Archive for the ‘security’ Category
It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.
But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.
At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.
What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.
That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.
Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems. They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.
Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.
As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.
Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.
Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.
Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.
Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.
2012 X-Force Trend And Risk Report Highlight
Malware and the malicious web
- In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
- Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
- The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
- IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
- IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
- Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
- Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
- One third of all web access is done on websites which allow users to submit content such as web applications and social media.
- Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.
Spam and phishing
- Spam volume remained nearly flat in 2012.
- India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
- At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.
Operational Security Practices
Vulnerabilities and exploitation
- In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
- Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
- Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
- There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
- Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
- Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
- Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.
Emerging Trends In Security
- Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
- Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
- In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
- Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.
To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.
If you’ve followed the headlines recently, you can’t help but notice the constant barrage of news concerning security break-ins at some of the most public cloud sites on the planet: Facebook, Google, Evernote…the list goes on and on.
Yet in spite of the looming cloud security concerns, enterprises and organizations continue to ramp up their investments in both public and private cloud infrastructure as a cost-effective, dynamic way to scale up their IT capacity.
At the IBM Cloud Security roundtable here at IBM Pulse 2013 yesterday in Las Vegas, several IBM security experts came together to discuss some of the challenges, best practices, and solutions to protect against threats and provide security-rich cloud computing environments.
Jack Danahy, director of security for IBM North America, hosted the panel before the gathered industry press, and offered up some prefacing comments to set the stage for the security discussion.
Jack began by stating that 9 out of 10 global CEOs say that cloud computing is critical to their business plans and “a way to increase their organizational productivity, but all also admit security is a lingering concern.”
Brendan Hannigan, the general manager for the IBM Security Division, explained that there are some key basic security concerns around cloud, including the safety of enterprise data, and whether or not it can be compromised or lost.
Hannigan explained: “Cloud is simply another computer upon which we can deploy capabilities for our customers, and we should be able to look at cloud security the same way we do across other domains.” That includes giving organizations a single view of identity across their cloud environments.
Kris Lovejoy, general manager for IBM Security Systems, discussed some of the key inhibitors to organizations providing more effective cloud security measures, and explained that the cloud is actually inherently more securable than traditional IT infrastructure because of they way it’s designed and the manner by which you can replicate security controls.
So if the cloud is inherently more securable, why the seeming contradiction that nobody seems to be able to effectively secure it?
Because, Lovejoy explained, when you buy public cloud capability you typically have to buy the security features as an added extra, and may customers don’t do so.
“Think about the provider as being a hotel,” Lovejoy explained, “and in each hotel room they have a series of diseases. The provider must provide you good housekeeping to protect you from diseases in the other rooms, and yet so many cloud computing tenants don’t make that obvious investment to protect their cloud applications and data.”
When Danahy asked the panel about what can be done to make executives more comfortable with the idea of security investments in the cloud space, Hannigan chimed in, and explained the rationale comes down to a distinction in the type of data you’re working with, and delineating between the information that is critical and that which is less sensitive.
“When you have a specific application or data set,” Hannigan explained, “there are wonderful opportunities afforded by the cloud because in security, one of the biggest challenges is striking a balance between locking the infrastructure down and providing free and unfettered access to the that information customers and employees need.”
Lovejoy explained it was not dissimilar from the crazy notion of automakers selling cars without seatbelts or brakes. “You don’t want to suddenly discover you don’t have these features going 60 miles per hour down the interstate.”
Kevin Skapintez, program director of product strategy for IBM Security, said that the need for more cloud security standards reminded him of the late 1800s, when fire hydrants had different nozel sizes that required varying widths of connectors for the hoses.
“You have to have standards related to identity,” Kevin explained, “so you don’t have to build different registries per cloud!”
“More organizations needed to also heighten their log management regimes,” he explained, “so that they have improved visibility to see if they have the right controls in place and where incidents are occuring.”
Lovejoy explained that “most organizations have a pretty defined pathway to cloud success.” Many are using develop and test environments and are moving to non-core workloads, allowing a lot of applications to emerge and consolidate on the cloud.
At the same time, she explained, most companies are planning a security operations optimization and that the cloud is a remarkable opportunity. “As we consolidate,” she explained, “things get simpler. Companies need to think about this in the context of business transformation. You need to adopt the cloud in a safe and reliable manner while managing the risk.”
During the Q&A, I asked the panel whether or not all these very public public cloud security incidences we’ve seen in the headlines were driving any real productive conversation in terms of making cloud security more of a priority.
Lovejoy explained the scenario typically went something like this: A CEO would call up their provider, ask for an assessment, give them a threat briefing, then go to a third party standard to see if they matched the security checklist.
But that not enough of them were what she termed “security aware.”
Hannigan concluded, “It’s a classic dilemma with security spending. Security concerns are not specific just to the cloud, and clients are working about losing data, period. The question is, can they invest all the money necessary to adequately secure those environments?”
To date, the answer seems to largely be “no.”
IBM is going big on mobile.
Today, the company unveiled “IBM MobileFirst,” a comprehensive mobile strategy that combines security, analytics, and application development software, with cloud-based services and deep mobile expertise.
Using IBM MobileFirst solutions, businesses can now streamline everything from the management of employee mobile devices, to the creation of a new mobile commerce app that will transform their entire business model.
Today’s move by IBM builds off of its experience helping nearly 1,000 customers become mobile enterprises, and takes advantage of its thousands of mobile experts and 270 patents in wireless innovations.
IBM has made 10 mobile-related acquisitions in the past four years alone.
IBM also announced an expanded relationship with AT&T to provide developers with tools to create faster, richer mobile apps and services for customers. For instance, organizations can now quickly incorporate payment and messages into their apps.
With this expanded partnership, the AT&T API Platform, featuring IBM Worklight Adapters, will enable the more than 31,000 members of the AT&T Developer Program to quickly create and securely deploy enterprise apps that improve subscriber engagement and customer loyalty.
With these adapters that support AT&T’s ecosystem of APIs including those for speech, SMS, device capabilities, notary management and payment, developers can quickly and securely create rich, business-ready apps across a variety of platforms including iOS, Android and Windows.
Through IBM MobileFirst, IBM is providing companies with the essential tools to take advantage of new business opportunities being enabled by mobile.
A Broad Portfolio of Mobile Solutions
To be successful in embracing mobile for driving revenue growth, clients must have an integrated strategy for mobile, cloud, big data, social business and security. Today’s announcements from IBM help clients harness these complex technologies to drive innovation and growth.
IBM’s mobile solutions portfolio provides the key elements of an application and data platform with the management, security and analytics capabilities needed for the enterprise.
In addition to meeting mobile-specific requirements, the portfolio provides for rapid integration between social and cloud services as well as back-end technologies that help secure and manage strategic business processes. Key aspects include:
- IBM MobileFirst Platform – New updates include expanded capabilities of IBM Worklight to simplify deployment. It also features single sign-on capabilities for multiple applications. A new beta of the Rational Test Workbench for mobile helps to improve the quality and reliability of mobile apps.
- IBM MobileFirst Security – IBM extends its context-based mobile access control solutions and expands mobile application vulnerability testing with support for Apple iOS apps with the latest release of AppScan.
- IBM MobileFirst Management – New updates to IBM Endpoint Manager include enhanced support for Bring Your Own Device (BYOD) programs and increased security standards that are critical to governments and regulated environments.
- IBM MobileFirst Analytics – IBM is expanding its Tealeaf CX Mobile solution to give enterprises more visual insight into mobile behaviors so they can better understand where improvements are needed and create exceptional and consistent consumer experiences across mobile devices.
To provide organizations with maximum flexibility and accelerate their adoption of mobile computing, these solutions can also be delivered through cloud and managed services.
A Deep Set of Mobile Services for Clients
Enterprises are embracing the mobile revolution at a rapid pace. IBM has thousands of mobile experts to help clients understand how industries will be transformed in a mobile world, based on client engagements across more than a dozen industries.
The IBM MobileFirst portfolio features several services to help clients establish mobile strategies, design and implement mobile projects. These include:
- IBM MobileFirst Strategy and Design Services – Clients can tap into IBM expertise to map out a mobile strategy for employees and customers, and key experience design skills from IBM Interactive to build compelling mobile experiences. IBM’s new Mobile Maturity Model can assess how a business is progressing towards becoming a mobile enterprise, while new Mobile Workshops help clients develop applications, architect infrastructure and accelerate their mobile progress.
- IBM MobileFirst Development and Integration Services – IBM offers services that help organizations roll out a mobile infrastructure and manage mobile application portfolios and BYOD environments. Enhanced Network Infrastructure Services for Mobile provide IT network strategy, optimization, integration and management. Mobile Enterprise Services for Managed Mobility help manage and secure smartphones, tablets and devices across a business. Mobile Application Platform Management helps speed deployment of mobile infrastructure to develop mobile applications more easily and quickly.
An Expansive Set of Mobile Resources and Programs for Business Partners, Developers and Academics
According to IBM’s recent Tech Trends Report, only one in 10 organizations has the skills needed to effectively apply advanced technologies such as mobile computing.
To help overcome this skills gap, IBM is rolling out a series of resources to help its ecosystem of developers, partners and academics tap into the mobile opportunity and augment existing skills or develop new ones.
- Developers – IBM today is announcing a relationship with AT&T that will enable developers to enhance mobile apps by using IBM Worklight to access AT&T’s APIs in the cloud. Now, developers have another tool with AT&T to quickly and easily create apps with rich features such as speech recognition and rapid payment. IBM is also rolling out new technical assets on developerWorks and CodeRally, a developer game community.
- Business Partners – With Ready for IBM MobileFirst, Independent Software Vendors (ISVs) can also embed mobile technologies into their solutions and Software Value Plus now provides mobile certifications, workshops and incentives for resellers and systems integrators.
- Academics – To help train the next generation of mobile developers, IBM is offering new faculty grants for curricula development. IBM is also making IBM Worklight available, free of charge, for the classroom and via online training to teach both students and faculty to develop for mobile environments.
IBM Global Financing, the lending and leasing arm of IBM, can also help companies affordably transform into mobile enterprises.
Credit-qualified clients can take advantage of simple, flexible lease and loan packages for the IBM MobileFirst portfolio — some starting at as low as 0% for 12 months with no up-front costs — allowing businesses to acquire essential technology and services while managing cash flow more effectively.
To learn more, visit the IBM MobileFirst site. You can also follow @ibmmobile, #ibmmobile on Twitter, and see IBM MobileFirst on YouTube, Tumblr and Instagram.
Also, watch the video below (3:46), for it paints a broad, comprehensive, and gorgeous “picture” of the enterprise mobile opportunity and challenges.
IBM MobileFirst Announcement Coverage:
IBM today announced it has entered into a definitive agreement to acquire StoredIQ Inc., a privately held company based in Austin, Texas.
Financial terms of the deal were not disclosed.
StoredIQ will advance IBM’s efforts to help clients derive value from big data and respond more efficiently to litigation and regulations, dispose of information that has outlived its purpose and lower data storage costs.
With this agreement, IBM adds to its prior investments in Information Lifecycle Governance. The addition of StoredIQ capabilities enables clients to find and use unstructured information of value, respond more efficiently to litigation and regulatory events and lower information costs as data ages.
IBM’s Information Lifecycle Governance suite improves information economics by helping companies lower the total cost of managing data while increasing the value derived from it by:
- Eliminating unnecessary cost and risk with defensible disposal of unneeded data
- Enabling businesses to realize the full value of information as it ages
- Aligning cost to the value of information
- Reducing information risk by automating privacy, e-discovery, and regulatory policies
Adding StoredIQ to IBM’s Information Lifecycle Governance suite gives organizations more effective governance of the vast majority of data, including efficient electronic discovery and its timely disposal, to eliminate unnecessary data that consumes infrastructure and elevates risk.
As a result, business leaders can access and analyze big data to gain insights for better decision-making. Legal teams can mitigate risk by meeting e-discovery obligations more effectively. Also, IT departments can dispose of unnecessary data and align information cost to value to take out excess costs.
What Does StoredIQ Software Do?
StoredIQ software provides scalable analysis and governance of disparate and distributed email as well as file shares and collaboration sites. This includes the ability to discover, analyze, monitor, retain, collect, de-duplicate and dispose of data.
In addition, StoredIQ can rapidly analyze high volumes of unstructured data and automatically dispose of files and emails in compliance with regulatory requirements.
“CIOs and general counsels are overwhelmed by volumes of information that exceed their budgets and their capacity to meet legal requirements,” said Deidre Paknad, vice president of Information Lifecycle Governance at IBM. “With this acquisition, IBM adds to its unique strengths as a provider able to help CIOs and attorneys rapidly drive out excess information cost and mitigate legal risks while improving information utility for the business.”
Named a 2012 Cool Vendor by Gartner, StoredIQ has more than 120 customers worldwide, including global leaders in financial services, healthcare, government, manufacturing and other sectors. Other systems require months to index data and years to configure, install and address information governance. StoredIQ can be up and running in just hours, immediately helping clients drive out cost and risk.
IBM intends to incorporate StoredIQ into its Software Group and its Information Lifecycle Governance business.
Building on prior acquisitions of PSS Systems in 2010 and Vivisimo in 2012, IBM adds to its strength in rapid discovery, effective governance and timely disposal of data. The acquisition of StoredIQ is subject to customary closing conditions and is expected to close in the first quarter of 2013.
I blogged about IBM’s 2012 Global Reputational Risk and IT Study recently, the headline of which was this: Managing reputational risk is crucial to many organization’s business, and managing IT is a major part of their efforts.
I also interviewed Brendan Hannigan, the general manager of IBM’s Security Systems Division, at IBM InterConnect last week about some of these critical security matters.
Today, IBM made a move designed to reduce the biggest security inhibitors that organizations face in implementing cloud, mobile and big data initiatives with the announcement of a broad set of security software to help holistically secure data and identities.
New IBM Security Solutions
IBM’s new software capabilities help clients better maintain security control over mobile devices, mitigate internal and external threats, reduce security risks in cloud environments, extend database security to gain real-time insights into big data environments such as Hadoop, and automate compliance and data security management.
Along with IBM Security Services and IBM’s world-class research capabilities, this set of scalable capabilities supports a holistic, proactive approach to security threats spanning people, data, applications and infrastructure.
“A major shift is taking place in how organizations protect data,” said Brendan Hannigan, General Manager, IBM Security Systems. “Today, data resides everywhere—mobile devices, in the cloud, on social media platforms. This is creating massive amounts of data, forcing organizations to move beyond a traditional siloed perimeter to a multi-perimeter approach in which security intelligence is applied closer to the target.”
IBM is unveiling ten new products and enhancements to help organizations deliver real time security for big data, mobile and cloud computing.
Real Time Security for Big Data Environments
State of the art technologies including Hadoop based environments have opened the door to a world of possibilities. At the same time, as organizations ingest more data, they face significant risks across a complex threat landscape and they are subject to a growing number of compliance regulations.
With today’s announcement, IBM is among the first to offer data security solutions for Hadoop and other big data environments.
Specifically, Guardium now provides real time monitoring and automated compliance reporting for Hadoop based systems such as InfoSphere BigInsights and Cloudera.
Highlighted data security solutions:
NEW: IBM InfoSphere Guardium for Hadoop
ENHANCED: IBM InfoSphere Optim Data Privacy
ENHANCED: IBM Security Key Lifecycle Manager
To learn more about the data security portfolio go here.
Mobile Security: Improving Access and Threat Protection
Today IBM is also announcing risk-based authentication control for mobile users, integration of access management into mobile application development and deployment as well as enhanced mobile device control.
IBM is also announcing a comprehensive Mobile Security Framework to help organizations develop an adaptable security posture to protect data on the device, at the access gateway and on the applications.
Highlighted mobile security solutions:
NEW: IBM Security Access Manager for Cloud and Mobile
ENHANCED: IBM Endpoint Manager for Mobile Devices
Go here to learn more about specific mobile security product attributes.
Cloud Security: From Inhibitor To Enabler
While the cloud can increase productivity with anywhere, anytime information access, it can also introduce additional challenges for enterprise security.
IBM today is announcing security portfolio enhancements designed to address these new challenges, providing improved visibility and increased levels of automation and patch management to help demonstrate compliance, prevent unauthorized access and defend against the latest threats using advanced security intelligence.
With IBM’s new SmartCloud for Patch Management solution, patches are managed automatically regardless of location and remediation cycles are reduced from weeks to hours thereby reducing security risks.
Additionally, IBM is announcing enhancements to its QRadar Security Intelligence Platform that provides a unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and security related data from distributed locations, using the cloud to obtain greater insight into enterprise-wide activity and enable better-informed business decisions.
The new IBM Security Privileged Identity Manager is designed to proactively address the growing insider threat concerns and help demonstrate compliance across the organization.
IBM Security Access Manager for Cloud and Mobile which provides enhanced federated single sign-on to cloud applications is now available with improved out-of-the-box integration with commonly adopted SaaS applications and services.
Highlighted cloud security solutions:
NEW: IBM SmartCloud for Patch Management
NEW: IBM Security Access Manager for Cloud and Mobile
NEW: IBM Security Privileged Identity Manager
ENHANCED: QRadar SIEM and QRadar Log Manager
Visit here to learn more about specific cloud security product attributes, please visit
Enhanced Mainframe Security Capabilities
In addition, IBM is announcing mainframe security capabilities that enhance enterprise-wide security intelligence based on QRadar security solution integration that provides real time alerts and audit reporting.
The mainframe offers Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification for logical partitions, providing a platform for consolidating systems, helping protect private clouds, and helping secure virtualized environment.
New IBM Security zSecure improvements help to reduce administration overhead, automate compliance reporting, enforce security policy, and pro-actively detect threats.
Highlighted zSecure security solutions:
ENHANCED: IBM Security zSecure
Through IBM Global Financing, credit-qualified clients can take advantage of 0% interest for 12 months on qualifying IBM Security products and solutions.
About IBM Security
With more than 40 years of security development and innovation, IBM has breadth and depth in security research, products, services and consulting.
IBM X-Force is a world-renowned team that researches and evaluates the latest security threats and trends. This team analyzes and maintains one of the world’s most comprehensive vulnerability databases and develops countermeasure technologies for IBM’s security offerings to help protect organizations ahead of the threat.
IBM has 10 worldwide research centers innovating security technology and nine security operations centers around the world to help global clients maintain an appropriate security posture.
IBM Managed Security Services delivers the expertise, tools and infrastructure to help clients secure their information assets against attacks, often at a fraction of the cost of in-house security resources.
The Institute for Advanced Security is IBM’s global initiative to help organizations better understand and respond to the security threats to their organization. Visit the Institute community at www.instituteforadvancedsecurity.com.
An important announcement earlier today from IBM: The appointment of the company’s new Chief Privacy Officer, Christina Peters.
Peters has worked as a practicing attorney with IBM since 1996 (first in Germany, later in the US), and has handled a wide range of complex transactional, policy, compliance, litigation, and cybersecurity matters in the United States and internationally.
Peters was educated at Dartmouth College (summa cum laude) and Harvard Law School (magna cum laude), where she was an Executive Editor of the Harvard Law Review.
Following a District of Columbia Circuit clerkship, Peters worked at D.C.-based law firm, Covington & Burling. Prior to joining IBM, she was a Robert Bosch Fellow in Germany, where she worked at the Federal Cartel Authority and Deutsche Telekom.
In her new role, Peters will guide and oversee IBM’s global information policy and practices affecting more than 400,000 employees and thousands of clients. She will lead the company’s global engagement in public policy and industry initiatives on data security and privacy, and continue to serve on the advisory board of the Future of Privacy Forum.
Peters also is responsible for a worldwide team of legal, data protection and technical professionals at IBM who address privacy and data security in the leadership manner expected of the company’s global brand.
IBM was the first major corporation to appoint a Chief Privacy Officer in 2000 and has consistently applied advanced techniques and technologies across its global business operations and practices. IBM’s numerous privacy advancements include:
- First company to adopt a global privacy code of conduct.
- First to adopt a genetic non-discrimination policy.
- First to establish a policy to only advertise on websites with visible privacy statements.
As IBM’s general manager for its Security Systems Division will tell you, we’re entering into a perfect IT security storm.
These days, hackers are more sophisticated, your data is increasingly accessed anytime and anywhere and often resides in the cloud.
Fewer access points are corporately-controlled, and there is a growing digital data explosion while the compliance demands on staff and systems escalate.
These trends mean corporate IT security can no longer be an afterthought where a secure perimeter is good enough. Instead, security intelligence preventing, detecting and addressing system breaches anywhere must start in the boardroom and become part of your organization’s IT fabric. It is now imperative to be woven into your everyday business operations.
Brendan Hannigan brings more than 25 years of industry experience to his role as general manager of the new IBM Security Systems Division.
Previously, he was the president and chief executive officer of Q1 Labs, the acquisition of which catalyzed the creation of the Security Systems Division.
This new division brings together many capabilities across IBM to respond to the market need for sophisticated, comprehensive and integrated approaches to enterprise security.
Prior to Q1 Labs, Brendan was vice president of marketing and technology at Sockeye Networks; director of network research at Forrester Research; and served in a variety of senior-level product development roles at Digital Equipment Corporation, Wellfleet Communications, and Motorola.
We discussed a number of security-related topics during our Q&A at IBM InterConnect, including browser exploits, the need for increased security intelligence, and IBM’s bi-annual X-Force Trends and Risk Report, which I’ve covered extensively in this blog.
You can see our interview here.
As hackers increasingly find new and nefarious ways to threaten the global digital infrastructure, recent policy advancements such as the proposed “Cybersecurity Act of 2012″ in the U.S. have been introduced as solutions to the world’s growing cybersecurity problem.
While IBM accepts it is an imperative to properly secure critical systems, private sector advancements should be balanced with pragmatic legislative policies that avoid overly-prescriptive mandates that can inhibit the very innovation needed to ensure cybersecurity.
Consequently, IBM moved quickly and sent a letter urging the U.S. Senate to address flaws in the proposed cybersecurity bill.
According to IBM’s X-Force 2011 Trend and Risk Report, cyber attackers are adapting and moving quickly to target newer information technologies such as social networks and mobile devices. This rapidly evolving nature of cyber attacks necessitates a new approach to enabling cybersecurity.
Responding to the ever-changing nature and volume of attacks requires agility, risk-based management, and a commitment to innovative defensive measures. IBM supports bipartisan, cybersecurity legislation, but the “Cybersecurity Act of 2012″ would add bureaucracy to a process that needs speed to succeed.
Government and industry would be best served by a common-sense approach to cybersecurity that allows for investment in R&D, improved information sharing between public and private sectors, better security for federal IT networks, and criminal penalties for cyber-crimes.
Industry Solutions To A Network Problem
Advanced threats, rapid adoption of social media, and Web applications have also been driving the need for new, intelligent approaches to security.
As employee access to the Web has become ubiquitous, enterprises are struggling with massive increases in malware as well as Advanced Persistent Threats (APTs), which can compromise proprietary data.
Many of today’s security solutions often offer limited visibility and control over network activity, which can put the company at risk.
To help clients proactively protect against evolving security threats, including those posed by social media sites and malicious websites, IBM today announced a new class of network security appliance that delivers a more granular view of a company’s security posture and a simplified security management interface.
This new next-generation intrusion prevention appliance helps clients address advanced attacks targeting their organization, providing visibility into exactly what applications are being used on the network, where users are going on the Web, with the ability to monitor and control this activity, which can result in improved security and reduced operational costs.
IBM Security Network Protection XGS 5000 is a next-generation intrusion protection system specifically designed to address the constantly evolving, increasingly sophisticated threats that organizations face today.
It builds on the proven, core security features found in IBM Security Network Intrusion Prevention System, including helping protect against “zero-day” exploits, by adding new levels of visibility and control over the network, applications, data and users to help improve security by helping prevent misuse and identify previously undetectable threats.
IBM Security Network Protection incorporates global threat intelligence from X-Force, including a Web filter database of over 15 billion URLs — capable of monitoring and categorizing millions of Web servers and applications each day to provide superior protection against the changing threat landscape.
Gaining Control, And Visibility, Into Security Events
Once organizations are aware of the nature of activity on their network, the new application control features enable clients to have granular control over what is happening on their network; this means granular user and group-level control over which applications and Websites are permitted, and how they are used down to individual actions or activities within these applications and sites.
IBM Security’s Advanced Threat Protection Platform helps clients by providing the following features and capabilities:
- Proven security to help protect against zero-day threats: enables preemptive protection against a full spectrum of advanced threats, including Web application attacks and exploits hidden in files. IBM’s protection engine is built upon years of security intelligence gathered by X-Force Research, and can stop entire classes of attacks — including new and unknown threats – without updates; most solutions available today match individual protection signatures — a process that can be too slow to stop evolving threats and can result in higher rates of false positives and false negatives.
- Visibility and insight: provides application awareness, monitoring and control, with high level dashboards for drilling down into events and reporting. Also provides deep insight into the nature of activities on the network through broad application awareness and flow data analysis. Integrates with QRadar Security Intelligence Platform to provide even greater levels of insight including anomaly detection and event correlation.
- Control: utilizes intelligence related to Web applications, Websites, and non-Web applications, including Web application and Web site coverage with over 15 Billion URLs across 68 categories and support for 1000+ applications and actions.
IBM Security Network Protection XGS 5000 will be available starting in 3Q12.
About IBM Security
IBM’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more.
IBM operates one of the world’s broadest security research and development, and delivery organizations. This comprises nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.