Firewall: F5 Big-IP AFM
Bringing together security and deep application fluency, BIG-IP Advanced Firewall Manager (AFM) delivers the most effective network-level security for enterprises and service providers alike. Whether on-premises or in a software-defined data center (SDDC), BIG-IP AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on more attack details than traditional network firewalls. AFM also protects your organization from the most aggressive volumetric distributed-denial-of-service (DDoS) attacks before they can reach your data center.
Intrusion Prevention System: IBM Network Security XGS
The security landscape continues to evolve, so you need network security that delivers preemptive protection, visibility, and control. IBM® Security Network Protection (XGS)
is a next-generation intrusion prevention system (IPS) that enables you to stay ahead of the threat, providing protection against tomorrow’s threats today.
- Protection against unknown threats, such as zero-day attacks and mutated threats.
- Visibility into network activities, such as applications used and websites visited, including encrypted traffic.
- Control over specific application actions, down to the user level.
- IBM X-Force® threat intelligence.
- IBM Virtual Patch® technology, which protects your systems prior to being patched.
Web Application Firewall: F5 Big-IP ASM
A Web Application Firewall That Guards Your Critical Apps
BIG-IP Application Security Manager (ASM) enables organizations to protect against OWASP top 10 threats, application vulnerabilities, and zero-day attacks. Leading Layer 7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular attack visibility thwart even the most sophisticated threats before they reach your servers.
BIG-IP ASM also enables compliance with key regulatory standards like HIPAA and PCI DSS.
With BIG-IP ASM, organizations gain the flexibility they need to deploy Web Application Firewall (WAF) services close to apps to protect them wherever they reside—within a virtual software-defined data center (SDDC), managed cloud service environment, public cloud, or traditional data center.
Endpoint Protection: IBM BigFix for Core Protection
Protect physical and virtual endpoints from malware and data loss
IBM BigFix Protection delivers near real-time protection from malware and other malicious threats through file and web reputation, personal firewall, behavior monitoring and more.
It can protect physical and virtual endpoints from damage caused by viruses, Trojan horses, worms, spyware, rootkits, web threats and their new variants. Reduce the risk of business disruptions that result from attacks on endpoints.
IBM BigFix Protection:
- Works at multiple levels of threat protection including helping to stop threats before they arrive. It checks files, URLs and emails for malicious potential in near real time.
- Cross references threat information with a large, cloud-based database.
- Provides single console management with complete visibility to all endpoints.
- Supports forward-looking technologies such as integrated data loss prevention (DLP), desktop virtualization and cloud-based services.
Works at multiple levels of threat protection
- Guards against the full range of malware and scans POP3 email and Microsoft Outlook folders for threats.
- Delivers integrated DLP capabilities using the same single console and single agent.
- Monitors and controls physical ports on endpoints. You can apply additional protections to restrict removable USB storage devices.
- Determines the safety of a file and prevents users from opening infected documents. The web reputation feature automatically determines the safety of millions of dynamically rated websites.
- Identifies suspicious system activities. If triggered, it can block execution to help prevent potentially damaging activities.
Cross references threat information
- Checks files and web addresses against the cloud-based database for potential malicious activities in near real time.
- Provides anti-malware protection to Mac and Microsoft Windows endpoints.
- Cleans endpoints of malware automatically, including processes and registry entries that are hidden or locked.
Provides single console management
- Centralizes the management of functions to coordinate among IT, security, desktop and server operations.
- Provides security for both fixed network-connected endpoints and roaming Internet-connected endpoints.
- Supports task delegation with granular, role-based administration.
- Delivers increased protection through policy enforcement. This helps provide antivirus services that are continuously installed, running and up to date.
- Helps increase operational efficiencies. Scales to help you lower management and distribution server costs.
Supports forward-looking technologies
- DLP helps enforce security policies and comply with data privacy regulations.
- Virtualization awareness automatically recognizes virtual endpoints and reduces resource contention issues. It integrates with virtualization solutions including Citrix XenDesktop and VMware View.
- Lightweight footprint supports cloud-based capabilities for both security deployment and management. Signatures remain in the cloud, reducing the burden on individual endpoints.
Endpoint Security & Compliance : IBM BigFix for Security & Compliance
Increase security and continuous compliance for all endpoints
IBM BigFix Compliance enforces continuous security compliance throughout your organization for all your endpoints both on and off the corporate network.
This software can help you protect endpoints and assure regulators that you are meeting security compliance standards. Reduce the cost and complexity of IT management while enhancing business agility, speed to remediation and accuracy.
IBM BigFix Compliance:
- Helps support continuous security and compliance using an intelligent agent that assesses and remediates issues.
- Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status.
- Simplifies operations with a single console for management, configuration, discovery and security functions.
- Delivers a broad range of security functions and gives you the ability to add other targeted functions as needed, without adding infrastructure or implementation costs.
- Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.
Helps support continuous security and compliance
- Provides accurate and near real-time visibility into and continuous enforcement of security configurations and patches.
- Helps effectively manage the compliance lifecycle with an ongoing, closed loop process.
- Provides security and compliance analytics which identify, manage and report on policy exceptions and deviations. Also shows trending and analysis of security configuration changes.
- Is faster and more efficient. The intelligent agent provides continuous compliance with automated audit cycles measured in minutes rather than weeks.
Manages hundreds of thousands of endpoints
- Supports a large variety of endpoints. These include servers, desktop PCs, “roaming” Internet-connected notebooks, smartphones, tablets and other mobile devices, as well as specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks.
- Provides endpoint management for major operating systems, third-party applications and policy-based patches.
- Helps discover endpoints that you might not have known were in your environment.
- Uses a unified management infrastructure to coordinate among IT, security desktop and server operations.
- Enables automated, highly targeted processes that provide control, visibility, and speed to effect change and report on compliance.
- Centralizes the management of functions that provide advanced anti-malware and firewall protection.
- Provides greater visibility into network resources in dynamic and complex environments.
Delivers a broad range of security functions
- Patch management includes delivering patches to endpoints for Microsoft Windows, UNIX, Linux and Mac OS; and for application vendors including Adobe, Mozilla, Apple and Java.
- Security configuration management provides a library of technical controls. They can help you achieve security compliance by detecting and enforcing security configurations.
- Vulnerability management helps you discover, assess and remediate vulnerabilities before endpoints are affected. If the endpoint is found to be out of compliance, the software can place it in network quarantine until compliance is achieved.
- Asset discovery frequently scans the entire network to identify IP-addressable devices and computer endpoints with minimal network impact.
- Multivendor endpoint protection management gives administrators a single point of control for managing third-party endpoint security clients from vendors such as Computer Associates, McAfee, Sophos, Symatec and Trend Micro. Endpoints can be migrated from one solution to another with “one-click” software removal and reinstall.
Makes the most of BigFix technology
- Places an intelligent agent on each endpoint. This single agent performs multiple functions including continuous self-assessment and policy enforcement with minimal impact on system performance.
- Includes near real-time and continuous reporting and analysis from the intelligent agent on your organization’s endpoints.
- Allows agents to be configured as a relay between other agents and the console. This relay function allows the use of existing servers or workstations to transfer packages throughout the network, reducing the need for servers.
- Supports the Fixlet Relevance Language. This published command language enables customers, IBM Business Partners and developers to create custom policies and services for endpoints managed by IBM Endpoint Manager software.
Business Applications: IBM AppScan Enterprise
IBM® Security AppScan® Enterprise enables organizations to mitigate application security risk, strengthen application security program management initiatives and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts. Performance metrics are provided that help you monitor the progress of your application security programs.
IBM Security AppScan Enterprise delivers:
- Scalable application security testing using a variety of testing techniques.
- Test policies, scan templates and vulnerability remediation advisories to help implement application security programs.
- Detailed security reports and enterprise level dashboards to provide visibility of risk and compliance.
Scalable application security testing
- Provides a scalable enterprise architecture that enables the engagement of a large number of application security testers. IBM Security AppScan Enterprise also supports IBM Worklight® project teams.
- Offers a variety of techniques for testing web, non-web and mobile applications and services, including dynamic, static and interactive analysis.
- Scans websites for links to malicious or undesirable websites based on the IBM X-Force® database.
- Aggregates and correlates dynamic and static analysis assessment results for enhanced reporting of vulnerabilities.
Test policies, scan templates and vulnerability remediation advisories
- Enable the definition of policies and scan templates to govern application security testing.
- Deliver vulnerability advisories, fix recommendations and built-in training videos to educate development teams.
- Provide built-in issue management capabilities and integration with development and quality assurance systems.
Detailed security reports and enterprise level dashboards
- Classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts.
- Provide visibility into the security and compliance risks presented by the identified security vulnerabilities and show progress through performance metrics and trending.
- Provide flexible, detailed security issues reports that enable users to group and organize report data in multiple ways.
- Deliver more than 40 security compliance reports, including PCI Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act (GLBA) and Basel II.
- Integrates with IBM Security QRadar®, IBM Security Network Intrusion Prevention System and IBM mobile security solutions to provide additional intelligence for prioritizing vulnerabilities and mitigating risk.
Database Activity & Monitor: Guardium
Protect sensitive data – wherever it resides
IBM® Security Guardium® Data Activity Monitor prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect data across the enterprise, without changes or performance impact to data sources or applications. Guardium Data Activity Monitor protects data wherever it resides, and centralizes risk controls and analytics with a scalable architecture that provides 100% visibility on data activity. It supports the broadest set of data source types, and it is the market leader for big data security solutions.
- Uncover risks to sensitive data
- Monitor and audit all data activity—for all data platforms and protocols.
- Enforce security policies in real time—for all data access, change control and user activities.
- Create a centralized normalized repository of audit data—for enterprise compliance, reporting and forensics.
- Support heterogeneous data environments—all leading databases, data warehouses, files applications and operating systems, including big data environments (Hadoop and NoSQL).
- Readily adapt to changes in your data environment
Uncover risks to sensitive data
- Automate sensitive data discovery and classification for risk analysis across enterprise data sources
- Determine entitlements to sensitive enterprise data to determine risks such as dormant data or dormant entitlements
- Use analytic tools like Quick Search or Connection Profiling to do forensics in real time or after the fact.
Monitor and audit all data activity
- Understand and develop complete visibility into all transactions for all platforms and protocols by users including database administrators, developers, outsourced personnel and applications.
- Identify application users who make unauthorized changes from common service accounts.
- Provide user and application access monitoring independent of native database logging and audit functions.
- Improve data security leveraging analytics to detect unusual data access patterns.
Enforce security policies in real time
- Monitor and enforce security policies for sensitive data access, privileged user actions, change control, application user activities and security exceptions.
- Use outlier detection analytics to identify anomalous behavior by automatically comparing data activity to a normal behavior baseline.
- Support exception policies based on definable thresholds such as SQL errors.
- Use extrusion policies to examine data leaving the database for specific value patterns such as credit card numbers.
- Support policy-based actions such as near real time security alerts, traffic blocking, and user quarantines.
Create a centralized repository of audit data
- Aggregate and normalize audit data throughout your enterprise for compliance reporting, correlation and forensics without requiring native database audit functions.
- Provide a tamper-proof data access audit trail that supports the separation of duties required by auditors.
- Deliver customizable compliance workflow automation to generate compliance reports and distribute them to oversight teams for electronic sign-offs and escalation.
Support heterogeneous environments
- Monitor and audit key Big Data environments (Hadoop or NoSQL) such as IBM InfoSphere BigInsights™, Cloudera, Hortonworks, Pivotal, MongoDB and Cassandra.
- Support enterprise databases or datawarehouses running on major operating systems including IBM DB2®, Oracle, Teradata, Sybase, Microsoft SQL Server, running on Windows, UNIX, Linux, AS/400, and z/OS.
- Support key enterprise resource planning and customer relationship management applications as well as custom and packaged applications.
- Provide capabilities to track file-sharing activities on major platforms including Microsoft SharePoint.
Readily adapt to changes in your data environment
- Create an agile and adaptive data protection environment that adjusts as new users, platforms and types of data are added
- Scale tot any size data protection effort with a flexible and tiered approach including seamless load balancing and self monitoring
- Streamline administration and deployment of data security and compliance with a business centric user experience and automated tasks
Identity and Access Management
Threat-aware identity and access management for the open enterprise
Today’s organizations need to govern and enforce user access across multiple channels, including mobile, social and cloud. At the same time, they must address business needs such as role management, compliance and audit reporting and integration of various user populations.
IBM® Security identity and access management solutions help strengthen compliance and reduce risk by protecting and monitoring user access in today’s multi-perimeter environments.
IBM Security identity and access solutions help safeguard valuable data and applications with context-based access control, security policy enforcement and business-driven identity governance. Armed with user metrics and audit reports on user entitlements and access activities, you can deal more quickly and efficiently with the complexities of user access management, insider threats and compliance requirements.
Identity and access management solutions from IBM help:
- Safeguard mobile, cloud and social access.
- Prevent advanced insider threats.
- Simplify cloud integrations and identity silos.
- Deliver actionable identity intelligence.
Security intelligence for protecting assets and information from advanced threats
IBM® Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. As an option, this software incorporates IBM Security X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
IBM Security QRadar SIEM:
- Provides near real-time visibilityfor threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure.
- Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents.
- Enables more effective threat management while producing detailed data access and user activity reports.
- Delivers security intelligence in cloud environments.
- Produces detailed data access and user activity reports to help manage compliance.
- Offers multi-tenancy and a master consoleto help Managed Service Providers provide security intelligence solutions in a cost-effective manner.
Provides near real-time visibility
- Helps detect inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of events.
- Collects logs and events from several resources including security devices, operating systems, applications, databases, and identity and access management products.
- Collects network flow data, including Layer 7 (application-layer) data, from switches and routers.
- Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.
Reduces and prioritizes alerts
- Performs immediate event normalization and correlation with other data for threat detection and compliance reporting and auditing.
- Reduces billions of events and flows into a handful of actionable offenses and prioritizes them according to their business impact.
- Performs activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network.
- Uses IBM Security X-Force Threat Intelligence optionally to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware.
Enables more effective threat management
- Tracks significant incidents and threats, providing links to all supporting data and context for easier investigation.
- Performs events and flow data searches in near real-time streaming mode or on a historical basis to enhance investigation.
- Enables the addition of IBM Security QRadar QFlow and IBM Security QRadar VFlow Collector appliances for deep insight and visibility into applications (such as enterprise resource management), databases, collaboration products and social media through Layer 7 network flow collection.
- Helps detect off-hours or unusual use of an application or cloud-based service, or network activity patterns that are inconsistent with historical usage patterns.
- Performs federated searches throughout large, geographically distributed environments.
Delivers security intelligence in cloud environments
- Provides SoftLayer cloud installation capability.
- Collects events and flows from applications running both in the cloud and on premise.
Produces detailed data access and user activity reports
- Tracks all access to customer data by username and IP address to ensure enforcement of data-privacy policies.
- Includes an intuitive reporting engine that does not require advanced database and report-writing skills.
- Provides the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.
Offers multi-tenancy and a master console
- Allows Managed Service Providers to cost-effectively deliver security intelligence using a single console that supports multiple customers.
- Leverages either on-premise or cloud based deployments.