Posts Tagged ‘mobile security’
IBM Unveils Comprehensive Mobile Portfolio
Click to enlarge the infographic. As the first new technology platform for business to emerge since the World Wide Web, mobile computing represents one of the greatest opportunities for organizations to expand their business. Based on nearly 1,000 customer engagements, 10 mobile-related acquisitions in the last four years, a team of thousands of mobile experts and 270 patents in wireless innovations, IBM MobileFirst offers an array of solutions that helps businesses connect, secure, manage and develop mobile networks, infrastructures and applications.
IBM is going big on mobile.
Today, the company unveiled “IBM MobileFirst,” a comprehensive mobile strategy that combines security, analytics, and application development software, with cloud-based services and deep mobile expertise.
Using IBM MobileFirst solutions, businesses can now streamline everything from the management of employee mobile devices, to the creation of a new mobile commerce app that will transform their entire business model.
Today’s move by IBM builds off of its experience helping nearly 1,000 customers become mobile enterprises, and takes advantage of its thousands of mobile experts and 270 patents in wireless innovations.
IBM has made 10 mobile-related acquisitions in the past four years alone.
IBM also announced an expanded relationship with AT&T to provide developers with tools to create faster, richer mobile apps and services for customers. For instance, organizations can now quickly incorporate payment and messages into their apps.
With this expanded partnership, the AT&T API Platform, featuring IBM Worklight Adapters, will enable the more than 31,000 members of the AT&T Developer Program to quickly create and securely deploy enterprise apps that improve subscriber engagement and customer loyalty.
With these adapters that support AT&T’s ecosystem of APIs including those for speech, SMS, device capabilities, notary management and payment, developers can quickly and securely create rich, business-ready apps across a variety of platforms including iOS, Android and Windows.
Through IBM MobileFirst, IBM is providing companies with the essential tools to take advantage of new business opportunities being enabled by mobile.
A Broad Portfolio of Mobile Solutions
To be successful in embracing mobile for driving revenue growth, clients must have an integrated strategy for mobile, cloud, big data, social business and security. Today’s announcements from IBM help clients harness these complex technologies to drive innovation and growth.
IBM’s mobile solutions portfolio provides the key elements of an application and data platform with the management, security and analytics capabilities needed for the enterprise.
In addition to meeting mobile-specific requirements, the portfolio provides for rapid integration between social and cloud services as well as back-end technologies that help secure and manage strategic business processes. Key aspects include:
- IBM MobileFirst Platform – New updates include expanded capabilities of IBM Worklight to simplify deployment. It also features single sign-on capabilities for multiple applications. A new beta of the Rational Test Workbench for mobile helps to improve the quality and reliability of mobile apps.
- IBM MobileFirst Security – IBM extends its context-based mobile access control solutions and expands mobile application vulnerability testing with support for Apple iOS apps with the latest release of AppScan.
- IBM MobileFirst Management – New updates to IBM Endpoint Manager include enhanced support for Bring Your Own Device (BYOD) programs and increased security standards that are critical to governments and regulated environments.
- IBM MobileFirst Analytics – IBM is expanding its Tealeaf CX Mobile solution to give enterprises more visual insight into mobile behaviors so they can better understand where improvements are needed and create exceptional and consistent consumer experiences across mobile devices.
To provide organizations with maximum flexibility and accelerate their adoption of mobile computing, these solutions can also be delivered through cloud and managed services.
A Deep Set of Mobile Services for Clients
Enterprises are embracing the mobile revolution at a rapid pace. IBM has thousands of mobile experts to help clients understand how industries will be transformed in a mobile world, based on client engagements across more than a dozen industries.
The IBM MobileFirst portfolio features several services to help clients establish mobile strategies, design and implement mobile projects. These include:
- IBM MobileFirst Strategy and Design Services – Clients can tap into IBM expertise to map out a mobile strategy for employees and customers, and key experience design skills from IBM Interactive to build compelling mobile experiences. IBM’s new Mobile Maturity Model can assess how a business is progressing towards becoming a mobile enterprise, while new Mobile Workshops help clients develop applications, architect infrastructure and accelerate their mobile progress.
- IBM MobileFirst Development and Integration Services – IBM offers services that help organizations roll out a mobile infrastructure and manage mobile application portfolios and BYOD environments. Enhanced Network Infrastructure Services for Mobile provide IT network strategy, optimization, integration and management. Mobile Enterprise Services for Managed Mobility help manage and secure smartphones, tablets and devices across a business. Mobile Application Platform Management helps speed deployment of mobile infrastructure to develop mobile applications more easily and quickly.
An Expansive Set of Mobile Resources and Programs for Business Partners, Developers and Academics
According to IBM’s recent Tech Trends Report, only one in 10 organizations has the skills needed to effectively apply advanced technologies such as mobile computing.
To help overcome this skills gap, IBM is rolling out a series of resources to help its ecosystem of developers, partners and academics tap into the mobile opportunity and augment existing skills or develop new ones.
These include:
- Developers – IBM today is announcing a relationship with AT&T that will enable developers to enhance mobile apps by using IBM Worklight to access AT&T’s APIs in the cloud. Now, developers have another tool with AT&T to quickly and easily create apps with rich features such as speech recognition and rapid payment. IBM is also rolling out new technical assets on developerWorks and CodeRally, a developer game community.
- Business Partners – With Ready for IBM MobileFirst, Independent Software Vendors (ISVs) can also embed mobile technologies into their solutions and Software Value Plus now provides mobile certifications, workshops and incentives for resellers and systems integrators.
- Academics – To help train the next generation of mobile developers, IBM is offering new faculty grants for curricula development. IBM is also making IBM Worklight available, free of charge, for the classroom and via online training to teach both students and faculty to develop for mobile environments.
IBM Global Financing, the lending and leasing arm of IBM, can also help companies affordably transform into mobile enterprises.
Credit-qualified clients can take advantage of simple, flexible lease and loan packages for the IBM MobileFirst portfolio — some starting at as low as 0% for 12 months with no up-front costs — allowing businesses to acquire essential technology and services while managing cash flow more effectively.
To learn more, visit the IBM MobileFirst site. You can also follow @ibmmobile, #ibmmobile on Twitter, and see IBM MobileFirst on YouTube, Tumblr and Instagram.
Also, watch the video below (3:46), for it paints a broad, comprehensive, and gorgeous “picture” of the enterprise mobile opportunity and challenges.
IBM MobileFirst Announcement Coverage:
IBM Mobile Security: Protecting Your Data On The Go
If you’ve been concerned about the security of your corporate data with respect to the ever-burgeoning number of mobile devices, IBM may have a solution to your problem.
Increasingly, businesses want to provide employees the option of using a personal device as a way to reduce cost and allow them to work wherever or whenever they need to, but doing so requires diligence in protecting corporate data.
In this era of “Bring Your Own Device” (BYOD), with employees using their own mobile devices for business and personal activity, organizations are now tasked with supporting the new social, virtual, and mobile employee and the applications they access. With mobile threats on the rise, complex IT environments, security risks, maintaining policies, and helping companies control cost are top of mind concerns for many CIOs and security and risk professionals.
Today, IBM unveiled a new service to help businesses secure the exploding number of mobile devices with access to corporate data, the IBM Hosted Mobile Device Security Management service.
This solution extends a company’s existing mobility portfolio to include a security application for smartphones and tablets, along with managed services including policy management and user compliance monitoring.
It helps organizations protect against data loss and other risks caused by device theft, unauthorized access, malware, spyware, and inappropriate applications.
The solution is designed to help mitigate security risks associated with the increasing number of employee-owned and corporate-liable mobile devices accessing sensitive business data. Delivered as a hosted, managed service, clients can put these controls into action without the need to deploy and manage systems or to make a major investment of in-house personnel and technology.
With this new service, IBM provides security controls and ongoing monitoring for each device as a managed service, allowing IT departments to support a broad range of personal devices. Unlike other services focused on device management or unmanaged technology, IBM is focused on the protection of the device, regardless of the business applications used by employees today or in the future.
Capabilities in the new mobile device security management service include:
- Configuring employee devices to comply with security policies and actively monitoring to help ensure compliance over time
- Securing data in the event that a device is lost or stolen
- Helping to find a lost or stolen device – wherever it is
- Protecting against spyware and viruses
- Detecting and removing malicious and unapproved applications
- Monitoring and tracking user activity
- Enabling more secure connectivity
The company is working with Juniper Networks on this mobile security service for the underlying protection and device management technology for leading platforms such as Apple iOS, Google Android, BlackBerry, Symbian and Microsoft Windows Mobile through the Juniper Networks Junos Pulse Mobile Security Suite.
IBM operates the world’s broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security, with chapters in the United States, Europe and Asia Pacific. It employs thousands of security experts globally such as security operations analysts, consultants, sales and tech specialists, and strategic outsourcing delivery professionals.
IBM monitors 13 billion security events per day in more than 130 countries and holds 3,000 security patents. It has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.
You can learn more about this new solution here.
IBM X-Force Trends Report: Year Of The Security Breach
Attacker types and techniques in 1H2011 identified by the IBM X-Force Mid-Year Trend & Risk Report. The study revealed mobile security exploits would likely double in 2011.
Okay, it’s my last day in Bangalore. At least for this particular journey.
I don’t have any more India-related news, except to report that the Kolkata Night Riders beat the Royal Challengers Bangalore in the CLT20 last night, here in Bangalore.
KKR won by nine wickets, and now I know why there were such sad faces in the stadium as I watched the end of the match late last night on TV.
As I was watching cricket, IBM was releasing the results of its “X-Force 2011 Mid-Year Trend and Risk Report,” a tiding I always attempt to cover in some depth, both because I find the reports fascinating and enlightening, and because I consider it a real service that IBM is providing to the global IT community.
Poised at the frontline of security, the IBM X-Force team serves as the eyes and ears for thousands of IBM clients – studying security attack techniques and creating defenses before many vulnerabilities are even announced.
The X-Force Mid-Year Trend and Risk Report is based on intelligence gathered through IBM’s research of public vulnerability disclosures as well as the monitoring and analysis of an average of 12 billion security events daily since the beginning of 2011.
Drumroll, Please: Moble Exploits Are Ripe For Exploitation!
The headline: This report demonstrates the rapidly changing security landscape characterized by high-profile attacks, growing mobile vulnerabilities and more sophisticated threats such as “whaling.”
Adoption of mobile devices such as smartphones and tablets in the enterprise, including the “Bring Your Own Device” approach, which allows personal devices to access the corporate network, is raising new security concerns.
IBM X-Force has documented a steady rise in the disclosure of security vulnerabilities affecting these devices. X-Force research recommends that IT teams consistently employ anti-malware and patch management software for phones in enterprise environments.
Click to enlarge. This graphic explores what the security situation might look like if it were run by the IBM X-Force team as they attempted to deal with this year's exploits.
Other key findings from the study:
- Malicious software targeting mobile phones is often distributed through third-party app markets. Mobile phones are an increasingly attractive platform for malware developers as the sheer size of the user base is growing rapidly, and there is an easy way to monetize mobile phone infections. Malware distributors can set up premium texting (SMS messaging) services that charge users that text to a specific number. Malware then sends text messages to those premium numbers from infected phones.
- Some mobile malware is designed to collect end user’s personal information. This data could then be used in phishing attacks or for identity theft. Mobile malware is often capable of spying on victim’s personal communications as well as monitoring and tracking their physical movements via the GPS capabilities common in these phones.
“For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “It appears that the wait is over.”
Critical Vulnerabilities Triple in 2011
The X-Force team also reports that the percentage of critical vulnerabilities has tripled thus far in 2011.
X-Force is declaring 2011 the “Year of the Security Breach” due to the large number of high-profile attacks and network compromises that have occurred this year.
This graphic explores the top website categories from the 1H2011 report containing at least one malicious link.
There is a cadre of notable emerging threats from this year’s breaches:
- Teams of professional attackers motivated by a desire to collect strategic intelligence have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning. These attackers are often referred to as “Advanced Persistent Threats” (APTs).
- The success of APTs has raised the profile of “whaling,” a type of spear phishing which targets “big fish,” or those positioned in high levels of an organization with access to critical data. These targeted attacks are often launched after careful study of a person’s online profiles has armed an attacker with the information needed to create a compelling phishing email that the victim will be fooled into clicking on.
- Attacks from ‘hacktivist’ groups, who targeted web sites and computer networks for political ends rather than just financial gain. Hacktivist groups have been successful in using well known, off-the-shelf attack techniques such as SQL Injection, which is one of the most common attack techniques seen in the Internet.
- Anonymous proxies have more than quadrupled in number compared to three years earlier. Anonymous proxies are a critical type of website to track, because they allow people to hide potentially malicious intent.
Advances In Security
“The rash of high-profile breaches this year highlights the challenges organizations often face in executing their security strategy,” said Cross. “Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves.”
Although the X-Force team declared 2011 as a watershed in high-profile security breaches, the report also uncovered some improvements in areas of computer security that show headway in the fight against crime on the Internet.
- The first half of 2011 saw an unexpected decrease in web application vulnerabilities, from 49 percent of all vulnerability disclosures down to 37 percent. This is the first time in five years X-Force has seen a decrease.
- High and critical vulnerabilities in web browsers were also at their lowest point since 2007, despite an increasingly complex browser market. These improvements in web browser and application security are important as many attacks are targeted against those categories of software
- As major botnet operators are taken down and off-line by law enforcement officials, the report shows a trend in the decline of spam and more traditional phishing tactics.
- After years of consistent spam growth until the middle of 2010, there has been a significant decline in spam volumes in the first half of this year.In the first half of 2011, the percentage of spam that is phishing on a weekly basis was less than 0.01 percent. Traditional phishing has greatly declined from the levels X-Force was seeing prior to the middle of 2010.
Also of note, the SQL Slammer Worm has been one of the most common sources of malicious packets on the Internet since its appearance and naming by the IBM X-Force team in 2003, but it has fallen down the list after a dramatic disappearance observed in March 2011.
The most recent analysis strongly suggested that the SQL Slammer Worm’s disappearance is due to an unknown source or actor. The analysis showed that a time-based trigger using a Slammer’s server clock was used to shut it down, proving that it was disabled by a single cause.
Traditional Vulnerabilities Still a Problem
The X-Force report uncovered numerous attacks that target traditional security vulnerabilities. According to the report, attacks on weak passwords are commonplace on the Internet, as are attacks that leverage SQL Injection vulnerabilities in web applications to compromise backend databases.
Databases have become an important target for attackers. Critical data used to run organizations — including financial/ERP, customer, employee, and intellectual property information such as new product designs — is stored in relational databases.
IBM researchers tested almost 700 web sites — from the Fortune 500 and other most popular sites — to uncover that 40 percent of these contain a class of security issues referred to as client-side JavaScript vulnerabilities. The existence of vulnerabilities like these in so many corporate web sites is indicative of the security blindspots in many organizations.
This graphic reveals insight into the exploit effort versus potential reward in the 1H 2011 X-Force report.
IBM Launches Institute for Advanced Security in Asia Pacific
To help combat security risks and to foster collaboration amongst security industry leaders, IBM is launching the IBM Institute for Advanced Security in Asia Pacific in order to combat growing security threats in the region.
The IBM Mid-Year X-Force report states that top countries originating spam have shifted to Asia Pacific, with India sending out roughly 10 percent of all spam registered today, and South Korea and Indonesia also making the top five list.
This Institute joins its predecessors in Brussels, Belgium and Washington, D.C., focused on European and U.S. clients respectively.
About the IBM X-Force Team and the Trend and Risk Report
This report comes from IBM’s X-Force team, the premier security research organization within IBM that has catalogued, analyzed and researched more than 50,000 vulnerability disclosures since 1997.
The IBM X-Force Trend and Risk Report is an annual assessment of the security landscape, designed to help clients better understand the latest security risks, and stay ahead of these threats.
It is the result of the work done in IBM’s nine global Security Operations Centers, which is provided as a managed security service to clients.
The report gathers facts from numerous intelligence sources, including its database of computer security vulnerabilities, global web crawler, international spam collectors, and the real-time monitoring of an average of 12 billion security events every day for nearly 4,000 clients in more than 130 countries.
turbotodd
Turbotodd 