Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

IBM Security Portfolio-v2016-June

No description
by

Thierry Matusiak

on 24 August 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of IBM Security Portfolio-v2016-June

Expertise
Applications
The Security Chain Evolves Into An Immune System
Data
Web Fraud
Investigations
Identity Management
Mobile Devices
Guardium DAM
with QRadar SIEM

Guardium DAM sends database security events to QRadar SIEM for correlation and analysis
Infrastructure
Database Activity Monitoring
Vulnerability Assessment
File Activity Monitoring
Identity Federation
Security Access Manager for Enterprise Single Sign-On allows users to sign on from anywhere to the enterprise network with one password and get secure access to all applications. It simplifies password management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations.
- strengthen access control with single sign-on (SSO) to enterprise and mobile applications
- eliminate multiple passwords and simplify the user experience
- manage a password local vault and renew passwords before they expire


Security Access Manager (ISAM) enables secure user access, and defends applications against targeted web attacks and vulnerabilities (WAF). The reverse proxy provides a coherent set of services: authentication (password, Kerberos, token, RSA), coarse-grained Authorization, security session management, ID propagation.



Static Data Masking
File-level Encryption
Identity Repository
Users and activity management
Hardening
Data Discovery

Employees protection
Access To Applications
Identity Governance
Identities
Operations
ISAM Advanced Access Control Module provides secure access to mobile and web applications, and proactively enforces access policies for web environments and mobile collaboration channels.
- enable multi-factor Single-Sign-On and session management
- support flexible authentication schemes such as One-Time-Password (OTP), sent by SMS, mail...
- enforce fine-grain authorization: context-aware and 2-Factor authorization (2F)
- implement Risk-Based Access (RBA) based on a score computed by a risk engine
- support OAuth to allow a third-party application to access a service

Web Access Management
Optim Test Data Management supports the creation of data sets, reducing the size of test environments, but ensuring coherence and avoiding broken links, like foreign keys.

Guardium Data Activity Monitor alerts on data changes or leaks to ensure data integrity, and automates compliance. Continuous monitoring and security policies protect enterprise data without impacting applications.
- enforce coherent security policies in real time
- monitor and audit all data activity for a wide range of platforms and protocols, including big data
- create a centralized repository of audit data, for enterprise compliance, reporting and forensics
Guardium Data Encryption provides encryption capabilities to safeguard structured and unstructured data and comply with regulatory requirements. It delivers a unified management system to help manage data security.
- encrypt any type of documents, log files and databases (at a file-level) with minimal performance impact
- require no changes to applications, the underlying database or hardware infrastructure
- provide granular auditing and reporting to meet data governance requirements such as HIPAA and PCI DSS
Security Directory Suite is a scalable, standards-based identity platform that interoperates with a broad range of applications to simplify identity and directory management.
- federated LDAP directory to transform identity silos and support virtual directory-like deployments
- strong scalability and flexibility to support hundreds of millions of entries (DB2 back-end store)
- virtual appliance form factor for fast time to value, and easier maintenance
- scalable directory backbone, for enterprise-wide identity and access management
- simplified cloud integration for both enterprise-hosted and SaaS applications
- flexible, automated data manipulation to integrate disparate data sources
- intelligent white pages search capabilities with social networking features






Security Identity Manager (ISIM) manages identities for improved security and compliance. It automates the creation, modification, recertification and termination of identities throughout the user lifecycle.
- manage identities and passwords
- reduce complexity with centralized policies and integrated identity lifecycle management
- monitor users’ activity and provide audit reports to ensure compliance
Guardium for Files protects file systems, and prevents unauthorized file access.
Guardium Data Activity Monitor explores databases schema to discover sensitive data.







InfoSphere Discovery automates the discovery of data relationships across heterogeneous systems. It creates a 360-degree view of existing data assets, and reduces analysis time, giving greater accuracy and higher levels of visibility into potential data problems.

Guardium Vulnerability Assessment scans database infrastructures to identify threats and security holes, which could be exploited to gain access to sensitive data. It identifies exposures such as missing patches, weak passwords, unauthorized changes, or misconfigured privileges, and suggests remedial actions.
- scan the entire database infrastructure automatically
- provide full reports as well as suggestions to address all vulnerabilities
- detect account sharing, excessive administrative logins and unusual after-hours activity
- evaluate and document the database security to help assess, escalate and resolve risks
Enterprises can automate the complete security and compliance lifecycle across the database infrastructure:
- assess vulnerabilities
- crawl the network to detect and classify data
- encrypt sensitive files
- monitor and enforce data access policies
- block access or quarantine users to protect valuable data ... without changing the configuration of databases

Test Datasets coherence and confidentiality should also be managed carefully to protect sensitive data from exposure during application development.

Deployment Guide for InfoSphere Guardium
www.redbooks.ibm.com/Redbooks.nsf/RedpieceAbstracts/sg248129.html

Technical Overview Series
Part 1 Introduction
< www.youtube.com/watch?v=_W22DstVR88 >

Part 2 Product Capabilities
< www.youtube.com/watch?v=ETvjyTzSRgo >

Part 3 Data Collection
< www.youtube.com/watch?v=fRak43klj60 >

Part 4 Deployment Topologies
< www.youtube.com/watch?v=qHzGe_GWVLc >

Part 5 Deployment Project and Web Portal
< www.youtube.com/watch?v=111rkRV3dHQ >



Code Analysis
AppScan Source integrates application security testing into the software development lifecycle ("white-box testing"). It identifies web-based and mobile application source code vulnerabilities early in the software development lifecycle, when they are inexpensive to remediate, so they can be fixed before deployment.
- support automated scanning during the build process
- support the various flavors of mobile applications, including mobile web, native and hybrid applications
Trusteer Apex Advanced Malware Protection protects workstations throughout the threat lifecycle. It provides a non-intrusive protection against zero-day threats and advanced malware without impacting user productivity.
- protect workstations from Advanced Persistent Threats (APT)
- prevent data leakage and external reuse from corporate passwords
- identify Java - Adobe Flash/PDF - MS Office - and browsers vulnerabilities
- prevent the establishment of malicious connection channels between malware and the attacker

IBM also partners with Carbon Black to complement its Security platfom.
Carbon Black’s next-gen endpoint security integrates with X-Force Incident Response Services, BigFix and QRadar.


APEX with the Trusteer Cloud

APEX sends an MD5 definition of unknown executables to the Trusteer Cloud to check if they are malicious
MaaS360
with QRadar SIEM

MaaS360 sends compliance data ans security events to QRadar SIEM for correlation and analysis
MaaS360
with the Trusteer SDK

Combines the mobile risk assessment capabilities of Trusteer with the real time control of MaaS360 to provide mobile malware and rogue app detection.
APEX
with QRadar SIEM

APEX sends endpoint malware events to QRadar SIEM
Guardium with QRadar Vulnerability Manager

Guardium scanner sends database vulnerabilities to QVM for further analysis and prioritization.
ISAM Advanced Access Control Module
with Trusteer Mobile SDK

ISAM can leverage Trusteer information to implement a better context-aware authentication, and identify high-risk mobile devices
X-Force
with Trusteer Fraud Prevention

IBM research on latest fraud tactics and exploits is continuously incorporated in fraud prevention solutions
Identity Governance & Intelligence enables a business-centric approach to define, analyze and certify user access. Rules, activities and processes empower line-of-business managers, auditors and risk managers to govern access and evaluate regulatory compliance. IGI consists in 3 modules.

Identity Compliance Module
- Access review and certification, including access revocation
- Least privilege policy & Segregation of Duties (configuration and validation)
- Compliance reporting

Identity Lifecycle Module
- Policy-based contextual provisioning
- Applications and users on-boarding
- Request-based provisioning (self-service or supervisor)
- Audit reporting (history of the access)

Identity Analytics Module
- Role management, modeling, mining and lifecycle
- Access and roles optimization
- Risk-based access classification

QRadar Incident Forensics allows to retrace the step-by-step actions of a potential attacker, play back the events, and quickly conduct an in-depth forensics investigation of suspected malicious security incidents.
- reduce the time required to differentiate offense records from false positives
- help remediate a network security breach and prevent it from happening again
- retrace the actions of cyber criminals to understand the impact of intrusions and prevent their reoccurrence
- reconstruct raw network data related to a security incident for a greater understanding of the event

QRadar Packet Capture stores and manages data used by QRadar Incident Forensics if no other network packet capture (PCAP) device is deployed

Part 1. Dealing with Vulnerabilities
youtu.be/chAu5jrYLTs

Part 2. Databases and Mainframes
youtu.be/JRzlb10NQN4

Part 3. Using IPSs more effectively
youtu.be/9qYhANNBNPk

Part 4. Dealing with Advanced Malware
youtu.be/uXELdLirLm4

Part 5. Mobile and Patching
youtu.be/cHDIwNydkYw

Part 6. Leveraging Identity Management Intelligence
youtu.be/8GhnhIUgYy4

Part 7. Web Access Management
youtu.be/XbV0O_n5sB8

Part 8. X-Force and the eXchange
youtu.be/-lsu--1DPCg

Part 9. Forensics Investigation
youtu.be/BvTPy9GKHBU
QRadar Integration Series
Resource Access Control Facility (RACF) provides improved security for System Z. It protects the vital system resources and monitors users’ activity and protected resources.
- identify and verify system users
- identify, classify, and protect system resources
- authorize the users who need access to the protected resources
- control the means of access to these resources
- log and report unauthorized attempts at gaining access to the system and to the protected resources

MaaS360
with the MaaS360 Cloud

The MaaS360 client relies on a public Cloud infrastructure.
Arxan Application Protection for IBM Solutions contributes to mobile application hardening and runtime protection. It enables developers to incorporate application protection without modifying source code.
- rely on patented Guard Network technology
- provide code obfuscation against decompilation
- prevent code modifications and preserve application integrity
- protect local data and encryption keys of mobile applications

Rapport with Trusteer Cloud

The Trusteer Cloud provides services to detect web fraud
Trusteer Rapport helps prevent malware and phishing attacks that are the root cause of most financial fraud. It helps financial institutions to protect their customers and meet regulatory compliance requirements.
- protect user devices against malware infections and phishing attacks
- protect web browser sessions to prevent tampering of customer transactions
- defense against identity fraud to safeguard personal information
- prevent and remove existing malwares to create a safer online banking experience for customers
- protect against phishing of login credentials and payment card data to preserve private information
Trusteer Mobile SDK provides a dedicated security library for Apple iOS and Google Android platforms, which can be embedded in proprietary mobile banking and e-commerce applications.
- detect compromised or vulnerable mobile devices
- generate a persistent mobile device ID, resilient to application reinstallation
- detect and block many kinds of man-in-the-middle attacks
- enhance protection for rooted mobile devices to prevent attacks by cybercriminals
Risk Management
QRadar Risk Manager enables IT staff to visualize the network topology, review security device configuration data and detect configuration errors. It analyzes network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations to reduce risk, prevent attacks, and increase compliance.
- analyze firewall configurations to help identify errors and remove ineffective rules
- provide network topology visualization tools to view current and potential network traffic patterns
- correlate vulnerabilities with network configuration and traffic to link active attack paths with high-risk assets
- simulate network attacks and models configuration changes to assess their security impact

Advanced Access Control
Enterprise Single-Sign-On
You can implement a single security gateway, by combining the access management features of Security Access Manager for DataPower with the message-level security and application integration capabilities of DataPower Gateways (transfer of messages, security of XML feeds and web services).
- provide web access management functions for web, mobile and cloud workloads
- ensure consistent, policy-based communication enforcement
- offer seamless integration with advanced authentication, authorization and federation solutions
Security Gateway
http://www.ibm.com/security/products/
Event Management
QRadar SIEM consolidates logs and events from devices and applications distributed throughout a network.

QRadar Log Manager collects, analyzes and stores large volumes of network and security event logs. It analyzes data from network and security devices, servers and operating systems, applications and endpoints to provide near real-time visibility into current threats.
- scale to support hundreds of thousands of events per second
- capture and process large volumes of event data from thousands of sources in near real-time
- provide visibility into developing threats and help meet continuous compliance-monitoring requirements

Flow Management
QRadar SIEM consolidates the various flows existing on the network.

QRadar qFlow Collector gives visibility into Level-7 network activity.

QRadar vFlow Collector gives visibility into network activity associated to virtual infrastructures.
Security Console
QRadar SIEM consolidates log sources and event data from devices and applications distributed throughout a network. It also aggregates the various flows existing on the network, and performs immediate normalization and correlation activities to distinguish real threats (“offenses”) from false positives.
- deliver surveillance throughout the entire IT infrastructure
- correlate system vulnerabilities with event and network data, helping to prioritize security incidents
- provide near real-time visibility for threat detection and prioritization
- detect deviating behaviors to complement the analysis
- reduce and prioritize alerts to focus investigations on an actionable list of suspected incidents
- produce detailed data access and user activity reports to help manage compliance


Emerging Threats
X-Force Threat Intelligence adds dynamic Internet threat data to the Security platform to gain more intelligent and accurate security enforcement. It helps organizations see new threats more quickly, gain deeper insight and context, prioritize security incidents and prevent or minimize attacks.
AppScan enables organizations to strengthen application security and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing through the application lifecycle.
- test deployed applications ("Black-box testing")
- identify vulnerabilities in applications, including client-side JavaScript
- support a variety of application security testing techniques
- provide test policies, scan templates and vulnerability remediation advisories
- leverage a server agent to capture additional context, like database access ("Glass-box testing")
AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, to focus the remediation efforts.
- security reports and dashboards provide visibility of risk and compliance
- performance metrics monitor the progress of the application security program

Access Continuity
Network Active Bypass optimizes the availability of a network protected by IBM IPS appliances. In the unlikely event that an IPS appliance fails, the bypass ensures the network remains functional and users have access to critical applications.
Guardium Data Redaction automatically recognizes and removes sensitive content from unstructured data sources. It transforms manual redaction into automated processes for speed, accuracy and efficiency.
- protect sensitive data in documents, forms and files from unintentional disclosure, misuse and fraud
- support many document formats, including scanned documents, PDF, TIFF, XML and MS Word

Security relies on network traffic control and endpoints protection. It also includes safeguarding the growing SaaS services professional usage. Besides, enterprises need to manage various mobile devices, which extend the traditional workstations and servers infrastructure, including z Systems. Employees' workstations can also be monitored by enterprise protection solutions that complement classical antivirus to fight emerging threats.

IBM can also complement these Security solutions with an crisis management operation center (Intelligent Operations Center) and a video analytics offering (Video Analytics).
User/password couples are stored in multiple synchronized directories. Those users are created, updated and deleted with an identity management solution, complemented by a governance component to manage the lifecycle, compliance and analysis of existing credentials.

Enterprise Single-Sign-On and identities self-service empower users and simplify passwords renewal processes, while privileged users like server administrators must be carefully managed and controlled.

Applications can be accessed through a security gateway. Web Application Management components ensure a secure user access, and can federate identities across heterogeneous systems. They can also provide advanced access control functions, and single-sign-on to corporate users.
Guardium Data Activity Monitor prevents unauthorized data access, to mitigate internal and external threats.
- protect sensitive information in every database in real time
- ensure dynamic data masking of sensitive data
- block access to unauthorized data
- quarantine users when they violate specific security policies
Optim Data Masking helps improve data protection, and supports compliance initiatives. It masks data across production and non-production environments, including big data platforms.
- come with predefined data privacy classifications, rules, and masking algorithms
- capture data privacy policies and rules in one centralized repository
- provide reports to measure the compliance and enforcement of data privacy policies
Security policies should take care of the IT infrastructure, and carefully manage people digital identities and authorizations.
They should protect valuable data, ensure that deployed applications are securely designed, and actively fight against fraud.
Security operations collect all the associated information to identify threats early, help preserve a secure environment, and respond to incidents.
Lastly, expertise is at the core of efficient security practices to ensure that comprehensive and coherent security processes appropriately mitigate risks.

Secured applications shall implement coding best practices, which can be checked via static analysis.
Runtime analysis and intrusion tests can also identify weaknesses through the application portfolio.
Mobile applications can then be hardened before deployment to better resist to hackers and fraudulent usage.
To fight financial web fraud, companies can leverage the Trusteer Fraud Protection Suite, which provides risk-analysis services and up-to-date insights. IBM has also developed additional solutions to fight various types of Fraud: investigation (i2 Analyst’s Notebook), identity resolution (Identity Insight), machine learning (IRIS)...
Security Operations give a consolidated view of security-related activities.
They identify vulnerabilities and risks, and prioritize incidents.
Beyond the Security domain, IBM also proposes an Enterprise Risk Management solution (OpenPages), which allow companies to classify and monitor identified risks, produce interactive reports and adapt to new regulations to improve their performance.
Security expertise feeds the whole security platform to keep it up-to-date with emerging threats.
It mixes researchers and service experts, who participate in the broader security community.
z Systems
Endpoints
BigFix (Endpoint Manager) can manage desktops and notebooks: patches installation, remote control, antivirus, malware detection...
SDS with QRadar SIEM

SDS provides robust auditing and reporting features, connected to the QRadar SIEM
AppScan with SiteProtector

AppScan sends vulnerabilities in scanned web applications directly to SiteProtector to deploy virtual patches across Network Protection XGS devices
XGS appliances
with QRadar SIEM

XGS appliances send security events and flows to QRadar for analysis
X-Force
with XGS appliances

X-Force threat data, IP and URL reputation intelligence feed XGS appliances to address the latest threats and provide intelligent blocking.
MaaS360 with QRadar SIEM

MaaS360 sends compliance data ans security events to QRadar SIEM for correlation and analysis
APEX with QRadar SIEM

APEX sends endpoint malware events to QRadar SIEM
zSecure with QRadar SIEM

Send security events from System z to QRadar for analysis. Event sources include: z/OS, RACF, CA ACF2, CA Top Secret, CICS and DB2.
SDS with QRadar SIEM

SDS provides robust auditing and reporting features, connected to the QRadar SIEM
Privileged Identity Manager
with QRadar SIEM

Privileged Identity Manager sends privileged user activity to QRadar to detect anomalous behavior and understand this behavior during offenses analysis
Access Manager
with X-Force Research

ISAM incorporates the latest threat research to enable contextual authentication and threat-aware application protection.
Access Manager
with QRadar SIEM

Access manager sends user-activity-related security events to QRadar for correlation and analysis
Access Manager
with X-Force Research

ISAM incorporates the latest threat research to enable contextual authentication and threat-aware application protection.
ISAM Advanced Access Control Module
with Trusteer Mobile SDK

ISAM can leverage Trusteer SDK's information to implement a better context-aware authentication, and identify high-risk mobile devices
Mobile Devices
MaaS360 (Fiberlink) is an Enterprise Mobility Management (EMM) solution, which manages mobile devices (MDM) and mobile applications (MAM) through an enterprise app catalog, and secures BYOD initiatives.
- provide a professional container, an enterprise applications catalog, secure mail, and secure browser
- secure mails: limit transfers, control attached documents, limit copy-paste
- secure enterprise Apps: application wrapper and SDK, authentication, data leaks prevention, in-App VPN
- secure document sharing: access from the container to a large variety of content sources
- integrate with on premise AD/LDAP, email server and PKI ("Cloud Extender")
- provide secure access to intranet resources ("Mobile Enterprise Gateway")

Physical and virtual servers
BigFix (Endpoint Manager) ensures physical and virtual servers management and security.

Inventory: assets discovery, software use, contract management
Patch: assess, deploy and manage patches
Lifecycle: inventory of assets, distribution of OS, patches and software components, remote control
Compliance: discovery of assets, patches, vulnerabilities, antivirus
Protection: Trend Micro antivirus, data loss prevention, malware detection, external devices control
QRadar RM
with QRadar VM

QRadar Risk Manager can correlate vulnerability data from QRadar Vulnerability Manager with network topology and connection data to determine exploit paths
Database-level protection
Document-level protection
Test Data Management
Guardium DR with FileNet

Integrates with records management systems including FileNet P8 and Content Manager 8
Guardium Data Activity Monitor identifies database nominal traffic, to establish a relevant baseline before starting to monitor activity. It then participates in activity monitoring and data protection.
Activity Baselining
AppScan
with QRadar Vulnerability Manager

AppScan sends application vulnerabilities to QVM for additional context and prioritization
X-Force with AppScan

AppScan scans websites for links to malicious websites based on the X-Force database
X-Force with AppScan

AppScan scans websites for links to malicious websites based on the X-Force database
Analysis
Application Security on Cloud SaaS service helps eliminate security vulnerabilities from mobile applications.

AppScan Source can analyze mobile applications source code.
Application Security on Cloud provides online Security testing features.
- combine static and dynamic analysis
- scan web applications and mobile applications (Android / iOS)
- deliver a detailed report that isolates critical issues and offers recommendations for remediation
- permit to rescan applications to confirm that issues have been remediated

http://www.ibm.com/marketplace/cloud/application-security-on-cloud/us/en-us
Online Testing Service
Endpoint Protection
Trusteer Mobile SDK with Trusteer Pinpoint Detect

The Trusteer Mobile SDK can integrate with Pinpoint Detect to consolidate web and mobile channels
Service
Trusteer Mobile Browser is a security-rich mobile browser that allows users to safely access banking websites. A risk-based analysis is performed on the device when a protected website is accessed, to detect fake banking websites and man-in-the-middle attacks.
- prevent mobile users from accessing fraudulent websites
- raise security alerts to warn the mobile user of potential risks and provide remediation guidance
- protect from pharming attacks (redirect website traffic from a legitimate website to a fake website)

Malwares & Accounts Take-Over
Trusteer Pinpoint Detect provides a unified malware and criminal detection offering.
- evaluate fraud risk levels to help create a security-rich user experience
- detect malware-infected devices including personal computers, tablets and smartphones
- alert for high-risk devices that can be sent directly to the fraud team of the organization
- analyse browsing behaviors to identify accounts take-over attempts
- include device fingerprinting that detects criminal devices
- detect login anomaly to provide protection from fraudulent access to user accounts
- detect transaction anomaly to help safeguard payment (new payees, specific location, exceptional amounts)
- report on phishing incidents and provides an accurate indication of compromised accounts

Trusteer SaaS services fight against fraud and protect transactions.
APEX to the Trusteer Cloud

APEX sends an MD5 definition of unknown executables to the Trusteer Cloud to check if they are malicious
Trusteer Pinpoint
with Access Manager

Detect malware and account takeover using Trusteer Pinpoint and block connections from the compromised user with Access Manager
Risk Analysis
Pinpoint Detect with Rapport

Trusteer Rapport can remove malwares detected with Pinpoint Detect
Pinpoint Detect with Rapport

Trusteer Rapport can remove malwares detected with Pinpoint Detect
X-Force
with Trusteer Fraud Prevention

IBM research on latest fraud tactics and exploits is continuously incorporated in fraud prevention solutions
X-Force Exchange shares security information with the security ecosystem, IBM customers and partners: threats / IP lists / URLs ...


https://exchange.xforce.ibmcloud.com/


Ecosystem
Research
Risks & Vulnerabilities
One integrated platform
X-Force with QRadar SIEM

The X-Force supplies a list of threats (malicious IPs, malware hosts, spam sources) and real-time information, which help QRadar place activity in external context and determine security offense severity
Vulnerabilities
QRadar Vulnerability Manager identifies existing vulnerabilities, and adds context to prioritize remediation and mitigation activities: network asset information, security configurations, flow data, logs and threat intelligence.
- perform scheduled and event-driven network scanning, asset discovery and asset profiling
- add context to identify key vulnerabilities associated to assets, and reduce false positives
- prevent security breaches by discovering dangerous default settings, misconfigurations, and software features
Guardium VA
with QRadar VM

Guardium scanner sends database vulnerabilities to QVM for further analysis and prioritization
Information sharing
Workstations
Application-level Risks
Test Data Management
Protection
Activity Monitoring
Analysis
Activity Monitoring
People
Mobile Apps
Protection

MaaS360 with ISAM Advanced
Access Control Module

Enables the reuse of device attributes (coming from MaaS360 registered devices) in risk-based access policies evaluation
MaaS360 with ISAM Advanced Access Control Module

Enables the reuse of device attributes (coming from MaaS360 registered devices) in risk-based access policies evaluation
zSecure with Guardium VA

zSecure Audit integration enhances Guardium Vulnerability Assessment for DB2 on System z, to include assessment of RACF privileges.
https://www.ibm.com/developerworks/community/blogs/5e65990a-9690-42e2-93b1-c2267be7620c/entry/ibm_security_zsecure_audit_integration_with_guardium_vulnerability_assessment?lang=en
BigFix with QRadar SIEM

BigFix sends endpoint asset descriptive information to QRadar SIEM for correlation and analysis. Closes the remediation loop by having QRadar high risk endpoints passed back to BigFix for remediation
BigFix with QRadar SIEM

BigFix sends endpoint asset descriptive information to QRadar SIEM for correlation and analysis. Closes the remediation loop by having QRadar high risk endpoints passed back to BigFix for remediation
Identity Manager with RACF

The ISIM RACF Adapter is designed to create and manage RACF accounts
Intrusion Prevention Systems control the network traffic and protect the IT infrastructure from external threats.
Network Protection Intrusion Prevention System (IPS) XGS appliances are designed to stop constantly evolving threats before they impact the business. They provide high levels of protection and performance, while lowering the overall cost and complexity associated with managing a large number of point solutions.
- scan network traffic to identify and block attacks
- achieve high level of performance without compromising breadth and depth of security
- protect business-critical assets (networks, servers, endpoints and applications) from threats

Virtual XGS appliances can efficiently protect VMWare infrastructures.
Intrusion Prevention Systems
XGS appliances
with QRadar SIEM

XGS appliances send security events and flows to QRadar for analysis
X-Force Research
with XGS appliances

X-Force threat data, IP and URL reputation intelligence feed XGS appliances to address the latest threats and provide intelligent blocking.
QRadar SIEM with XGS appliances

QRadar includes right-click integration to block suspicious activity on the network with Network Protection XGS.
Security appliances management
SiteProtector System unifies management and analysis of security appliances. It provides a single interface to distribute security policies and updates to IPS across locations.
- provide central control of diverse security devices
- monitor and measure the exposure to vulnerabilities and demonstrate regulatory compliance
- evaluate and communicate the risk posture through event analytics and flexible reporting

Workstations
Network
Traffic

Applications and business processes rely on a set of endpoints that need to be protected
For decades, z Systems have been at the core of many companies’ strategy and provide the secured backbone of their IT infrastructure.
zSecure with QRadar SIEM

zSecure sends security events from System z to QRadar for analysis. Sources include z/OS, RACF, CA ACF2, CA Top Secret, CICS and DB2
Security administration
zSecure tools facilitate z Systems administration with a graphical console (monitoring, audit and compliance)
- automate and simplify RACF security and compliance administration (zSecure Admin)
- enforce RACF policies to protect mainframe environments (zSecure Command Verifier)
- improve administration, reporting and auditing for z/VM environments (zSecure Manager for RACF z/VM)
- monitor the mainframe for external and internal security threats (zSecure Alert)
- measure and verify effectiveness of mainframe security (zSecure Audit)
- add mainframe security administration capabilities to CICS environments (zSecure CICS Toolkit)
- simplify mainframe security administration through a Windows-based interface (zSecure Visual)
- extend advanced threat protection and security intelligence (zSecure Adapters for QRadar SIEM)
Identity Lifecycle Management is at the core of efficient access policies.
Privileged Users
Users & Admins
Privileged Identity Manager
with QRadar SIEM

Privileged Identity Manager sends privileged user activity to QRadar to detect anomalous behavior and understand this behavior during offenses analysis
Privileged Identity Manager protects, automates and audits the use of privileged identities to mitigate insider threats and improve security across the enterprise.
- manage shared accounts pools, and credentials check-out / check-in
- provide centralized privileged identity management to improve control and reduce risk
- provide automated password management and single-sign-on
- record privileged user endpoint activities for improved visibility and compliance
- secure application-to-application credentials and track their use
- address compliance, regulatory and privacy requirements

Self Service
Security Identity Manager features an intuitive, business-friendly user interface to simplify provisioning requests and help managers make intelligent access decisions for their employees. It also includes enhanced reporting and analytic capabilities to monitor user entitlements and activities.
- empower line of business managers to automate and define users’ access across the enterprise
- simplify access requests and improve user experience with a “Shopping Cart” metaphor
- provide a passwords management self-service

Identity Governance & Intelligence manages access request and delivers easier-to-implement, business-friendly, self-service access request functions

Users need to be able to manage their identities and access credentials efficiently.
Privileged users must be carefully monitored.
Companies control the access to their applications, internally and externally.
Dynamic Analysis
Protecting valuable information starts with better identifying sensible data, and where it resides.
Companies can monitor activity to control the access to databases and files.
Sensible data can be encrypted, and access can be denied to risky users.
Application development and testing requires access to datasources that should remain protected.
The application layer should be secured, not to introduce weaknesses in the IT infrastructure. This includes code analysis and deployed applications scanning.
Mobile Apps become critical in the IT infrastructure and introduce new risks.
Coding Best practices
AppScan Source promotes OWASP coding practices, and contributes to developers' continuous education.
AppScan Source
with MobileFirst

AppScan Source supports IBM MobileFirst (Worklight) projects
Security Code Library
Secured Mobile Browser
A software component can be installed on the device itself to improve risk analysis and mitigation.


Collect application events and network activity to identify and prioritize threats.
Understand the root cause of problems, and ensure they will not happen again.
Security Teams identify and prioritize existing vulnerabilities in the IT infrastructure, and evaluate risks to ensure compliance and take proactive actions to protect the business.
Research Labs
Security is a continuously evolving topic, which requires continuous investments to keep up-to-date.
The Security Community is vital to share best practices and additional information about emerging threats. "United we stand".
Security is a continuously evolving topic, which requires continuous investments. The X-Force analyzes vulnerabilities, publishes regular reports and develops new technologies, which can be included into IBM Security solutions.





IBM also dedicates research teams to counter-fraud intelligence.

You are currently watching the latest version
(Last update: July 3rd, 2016)


Check out additional resources :
- More prezis (PCI DSS, ISO, NIST ...)
- PDF and Powerpoint documents
- Youtube videos

INFORMATION
Identity Manager
with Access Manager

Users who access applications and authenticate through Access Manager can be provisioned by Identity Manager. ISAM can also protect ISIM.
Identity Manager
with Access Manager

Users who access applications and authenticate through Access Manager can be provisioned by Identity Manager. ISAM can also protect ISIM.
Identity Manager with PIM

Identity Manager synchronizes user and user access data to Privileged Identity Manager, for secure checkin/checkout and tracking of shared credentials.
Knowledge Center : Overview of the RACF Adapter
http://www-01.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0/com.ibm.itim_pim.doc/racf/install_config/c_overchap.htm
AppScan with QRadar SIEM

AppScan sends application security events to QRadar SIEM for context and analysis. QRadar SIEM pulls application security vulnerabilities from AppScan Enterprise for additional context and analysis.
AppScan with QRadar SIEM

AppScan sends application security events to QRadar SIEM for context and analysis. QRadar SIEM pulls application security vulnerabilities from AppScan Enterprise for additional context and analysis.
Guardium VA
with QRadar VM

Guardium scanner sends database vulnerabilities to QVM for further analysis and prioritization
QRadar SIEM
with QRadar VM

QRadar SIEM's asset databases and flow information are used in QVM to prioritize vulnerabilities based on severity risk

QRadar SIEM
with QRadar VM

QRadar SIEM's asset databases and flow information are used in QVM to prioritize vulnerabilities based on severity risk

QRadar SIEM
with QRadar RM

QRadar SIEM's asset databases and flow information are used in QRM's configuration monitoring and simulation capabilities
QRadar SIEM
with QRadar RM

QRadar SIEM's asset databases and flow information are used in QRM's configuration monitoring and simulation capabilities
QRadar RM
with QRadar VM

QRadar Risk Manager can correlate vulnerability data from QRadar Vulnerability Manager with network topology and connection data to determine exploit paths
QRadar RM
with QRadar VM

QRadar Risk Manager can correlate vulnerability data from QRadar Vulnerability Manager with network topology and connection data to determine exploit paths
X-Force
with QRadar RM

X-Force IP reputation data lets QRM simulate the spread of an exploit from a machine communicating with a known dangerous IP across other enterprise assets
X-Force
with QRadar RM

X-Force IP reputation data lets QRM simulate the spread of an exploit from a machine communicating with a known dangerous IP across other enterprise assets
X-Force
with QRadar VM

QVM can filter vulnerabilities to show only those on assets that have been communicating with poor reputation IPs.  QVM can also scan assets that have been communicating with such IPs
X-Force
with QRadar VM

QVM can filter vulnerabilities to show only those on assets that have been communicating with poor reputation IPs.  QVM can also scan assets that have been communicating with such IPs
QRadar VM
with QRadar RM

QRM provides network topography and configuration information to help QVM prioritize vulnerabilities based on severity of risk
QRadar VM
with QRadar RM

QRM provides network topography and configuration information to help QVM prioritize vulnerabilities based on severity of risk
Identity Manager with QRadar SIEM

Identity Manager provides role and identity context for deeper insights within QRadar offenses: list of executives, people about to leave, usual users of a sensitive application. QRadar also accepts audit, recertification and system events from ISIM appliances
QRadar VM
with QRadar SIEM

Integrating vulnerability information from QVM lets QRadar SIEM create offenses on suspicious activity that is potentially exploiting a known vulnerability
QRadar RM
with QRadar SIEM

QRM sends device configuration and network topology information to QRadar SIEM to add context and priority to security offenses
QRadar VM
with QRadar SIEM

Integrating vulnerability information from QVM lets QRadar SIEM create offenses on suspicious activity that is potentially exploiting a known vulnerability

QRadar RM
with QRadar SIEM

QRM sends device configuration and network topology information to QRadar SIEM to add context and priority to security offenses
QRadar SIEM
with QRadar IF

From an offense in QRadar SIEM the user can launch the Incident Forensics module to reconstruct and view user sessions

QRadar SIEM
with QRadar IF

From an offense in QRadar SIEM the user can launch the Incident Forensics module to reconstruct and view user sessions

Trusteer Fraud Prevention
with X-Force

Trusteer Fraud Prevention sends the latest attacks and exploits observed across its network to the X-Force for inclusion in its threat feed
Trusteer Fraud Prevention
with X-Force

Trusteer Fraud Prevention sends the latest attacks and exploits observed across its network to the X-Force for inclusion in its threat feed
Enterprises rely more and more on SaaS services to complement their internal applications.
Cloud Security Enforcer is a cloud-delivered solution that provides cloud application visibility, identity & access management, and threat prevention. Employees find and securely use approved cloud applications while IT security has full visibility and control over application usage.
- discover “shadow IT” as well as usage of approved applications
- simplify user access to cloud applications with identity and access controls
- monitor user activity to alert administrators of anomalous behavior
- protect against cloud-based threats with IBM X-Force Threat Intelligence
- enforce policies and coach users on appropriate corporate usage of cloud applications
Govern SaaS Usage
SaaS Services
www.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=WGW03196USEN&attachment=WGW03196USEN.PDF
https://securityintelligence.com/events/essential-data-security-principles-to-keep-sensitive-data-safe/
September 2015

You cannot control every device anymore, but you can control your data.
- Gain visibility
- Define your data (discover and classify)
- Dissect your data (analytics, how is it being used ?)
- Defend your data (access control, traffic inspection, data disposal, masking/tokens/encryption)

Is Your Sensitive Data Secure?
4 Essential Data Security Principles To Keep It Safe
ISAM Federation Module provides web and federated Single-Sign-On (SSO) to users throughout multiple applications. It supports private, public and hybrid cloud deployments.
- provide federated SSO
- propagate identities to internal applications and SaaS solutions
- open the internal information system to partners and SaaS solutions

Federated Identity Manager includes an identity mediation service to implement complex SSO scenarios

IGI receives user access entitlements and role information to allow role mining, access certification and access request processes. The process allows to incorporate access information from Identity Manager in the access governance processes. User access entitlements are updated on Identity Manager as a result of recertification campaign or access request. This integration helps clients ensure and certify to auditors that their users have the appropriate accesses for their jobs.
Data Dictionary

Business Glossary specifies the functional description of data in a shared dictionary.

Watson Explorer federates search engines, indexes all types of internal and external data and integrates external sources in real-time

IBM Endpoint Management Offering (BigFix and MaaS360)
with a focus on the BigFix Patch Management Module

20'+: demo of the BigFix product
25'+: detailed demo of the Patch Management Module

Incident Response
Incident Response Management complements the SIEM to build an integrated end-to-end Security Operations and Response Platform.
Cognitive Solutions
Response Platform
Resilient provides an Incident Response Platform (IRP) that empowers cyber security teams to orchestrate their IR processes, and resolve incidents faster, more effectively, and more intelligently.
- align people, process, and technology
- significantly decrease time to close an incident
- automate the Incident Response process
- build with knowledge bases of global regulatory and privacy requirements
- empower security teams to easily configure their own Incident Response plans
This white paper presents how the Trusteer Fraud Protection Suite helps detect, investigate and remediate fraud fast and efficiently.
http://www.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=SWGE_WG_WG_USEN&htmlfid=WGW03009USEN&attachment=WGW03009USEN.PDF
Ensuring application security in mobile device environments.
How to detect, analyze and eliminate application security vulnerabilities with AppScan
Demo: Integration between AppScan and QRadar.
www.youtube.com/watch?v=0wGRhZfBTSI
Demo: AppScan and SiteProtector Integration.

www.youtube.com/watch?v=bBTHIjG_rj0
Applications Security
AppScan
with QRadar Vulnerability Manager

AppScan sends application vulnerabilities to QVM for additional context and prioritization
Demo: Integration between AppScan and QRadar.
www.youtube.com/watch?v=0wGRhZfBTSI
AppScan with SiteProtector

AppScan sends vulnerabilities in scanned web applications directly to SiteProtector to deploy virtual patches across Network Protection XGS devices
Demo: AppScan and SiteProtector Integration.

www.youtube.com/watch?v=bBTHIjG_rj0
This white board session presents the Cloud Security Enforcer in details.

www.youtube.com/watch?v=1aIhaLxEPew
www.youtube.com/watch?v=fAdqcz0YbFA
QRadar SIEM Integration with IBM Security Network Protection

www.youtube.com/watch?v=8ul82V50yqE
QRadar SIEM with XGS appliances

QRadar includes right-click integration to block suspicious activity on the network with Network Protection XGS.
QRadar SIEM Integration with IBM Security Network Protection

www.youtube.com/watch?v=8ul82V50yqE
https://www.carbonblack.com/company/news/press-releases/carbon-black-and-ibm-security-partner-to-enable-businesses-to-protect-against-and-respond-faster-to-cyber-attacks-2/
QVM and BigFix integrate to detect vulnerabilities in at-risk devices and help re-mediate. QVM gathers vulnerability information by performing scans on computers installed with the BigFix agent and shares data with BigFix to help prioritize the management of "high risk" computers. The end user can then re-mediate the vulnerability by first quarantining and then applying a fixlet to the infected device. Data from BigFix allows QVM to see what endpoint vulnerabilities have been patched or are scheduled to be patched on which endpoints and adjust vulnerability severity accordingly.
zSecure Audit integration with Guardium Vulnerability Assessment
zSecure with Guardium VA

zSecure Audit integration enhances Guardium Vulnerability Assessment for DB2 on System z, to include assessment of RACF privileges.
https://www.ibm.com/developerworks/community/blogs/5e65990a-9690-42e2-93b1-c2267be7620c/entry/ibm_security_zsecure_audit_integration_with_guardium_vulnerability_assessment?lang=en
zSecure Audit integration with Guardium Vulnerability Assessment
This video presents Guardium and QRadar Integration.

www.youtube.com/watch?v=M0P12R2Kkjc
Guardium DAM
with QRadar SIEM

Guardium DAM sends database security events to QRadar SIEM for correlation and analysis
This video presents Guardium and QRadar Integration.

www.youtube.com/watch?v=M0P12R2Kkjc
Guardium DAM functional overview.
www.youtube.com/watch?v=rUXah31k-I0
Guardium helps to protect sensitive data against internal and external threats
www.youtube.com/watch?v=5vO5ObjLpjw
Security Key Lifecycle Manager centralizes and automates the encryption key management process to help minimize risk and reduce operational costs of encryption key management.
- offer secure and robust key storage, key serving and key lifecycle management
- support IBM and non-IBM storage solutions
- use the OASIS Key Management Interoperability Protocol (KMIP)
Big Data
Guardium Data Privacy for Hadoop identifies and monitors sensitive data that resides within big data environments.
- provide big data and enterprise data definitions to ensure a common understanding across the enterprise
- monitor and audit big data activity
- mask or redact sensitive data based on business policies

Cloud Identity Services is a cloud-based identity & access management solution that protects and controls your IT environment.
- identity management : lifecycle automation, governance, user provisioning, and self-service
- web access management : authentication, SSO, centralized access control, strong authentication
- federation : SSO to SaaS applications, social network integration
- reporting engine


Online IAM Service
Security Identity Manager Functional Overview.
www.youtube.com/watch?v=bXYc9TRiSoQ
Identity Manager with RACF

The ISIM RACF Adapter is designed to create and manage RACF accounts
Knowledge Center : Overview of the RACF Adapter
http://www-01.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0/com.ibm.itim_pim.doc/racf/install_config/c_overchap.htm
MaaS360 with Access Manager
Downloadable package
www-01.ibm.com/support/docview.wss?uid=swg24038325
Cloud Identity Services Overview.

www.youtube.com/watch?v=ChNm5bjCx4Q
This prezi presents IBM Security Solutions.
It includes links to various external resources.

Resilient with QRadar SIEM

Resilient natively integrates with QRadar through an application available on the App Exchange to link data analysis and incident response
Resilient with QRadar SIEM

Resilient natively integrates with QRadar through an application available on the App Exchange to link data analysis and incident response
Managing application security across the organization with AppScan Enterprise.
www.youtube.com/watch?v=4n0jwZwUP3c
SIEM Online Service
Security Intelligence on Cloud brings the SIEM platform to the Cloud.
IBM Security Service teams provide Security solutions to our clients : Threat & Security Research, Consulting, System Integration, Managed Services, and Cloud Services.
They focus on 6 domains:
- Security Strategy, Risk and Compliance
- Security Intelligence and Operations
- Cyber Security Assessment & Response
- Identity and Access Management
- Application and Data Security
- Infrastructure and Endpoint Security




IBM Security App Exchange allows customers, developers and business partners to share applications, security app extensions and enhancements to IBM products
- obtain apps that extend the capabilities of IBM Security solutions
- share best practices and learn from others
- find solutions in near real-time


http://www.ibm.com/security/engage/app-exchange/




App Store
https://securityintelligence.com/media/xforce-tir-2016/
IBM X-Force Threat Intelligence Report 2016
http://cognitivesecuritywhitepaper.mybluemix.net/?cm_mc_uid=19475626436114607049583&cm_mc_sid_50200000=1463850976
Evolve your defenses with security that understands, reasons and learns.
Cognitive functions like machine learning progressively integrate IBM Software portfolio: QRadar, AppScan ...

IBM major investment in cognitive solutions will also produce new solutions:
- QRadar Advisor will crunch your data locally to provide additional insights for your QRadar platform
- Watson for Cybersecurity will be a Security virtual expert, available online via X-Force Exchange APIs



http://www.slideshare.net/ThierryMatusiak/ibm-security-software-solutions-one-pager
This one pager positions IBM Software Security Solutions.
http://public.dhe.ibm.com/software/security/products/qradar/documents/iTeam_addendum/b_dsm_guide.pdf
QRadar provides many DSMs (Device Support Modules) to receive events from various log sources. They include IBM and non-IBM technologies.
https://www-304.ibm.com/connections/blogs/sweeden/entry/introduction_to_qradar_log_management_for_webseal_administrators?lang=en_us
Introduction to QRadar log management for WebSEAL Administrators
Access Manager
with QRadar SIEM

Access manager sends user-activity-related security events to QRadar for correlation and analysis
https://www-304.ibm.com/connections/blogs/sweeden/entry/introduction_to_qradar_log_management_for_webseal_administrators?lang=en_us
Introduction to QRadar log management for WebSEAL Administrators
Identity Manager with QRadar SIEM

Identity Manager provides role and identity context for deeper insights within QRadar offenses: list of executives, people about to leave, usual users of a sensitive application. QRadar also accepts audit, recertification and system events from ISIM appliances
IGI with QRadar SIEM

Identity Governance and Intelligence sends identity and access data to QRadar to provide "identity context" to security intelligence
IGI with QRadar SIEM

Identity Governance and Intelligence sends identity and access data to QRadar to provide "identity context" to security intelligence
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGD03025USEN&appname=wwwsearch#loaded
Use dynamic X-Force data with QRadar to detect the latest threats
X-Force with QRadar SIEM

The X-Force supplies a list of threats (malicious IPs, malware hosts, spam sources) and real-time information, which help QRadar place activity in external context and determine security offense severity
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGD03025USEN&appname=wwwsearch#loaded
Use dynamic X-Force data with QRadar to detect the latest threats
Major updates implemented in this version:
- added the integration spider web in the navigation path
- reviewed & complemented the various integration points

- one-pager PDF summary

- 28-page PDF summary (PDF version of this prezi)

Expertise
Applications
Data
Web Fraud
Investigations
Identity Management
Mobile Devices
Infrastructure
Database Activity Monitoring
Vulnerability Assessment
File Activity Monitoring
Identity Federation
File-level Encryption
Identity Repository
Users and activity management
Hardening
Data Discovery

Employees protection
Access To Applications
Identity Governance
Identities
Operations
Web Access Management
Code Analysis
Risk Management
Advanced Access Control
Enterprise Single-Sign-On
Security Gateway
Event Management
Flow Management
Security Console
Emerging Threats
Access Continuity
z Systems
Endpoints
Mobile Devices
Physical and virtual servers
Database-level protection
Document-level protection
Activity Baselining
Analysis
Endpoint Protection
Service
Mobile Risk Engine
Malwares & Accounts Take-Over
Risk Analysis
Community
Research
Risks & Vulnerabilities
Vulnerabilities
Information sharing
Workstations
Application-level Risks
Test Data Management
Protection
Activity Monitoring
Analysis
Activity Monitoring
People
Mobile Apps
Protection
Intrusion Prevention Systems
Security appliances management
Workstations
Network
Traffic
Security administration
Privileged Users
Users & Admins
Self Service
Dynamic Analysis
Coding Best practices
Security Code Library
Secured Mobile Browser
Research Labs
Govern SaaS Usage
SaaS Services
Data Dictionary

Incident Response
Cognitive Solutions
Response Platform
Applications Security
Big Data
Online IAM Service
SIEM Online Service
App Store
Integrations
https://ibm.biz/BdFHAk
QRadar knowledge center
https://www.ibm.com/developerworks/community/wikis/home?lang=en-us#!/wiki/W746177d414b9_4c5f_9095_5b8657ff8e9d/page/Bigfix%20%26%20Qradar%20Vulnerability%20Manager%20Security%20Software%20Integration
Bigfix & Qradar Vulnerability Manager Security Software Integration
BigFix with
QRadar Vulnerability Manager

QVM and BigFix integrate to detect vulnerabilities in at-risk devices and help re-mediate. QVM gathers vulnerability information by performing scans on computers installed with the BigFix agent and shares data with BigFix to help prioritize the management of "high risk" computers. The end user can then re-mediate the vulnerability by first quarantining and then applying a fixlet to the infected device. Data from BigFix allows QVM to see what endpoint vulnerabilities have been patched or are scheduled to be patched on which endpoints and adjust vulnerability severity accordingly.
https://ibm.biz/BdFHAk
QRadar knowledge center
https://www.ibm.com/developerworks/community/wikis/home?lang=en-us#!/wiki/W746177d414b9_4c5f_9095_5b8657ff8e9d/page/Bigfix%20%26%20Qradar%20Vulnerability%20Manager%20Security%20Software%20Integration
Bigfix & Qradar Vulnerability Manager Security Software Integration
BigFix with
QRadar Vulnerability Manager

Connections from the mobile device through the Mobile Enterprise Gateway can be authenticated with ISAM. MaaS360 sends device attributes information from MaaS360 registered devices to Access Manager for use in access policy. Risk-based access controls can utilize context from MaaS360 in access decision (e.g., compliance state, jail broken status, ownership status, etc). Risk-based access feature to determine and score risk levels using user attributes and context.
MaaS360 with Access Manager
Downloadable package
www-01.ibm.com/support/docview.wss?uid=swg24038325
Connections from the mobile device through the Mobile Enterprise Gateway can be authenticated with ISAM. MaaS360 sends device attributes information from MaaS360 registered devices to Access Manager for use in access policy. Risk-based access controls can utilize context from MaaS360 in access decision (e.g., compliance state, jail broken status, ownership status, etc). Risk-based access feature to determine and score risk levels using user attributes and context.
Identity Manager with Identity Governance & Intelligence
IGI receives user access entitlements and role information to allow role mining, access certification and access request processes. The process allows to incorporate access information from Identity Manager in the access governance processes. User access entitlements are updated on Identity Manager as a result of recertification campaign or access request. This integration helps clients ensure and certify to auditors that their users have the appropriate accesses for their jobs.
Identity Manager with Identity Governance & Intelligence
Identity Manager with PIM

Identity Manager synchronizes user and user access data to Privileged Identity Manager, for secure checkin/checkout and tracking of shared credentials.
IGI with PIM

IGI can be used to recertify PIM users - PIM adapter allows to collect PIM user entitlements for recertification and propagate back to PIM any resulting updates.
IGI with PIM

IGI can be used to recertify PIM users - PIM adapter allows to collect PIM user entitlements for recertification and propagate back to PIM any resulting updates.
Privileged Identity Manager
with Guardium DAM

User access data from PIM allows Guardium verify the permissions on the database and to identify end user identity wrapped into application or service shared user identities. The integration helps track and identify ownership for shared user credentials.
Privileged Identity Manager
with Guardium DAM

User access data from PIM allows Guardium verify the permissions on the database and to identify end user identity wrapped into application or service shared user identities. The integration helps track and identify ownership for shared user credentials.
Guardium with BigFix

Guardium provides vulnerability assessment information of database servers to BigFix to help understand the database risk in the scope of other endpoints.
https://books.google.com/books?id=MpYhAwAAQBAJ&pg=PA443&lpg=PA443&dq=guardium+integration+with+endpoint+manager&source=bl&ots=MZ_HjZCh88&sig=naW1LJVHzQmgqKQFmmrZEALmwJk&hl=en&sa=X&ei=avqOVJKfPIz9yQTlr4DQDA&ved=0CEMQ6AEwAw#v=onepage&q=guardium%20integration%20with%20endpoint%20manager&f=false
Deployment Guide for InfoSphere Guardium. BigFix Integration.
Guardium with BigFix

Guardium provides vulnerability assessment information of database servers to BigFix to help understand the database risk in the scope of other endpoints.
https://books.google.com/books?id=MpYhAwAAQBAJ&pg=PA443&lpg=PA443&dq=guardium+integration+with+endpoint+manager&source=bl&ots=MZ_HjZCh88&sig=naW1LJVHzQmgqKQFmmrZEALmwJk&hl=en&sa=X&ei=avqOVJKfPIz9yQTlr4DQDA&ved=0CEMQ6AEwAw#v=onepage&q=guardium%20integration%20with%20endpoint%20manager&f=false
Deployment Guide for InfoSphere Guardium. BigFix Integration.
CSE with complementary security solutions

CSE will integrate with additional solutions like IGI or MaaS360 to leverage their capabilities in the context of SaaS governance.
MaaS360
with the Trusteer SDK

Combines the mobile risk assessment capabilities of Trusteer with the real time control of MaaS360 to provide mobile malware and rogue app detection.
BigFix with MaaS360

The BigFix console provides visibility of the mobile devices managed in MaaS360, to implement a unified endpoint management strategy.
BigFix with MaaS360

The BigFix console provides visibility of the mobile devices managed in MaaS360, to implement a unified endpoint management strategy.
Risks Management
AppScan Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, to focus the remediation efforts.
http://www.slideshare.net/ThierryMatusiak/ibm-security-software
This 28-page document presents IBM Software Security Solutions.
It can be considered as a PDF version of this prezi.
http://www.slideshare.net/ThierryMatusiak/ibm-security-software-solutions-one-pager
http://www.slideshare.net/ThierryMatusiak/ibm-security-software
Trusteer Mobile SDK with Trusteer Pinpoint Detect

The Trusteer Mobile SDK can integrate with Pinpoint Detect to consolidate web and mobile channels
Access Manager
with Trusteer Pinpoint

Access Manager can inject code snippets into web pages to allow Trusteer PinPoint to monitor activity without modifying the original pages
Trusteer Pinpoint
with Access Manager

Detect malware and account takeover using Trusteer Pinpoint and block connections from the compromised user with Access Manager
Access Manager
with Trusteer Pinpoint

Access Manager can inject code snippets into web pages to allow Trusteer PinPoint to monitor activity without modifying the original pages
Guardium DAM with IGI

Guardium DAM can share entitlement information with IGI, so that it can better evaluate risks
Guardium DAM with IGI

Guardium DAM can share entitlement information with IGI, so that it can better evaluate risks
https://prezi.com/user/o4iwruh5p_lc/prezis/
http://www.slideshare.net/ThierryMatusiak/
https://www.youtube.com/channel/UCuv0P5KG93eMIDuFbfeDcPw
This is a non-contractual document provided for information purposes only.
Contact Thierry Matusiak if you have any comment or questions. < thierry_matusiak@fr.ibm.com >
Full transcript