

CONSUMERS

IN MOTION

MOBILEAPPLICATIONS

MOBILE

EMPLOYEES

UNSTRUCTURED

WEB 2.0

CLOUDPCs

OUTSOURCERS

STRUCTURED

SYSTEMSAPPLICATIONS

© 2015 IBM Corporation

IBM Security

10

IBM Security strategy

Delivering intelligence, integration and expertise across a comprehensive framework

Advanced threats

Cloud

Mobile

Compliance

Skills shortage

Key Security TrendsCISO’s Changing Role

The IBM Security Framework

© 2015 IBM Corporation

IBM Security

11

IBM Security has global reach

monitored countries (MSS)

service delivery experts

devices under contract+

endpoints protected+

events managed per day+

IBM Security by the Numbers

+

+

© 2015 IBM Corporation

IBM Security

12

Client Side Attacks

Botnets

Buffer Overflow Attacks

Distributed Denial of Service (DDoS)

SQL Injection

Backdoors

Cross-site Scripting (XSS)

Malicious Content

Protocol Tunneling

Reconnaissance

Trojans

Worms

Exploit Toolkits

Peer-to-Peer Networks

IBM X-Force delivers expert analysis and threat intelligence

Cataloging, analyzing and researching vulnerabilities since 1997

Providing zero-day threat alerts and exploit triage to IBM customers worldwide

Building threat intelligence from collaborative data sharing across thousands of clients

Analyzing malware and fraud activity from 270M+ Trusteer-protected endpoints

X-Force Keeps Customers Ahead of the Threat

IBM Security Operations Centersand Security Products

Sharing real-time andanonymized threat intelligence

© 2015 IBM Corporation13

Threat awareIdentity and Access

© 2015 IBM Corporation

IBM Security

14

1. Identity is a key security control for a multi-perimeter world

• Operational management

• Compliance driven

• Static, Trust-based

• Security risk management

• Business driven

• Dynamic, context-based

Today: Administration

Tomorrow: Assurance

IAM is centralized and internal

Enterprise

IAM

Cloud IAM

BYO-IDs

SaaS

Device-IDs

App IDs

IAM is decentralized and external

Enterprise

IAM

IaaS,

PaaS

© 2015 IBM Corporation

IBM Security

15

3. Evolving business –driven Identity Governance and Analytics

Wave 1: Administration

Cost savings

Automation

User lifecycle

Key on premise

applications and

employees

Wave 3: Analytics

Application usage

Privileged activity

Risk-based control

Baseline normal behavior

Employees, partners, consumers – anywhere

Wave 2: Governance

Role management

Access certification

Extended enterprise

and business partners

On and off-premise

applications

Identity Intelligence – Collect and Analyze Identity Data

Improved visibility into how access being utilized

Risk-based insights for prioritized compliance actions

Clear actionable dashboards for better business decision making

Identity and Governance Evolution

© 2015 IBM Corporation

IBM Security

16

IBM Security

Intelligence

Integration

Expertise

The IBM Security Framework

© 2015 IBM Corporation

IBM Security

17

www.ibm.com/security

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and

response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,

misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product

should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use

or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily

involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT

THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.