250 likes | 640 Views
IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates. Agenda. Introducing IBM Security Solutions System z Solution Editions Overview Solution Edition for Security Highlights Solution Edition for Security Offerings Tivoli Security Management for z/OS update
E N D
IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates
Agenda • Introducing IBM Security Solutions • System z Solution Editions Overview • Solution Edition for Security Highlights • Solution Edition for Security Offerings • Tivoli Security Management for z/OS update • Tivoli Key Lifecycle Manager • Summary
Is the smarter planet secure? Introducing IBM Security Solutions The planet is getting more Instrumented, Interconnected and Intelligent. Newpossibilities. New risks... Pervasive instrumentation creates vast amounts of data New services built using that data, raises Privacyand Security concerns… Critical physical and IT infrastructure Sensitive information protection New denial of service attacks Increasing risks of fraud 3
Security challenges in a smarter planet Introducing IBM Security Solutions Key drivers for security projects Increasing Complexity Rising Costs Ensuring Compliance Soon, there will be 1 trillionconnected devices in the world, constituting an “internet of things” Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billionin 2010 The cost of a data breach increased to $204 per compromised customer record Sourcehttp://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html 4
People are becoming more and more reliant on security IBM believes that security is progressively viewed as every individual’s right Introducing IBM Security Solutions Cost, complexity and compliance Emerging technology Data and information explosion Death by point products Rising Costs: Do more with less Compliance fatigue
Multilevel Security Enterprise Fraud Solutions Tivoli Identity Manager IBM Tivoli® zSecure Suite Tivoli Federated Identity Mgr DB2® Audit Management Expert TS1120 LDAP Optim™ Guardium Elements of an Enterprise Security Hub DKMS Disk encryption Encryption Key Management Tape encryption Crypto Express 3 Crypto Cards Venafi Encryption Director DS8000® Venafi Encryption Director Data Privacy DKMSTKLM Venafi PKI Services System z SMF IBM Tivoli Security Compliance Insight Manager Certificate Authority Compliance and Audit Extended Enterprise Platform Infrastructure ICSF ITDS Network Authentication Service RACF® z/OS® System SSL Communications Server Common Criteria Ratings SSL/TLS suite Audit, Authorization, Authentication, and Access Control Services and Key Storage for Key Material Scalable Enterprise Directory Kerberos V5 Compliant Support for Standards IDS, Secure Communications
Introducing IBM Security Solutions In addition to the foundational elements, the Framework identifies five security focus areas as starting points GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE Design, and deploy a strong foundation for security & privacy GRC PEOPLE AND IDENTITY Mitigate the risks associated with user access to corporate resources DATA AND INFORMATION Understand, deploy, and properly test controls for access to and usage of sensitive data APPLICATION AND PROCESS Keep applications secure, protected from malicious or fraudulent use, and hardened against failure NETWORK, SERVER AND END POINT Optimize service availability by mitigating risks to network components PHYSICAL INFRASTRUCTURE Provide actionable intelligence on the desired state of physical infrastructure security and make improvements Click for more information 9
Introducing IBM Security Solutions IBM Security portfolio Security Governance and Compliance GRC = Services Identity and Access Management Identity Management Access Management SIEM and Log Mgmt = Products Data Security Data Loss Prevention Encryption and Key Lifecycle Management Messaging Security E-mail Security Database Monitoring and Protection Data Masking Application Security App Vulnerability Scanning Web Application Firewall App Source Code Scanning SOA Security Access and Entitlement Management Threat Assessment, Mitigation, and Management Vulnerability Assessment Mainframe Security Web/URL Filtering Intrusion Prevention System Security Events and Logs Virtual System Security Physical Security Click for more information 8
System z Solution EditionsUnmatched value, competitively priced • Special package pricing for our most popular new workloads • z10 hardware (standalone footprint or isolated LPAR) • Prepaid hardware maintenance • Comprehensive middleware stack • Services and Storage (as needed) • Legendary mainframe quality • Security, availability and scale • Integration of applications with corporate data • Industry leading virtualization, systems management and resource provisioning • Unparallel investment protection • Enterprise Linux • Data Warehousing • SAP • WebSphere • GDPS® • Security • Chordiant • ACI • Cloud Computing • Application Development
Solution Edition for SecurityUltimate protection for the enterprise at a lower price Customer Pain Point • Reduced brand image and risk of financial loss resulting from internal and external Fraud • Need to support escalating security priorities due to security breaches, identity theft, and increasing compliance requirements • Complexity of monitoring security exposures due to an expanding list of identities • Need for more encryption and reduced complexity of management to protect sensitive information throughout the enterprise • Complexity of implementing security policies across multiple IT initiatives such as server consolidation, green IT, virtualization, TCO Customer Value • In memory fraud detection, forensics supporting real time prevention not possible on distributed platforms • Centralized Identity and Access Management to simplify security administration, auditing, reporting and compliance. • Simplified Encryption and Key Management to protect data at rest, data in flight and data on removable media • A robust set of capabilities that have been integrated within hardware and software for over 30 years • Reduced complexity and easier management with the highest levels of security certification and a full suite of services available in a single server Solution Edition for Security Delivering trust and confidence to directly impact your bottom line
A deeper view into the Solution Edition for Security Offering Solutions: • Enterprise Fraud Analysis • Record and playback of insider actions, forensic analysis tools, real time prevention workflow applied to distributed and mainframe operations • Discover relationships via analytics • Centralized Identity & Access Management • Cross platform user provisioning and management; Web 2.0 and cross platform authentication services • Enterprise Encryption and Key Management • Protecting personally identifiable data; enterprise encryption management services: Discover, audit and monitor encryption keys • Securing Virtualization: z/VM®, Linux • Easily secure applications; security lifecycle management of server images running in Linux for System z server • Compliance / Risk Mitigation / Secure Infrastructure: z/OS • Audit and Alerts processing, Simplified management operations, Data anonymization for development and test processes What it is • A comprehensive list of recommended rich Security products for each solution! • Flexibility to choose the products you need! • Accelerated solution deployment with the implementation services provided! • Competitively priced to meet your budget expectations!
Enterprise Fraud Analysis Solution • Customer Challenges • Internal and external fraud cost billions of dollars in losses • Reduction in brand equity and substantial financial losses • Executives face personal fines, penalties and legal • repercussions • Solution Capabilities • Provides automated policy enforcement, centralized reporting • and analysis, centralized auditing controls, risk mitigation • Record and playback insider actions • Forensic analysis tools, real time prevention workflow • Discover relationships via analytics • Solution Components • IBM Tivoli zSecure Manager for RACF z/VM • RACF ® Security Server feature for z/VM • z/VM ® V5 • z/VM V5 DirMaintTM Feature • ISPF V3 for VM • Optional: Intellinx zWatch
Enterprise Encryption and Key Management Solution • Customer Challenges • Encryption can be complex to implement and manage • Without encrypted data, companies face great exposure risks • Many PKI solutions from third parties can be costly • Solution Capabilities • Provides encryption capabilities • Uses auditable granular access controls • Provides auditing and monitoring of encryption keys • Protects integrity and confidentiality of data and transactions • Low cost digital certificates and PKI infrastructure • Solution Components • z/OS ® V1 includes: z/OS Security Server RACF, DFSMS, DFSORT, RMF, SDSF • DB2 ® for z/OS V9 • OptimTM Data Privacy Solution • Encryption Facility for z/OS V1 • Data Encryption for IMS and DB2 Databases V1 • Crypto Express3 Features • TKE Workstation • OSA Cards • Tivoli® Key Lifecycle Manager (TKLM) • IBM System Services Runtime Environment for z/OS Optional: • IBM Distributed Key Management System (DKMS) • Venafi Encryption Director
Centralized Identity and Access Management • Customer Challenges • Increased complexity of security administration and monitoring • More security exposures and an expanding list of identities and access controls increases complexity • Business portals increase need to better manage and monitor identities • Cost of management and administration is too high • Solution Capabilities • Provides reduced infrastructure, simplified security management • More efficient centralized identity lifecycle and access management • Centralized auditing controls, and improved ability to meet compliance needs • Cross platform user provisioning and authentication • Solution Components z/OS version includes: • z/OS Security Server RACF, DFSMS, DFSORT, RMF, SDSF • DB2 for z/OS V9 • WebSphere for z/OS V7 • IBM Tivoli Security Management for z/OS • Tivoli Federated Identity Manager • Tivoli Identity Manager • Linux version includes: • IBM Tivoli zSecure Manager for RACF z/VM • RACF Security Server Feature for z/VM • z/VM v5 • z/VM v5 Dirmaint Feature • ISPF V3 for z/VM • IBM Tivoli Identity and Access Assurance V1
Securing Virtualization: z/VM®, Linux® on System z® • Customer Challenges • Secured virtualized environment needed both for traditional and virtualized environments • Virtualization offers compelling TCO but needs to be secure as well • Customers are considering secured private cloud environments • Cost effective security management is needed to avoid air gapped solutions • Solution Capabilities • Proven secured virtualization for decades • Common criteria ratings • Centralized Auditing and Reporting • Workload isolation, common criteria, architecture design • Easily to secure new workloads • Solution Components • IBM TivoliSecure Manager for RACF z/VM • RACF Security Server Feature for z/VM • zVM v5 • zVM v5 Dirmaint Feature • ISPF V3 for VM • IBM Tivoli Identity and Access Assurance V1
Compliance / Risk Mitigation / Secure Infrastructure: z/OS • Customer Challenges • Security breaches, identity theft are growing • Companies face large financial losses • PCI and HIPAA compliance are required by law • Many environments are plagued by viruses and a continued cycle of patches • Solution Capabilities • Security certifications (z/OS EAL 4+, LPAR EAL 5, FIPS 140-2 Level 4), • System z/OS integrity statement • Centralized security controls, auditing and administration • Anonymous data for development and test • Solution Components • z/OS V1 including: z/OS Security Server RACF, DFSMS, DFSORT, RMF, SDSF • DB2 for z/OS V9 • WebSphere for z/OS V7 • Optim Data Privacy Solution • Encryption Facility for z/OS V1 • Data Encryption for IMS and DB2 Databases V1 • Crypto Express3 Features • TKE Workstation • OSA Cards • IBM Tivoli Security Management for z/OS • Tivoli® Key Lifecycle Manager (TKLM) • IBM System Services Runtime Environment for z/OS • IMS Audit Management Expert for z/OS • DB2 Audit Management Expert for z/OS • Optional: • IBM Distributed Key Management System (DKMS) • Intellinx zWatch • Venafi Encryption Director
Tivoli Security Management for z/OS • Offers the capability to: • Administer your mainframe security & reduce administration time, effort, and costs • Monitor for threats by auditing security changes that affect z/OS, RACF & DB2 • Audit usage of resources • Monitor and audit security configurations • Enforce policy compliance • Capture comprehensive log data • Increase capabilities in analyzing data from the mainframe for z/OS, RACF& DB2 • Interpret log data through sophisticated log analysis • Efficient auditing, streamlined for enterprise-wide audit & compliance reporting
IBM Tivoli Key Lifecycle Manager Focused on device key serving IBM encrypting tape – TS1120, TS1130, LTO gen 4 IBM encrypting disk – DS8000 Lifecycle functions Notification of certificate expiry Automated rotation of certificates Automated rotation of groups of keys Designed to be Easy to use Provide a Graphical User Interface Initial configuration wizards Easy backup and restore of TKLM files TKLM backup, DB2 backup, Key backup Simple to clone instances Installer to simplify installation experience Simple to use install, can be silent Platforms for V1 z/OS 1.9, 1.10, 1.11 AIX 5.3, 6.1 or later Red Hat Enterprise Linux 4.0 and 5.0 SuSE Linux 9 and 10 Solaris 9, 10 Sparc Windows Server 2003 and 2008 18
The Ideal platform for new workloads and consolidation:System z: unmatched value, superior quality • A Strategy for clients to expand their usage of the System z platform: • Deliver greater value for clients as they grow existing workloads • A new proposition that enables new application adoption • A new class of offering to deliver dedicated enterprise Linux servers at unprecedented low cost The Future Runs on System z
IBM Security Solutions – SC Magazine's Best Security Companyhttp://www-03.ibm.com/security/awards/ Al Zollar, General Manager, IBM
Trademarks The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. IBM* IBM eServer IBM (logo)* ibm.com* AIX* Cognos* DB2* GDPS* Geographically Dispersed Parallel Sysplex HyperSwap* InfoSphere Rational* System p* System Storage System x System z* System z10 System z10 Business Class Tivoli* WebSphere* z/OS* z/VM* 10 BC z10 EC z9* zSeries* * Registered trademarks of IBM Corporation Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. INFINIBAND, InfiniBand Trade Association and the INFINIBAND design marks are trademarks and/or service marks of the INFINIBAND Trade Association. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce. The following are trademarks or registered trademarks of other companies. * All other products may be trademarks or registered trademarks of their respective companies. Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.