Enterprise Security Management

Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical)

Enterprise Security contains:

IT security

Information Technology security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop.

Information assurance

The act of ensuring that data is not lost when critical issues arise. These issues include, but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost.

Threats

Computer system threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.

Customer Challenges

  1. Data Security: CIOs must have clear answers to questions such as how specifically data breach would affect the business, how zealously it must be guarded and what to do in case of a data breach.
  2. Visibility: Usually CIOs are the last to know when a breach occurs due to lack of full visibility into the location of critical data. It is therefore critical that CIOs spend time and money in the security measures that will really protect the organization from an attack.
  1. Strategy: As CIOs in 2015 need to rise up to the challenge of being enablers of powerful new digital capabilities while ensuring security only gets better and better.
  2. Key Performance Indicator (KPI): Virtualization has led to the expectation that security resources can be increased or decreased at a moment’s notice as needed. Therefore demonstrating that security can manage KPIs like other aspects of the business where spending can be increased or decreased according to business needs will be a big challenge this year.
  3. Compartmentalization: Traditional approach for data security of serving data on a ‘need to know’, ’least privilege’ and ‘breach containment’ basis ensured that if something went wrong, the breach was contained. In today’s era of ubiquitous data, CIOs need to protect data from multiple attack vectors and explore new techniques of compartmentalization to provide defensible security and privacy.
  4. Third Party Vendors: With increasing third party providers, organizations need to seriously think of processes to put in place to avoid situations where a vendor accidentally provides access to an organization’s data, intellectual property, plans or negotiations that can lead to an unintended security breach.
  5. Bring Your Own Device (BYOD):The BYOD trend is here to stay and very few organizations have good policy guidelines for these devices. The challenge this year will be to manage risks stemming from device mismanagement, external manipulation of vulnerabilities in the device and deployment of unreliable business applications.
  6. Legacy Technology: Many organizations continue to support legacy systems. As connectivity continues to increase, these vulnerable systems are more exposed to attackers. Organizations need to identify and assess their exposure to legacy technology and the challenge will be to protect these systems while managing an already stretched IT security budget.
  7. Regulations: Governments are in the process of determining what constitutes “due care” or “reasonable” efforts in IT security and forming laws that levy penalty on organizations that fail to sufficiently protect sensitive data such as Personally Identifiable Information. Companies need to ensure that they are doing all they can to prevent security breaches. For example, companies must ensure that their threat prevention program is configured correctly and operating the way it should be and that it has no holes that advanced hackers can exploit

For more information

http://www-03.ibm.com/security/

Security Enterprise Products Offerings:

F5 Big-IP AFM: (Firewall)

Bringing together security and deep application fluency, BIG-IP Advanced Firewall Manager (AFM) delivers the most effective network-level security for enterprises and service providers alike. Whether on-premises or in a software-defined data center (SDDC), BIG-IP AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. AFM also protects your organization from the most aggressive volumetric distributed-denial-of-service (DDoS) attacks before they can reach your data center.

IBM Network Security XGS: (Intrusion Prevention System)

The security landscape continues to evolve, so you need network security that delivers preemptive protection, visibility, and control. IBM® Security Network Protection (XGS) is a next-generation intrusion prevention system (IPS) that enables you to stay ahead of the threat, providing protection against tomorrow’s threats today.
  • Protection against unknown threats, such as zero-day attacks and mutated threats.
  • Visibility into network activities, such as applications used and websites visited, including encrypted traffic.
  • Control over specific application actions, down to the user level.
  • IBM X-Force® threat intelligence.
  • IBM Virtual Patch® technology, which protects your systems prior to being patched.

F5 Big-IP ASM: (Web Application Firewall)

A Web Application Firewall That Guards Your Critical Apps

BIG-IP Application Security Manager (ASM) enables organizations to protect against OWASP top 10 threats, application vulnerabilities, and zero-day attacks. Leading Layer 7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular attack visibility thwart even the most sophisticated threats before they reach your servers.

BIG-IP ASM also enables compliance with key regulatory standards like HIPAA and PCI DSS.

With BIG-IP ASM, organizations gain the flexibility they need to deploy Web Application Firewall (WAF) services close to apps to protect them wherever they reside—within a virtual software-defined data center (SDDC), managed cloud service environment, public cloud, or traditional data center.

IBM BigFix for Core Protection: (Endpoint Protection)

Protect physical and virtual endpoints from malware and data loss

IBM BigFix Protection delivers near real-time protection from malware and other malicious threats through file and web reputation, personal firewall, behavior monitoring and more.

It can protect physical and virtual endpoints from damage caused by viruses, Trojan horses, worms, spyware, rootkits, web threats and their new variants. Reduce the risk of business disruptions that result from attacks on endpoints.

IBM BigFix Protection:

  • Works at multiple levels of threat protection including helping to stop threats before they arrive. It checks files, URLs and emails for malicious potential in near real time.
  • Cross references threat information with a large, cloud-based database.
  • Provides single console management with complete visibility to all endpoints.
  • Supports forward-looking technologies such as integrated data loss prevention (DLP), desktop virtualization and cloud-based services.

IBM BigFix for Security & Compliance: (Endpoint Security & Compliance)

Increase security and continuous compliance for all endpoints

IBM BigFix Compliance enforces continuous security compliance throughout your organization for all your endpoints both on and off the corporate network.

This software can help you protect endpoints and assure regulators that you are meeting security compliance standards. Reduce the cost and complexity of IT management while enhancing business agility, speed to remediation and accuracy.

IBM BigFix Compliance:

  • Helps support continuous security and compliance using an intelligent agent that assesses and remediates issues.
  • Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status.
  • Simplifies operations with a single console for management, configuration, discovery and security functions.
  • Delivers a broad range of security functions and gives you the ability to add other targeted functions as needed, without adding infrastructure or implementation costs.

Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.

IBM AppScan Enterprise : (Business Applications Security)

IBM® Security AppScan® Enterprise enables organizations to mitigate application security risk, strengthen application security program management initiatives and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts. Performance metrics are provided that help you monitor the progress of your application security programs.

IBM Security AppScan Enterprise delivers:

  • Scalable application security testing using a variety of testing techniques.
  • Test policies, scan templates and vulnerability remediation advisories to help implement application security programs.

Detailed security reports and enterprise level dashboards to provide visibility of risk and compliance.

IBM® Security QRadar: (Security Intelligence)

Security intelligence for protecting assets and information from advanced threats

IBM® Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. As an option, this software incorporates IBM Security X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.

IBM Security QRadar SIEM:

  • Provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure.
  • Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents.
  • Enables more effective threat management while producing detailed data access and user activity reports.
  • Delivers security intelligence in cloud environments.
  • Produces detailed data access and user activity reports to help manage compliance.

Offers multi-tenancy and a master console to help Managed Service Providers provide security intelligence solutions in a cost-effective manner.

sec

IBM Guardium : (Database Activity & Monitor)

Protect sensitive data – wherever it resides

IBM® Security Guardium® Data Activity Monitor prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect data across the enterprise, without changes or performance impact to data sources or applications. Guardium Data Activity Monitor protects data wherever it resides, and centralizes risk controls and analytics with a scalable architecture that provides 100% visibility on data activity. It supports the broadest set of data source types, and it is the market leader for big data security solutions.

  • Uncover risks to sensitive data
  • Monitor and audit all data activity—for all data platforms and protocols.
  • Enforce security policies in real time—for all data access, change control and user activities.
  • Create a centralized normalized repository of audit data—for enterprise compliance, reporting and forensics.
  • Support heterogeneous data environments—all leading databases, data warehouses, files applications and operating systems, including big data environments (Hadoop and NoSQL).

Readily adapt to changes in your data environment.

IBM® Security identity and access Management: (People Security)

IBM® Security identity and access management solutions help strengthen compliance and reduce risk by protecting and monitoring user access in today’s multi-perimeter environments.

IBM Security identity and access solutions help safeguard valuable data and applications with context-based access control, security policy enforcement and business-driven identity governance. Armed with user metrics and audit reports on user entitlements and access activities, you can deal more quickly and efficiently with the complexities of user access management, insider threats and compliance requirements.

Identity and access management solutions from IBM help:

  • Safeguard mobile, cloud and social access.
  • Prevent advanced insider threats.
  • Simplify cloud integrations and identity silos.
  • Deliver actionable identity intelligence.