Security Intelligence and Analytics
Download
Report
Transcript Security Intelligence and Analytics
Architectural Overview of the
IBM Security Systems Portfolio
Ver 3.07 – Jun 2014
© 2014 IBM Corporation
Agenda
The IBM Security Framework and portfolio
Capabilities in the IBM Security Systems domains:
• Intelligence and Analytics
• Fraud Protection
• People
• Data
• Applications
• Infrastructure – Distributed
• Infrastructure – z
2
© 2014 IBM Corporation
IBM Security Framework and the
IBM Security Systems portfolio
33
© 2014 IBM Corporation
IBM Security Systems and the IBM Security Framework
Only vendor in the market with end-toend coverage of the security foundation
6K+ security engineers and consultants
Award-winning X-Force® research
Largest vulnerability DB and 2nd largest
IP reputation DB in the industry
Partner with IBM Software Group
Services, IBM Security Services and an
extensive partner community for
consulting and delivery
Intelligence
4
●
Integration
●
Expertise
© 2014 IBM Corporation
IBM Security Systems Portfolio
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
5
© 2014 IBM Corporation
Showing the IBM Security Capabilities and Integration
The slide deck uses a representative environment with
typical components, services and communications for
customers/partners (and cloud services), the enterprise
and employees…
… and then progressively overlays IBM security
capabilities in the context of this representative
environment to show features and integration points
6
© 2014 IBM Corporation
Security Intelligence and Analytics
(and GRC; IT security + enterprise)
77
© 2014 IBM Corporation
Security Intelligence and Analytics
NEW
IBM Security Systems Portfolio
QRadar Packet Capture
QRadar Incident Forensics
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
8
© 2014 IBM Corporation
Generic Environment for ABC Co…
9
© 2014 IBM Corporation
… but lets focus on the Infrastructure
10
© 2014 IBM Corporation
Log Management
11
© 2014 IBM Corporation
Security Information and Event Management
12
© 2014 IBM Corporation
Application-level and Virtualised Network Monitoring
13
© 2014 IBM Corporation
Intelligence and Risk Management
14
© 2014 IBM Corporation
Incident Forensic Analysis
15
© 2014 IBM Corporation
Intelligence and Vulnerability Management
16
© 2014 IBM Corporation
Enterprise GRC – Integrating IT Controls for Business Risk View
17
© 2014 IBM Corporation
Advanced Fraud Protection
18
18
© 2014 IBM Corporation
Advanced Fraud Protection
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
19
© 2014 IBM Corporation
Generic Environment for ABC Co
20
© 2014 IBM Corporation
Providing Common Fraud Prevention Services from the Cloud
21
© 2014 IBM Corporation
Protecting Employee Devices from Fraud
22
© 2014 IBM Corporation
Protecting Customer Devices from Fraud
23
© 2014 IBM Corporation
Protecting Customer Devices from Fraud without Client-Side Agents
24
© 2014 IBM Corporation
Protecting Customer Mobile Devices from Fraud
25
© 2014 IBM Corporation
Leveraging Access Management for Fraud Protection
26
© 2014 IBM Corporation
Fraud Protection and Security Intelligence
27
© 2014 IBM Corporation
People
28
28
© 2014 IBM Corporation
The People Domain
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
29
© 2014 IBM Corporation
Generic Environment for ABC Co
30
© 2014 IBM Corporation
Identity Management
31
© 2014 IBM Corporation
Web Access Control
32
© 2014 IBM Corporation
Federated Identity/Access Management
33
© 2014 IBM Corporation
Mobile Access Management
34
© 2014 IBM Corporation
Enterprise (Desktop) Single Signon
35
© 2014 IBM Corporation
Privileged Identity Management
36
© 2014 IBM Corporation
Identity into Security Intelligence
37
© 2014 IBM Corporation
Data
38
38
© 2014 IBM Corporation
The Data Domain
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
39
© 2014 IBM Corporation
Generic Environment for ABC Co…
40
© 2014 IBM Corporation
… but lets focus on the DB-specific Components
41
© 2014 IBM Corporation
Protecting DB Access at the Network Layer
42
© 2014 IBM Corporation
Centralised Management of DB Access Control Policy
43
© 2014 IBM Corporation
Managing Testing Data Based on Production Data
44
© 2014 IBM Corporation
Managing Lifecycle of Hardware Encryption Keys
45
© 2014 IBM Corporation
Security Intelligence and Databases
46
© 2014 IBM Corporation
Identity Management for Databases
47
© 2014 IBM Corporation
Vulnerability Management for Databases
48
© 2014 IBM Corporation
Applications
49
49
© 2014 IBM Corporation
The Applications Domain
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
50
© 2014 IBM Corporation
Generic Environment for ABC Co…
51
© 2014 IBM Corporation
… but lets look at the Application components
52
© 2014 IBM Corporation
Source Code and Runtime App Scanning
53
© 2014 IBM Corporation
Application Policy Testing
54
© 2014 IBM Corporation
XML Appliances and Security
55
© 2014 IBM Corporation
Identity Mapping and Security Token Services
56
© 2014 IBM Corporation
Common Security Policy Mgmt, Provisioning and Enforcement
57
© 2014 IBM Corporation
Security Intelligence and Applications
58
© 2014 IBM Corporation
Identity Management for Applications
59
© 2014 IBM Corporation
Web Application Protection for Applications
60
© 2014 IBM Corporation
Test Data Masking/Cleansing
61
© 2014 IBM Corporation
Infrastructure (Network, Server and
Endpoint) Distributed
62
62
© 2014 IBM Corporation
The Infrastructure (Network, Server and Endpoint) Domain
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
63
© 2014 IBM Corporation
Generic Environment for Infrastructure
64
© 2014 IBM Corporation
Network-level Security and Protection
65
© 2014 IBM Corporation
NextGen Network-level Security and Protection
66
© 2014 IBM Corporation
Centralised Security Event Management
67
© 2014 IBM Corporation
Endpoint Management and Security
68
© 2014 IBM Corporation
Endpoint Management for Mobile
69
© 2014 IBM Corporation
Network Anomaly Detection … Complementing NIPS
70
© 2014 IBM Corporation
Centralised Security Information Management
71
© 2014 IBM Corporation
Infrastructure for z
72
72
© 2014 IBM Corporation
Infrastructure for z
IBM Security Systems Portfolio
Security Intelligence and Analytics
QRadar
Log Manager
QRadar
SIEM
QRadar
Risk Manager
QRadar
Vulnerability Manager
Advanced Fraud Protection
Trusteer
Rapport
Trusteer Pinpoint
Malware Detection
Trusteer Pinpoint
ATO Detection
Trusteer Mobile
Risk Engine
People
Data
Applications
Identity
Management
Guardium Data Security
and Compliance
AppScan
Source
Network
Intrusion Prevention
Trusteer Apex
Access
Management
Guardium DB
Vulnerability
Management
AppScan
Dynamic
Next Generation
Network Protection
Mobile Security
MaaS360 by Fiberlink
Privileged Identity
Manager
Guardium / Optim
Data Masking
DataPower Web
Security Gateway
SiteProtector
Threat Management
Endpoint Security and
Management
Federated
Access and SSO
Key Lifecycle
Manager
Security Policy
Manager
Network
Anomaly Detection
Mainframe
Security
Network
Infrastructure
Endpoint
IBM X-Force Research
73
© 2014 IBM Corporation
Generic Network, Server and Endpoint Environment
74
© 2014 IBM Corporation
Drilling into the Mainframe-specific Components
75
© 2014 IBM Corporation
Better Administration of External Security Manager Objects
76
© 2014 IBM Corporation
Mainframe System Audit, Reporting and Alerting
77
© 2014 IBM Corporation
Administering, Auditing and Reporting for z/VM
78
© 2014 IBM Corporation
Enterprise-wide Auditing and Alerting
79
© 2014 IBM Corporation
Mainframe Security and the Enterprise-wide Security Ecosystem
80
© 2014 IBM Corporation
Security
Intelligence,
Analytics &
GRC
People
Data
Applications
Questions?
Infrastructure
81
© 2014 IBM Corporation
82
© 2014 IBM Corporation