© 2009 IBM Corporation© 2010 IBM Corporation

IBM System z

Intellinx zWatchNovember 8, 2010

22

System z Solution Edition for Security – Fraud Reference Case

• Client Scenario: State Criminal Justice System, Bullet-proof Mainframe security, Many access points

IBM Sales Team targets the CIO and CFO:“Experience has demonstrated that insider leaks may be utilized to help criminals escape prosecution or to release information about celebrities or high ranking government officials”.

“Your current IT infrastructure is exposed to these leaks which will likely result in civil and criminal penalties”

“At this very moment, policemen or detectives may be leaking information to criminals or the media. Also you are currently exposed to illegal access of sensitive information. Most alarming is that you may only become aware of such illegal access after your department has become fodder for the Tabloids. In such cases, departments have suffered high-level resignations and civil penalties

• Policemen access Driver information from portal within Police cruiser

• Detectives track case data via Cognos Analytics application

• Courts manage search warrants and court cases

Provocation:

Compliance Insight Manager

Solution Edition for Security

Mainframe Security Extended end-to-end across the Enterprise

“Joe Biden selected as

Obama’s running mate”

Wants and Warrants Database

Illegal queries

33

System z Solution Edition for Security – Secure Infrastructure

• Client Scenario: Large Healthcare Provider, Rigorous HIPAA compliance, huge patient records

IBM Sales Team targets the CIO and CFO:“Experience has demonstrated that insider leaks may be the biggest exposure to HIPAA compliance, especially when there is an opportunity to profit from disclosing patient records to third parties”

“Your current IT infrastructure is exposed to these leaks which will likely result in civil and criminal penalties”

“At this very moment, nurses, Doctors, or administrative personnel may be accessing patient records for the purpose of selling the information to a Tabloid. Such leaks are not only embarrassing and tarnish the Corporate image, they most certainly will result in substantial compliance and legal penalties, impacting the bottom-line. Failure to address this issue will expose you to negligence charges.”

• Secured access to patient medical records

• Patient records accessed by Doctors, Nurses, and Administration

• All Patient information is subject to HIPAA Compliance

Provocation:

Compliance Insight Manager

Solution Edition for Security

Mainframe Security Extended end-to-end across the Enterprise

Paris Hilton’s Patient Records

Illegal “leak”

© 2010 IBM Corporation

IBM System z Security

4

Multilevel Security

Encryption

Key Management

TS1120

Tape encryption

Common Criteria Ratings

Support for Standards

Audit, Authorization,

Authentication, and Access

Control

RACF®

IDS, Secure Communications

Communications Server

IBM Tivoli Security Compliance Insight Manager

IBM Tivoli® zSecure Suite

DB2® Audit Management Expert

Tivoli Identity Manager

Tivoli Federated Identity Mgr

Crypto Express 3 Crypto Cards

System z SMF

LDAP

ITDS

Scalable Enterprise Directory

Network Authentication

Service

Kerberos V5 Compliant

z/OS® System SSL

SSL/TLS suite

ICSF

Services and Key Storage

for Key Material

Certificate Authority

PKI Services

DS8000®

Disk encryption

Enterprise Fraud Solutions

DKMS

DKMSTKLM

Venafi

GuardiumOptim™

Data Privacy

Compliance and Audit Extended Enterprise

Platform Infrastructure

Elements of an Enterprise Security Hub

Venafi Encryption

DirectorVenafi Encryption

Director

System z

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. 5

© 2008 IBM Corporation

Intellinx’s Value Propositions

Outstanding out-of-the-box value – Immediate ROI following installation (typically only a few hours), Intellinx begins capturing all cross-enterprise user activity, allowing Internal Audit, Security and Fraud teams to perform investigations with cross-platform search with complete visual replay and generate alerts on potential suspicious insider application activity.

Intellinx is the only solution on the market that captures user activity to detect/prevent internal fraud and data leakage on IBM Systems z and i.

Customers expect IBM to lead the way on these platforms

Intellinx solution can handle encrypted traffic when executed natively on z/OS. A network appliance cannot do that without changing network standards.

Reduce Internal Fraud Losses by detecting potential fraud via real-time preventive / detective controls

Deter potential fraudulent users just by knowing that all their actions may be recorded Improve internal audit effectiveness by alerting on detection of suspicious behavior and

providing full visibility for audit Enforce corporate security policies by detecting security breaches, incidents and

exceptions Improve compliance with privacy regulations by creating a full audit trail of all end-user

activity including queries and provide accurate data for Basel II and S-Ox Risk Control Assessments

System z

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. 6

© 2008 IBM Corporation

Intellinx Architecture

Switch

3270 / 5250

IntellinxSensor

Analyzer IntellinxIntellinx

Session Analyzer

Queue

Screen/Message

Recording

Session Reconstruction

REPLAY

Actions

Event Analyzer

BacklogEvents Repository

Business Event

IntellinxReports

MQSeries

Files

Host

1

2

34

5

System z

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. 7

© 2008 IBM Corporation

Intellinx Architecture

Switch

3270 / 5250

IntellinxSensor

Analyzer IntellinxIntellinx

Session Analyzer

Queue

Screen/Message

Recording

Session Reconstruction

REPLAY

Actions

Event Analyzer

BacklogEvents

Repository

Business Event

IntellinxReports

MQSeries

Files

Host

1

z/OS

z/OS solution:

SW only install98% zAAP eligible

Doesn’t add to existing SW charges

Sysplex awareHigh volume, low CPU %Can handle non-z/OS trafficOperates across VPN

No other solution doesEliminates network distribution of SSL private keys for z/OS workloads

Reduces riskReduced complexity of deployment/orderingReduced overhead & latency for real time analyticsLeverages Mainframe security and audit of DB’s

zW

atch

uni

que

© 2010 IBM Corporation

IBM System z Security

8 8

Deployment choices toward a Fraud & Forensic Clearing House on System z

Switch

3270 / 5250 / MQ / HTTP

IntellinxSensor

Analyzer IntellinxIntellinxSession Analyzer

Queue

Screen/Message Recording

Session Reconstruction

REPLAY

Actions

Event Analyzer

BacklogEvents Repository

Business Event

IntellinxReports

MQSeries

Files

Host

1

2

3 4

5

z/OS Business Goals

– A User activity monitor for forensic and fraud prevention

– Non-invasively capture activities from a wide variety of protocols and systems

– Stealthfully deploy, where possible Intellinx in Action

– Identified thefts from Dormant bank accounts– Eliminated RYO audit tools for major Police Dept– Stopped leakage of personally identifiable

information Bladecenter deployment

– Over 200 blades to meet needs of large financial institution with the five distinct solution points of control

– Weeks to configure and deploy software– Environmental and FTE costs are highest– Coordination across security, network and server

admin teams Linux on System z deployment

– Multiple Linux server instances to cover the five distinct solution points of control

– Common hardware reduces environmentals and FTEs

– Network connections must be established to capture traffic

z/OS zWatch edition deployment

– Installation in under an hour, software only

– zIIP and zAAP eligible for 98% of processing keeps software pricing minimal

– High volume, low CPU utilization

– TCA and TCO are less than alternatives

– zWatch unique capability to handle network encrypted traffic

– With zBX, zWatch can handle non-z traffic with network admin assistance and simplify operations

– Reduced overhead and latency for real time analytics

© 2010 IBM Corporation

IBM System z

9

Intellinx™ zWatch™

• Tracks all business transactions performed on the mainframe, generate a detailed audit trail and detect suspicious activity in real-time.

• Creates a forensic database that can be used for detecting and preventing fraud and data leakage and for managing investigations.

• Compliments other compliance related tools, such as IBM’s Tivoli Compliance Insight Manager, to dramatically reduce the incidents of fraud within a business.

• Provides a cross platform enterprise hub for managing forensics and fraud, and can reduce deployment costs.

• Provides recording available for playback of all corporate data transactions.

• Provides an audit trail enabling compliance with government regulations, such as FACTA Identity Theft Red-Flags, PCI-DSS, Sarbanes-Oxley, Basel II, GLBA and HIPAA.

• Runs natively on the mainframe, sniffing all inbound and outbound network transmissions and recording all end-user screens and keystrokes as well as application transactions.

• Profiles user and account activity and generates alerts on anomalies in real-time.

• Provides a one of a kind visual replay of user activities – by screen and keystroke.

• Provides Google-like search of screen content stored by the system, enabling security officers and internal auditors to search, for example for all users who accessed a specific customer account and replay the specific user activity.

Additional information on Intellinx™ zWatch™: http://www.intellinx-sw.com/company_news_item.asp?ID=44Client Reference: http://www.intellinx-sw.com/customers_recommend.asp

© 2010 IBM Corporation

IBM System z Security

10 10

Application Architecture: The Complexity of DistributedBusiness Objectives A bank has four basic transactions

– Credit, Debit, Transfer, Inquiry And they have a variety of choices for front end interface

– ATM, Branch Terminal, Kiosk, Web browser, PDA, Cellphone Customer uses a Bladecenter to drive multi channel

transformation The back end processing remains the same regardless of the

presentation deviceFully Distributed Model (if deployed) Each application becomes a cluster of server images and must be

individually authenticated and managed Each line is a separate network connection, requiring high

bandwidth and protection Data is replicated across enterprise to meet scalability Customer deploys/builds automation processes to facilitate

system recovery with additional software – this is not trivial and requires additional software and unique development

High environmental needs and full time employees to manage infrastructure

Management Considerations for an enterprise

AuthenticationAlert processingFirewallsVirtual Private Networks

Network BandwidthEncryption of dataAudit Records/ReportsProvisioning Users/Work

Disaster Recovery plansStorage ManagementData TransformationsApplication Deployment

How does the Virtualization Manager improve these?

Application Server

WebSphere®

Service PlatformDatabase

Connectors

SQLJ

Service

MessageServlet

Loan Applic.

Bank Teller

GeneralLedger

Credit CardProcessing

Risk AnalysisService

Service

Con

nectors/Ap

pliances

CurrentAccounts

BatchPrograms

Bill PaymentDatabase

SQLJ

CurrencyExchange

Temp data toElectronic Data Warehouse

Batch Process

RMI/IIOP

EJB

WAS

BillPayment

EJBs

AuthenticationServer

M

gt

M

gt

M

gt

M

gt

M

gt

Mg

t

M

gt

M

gt

Mg

t

Mg

tMg

t

Mg

t

Mg

t

© 2010 IBM Corporation

IBM System z Security

11 11

Application Architecture: A Large EnterpriseEnd User –

Hosted Client

Application Server

Service Platform

Desktop Framework

Devices

Websphere

Service PlatformDatabase

Conn

ectors

SQLJ

Service

MessageServlet

Loan Applic.

Bank Teller

GeneralLedger

Credit CardProcessing

Risk Analysis Service

Service

Con

nectors

CurrentAccounts

Banking Portal

Device Apps.

XML over HTTP(S)

Middleware Services

BatchPrograms

Bill PaymentDatabase

SQLJ

Desktop Framework Services

Personalization

Service Systems& Databases

MQ

CurrencyExchange

Temp data toElectronic Data Warehouse

Batch Process

RMI/IIOP

EJB

WASBillPayment

EJBs

AuthenticationServer

System zNext

Potential advantages of consolidating your application and data serving Security Fewer points of intrusion Resilience Fewer Points of Failure Performance Avoid Network Latency Operations Fewer parts to manage Environmentals Less Hardware Capacity Management On Demand additions/deletions

With IFL With zAAP

& zIIP Utilization Efficient use of resources Scalability Batch and Transaction Processing Auditability Consistent identity Simplification Problem Determination/diagnosis Transaction Integrity Automatic recovery/rollback

Security Fewer points of intrusion Connectivity Improved throughput Simplification Problem Determination/Monitoring Development Consistent, cross platform tools

With zBX

zNext Combinations – reducing control points Assumes the Bladecenter for the multi

channel transformation Can leverage Websphere on either Linux for

System z or z/OS The Bladecenter functionality can be

migrated to zBX in the future TCA and TCO advantages over distributed It’s the very same programming model in a

different container that provides a superior operations model

© 2010 IBM Corporation

IBM System z

12

Compliance / Risk Mitigation / Secure Infrastructure: z/OS

Customer Challenges Security breaches, identity theft are growing Companies face large financial losses PCI and HIPAA compliance are required by law Many environments are plagued by viruses and a continued cycle of patches

Solution Capabilities Security certifications (z/OS EAL 4+, LPAR EAL 5, FIPS 140-2 Level 4), System z/OS integrity statement Centralized security controls, auditing and administration Anonymous data for development and test

Solution Components z/OS V1 including: z/OS Security Server RACF, DFSMS, DFSORT, RMF, SDSF DB2 for z/OS V9 WebSphere for z/OS V7 Optim Data Privacy Solution Encryption Facility for z/OS V1 Data Encryption for IMS and DB2 Databases V1 Crypto Express3 Features TKE Workstation OSA Cards IBM Tivoli Security Management for z/OS

Tivoli® Key Lifecycle Manager (TKLM) IBM System Services Runtime Environment for z/OS IMS Audit Management Expert for z/OS DB2 Audit Management Expert for z/OS

Optional: IBM Distributed Key Management System (DKMS) Intellinx zWatch Venafi Encryption Director

© 2010 IBM Corporation

IBM System z

13

Enterprise Fraud Analysis Solution

Customer Challenges Internal and external fraud cost billions of dollars in losses Reduction in brand equity and substantial financial losses Executives face personal fines, penalties and legal repercussions

Solution Capabilities Provides automated policy enforcement, centralized reporting and analysis, centralized auditing controls, risk mitigation

Record and playback insider actions Forensic analysis tools, real time prevention workflow Discover relationships via analytics

Solution Components IBM Tivoli zSecure Manager for RACF z/VM RACF ® Security Server feature for z/VM z/VM ® V5 z/VM V5 DirMaintTM Feature ISPF V3 for VM Optional: Intellinx zWatch