Venkatesh Sadayappan (Venky)IBM Security Category Marketing Leader
Central & Eastern Europe
[email protected]+420-734-420-540
13th International InfoSec and Data Storage ConferenceSofia, Bulgaria
Applications SYSTEMSAPPLICATIONS
WEBAPPLICATIONS WEB 2.0 MOBILE
APPLICATIONS
DATACENTERS PCs LAPTOPSInfrastructure
CLOUDMOBILE NON-TRADITIONALMOBILE
Security challenges are a complex, four-dimensional puzzle…
PeopleEMPLOYEES ATTACKERS OUTSOURCERS SUPPLIERS
CONSULTANTS PARTNES CONSUMERS
Data STRUCTURED UNSTRUCTURED AT REST IN MOTION
…a holistic approach is needed
CONSUMERS
IN MOTION
MOBILEAPPLICATIONS
MOBILE
EMPLOYEES
UNSTRUCTURED
WEB 2.0
CLOUDPCs
OUTSOURCERS
STRUCTURED
SYSTEMSAPPLICATIONS
A radical notion: Cloud is an opportunity for enhanced security
Protect applications and workloadsin private Cloud stacks
Private Cloud
Security for the Cloud
Public Cloud
Securing workloadson virtual infrastructures
Secure usage of Public Cloudapplications
Security from the Cloud
Security-as-a-Service
Delivering and consumingsecure applications
Deliver security capabilities ascloud services
Security for the Cloud…..
13-04-02
Data and Application Protection
Secure enterprise databasesBuild, test and maintain secure
cloud applications
ThreatProtection
Prevent advanced threatswith layered protection
and analytics
IdentityProtection
Administer, secure, and extendidentity and access to and
from the cloud
Security Intelligence
Provide visibility, auditability and control for the cloud
Mobile downloadswill increase to108 billion
by 2017. 2
Mobile malware isgrowing. Malicious
code is infecting morethan
11.6 millionmobile devices at any
given time. 3
In 2014 the numberof cell phones
(7.3 billion) willexceed the number
of people on theplanet (7 billion).1
Mobile devices andthe apps we rely on
are under attack.
90% of the topmobile apps have
been hacked. 4
As mobile grows, so do security threats
Device Security Content Security Application Security Transaction Security
• Manage the mobileenterprise with BYOD,BYOA, secure e-mailand document sharing
• Secure file and documentsharing across devicesand employees includingintegration withSharePoint
• Instrument applicationswith security protectionby design
• Identify vulnerabilities innew, existing orpurchased applications
• Secure mobiletransactions fromcustomers, partnersand suppliers
Security Intelligence
Correlate mobile security events with broader infrastructure including log management, anomaly detection and vulnerabilitymanagement for proactive threat avoidance
ITOperations
Line-of-BusinessApplication Developer
SecuritySpecialist
• Mitigate security risk across devices, applications, content and transactions• Monitor enterprise security across all endpoints• Manage mobility across the enterprise
CISO / CIOChief Information Security Officer
Chief Information Officer
Imperatives for securing the mobile enterprise
SuspectedIncidents
True OffensesEmbeddedIntelligence• Real-time
analytics
• Automatedoffenseidentification
• Anomalydetection
• Incident evidenceand forensics
Servers andmainframes
Data activityNetwork and virtual
activity
ApplicationactivityConfiguration
information
Securitydevices
Users andidentities
Vulnerabilities andthreats
Security Intelligence and AnalyticsVisibility into security posture and clarity around incident investigation
Global threatintelligence
Attackerdefeated!
IBM Security Solutions
• QRadar Log Manager• QRadar SIEM• QRadar Risk Manager
• QRadarVulnerabilityManager
• QRadar IncidentForensics
CEE Case Study: ABLV Bank, ASGains 360-degree visibility into the enterprise
99% decreasein investigation time
“We now have a tool that gives us the visibility acrossour enterprise and helps us find the source of the
problem quickly.”—Aleksejs Kudrjasovs, Head of Information Security,
ABLV Bank
1 million:1 data reductionratio for security events
Immediate detectionand notification ofanomalies
Banking
Solution components
The transformation: Working with DSS and replacing an out-of-datesecurity monitoring solution with an advanced security platform fromIBM, ABLV security staff gained superior threat detection and a muchricher view of enterprise activities. The new solution integrates andanalyzes data from disparate sources to help staff more quickly uncoverand respond to threats.
Software• IBM® QRadar® Security Intelligence PlatformIBM Business Partner• Data Security Solutions (DSS LV)
CEE Case Study: ERGO LatviaGains actionable information in minutes to strengthen security and compliance
99% reductionin compliance reporting time
“We can now find and address the source of a problemin minutes instead of tens of hours.”
—Mr. Dainis Bairs, Chief Information Security Officer andHead of IT, ERGO Latvia
99% reductionin time to respond to securityand IT incidents
Uncovers threatsand prioritizes risk forefficient and effectiveremediation
Insurance
Solution components
The transformation: By replacing manual processes with an advancedsecurity solution from IBM, ERGO Latvia IT staff can quickly uncoverthreats, prioritize response based on risk level, and take action beforethe business is affected. The new solution integrates and analyzes datafrom disparate data sources and provides a unified view of potentialsecurity events, operational anomalies and vulnerabilities.
Software• IBM® QRadar® Security Intelligence PlatformIBM Business Partner• Data Security Solutions (DSS LV)