IBM Security Solutions, System z Solution Edition for Security, & Other Recent Updates

basesprocketΔιαχείριση Δεδομένων

31 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

81 εμφανίσεις

© 2009 IBM Corporation

© 2010 IBM Corporation

IBM Security Solutions, System z Solution
Edition for Security, & Other Recent Updates

© 2010 IBM Corporation

2

Agenda


Introducing IBM Security Solutions


System z Solution Editions Overview


Solution Edition for Security Highlights


Solution Edition for Security Offerings


Tivoli Security Management for z/OS update


Tivoli Key Lifecycle Manager


Summary


© 2010 IBM Corporation

3

3

Is the smarter planet secure?

Introducing IBM Security Solutions

Pervasive instrumentation creates vast amounts of data

New services built using that data, raises
Privacy

and
Security
concerns…

Critical physical and IT
infrastructure


Sensitive information
protection

New denial of
service attacks

Increasing risks
of fraud

The planet is getting more

Instrumented, Interconnected and Intelligent.

New

possibilities.


New risks...


© 2010 IBM Corporation

4

4

Security challenges in a smarter planet


Introducing IBM Security Solutions

Source


http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html

Increasing
Complexity

Rising
Costs

Ensuring
Compliance

Key drivers for security projects

Spending by U.S.
companies on
governance, risk and
compliance will grow to
$29.8 billion

in 2010

The cost of a data
breach increased to
$204

per compromised
customer record

Soon, there will be
1 trillion

connected
devices in the world,
constituting an “internet
of things”

© 2010 IBM Corporation

5

Cost, complexity and compliance


Data and information explosion



Rising Costs: Do more with less

Compliance fatigue

Emerging technology

Death by point products


People are

becoming more

and more reliant on
security

IBM believes that
security is
progressively
viewed as every
individual’s right

Introducing IBM Security Solutions

© 2010 IBM Corporation

6

Multilevel Security

Encryption

Key Management

TS1120

Tape encryption

Common Criteria
Ratings

Support for
Standards

Audit,
Authorization,
Authentication,
and Access
Control

RACF
®

IDS, Secure
Communications


Communications Server

IBM Tivoli Security
Compliance Insight
Manager

IBM Tivoli
®

zSecure Suite

DB2
®

Audit Management Expert

Tivoli Identity Manager



Tivoli Federated Identity Mgr

Crypto Express 3
Crypto Cards

System z SMF

LDAP

ITDS

Scalable
Enterprise
Directory

Network
Authentication
Service

Kerberos V5
Compliant

z/OS
®

System SSL

SSL/TLS
suite

ICSF

Services and
Key Storage
for Key
Material

Certificate
Authority


PKI Services

DS8000
®

Disk encryption

Enterprise Fraud
Solutions

DKMS



DKMS

TKLM

Venafi

Guardium

Optim



Data Privacy

Compliance

and Audit

Extended Enterprise

Platform Infrastructure

Elements of an Enterprise Security Hub

Venafi

Encryption

Director


Venafi

Encryption

Director


© 2010 IBM Corporation

7

DATA AND INFORMATION

Understand, deploy, and properly test controls for

access to and usage of sensitive data

PEOPLE AND IDENTITY

Mitigate the risks associated with user access to corporate
resources

APPLICATION AND PROCESS

Keep applications secure, protected from malicious or
fraudulent use, and hardened against failure

NETWORK, SERVER AND END POINT

Optimize service availability by mitigating risks to network
components

PHYSICAL INFRASTRUCTURE

Provide actionable intelligence on the desired state of
physical infrastructure security and make improvements


In addition to the foundational elements, the Framework
identifies five security focus areas as starting points

Click for more information

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE

Design, and deploy a strong foundation for security & privacy

Introducing IBM Security Solutions

9

GRC

© 2010 IBM Corporation

8

IBM Security portfolio

= Services

= Products

Identity and Access
Management


Mainframe
Security

Virtual System Security

Database Monitoring and
Protection

Encryption and Key
Lifecycle Management

App Vulnerability
Scanning

Access and Entitlement
Management

Web
Application
Firewall

Data Loss Prevention

App Source Code
Scanning

SOA Security

Intrusion
Prevention
System

Messaging
Security

Data Masking

Threat Assessment,
Mitigation, and
Management

SIEM

and



Log
Mgmt

Security Governance and Compliance

E
-
mail

Security

Application Security

Web/URL Filtering

Vulnerability
Assessment

Security Events

and Logs

Identity Management

Data

Security

Access
Management

GRC

Physical Security

Click for more information

8

Introducing IBM Security Solutions

© 2010 IBM Corporation


Enterprise Linux


Data Warehousing


SAP


WebSphere


GDPS
®


Security


Chordiant


ACI


Cloud Computing


Application Development


Special package pricing for our most
popular new workloads


z10 hardware (standalone footprint or isolated
LPAR)


Prepaid hardware maintenance


Comprehensive middleware stack


Services and Storage (as needed)


Legendary mainframe quality


Security, availability and scale


Integration of applications with corporate data


Industry leading virtualization, systems
management and resource provisioning


Unparallel investment protection



System z Solution Editions

Unmatched value, competitively priced

© 2010 IBM Corporation

Customer Value


In memory fraud detection, forensics supporting
real time prevention not possible on distributed
platforms


Centralized Identity and Access Management to
simplify security administration
,
auditing, reporting
and compliance.


Simplified Encryption and Key Management to
protect data at rest, data in flight and data on
removable media


A robust set of capabilities that have been
integrated within hardware and software for over 30
years


Reduced complexity and easier management with
the highest levels of security certification and a full
suite of services available in a single server

Delivering trust and confidence to directly impact your bottom line

Customer Pain Point


Reduced brand image and risk of
financial loss resulting from internal and
external Fraud


Need to support escalating security
priorities due to security breaches,
identity theft, and increasing compliance
requirements


Complexity of monitoring security

exposures due to an expanding list of
identities


Need for more encryption and reduced
complexity of management to protect
sensitive information throughout the
enterprise


Complexity of implementing security
policies across multiple IT initiatives such
as server consolidation, green IT,
virtualization, TCO

Solution Edition for Security

Ultimate protection for the enterprise at a lower price

Solution
Edition for
Security

© 2010 IBM Corporation



Offering Solutions:


Enterprise Fraud Analysis


Record and playback of insider actions, forensic analysis tools, real
time prevention workflow applied to distributed and mainframe
operations


Discover relationships via analytics


Centralized Identity & Access Management


Cross platform user provisioning and management; Web 2.0 and cross
platform authentication services


Enterprise Encryption and Key Management


Protecting personally identifiable data; enterprise encryption
management services: Discover, audit and monitor encryption keys


Securing Virtualization: z/VM
®
, Linux


Easily secure applications; security lifecycle management of server
images running in Linux for System z server


Compliance / Risk Mitigation / Secure Infrastructure: z/OS


Audit and Alerts processing, Simplified management operations, Data
anonymization for development and test processes

A deeper view into the Solution Edition for Security

What it is



A comprehensive list


of recommended rich


Security products for


each solution!





Flexibility to choose the


products you need!





Accelerated solution


deployment with the


implementation


services provided!





Competitively


priced to meet your


budget expectations!



© 2010 IBM Corporation

12

Enterprise Fraud Analysis Solution

Customer Challenges



Internal and external fraud cost billions of dollars in losses



Reduction in brand equity and substantial financial losses



Executives face personal fines, penalties and legal


repercussions


Solution Capabilities




Provides automated policy enforcement, centralized reporting


and analysis, centralized auditing controls, risk mitigation



Record and playback insider actions



Forensic analysis tools, real time prevention workflow



Discover relationships via analytics


Solution Components



IBM Tivoli zSecure Manager for RACF z/VM



RACF ® Security Server feature for z/VM



z/VM ® V5



z/VM V5 DirMaintTM Feature



ISPF V3 for VM



Optional: Intellinx zWatch


© 2010 IBM Corporation

13

Enterprise Encryption and Key Management Solution

Customer Challenges


Encryption can be complex to implement and manage


Without encrypted data, companies face great exposure risks


Many PKI solutions from third parties can be costly


Solution Capabilities



Provides encryption capabilities


Uses auditable granular access controls


Provides
auditing and monitoring of encryption keys


Protects integrity and confidentiality of data and transactions


Low cost digital certificates and PKI infrastructure


Solution Components



z/OS

®

V1 includes: z/OS Security Server RACF,


DFSMS, DFSORT, RMF, SDSF


DB2

®

for z/OS V9


Optim
TM
Data Privacy Solution


Encryption Facility for z/OS V1


Data Encryption for IMS and DB2 Databases V1


Crypto Express3 Features


TKE Workstation


OSA Cards


Tivoli
®

Key Lifecycle Manager (TKLM)


IBM System Services Runtime Environment for z/OS



Optional:



IBM Distributed Key


Management System (DKMS)



Venafi Encryption Director


© 2010 IBM Corporation

14

Centralized Identity and Access Management



Customer Challenges


Increased complexity of security administration


and monitoring


More security exposures and an expanding list of


identities and access controls increases complexity


Business portals increase need to better manage and


monitor identities


Cost of management and administration is too high


Solution Capabilities



Provides reduced infrastructure, simplified security management


More efficient centralized identity lifecycle and access management


Centralized auditing controls, and improved ability to meet compliance needs


Cross platform user provisioning and authentication


Solution Components

z/OS version includes:



z/OS Security Server RACF, DFSMS,

DFSORT, RMF, SDSF


DB2 for z/OS V9


WebSphere for z/OS V7


IBM Tivoli Security Management for z/OS


Tivoli Federated Identity Manager


Tivoli Identity Manager

Linux version includes:




IBM Tivoli zSecure Manager for RACF z/VM



RACF Security Server Feature for z/VM



z/VM v5



z/VM v5 Dirmaint Feature



ISPF V3 for z/VM



IBM Tivoli Identity and Access Assurance V1

© 2010 IBM Corporation

15

Securing Virtualization: z/VM®, Linux® on System z®





Customer Challenges



Secured virtualized environment needed both


for traditional and virtualized environments


Virtualization offers compelling TCO but needs to


be secure as well


Customers are considering secured private


cloud environments


Cost effective security management is needed to


avoid air gapped solutions


Solution Capabilities


Proven secured virtualization for decades


Common criteria ratings


Centralized Auditing and Reporting


Workload isolation, common criteria, architecture design


Easily to secure new workloads



Solution Components


IBM Tivoli

Secure Manager for RACF z/VM


RACF Security Server Feature for z/VM


zVM v5


zVM v5 Dirmaint Feature


ISPF V3 for VM


IBM Tivoli Identity and Access Assurance V1

© 2010 IBM Corporation

16

Compliance / Risk Mitigation / Secure Infrastructure: z/OS

Customer Challenges


Security breaches, identity theft are growing


Companies face large financial losses


PCI and HIPAA compliance are required by law


Many environments are plagued by viruses and a


continued cycle of patches

Solution Capabilities



Security certifications (z/OS EAL 4+, LPAR EAL 5,


FIPS 140
-
2 Level 4),


System z/OS integrity statement


Centralized security controls, auditing and administration


Anonymous data for development and test


Solution Components



z/OS V1 including:
z/OS Security Server RACF
,


DFSMS, DFSORT, RMF, SDSF


DB2 for z/OS V9


WebSphere for z/OS V7


Optim Data Privacy Solution


Encryption Facility for z/OS V1


Data Encryption for IMS and DB2 Databases V1


Crypto Express3 Features


TKE Workstation


OSA Cards



IBM Tivoli Security Management for z/OS







Tivoli® Key Lifecycle Manager (TKLM)



IBM System Services Runtime Environment


for z/OS



IMS Audit Management Expert for z/OS



DB2 Audit Management Expert for z/OS


Optional:



IBM Distributed Key Management System
(DKMS)



Intellinx zWatch



Venafi Encryption Director

© 2010 IBM Corporation

17

Tivoli Security Management for z/OS

Offers the capability to
:


Administer your mainframe security & reduce administration time, effort, and costs


Monitor for threats by auditing security changes that affect z/OS, RACF & DB2


Audit usage of resources


Monitor and audit security configurations


Enforce policy compliance


Capture comprehensive log data


Increase capabilities in analyzing data from the mainframe for z/OS, RACF& DB2


Interpret log data through sophisticated log analysis


Efficient auditing, streamlined for enterprise
-
wide audit & compliance reporting



© 2010 IBM Corporation

18

18

IBM Tivoli Key Lifecycle Manager

Focused on device key serving


IBM encrypting tape


TS1120, TS1130, LTO gen 4


IBM encrypting disk


DS8000


Lifecycle functions


Notification of certificate expiry


Automated rotation of certificates


Automated rotation of groups of keys


Designed to be Easy to use


Provide a Graphical User Interface

Initial configuration wizards


Easy backup and restore of TKLM files


TKLM backup, DB2 backup, Key backup


Simple to clone instances


Installer to simplify installation experience


Simple to use install, can be silent


Platforms for V1


z/OS 1.9, 1.10, 1.11


AIX 5.3, 6.1 or later


Red Hat Enterprise Linux 4.0 and 5.0


SuSE Linux 9 and 10


Solaris 9, 10 Sparc


Windows Server 2003 and 2008

© 2010 IBM Corporation


A Strategy for clients to expand their usage of the System z platform:

The Future Runs on System z


Deliver greater value for clients as
they grow existing workloads


A new proposition that enables new
application adoption


A new class of offering to deliver
dedicated enterprise Linux servers at
unprecedented low cost

The Ideal platform for new workloads and consolidation:

System z: unmatched value, superior quality

© 2010 IBM Corporation

20

IBM Security Solutions


SC Magazine's Best Security Company

http://www
-
03.ibm.com/security/awards/

Al Zollar
,

General Manager, IBM

© 2010 IBM Corporation

Trademarks

The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.

The following are trademarks or registered trademarks of other companies.

* Registered trademarks of IBM Corporation

* All other products may be trademarks or registered trademarks of their respective companies.

Notes
:

Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in

a
controlled environment. The actual throughput that any user will
experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O c
onf
iguration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performa
nce

ratios stated here.

IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms appl
y.

All customer examples cited or described in this presentation are presented as illustrations of the manner in which some cus
tom
ers have used IBM products and the results they may have achieved.
Actual environmental costs and performance characteristics will vary depending on individual customer configurations and cond
iti
ons.

This publication was produced in the United States. IBM may not offer the products, services or features discussed in this d
ocu
ment in other countries, and the information may be subject to change
without notice. Consult your local IBM business contact for information on the product or services available in your area.

All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent
goa
ls and objectives only.

Information about non
-
IBM products is obtained from the manufacturers of those products or their published announcements. IBM h
as not tested those products and cannot confirm the performance,
compatibility, or any other claims related to non
-
IBM products. Questions on the capabilities of non
-
IBM products should be add
ressed to the suppliers of those products.

Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in

yo
ur geography.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems In
cor
porated in the United States, and/or other
countries.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and
is
used under license therefrom.

Java and all Java
-
based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other coun
tri
es, or both.

INFINIBAND,
InfiniBand Trade Association

and the INFINIBAND design marks are trademarks and/or service marks of the INFINIBAND Trade Association.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep
, I
tanium, and Pentium are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered
in
the U.S. Patent and Trademark Office.

IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part
of
the Office of Government Commerce.

IBM*

IBM eServer

IBM (logo)*

ibm.com*

AIX*

Cognos*

DB2*


GDPS*

Geographically Dispersed Parallel Sysplex

HyperSwap*

InfoSphere

Rational*

System p*

System Storage

System x

System z*

System z10

System z10 Business Class

Tivoli*

WebSphere*

z/OS*

z/VM*

10 BC

z10 EC

z9*

zSeries*