Ibm security solutions system z solution edition for security other recent updates l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates PowerPoint PPT Presentation


  • 185 Views
  • Uploaded on
  • Presentation posted in: General

IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates. Agenda. Introducing IBM Security Solutions System z Solution Editions Overview Solution Edition for Security Highlights Solution Edition for Security Offerings Tivoli Security Management for z/OS update

Download Presentation

IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ibm security solutions system z solution edition for security other recent updates l.jpg

IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates


Agenda l.jpg

Agenda

  • Introducing IBM Security Solutions

  • System z Solution Editions Overview

  • Solution Edition for Security Highlights

  • Solution Edition for Security Offerings

  • Tivoli Security Management for z/OS update

  • Tivoli Key Lifecycle Manager

  • Summary


Is the smarter planet secure l.jpg

Is the smarter planet secure?

Introducing IBM Security Solutions

The planet is getting more

Instrumented, Interconnected and Intelligent.

Newpossibilities.

New risks...

Pervasive instrumentation creates vast amounts of data

New services built using that data, raises Privacyand Security concerns…

Critical physical and IT infrastructure

Sensitive information protection

New denial of service attacks

Increasing risks of fraud

3


Security challenges in a smarter planet l.jpg

Security challenges in a smarter planet

Introducing IBM Security Solutions

Key drivers for security projects

Increasing Complexity

Rising Costs

Ensuring Compliance

Soon, there will be 1 trillionconnected devices in the world, constituting an “internet of things”

Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billionin 2010

The cost of a data breach increased to $204 per compromised customer record

Sourcehttp://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html

4


Slide5 l.jpg

People are becoming more and more reliant on security

IBM believes that security is progressively viewed as every individual’s right

Introducing IBM Security Solutions

Cost, complexity and compliance

Emerging technology

Data and information explosion

Death by point products

Rising Costs: Do more with less

Compliance fatigue


Elements of an enterprise security hub l.jpg

Multilevel Security

Enterprise Fraud Solutions

Tivoli Identity Manager

IBM Tivoli® zSecure Suite

Tivoli Federated Identity Mgr

DB2® Audit Management Expert

TS1120

LDAP

Optim™

Guardium

Elements of an Enterprise Security Hub

DKMS

Disk encryption

Encryption

Key Management

Tape encryption

Crypto Express 3 Crypto Cards

Venafi

Encryption

Director

DS8000®

Venafi

Encryption

Director

Data Privacy

DKMSTKLM

Venafi

PKI Services

System z SMF

IBM Tivoli Security Compliance Insight Manager

Certificate Authority

Compliance

and Audit

Extended Enterprise

Platform Infrastructure

ICSF

ITDS

Network Authentication Service

RACF®

z/OS® System SSL

Communications Server

Common Criteria Ratings

SSL/TLS suite

Audit, Authorization, Authentication, and Access Control

Services and Key Storage for Key Material

Scalable Enterprise Directory

Kerberos V5 Compliant

Support for Standards

IDS, Secure Communications


Slide7 l.jpg

Introducing IBM Security Solutions

In addition to the foundational elements, the Framework identifies five security focus areas as starting points

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Design, and deploy a strong foundation for security & privacy

GRC

PEOPLE AND IDENTITY

Mitigate the risks associated with user access to corporate resources

DATA AND INFORMATION

Understand, deploy, and properly test controls for access to and usage of sensitive data

APPLICATION AND PROCESS

Keep applications secure, protected from malicious or fraudulent use, and hardened against failure

NETWORK, SERVER AND END POINT

Optimize service availability by mitigating risks to network components

PHYSICAL INFRASTRUCTURE

Provide actionable intelligence on the desired state of physical infrastructure security and make improvements

Click for more information

9


Ibm security portfolio l.jpg

Introducing IBM Security Solutions

IBM Security portfolio

Security Governance and Compliance

GRC

= Services

Identity and Access Management

Identity Management

Access Management

SIEM

and

Log Mgmt

= Products

Data Security

Data Loss Prevention

Encryption and Key Lifecycle Management

Messaging Security

E-mail Security

Database Monitoring and Protection

Data Masking

Application Security

App Vulnerability Scanning

Web Application Firewall

App Source Code Scanning

SOA Security

Access and Entitlement Management

Threat Assessment, Mitigation, and Management

Vulnerability Assessment

Mainframe Security

Web/URL Filtering

Intrusion Prevention System

Security Events and Logs

Virtual System Security

Physical Security

Click for more information

8


Slide9 l.jpg

System z Solution EditionsUnmatched value, competitively priced

  • Special package pricing for our most popular new workloads

    • z10 hardware (standalone footprint or isolated LPAR)

    • Prepaid hardware maintenance

    • Comprehensive middleware stack

    • Services and Storage (as needed)

  • Legendary mainframe quality

    • Security, availability and scale

    • Integration of applications with corporate data

    • Industry leading virtualization, systems management and resource provisioning

    • Unparallel investment protection

  • Enterprise Linux

  • Data Warehousing

  • SAP

  • WebSphere

  • GDPS®

  • Security

  • Chordiant

  • ACI

  • Cloud Computing

  • Application Development


Slide10 l.jpg

Solution Edition for SecurityUltimate protection for the enterprise at a lower price

Customer Pain Point

  • Reduced brand image and risk of financial loss resulting from internal and external Fraud

  • Need to support escalating security priorities due to security breaches, identity theft, and increasing compliance requirements

  • Complexity of monitoring security exposures due to an expanding list of identities

  • Need for more encryption and reduced complexity of management to protect sensitive information throughout the enterprise

  • Complexity of implementing security policies across multiple IT initiatives such as server consolidation, green IT, virtualization, TCO

Customer Value

  • In memory fraud detection, forensics supporting real time prevention not possible on distributed platforms

  • Centralized Identity and Access Management to simplify security administration, auditing, reporting and compliance.

  • Simplified Encryption and Key Management to protect data at rest, data in flight and data on removable media

  • A robust set of capabilities that have been integrated within hardware and software for over 30 years

  • Reduced complexity and easier management with the highest levels of security certification and a full suite of services available in a single server

Solution Edition for Security

Delivering trust and confidence to directly impact your bottom line


Slide11 l.jpg

A deeper view into the Solution Edition for Security

Offering Solutions:

  • Enterprise Fraud Analysis

    • Record and playback of insider actions, forensic analysis tools, real time prevention workflow applied to distributed and mainframe operations

    • Discover relationships via analytics

  • Centralized Identity & Access Management

    • Cross platform user provisioning and management; Web 2.0 and cross platform authentication services

  • Enterprise Encryption and Key Management

    • Protecting personally identifiable data; enterprise encryption management services: Discover, audit and monitor encryption keys

  • Securing Virtualization: z/VM®, Linux

    • Easily secure applications; security lifecycle management of server images running in Linux for System z server

  • Compliance / Risk Mitigation / Secure Infrastructure: z/OS

    • Audit and Alerts processing, Simplified management operations, Data anonymization for development and test processes

What it is

  • A comprehensive list

    of recommended rich

    Security products for

    each solution!

  • Flexibility to choose the

    products you need!

  • Accelerated solution

    deployment with the

    implementation

    services provided!

  • Competitively

    priced to meet your

    budget expectations!


Enterprise fraud analysis solution l.jpg

Enterprise Fraud Analysis Solution

  • Customer Challenges

    • Internal and external fraud cost billions of dollars in losses

    • Reduction in brand equity and substantial financial losses

    • Executives face personal fines, penalties and legal

    • repercussions

  • Solution Capabilities

    • Provides automated policy enforcement, centralized reporting

    • and analysis, centralized auditing controls, risk mitigation

      • Record and playback insider actions

      • Forensic analysis tools, real time prevention workflow

      • Discover relationships via analytics

  • Solution Components

    • IBM Tivoli zSecure Manager for RACF z/VM

    • RACF ® Security Server feature for z/VM

    • z/VM ® V5

    • z/VM V5 DirMaintTM Feature

    • ISPF V3 for VM

    • Optional: Intellinx zWatch


Enterprise encryption and key management solution l.jpg

Enterprise Encryption and Key Management Solution

  • Customer Challenges

    • Encryption can be complex to implement and manage

    • Without encrypted data, companies face great exposure risks

    • Many PKI solutions from third parties can be costly

  • Solution Capabilities

    • Provides encryption capabilities

    • Uses auditable granular access controls

    • Provides auditing and monitoring of encryption keys

    • Protects integrity and confidentiality of data and transactions

    • Low cost digital certificates and PKI infrastructure

  • Solution Components

    • z/OS ® V1 includes: z/OS Security Server RACF,

      DFSMS, DFSORT, RMF, SDSF

    • DB2 ® for z/OS V9

    • OptimTM Data Privacy Solution

    • Encryption Facility for z/OS V1

    • Data Encryption for IMS and DB2 Databases V1

    • Crypto Express3 Features

    • TKE Workstation

    • OSA Cards

    • Tivoli® Key Lifecycle Manager (TKLM)

    • IBM System Services Runtime Environment for z/OS

Optional:

  • IBM Distributed Key

    Management System (DKMS)

  • Venafi Encryption Director


Centralized identity and access management l.jpg

Centralized Identity and Access Management

  • Customer Challenges

    • Increased complexity of security administration

      and monitoring

    • More security exposures and an expanding list of

      identities and access controls increases complexity

    • Business portals increase need to better manage and

      monitor identities

    • Cost of management and administration is too high

  • Solution Capabilities

    • Provides reduced infrastructure, simplified security management

    • More efficient centralized identity lifecycle and access management

    • Centralized auditing controls, and improved ability to meet compliance needs

    • Cross platform user provisioning and authentication

  • Solution Components

    z/OS version includes:

    • z/OS Security Server RACF, DFSMS, DFSORT, RMF, SDSF

    • DB2 for z/OS V9

    • WebSphere for z/OS V7

    • IBM Tivoli Security Management for z/OS

    • Tivoli Federated Identity Manager

    • Tivoli Identity Manager

  • Linux version includes:

  • IBM Tivoli zSecure Manager for RACF z/VM

  • RACF Security Server Feature for z/VM

  • z/VM v5

  • z/VM v5 Dirmaint Feature

  • ISPF V3 for z/VM

  • IBM Tivoli Identity and Access Assurance V1


Securing virtualization z vm linux on system z l.jpg

Securing Virtualization: z/VM®, Linux® on System z®

  • Customer Challenges

    • Secured virtualized environment needed both

      for traditional and virtualized environments

    • Virtualization offers compelling TCO but needs to

      be secure as well

    • Customers are considering secured private

      cloud environments

    • Cost effective security management is needed to

      avoid air gapped solutions

  • Solution Capabilities

    • Proven secured virtualization for decades

    • Common criteria ratings

    • Centralized Auditing and Reporting

    • Workload isolation, common criteria, architecture design

    • Easily to secure new workloads

  • Solution Components

    • IBM TivoliSecure Manager for RACF z/VM

    • RACF Security Server Feature for z/VM

    • zVM v5

    • zVM v5 Dirmaint Feature

    • ISPF V3 for VM

    • IBM Tivoli Identity and Access Assurance V1


Compliance risk mitigation secure infrastructure z os l.jpg

Compliance / Risk Mitigation / Secure Infrastructure: z/OS

  • Customer Challenges

    • Security breaches, identity theft are growing

    • Companies face large financial losses

    • PCI and HIPAA compliance are required by law

    • Many environments are plagued by viruses and a

      continued cycle of patches

  • Solution Capabilities

    • Security certifications (z/OS EAL 4+, LPAR EAL 5,

      FIPS 140-2 Level 4),

    • System z/OS integrity statement

    • Centralized security controls, auditing and administration

    • Anonymous data for development and test

  • Solution Components

    • z/OS V1 including: z/OS Security Server RACF,

      DFSMS, DFSORT, RMF, SDSF

    • DB2 for z/OS V9

    • WebSphere for z/OS V7

    • Optim Data Privacy Solution

    • Encryption Facility for z/OS V1

    • Data Encryption for IMS and DB2 Databases V1

    • Crypto Express3 Features

    • TKE Workstation

    • OSA Cards

    • IBM Tivoli Security Management for z/OS

  • Tivoli® Key Lifecycle Manager (TKLM)

  • IBM System Services Runtime Environment

    for z/OS

  • IMS Audit Management Expert for z/OS

  • DB2 Audit Management Expert for z/OS

  • Optional:

  • IBM Distributed Key Management System (DKMS)

  • Intellinx zWatch

  • Venafi Encryption Director


Tivoli security management for z os l.jpg

Tivoli Security Management for z/OS

  • Offers the capability to:

    • Administer your mainframe security & reduce administration time, effort, and costs

    • Monitor for threats by auditing security changes that affect z/OS, RACF & DB2

    • Audit usage of resources

    • Monitor and audit security configurations

    • Enforce policy compliance

    • Capture comprehensive log data

    • Increase capabilities in analyzing data from the mainframe for z/OS, RACF& DB2

    • Interpret log data through sophisticated log analysis

    • Efficient auditing, streamlined for enterprise-wide audit & compliance reporting


Ibm tivoli key lifecycle manager l.jpg

IBM Tivoli Key Lifecycle Manager

Focused on device key serving

IBM encrypting tape – TS1120, TS1130, LTO gen 4

IBM encrypting disk – DS8000

Lifecycle functions

Notification of certificate expiry

Automated rotation of certificates

Automated rotation of groups of keys

Designed to be Easy to use

Provide a Graphical User Interface

Initial configuration wizards

Easy backup and restore of TKLM files

TKLM backup, DB2 backup, Key backup

Simple to clone instances

Installer to simplify installation experience

Simple to use install, can be silent

Platforms for V1

z/OS 1.9, 1.10, 1.11

AIX 5.3, 6.1 or later

Red Hat Enterprise Linux 4.0 and 5.0

SuSE Linux 9 and 10

Solaris 9, 10 Sparc

Windows Server 2003 and 2008

18


The ideal platform for new workloads and consolidation system z unmatched value superior quality l.jpg

The Ideal platform for new workloads and consolidation:System z: unmatched value, superior quality

  • A Strategy for clients to expand their usage of the System z platform:

  • Deliver greater value for clients as they grow existing workloads

  • A new proposition that enables new application adoption

  • A new class of offering to deliver dedicated enterprise Linux servers at unprecedented low cost

The Future Runs on System z


Ibm security solutions sc magazine s best security company http www 03 ibm com security awards l.jpg

IBM Security Solutions – SC Magazine's Best Security Companyhttp://www-03.ibm.com/security/awards/

Al Zollar, General Manager, IBM


Slide21 l.jpg

Trademarks

The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.

IBM*

IBM eServer

IBM (logo)*

ibm.com*

AIX*

Cognos*

DB2*

GDPS*

Geographically Dispersed Parallel Sysplex

HyperSwap*

InfoSphere

Rational*

System p*

System Storage

System x

System z*

System z10

System z10 Business Class

Tivoli*

WebSphere*

z/OS*

z/VM*

10 BC

z10 EC

z9*

zSeries*

* Registered trademarks of IBM Corporation

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

INFINIBAND, InfiniBand Trade Association and the INFINIBAND design marks are trademarks and/or service marks of the INFINIBAND Trade Association.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.

IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce.

The following are trademarks or registered trademarks of other companies.

* All other products may be trademarks or registered trademarks of their respective companies.

Notes:

Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.

IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.

All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.

This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.

All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.


  • Login