IBM Presentations: Blue Pearl DeLuxe template

advertisement
IBM Security Solutions, System z Solution
Edition for Security, & Other Recent Updates
© 2010
2009 IBM Corporation
Agenda
 Introducing IBM Security Solutions
 System z Solution Editions Overview
 Solution Edition for Security Highlights
 Solution Edition for Security Offerings
 Tivoli Security Management for z/OS update
 Tivoli Key Lifecycle Manager
 Summary
2
© 2010 IBM Corporation
Introducing IBM Security Solutions
Is the smarter planet secure?
The planet is getting more
Instrumented, Interconnected and Intelligent.
New possibilities.
New risks...
Pervasive instrumentation creates vast amounts of data
New services built using that data, raises
Privacy and Security concerns…
Critical physical and IT
infrastructure
3
Sensitive information
protection
New denial of
service attacks
Increasing risks
of fraud
© 2010 IBM Corporation
Introducing IBM Security Solutions
Security challenges in a smarter planet
Key drivers for security projects
Increasing
Complexity
Soon, there will be
1 trillion connected
devices in the world,
constituting an “internet
of things”
Rising
Costs
Spending by U.S.
companies on
governance, risk and
compliance will grow to
$29.8 billion in 2010
Ensuring
Compliance
The cost of a data
breach increased to
$204 per compromised
customer record
Source http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html
4
© 2010 IBM Corporation
Introducing IBM Security Solutions
Cost, complexity and compliance
Emerging technology
Data and information explosion
People are
becoming more
and more reliant on
security
Death by point products
Rising Costs: Do more with less
Compliance fatigue
5
IBM believes that
security is
progressively
viewed as every
individual’s right
© 2010 IBM Corporation
Elements of an Enterprise Security Hub
Crypto Express 3
Crypto Cards
Tape encryption
Venafi
Encryption
Director
DKMS
Encryption
DS8000®
Data Privacy
DKMS
TKLM
Venafi
IBM Tivoli Security
Compliance Insight
Manager
IBM Tivoli® zSecure Suite
Guardium
Key Management Multilevel Security
TS1120
System z SMF
Disk encryption
Optim™
PKI Services
Certificate
Authority
Compliance
and Audit
Venafi
Encryption
Director
Enterprise Fraud
Solutions
Tivoli Identity Manager
Extended Enterprise
DB2® Audit Management Expert
Tivoli Federated Identity Mgr
Platform Infrastructure
RACF®
ICSF
ITDS
LDAP
Common Criteria
Ratings
Support for
Standards
6
Audit,
Authorization,
Authentication,
and Access
Control
Services and
Key Storage
for Key
Material
Scalable
Enterprise
Directory
Network
Authentication
Service
Kerberos V5
Compliant
z/OS®
System SSL
Communications Server
SSL/TLS
suite
IDS, Secure
Communications
© 2010 IBM Corporation
Introducing IBM Security Solutions
In addition to the foundational elements, the Framework
identifies five security focus areas as starting points
GRC
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
Design, and deploy a strong foundation for security & privacy
PEOPLE AND IDENTITY
Mitigate the risks associated with user access to corporate
resources
DATA AND INFORMATION
Understand, deploy, and properly test controls for
access to and usage of sensitive data
APPLICATION AND PROCESS
Keep applications secure, protected from malicious or
fraudulent use, and hardened against failure
NETWORK, SERVER AND END POINT
Optimize service availability by mitigating risks to network
components
PHYSICAL INFRASTRUCTURE
Provide actionable intelligence on the desired state of
physical infrastructure security and make improvements
Click
7 9
for more information
© 2010 IBM Corporation
Introducing IBM Security Solutions
IBM Security portfolio
Security Governance and Compliance
GRC
= Services
= Products
Identity and Access
Management
Data
Security
E-mail
Security
Identity Management
Access
Management
Data Loss Prevention
Encryption and Key
Lifecycle Management
Messaging
Security
Database Monitoring and
Protection
Data Masking
SIEM
App Vulnerability
Scanning
Application Security
App Source Code
Scanning
Access and Entitlement
Management
Threat Assessment,
Mitigation, and
Management
Vulnerability
Assessment
Web
Application
Firewall
and
Log
Mgmt
SOA Security
Mainframe
Security
Web/URL Filtering
Security Events
and Logs
Click
8 8
for more information
Virtual System Security
Intrusion
Prevention
System
Physical Security
© 2010 IBM Corporation
System z Solution Editions
Unmatched value, competitively priced
 Special package pricing for our most
popular new workloads
 Enterprise Linux
 Data Warehousing
– z10 hardware (standalone footprint or isolated
LPAR)
 SAP
– Prepaid hardware maintenance
 WebSphere
– Comprehensive middleware stack
 GDPS®
– Services and Storage (as needed)
 Security
 Legendary mainframe quality
 Chordiant
– Security, availability and scale
 ACI
– Integration of applications with corporate data
 Cloud Computing
– Industry leading virtualization, systems
management and resource provisioning
 Application Development
– Unparallel investment protection
© 2010 IBM Corporation
Solution Edition for Security
Ultimate protection for the enterprise at a lower price
Customer Pain Point
Customer Value
 Reduced brand image and risk of
financial loss resulting from internal and
external Fraud
 In memory fraud detection, forensics supporting
real time prevention not possible on distributed
platforms
 Need to support escalating security
priorities due to security breaches,
identity theft, and increasing compliance
requirements
 Complexity of monitoring security
exposures due to an expanding list of
identities
 Need for more encryption and reduced
complexity of management to protect
sensitive information throughout the
enterprise
 Complexity of implementing security
policies across multiple IT initiatives such
as server consolidation, green IT,
virtualization, TCO
 Centralized Identity and Access Management to
simplify security administration, auditing, reporting
and compliance.
Solution
Edition for
Security
 Simplified Encryption and Key Management to
protect data at rest, data in flight and data on
removable media
 A robust set of capabilities that have been
integrated within hardware and software for over 30
years
 Reduced complexity and easier management with
the highest levels of security certification and a full
suite of services available in a single server
Delivering trust and confidence to directly impact your bottom line
© 2010 IBM Corporation
A deeper view into the Solution Edition for Security
What it is
• A comprehensive list
of recommended rich
Security products for
each solution!
Offering Solutions:
 Enterprise Fraud Analysis
– Record and playback of insider actions, forensic analysis tools, real
time prevention workflow applied to distributed and mainframe
operations
– Discover relationships via analytics
• Flexibility to choose the
products you need!
 Centralized Identity & Access Management
• Accelerated solution
deployment with the
implementation
services provided!
 Enterprise Encryption and Key Management
– Cross platform user provisioning and management; Web 2.0 and cross
platform authentication services
– Protecting personally identifiable data; enterprise encryption
management services: Discover, audit and monitor encryption keys
 Securing Virtualization: z/VM®, Linux
• Competitively
priced to meet your
budget expectations!
– Easily secure applications; security lifecycle management of server
images running in Linux for System z server
 Compliance / Risk Mitigation / Secure Infrastructure: z/OS
– Audit and Alerts processing, Simplified management operations, Data
anonymization for development and test processes
© 2010 IBM Corporation
Enterprise Fraud Analysis Solution
Customer Challenges
• Internal and external fraud cost billions of dollars in losses
• Reduction in brand equity and substantial financial losses
• Executives face personal fines, penalties and legal
repercussions
Solution Capabilities
• Provides automated policy enforcement, centralized reporting
and analysis, centralized auditing controls, risk mitigation
• Record and playback insider actions
• Forensic analysis tools, real time prevention workflow
• Discover relationships via analytics
Solution Components
• IBM Tivoli zSecure Manager for RACF z/VM
• RACF ® Security Server feature for z/VM
• z/VM ® V5
• z/VM V5 DirMaintTM Feature
• ISPF V3 for VM
• Optional: Intellinx zWatch
12
© 2010 IBM Corporation
Enterprise Encryption and Key Management Solution
Customer Challenges
 Encryption can be complex to implement and manage
 Without encrypted data, companies face great exposure risks
 Many PKI solutions from third parties can be costly
Solution Capabilities





Provides encryption capabilities
Uses auditable granular access controls
Provides auditing and monitoring of encryption keys
Protects integrity and confidentiality of data and transactions
Low cost digital certificates and PKI infrastructure
Solution Components
 z/OS ® V1 includes: z/OS Security Server RACF,
DFSMS, DFSORT, RMF, SDSF
 DB2 ® for z/OS V9
 OptimTM Data Privacy Solution
 Encryption Facility for z/OS V1
 Data Encryption for IMS and DB2 Databases V1
 Crypto Express3 Features
 TKE Workstation
 OSA Cards
 Tivoli® Key Lifecycle Manager (TKLM)
 IBM System Services Runtime Environment for z/OS
13
Optional:
 IBM Distributed Key
Management System (DKMS)
 Venafi Encryption Director
© 2010 IBM Corporation
Centralized Identity and Access Management
Customer Challenges
 Increased complexity of security administration
and monitoring
 More security exposures and an expanding list of
identities and access controls increases complexity
 Business portals increase need to better manage and
monitor identities
 Cost of management and administration is too high
Solution Capabilities




Provides reduced infrastructure, simplified security management
More efficient centralized identity lifecycle and access management
Centralized auditing controls, and improved ability to meet compliance needs
Cross platform user provisioning and authentication
Solution Components
z/OS version includes:
14
 z/OS Security Server RACF, DFSMS,
DFSORT, RMF, SDSF
 DB2 for z/OS V9
 WebSphere for z/OS V7
 IBM Tivoli Security Management for z/OS
 Tivoli Federated Identity Manager
 Tivoli Identity Manager
Linux version includes:
 IBM Tivoli zSecure Manager for RACF z/VM
 RACF Security Server Feature for z/VM
 z/VM v5
 z/VM v5 Dirmaint Feature
 ISPF V3 for z/VM
 IBM Tivoli Identity and Access Assurance V1
© 2010 IBM Corporation
Securing Virtualization: z/VM®, Linux® on System z®
Customer Challenges
 Secured virtualized environment needed both
for traditional and virtualized environments
 Virtualization offers compelling TCO but needs to
be secure as well
 Customers are considering secured private
cloud environments
 Cost effective security management is needed to
avoid air gapped solutions
Solution Capabilities





Proven secured virtualization for decades
Common criteria ratings
Centralized Auditing and Reporting
Workload isolation, common criteria, architecture design
Easily to secure new workloads
Solution Components
15






IBM Tivoli Secure Manager for RACF z/VM
RACF Security Server Feature for z/VM
zVM v5
zVM v5 Dirmaint Feature
ISPF V3 for VM
IBM Tivoli Identity and Access Assurance V1
© 2010 IBM Corporation
Compliance / Risk Mitigation / Secure Infrastructure: z/OS
Customer Challenges




Security breaches, identity theft are growing
Companies face large financial losses
PCI and HIPAA compliance are required by law
Many environments are plagued by viruses and a
continued cycle of patches
Solution Capabilities
 Security certifications (z/OS EAL 4+, LPAR EAL 5,
FIPS 140-2 Level 4),
 System z/OS integrity statement
 Centralized security controls, auditing and administration
 Anonymous data for development and test
Solution Components
16
 z/OS V1 including: z/OS Security Server RACF,
DFSMS, DFSORT, RMF, SDSF
 DB2 for z/OS V9
 WebSphere for z/OS V7
 Optim Data Privacy Solution
 Encryption Facility for z/OS V1
 Data Encryption for IMS and DB2 Databases V1
 Crypto Express3 Features
 TKE Workstation
 OSA Cards
 IBM Tivoli Security Management for z/OS
Tivoli® Key Lifecycle Manager (TKLM)
 IBM System Services Runtime Environment
for z/OS
 IMS Audit Management Expert for z/OS
 DB2 Audit Management Expert for z/OS
Optional:
 IBM Distributed Key Management System
(DKMS)
 Intellinx zWatch
 Venafi Encryption Director
© 2010 IBM Corporation
Tivoli Security Management for z/OS
Offers the capability to:
– Administer your mainframe security & reduce administration time, effort, and costs
– Monitor for threats by auditing security changes that affect z/OS, RACF & DB2
– Audit usage of resources
– Monitor and audit security configurations
– Enforce policy compliance
– Capture comprehensive log data
– Increase capabilities in analyzing data from the mainframe for z/OS, RACF& DB2
– Interpret log data through sophisticated log analysis
– Efficient auditing, streamlined for enterprise-wide audit & compliance reporting
17
© 2010 IBM Corporation
IBM Tivoli Key Lifecycle Manager
Focused on device key serving
• IBM encrypting tape – TS1120, TS1130, LTO gen 4
• IBM encrypting disk – DS8000
Lifecycle functions
• Notification of certificate expiry
• Automated rotation of certificates
• Automated rotation of groups of keys
Platforms for V1
– z/OS 1.9, 1.10, 1.11
– AIX 5.3, 6.1 or later
– Red Hat Enterprise Linux 4.0 and 5.0
– SuSE Linux 9 and 10
– Solaris 9, 10 Sparc
– Windows Server 2003 and 2008
Designed to be Easy to use
 Provide a Graphical User Interface
Initial configuration wizards
Easy backup and restore of TKLM files
– TKLM backup, DB2 backup, Key backup
– Simple to clone instances
Installer to simplify installation experience
– Simple to use install, can be silent
18
18
© 2010 IBM Corporation
The Ideal platform for new workloads and consolidation:
System z: unmatched value, superior quality
 A Strategy for clients to expand their usage of the System z platform:
– Deliver greater value for clients as
they grow existing workloads
– A new proposition that enables new
application adoption
– A new class of offering to deliver
dedicated enterprise Linux servers at
unprecedented low cost
The Future Runs on System z
© 2010 IBM Corporation
IBM Security Solutions – SC Magazine's Best Security Company
http://www-03.ibm.com/security/awards/
Al Zollar,
General Manager, IBM
20
© 2010 IBM Corporation
Trademarks
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
IBM*
IBM eServer
IBM (logo)*
ibm.com*
AIX*
Cognos*
DB2*
GDPS*
Geographically Dispersed Parallel Sysplex
HyperSwap*
InfoSphere
Rational*
System p*
System Storage
System x
System z*
System z10
System z10 Business Class
Tivoli*
WebSphere*
z/OS*
z/VM*
10 BC
z10 EC
z9*
zSeries*
* Registered trademarks of IBM Corporation
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other
countries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
INFINIBAND, InfiniBand Trade Association and the INFINIBAND design marks are trademarks and/or service marks of the INFINIBAND Trade Association.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce.
The following are trademarks or registered trademarks of other companies.
* All other products may be trademarks or registered trademarks of their respective companies.
Notes:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will
experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved.
Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change
without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance,
compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
© 2010 IBM Corporation
Download