2. 2 IBM Security
Data
Applications
Connectivity to more users, devices, and data than ever before
Web
Applications
Systems
Applications
APIs Mobile
Applications
Infrastructure
and Devices
Datacenters PCs Mobile Cloud Services IoT
On Premises Off PremisesUnstructuredStructured
Users
Auditors Suppliers
Consultants Contractors
Employees Partners
Customers
Systems
Applications
Partners
Structured
Laptops
It’s time to expand from infrastructure to information-centric security
Employees
Unstructured
APIs
Off Premises
Customers
Mobile
Applications
3. 3 IBM Security
Protect your information, contain the risk
Gain control
• Govern all users and their privileges
• Protect data usage across enterprise and cloud
• Improve DevOps security
• Secure mobile devices and apps
Identify risks
• Discover, classify business critical data and apps
• Expose over privileges with identity analytics
• Analyze cloud app usage and activity
• Detect web fraud with real time alerts
Safeguard interactions
• Deploy adaptive access and web app protection
• Federate to and from the cloud
• Maintain data compliance and stop attacks
• Secure mobile collaboration
IDENTITY
CLOUD
FRAUD
APP
DATA
MOBILE
4. 4 IBM Security
IBM Security has the industry’s most comprehensive solution for
Information Risk and Protection
Keep your information protected while securely interacting
with employees and consumers
• IBM Cloud Security
Deliver visibility, control and protection of cloud apps
• IBM MaaS360
Mobile productivity and enterprise security without compromise
• IBM Identity Governance and Access Management
Govern and enforce context-based access to critical assets
• IBM Guardium
Protect crown jewels across the enterprise and cloud
• IBM AppScan
Scan and remediate vulnerabilities in modern applications
• IBM Trusteer
Stop financial and phishing fraud, and account takeovers
• IBM Security Services
Deliver governance, risk and compliance consulting,
systems integration and managed security services
LOB RISK AUDITCISO IT
INFORMATION RISK AND PROTECTION
Governance, Risk and Compliance Services
Identity Governance and Access Management
Cloud Security Mobile Security
Application
Security
Data
Protection
Advanced
Fraud Protection
5. 5 IBM Security
Manage and control digital identities in the era of cloud
and mobile
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
Directory Services
Access Management
• Adaptive access control and federation
• Application content protection
• Authentication and single sign on
Identity Management
• Identity governance and intelligence
• User lifecycle management
• Privileged identity control
Datacenter Web Social Mobile Cloud
6. 6 IBM Security
IBM Identity Governance and Intelligence brings
IT and lines of business together
Analytics
Compliance
Lifecycle
Delivering actionable
identity intelligence
• Align auditors, Line of Business
and IT perspectives
• Risk analytics and intelligence
to represent complex user data
• Easy to launch access
certification and requests
• Enhanced role mining and
segregation of duties reviews
• In-depth SAP and RACF
governance reviews
• Built in provisioning and identity
management capabilities
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
7. 7 IBM Security
IBM Security Access Manager helps you take control
IBM Security Access Manager
• Authentication
• Authorization
• Single Sign-on
• Federation
• Risk-based Access
• Application Protection
EmployeesConsumers Partners and Contractors
Cloud
Workloads
SaaS
Applications
Enterprise
Applications
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
8. 8 IBM Security
Discover and build roles to create new roles or optimize
existing ones
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
9. 9 IBM Security
Safeguard sensitive data, protect your brand
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
Harden Repositories
• Encrypt and mask sensitive data
• Archive / purge dormant data
• Revoke dormant entitlements
Identify Risk
• Discover and classify sensitive data
• Assess database vulnerabilities
Monitor Access
• Monitor and alert on attacks in real-time
• Identify suspicious activity
• Produce detailed compliance reports
Protect Data
• Prevent unauthorized access
to sensitive data
• Enforce change control
10. 10 IBM Security
IBM Guardium helps monitor access and protect data
across the enterprise and beyond
Discovery, classification,
vulnerability assessment,
entitlement management
Encryption, masking,
and redaction
Data and file activity monitoring
Dynamic blocking and masking,
alerts, and quarantine
Compliance automation
and auditing
ANALYTICS
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
11. 11 IBM Security
Automatically discover sensitive data and uncover risks
• Automatically discover
and classify sensitive
data to expose
compliance risks
• Analyze data usage
patterns to uncover
and remediate risks
• Understand who is
accessing data, spot
anomalies, and stop
data loss in real time
Identify and respond to detected outliers
with a convenient graphical interface
• Anomaly hours flagged red
or yellow
• Click bubble for Outlier view
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
12. 12 IBM Security
Manage application security risk
Application Security Management
Use a single console for managing application testing, reporting and policies
Static Application
Scanning
Address application security
from day one to production
Dynamic Application
Scanning
Identify and remediate
vulnerabilities in live applications
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
14. 14 IBM Security
An integrated application risk management dashboard
Which applications
present the highest risk?
How many applications
have we assessed?
Is our application security
posture improving?
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
15. 15 IBM Security
IBM AppScan provides a full spectrum of application
assessment techniques for deep security analysis
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
Application Security Testing
Analysis of iOS and
Android app source
code with full trace
analysis, covering
20K+ APIs
Reveals HTTP
parameters not
discovered by black
box scanning, finds
vulnerabilities and
reduces false positives
Examines source
code and traces
data to check for
sanitized user input
Examines how
a running app
responds to mutated
HTTP requests
Interactive
Analysis
(Glass Box)
Mobile App
Analysis
Dynamic
Analysis
(Black Box)
Static
Analysis
(White Box)
Utilize resources effectively to identify and mitigate risk
On-premise and
cloud-based
solutions
16. 16 IBM Security
The key to stopping cyber crime is visibility
Fraudulent
Payments
Fraudulent
Logins
Credentials
Compromised
Phishing
Redirect to fake website
(MitM)
Tamper with legitimate
website (MitB)
Device spoofing
Remote Access Tools
(RAT)
Proxy
Mimic legitimate
payment activity
Bypasses two-factor
mobile authentication
Detect fraud
root cause
Detect evasion
methods
Detect fraud
indicators
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
17. 17 IBM Security
Combat online and mobile fraud with intelligent,
adaptive solutions from IBM Trusteer
Fraud Lifecycle
Management
• Comprehensive,
integrated, adaptive
fraud management
Clientless Fraud
Protection
• Unified malware and
criminal detection
• Real-time malware
detection
Endpoint Fraud
Protection
• Prevent and remove
financial malware and
detect phishing attacks
• Mobile application and
device protection
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
18. 18 IBM Security
Balance productivity and security in the mobile
enterprise
• Support multiple device
types and usage models
• Deliver best-of-breed
apps and experience
• Connect with core
enterprise systems
• Secure data in apps,
cloud and in motion
• Enforce policies
and configuration
• Integrate identity and
access controls
• Gain a complete
view of activity
• Understand user
behaviors
• Enable automation
and threat detection
Actionable
insights
Data
protection
User
enablement
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
19. 19 IBM Security
Support mobile innovation, unleash end-user
productivity with IBM MaaS360
Secure
PIM
App Security
and Management
File Sync,
Edit and Share
Secure
Browser
Trusted Workplace
• Separates work and
personal data with
anytime access to
corporate resources
• Works across iOS,
Android and Windows
mobile platforms with a
native user experience
• Supports Microsoft,
Google, IBM, Box and
other collaboration tools,
apps and containers
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
20. 20 IBM Security
At-a-glance management dashboard and an intuitive
mobile interface
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
21. 21 IBM Security
Safeguard workloads as you move to the Cloud
Protect Data
Identify vulnerabilities
and help prevent
attacks targeting
sensitive data
Gain Visibility
Monitor the cloud
for security breaches
and compliance
violations
Manage Access
Safeguard people,
applications, and
devices connecting to
the cloud
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
22. 22 IBM Security
IBM Cloud Security Enforcer helps you safeguard
connections to cloud apps and enforce policies
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
23. 23 IBM Security
Identify and manage risky cloud usage
• Discover thousands of cloud apps
• View analytics and risk reports
• Chart progress over time
DETECT APPROVED / SHADOW APPS
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
24. 24 IBM Security
Protect critical assets with context-aware controls
to prevent unauthorized access and data loss
IBM Critical Data Protection
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
Govern and
administer users
and their access
Identify
and protect
sensitive data
Manage
application
security risk
Manage and
secure network
and endpoints
25. 25 IBM Security
Modernize your identity governance and access program
for the era of cloud and mobile
IBM Identity Governance and Access Management Strategy, Design, and Management Services
Govern users and
enforce access
Protect crown jewels
wherever they are
Build and deploy
safe apps
Protect consumers
from fraud
Secure and
manage mobile
Enforce cloud
security
Get help from
security experts
Are you enabling your lines
of business?
Inability to fully embrace SaaS
apps, BYOD, BYOI, or IoT
Shadow IT and rogue access
• By 2020, 1/3 of successful
attacks will be on shadow
IT resources2
Are you at risk?
60% of data breaches involved
insiders in 20151
45% of incidents involved
unauthorized access1
Are you meeting your
compliance requirements?
Ever increasing regulations
• EU GDPR fines could add
up to 5% of global
revenues3
Complex organizations
Challenging audit frequency
Help prevent insider
threat and reduce
identity fraud
Systematically achieve
and maintain better
regulatory compliance
management
Support
productivity
and innovation for
your business
Insider threats
and identity fraud Line of business access Compliance
26. 01 02Detect insider threats Safeguard digital identities
Integration examples
27. 27 IBM Security
Shared
ID
Example: Detect insider threats and manage risk
IDENTITY
GOVERNANCE
ACTIVITY
MONITORING
PRIVILEGED IDENTITY
MANAGEMENT
SECURITY
INTELLIGENCE
IBM Identity Governance
checks for Segregation of
Duties violations and runs
access certification
campaigns to ensure validity
of privileged access rights
Guardium monitors and
audits privileged user access
to sensitive database objects,
and can alert or block on
unauthorized access
PIM shares check in / check
out audit records, and
Guardium cross references
information with its auditing
of data access activity
QRadar correlates PIM
credentials and Guardium
activities to detect anomalies
and trigger alerts to take
corrective action
1 2 3 4
28. 28 IBM Security
Example: Safeguard digital identities in the era of cloud and mobile
4.Advanced user
risk and fraud
detection engine
2. Risk-aware enforcement point
with strong authentication
on-premise or from the cloud
1. Discover, control,
and protect against
risky cloud adoption
3.Mobile device
compliance and
policy management
5.Safeguard access
to cloud and
enterprise apps
5
1
2
3
4
29. 29 IBM Security
Why IBM Information Risk and Protection?
Risk-based Intelligence Multi-layer Integrations Designed for Cloud and Mobile
• United controls to span
employees, business partners
and customers
• Built with open standards
to speed integration
and interoperability
• Cross segment integrations
to protect against threats
• Business focused analytics
to make decisions and
meet regulations
• X-Force and Trusteer
intelligence to stay ahead of
the latest threats
• Machine learning algorithms
to spot unusual behaviors
and vulnerabilities
• Largest SaaS portfolio across
fraud protection, application,
cloud, and mobile security
• Flexible deployment and out-
of-the-box for the most
popular cloud environments
• Safeguarding mobile and
consumer interactions
30. 30 IBM Security
SECURITY TRANSFORMATION SERVICES
Management consulting | Systems integration | Managed security
IBM has the world’s broadest and deepest security portfolio
SECURITY
ECOSYSTEM
App Exchange
MaaS360
INFORMATION RISK
AND PROTECTION
Trusteer Pinpoint
Trusteer Mobile
Trusteer Rapport
Privileged Identity Manager
Identity Governance and Access
AppScan
Guardium
Cloud Security
Enforcer
Cloud Identity Service
zSecure
Key Manager
QRadar Vulnerability Manager Resilient Incident Response
X-Force Exchange
QRadar Incident Forensics
Network Protection XGSBigFix
SECURITY OPERATIONS
AND RESPONSE
QRadar SIEM QRadar Risk Manager
31. 31 IBM Security
COGNITIVE, CLOUD,
and COLLABORATION
The next era of security
INTELLIGENCE
and INTEGRATION
PERIMETER
CONTROLS
32. 32 IBM Security
IBM Security invests in best-of-breed solutions
Incident
response
Cloud-enabled
identity management
Identity governance
Application security
Risk management
Data management
Security services
and network
security
Database monitoring
and protection
Application security
SOA
management
and security
“…IBM Security is making all the right moves...”
Forbes
2011 2012 2013 2014 2015 20162005 2006 2007 2008 2009 20102002
IBM Security
Systems
IBM Security
Services
Identity
management
Directory
integration
Enterprise
single-sign-on
Endpoint
management
and security
Security
Intelligence
Advanced fraud
protection
Secure mobile mgmt.
CyberTap
33. 33 IBM Security
Industry analysts rank IBM Security
DOMAIN SEGMENT MARKET SEGMENT / REPORT
ANALYST
RANKINGS
Security Operations
and Response
Security Intelligence Security Information and Event Management (SIEM) LEADER
Network and
Endpoint Protection
Intrusion Prevention Systems (IPS) LEADER
Endpoint: Client Management Tools LEADER
Endpoint Protection Platforms (EPP) Strong Performer
Information Risk
and Protection
Identity Governance
and Access
Management
Federated Identity Management and Single Sign-On LEADER
Identity and Access Governance LEADER
Identity and Access Management as a Service (IDaaS) LEADER
Web Access Management (WAM) LEADER
Mobile Access Management LEADER
Identity Provisioning Management LEADER
Data Security Data Masking LEADER
Application Security Application Security Testing (dynamic and static) LEADER
Mobile Protection Enterprise Mobility Management (MaaS360) LEADER
Fraud Protection Web Fraud Detection (Trusteer) LEADER
Security
Transformation
Services
Consulting and
Managed Services
Managed Security Services (MSS) LEADER
Information Security Consulting Services LEADER
V2016-06-16Note: This is a collective view of top analyst rankings, compiled as of July, 2016
34. 34 IBM Security
Adaptive integration with ecosystem partners
100+ ecosystem partners, 500+ QRadar integrations
35. 35 IBM Security
A Global Leader in Enterprise Security
• #1 in enterprise security
software and services*
• 7,500 people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 15 acquisitions since 2005
*According to Technology Business Research, Inc. (TBR) 2016