© 2015 IBM Corporation

Enhance Employee Productivity and Safeguard Against Mobile Threats

Kaushik Srinivas Product Manager, IBM MobileFirst Protect Eric Geller Security Architect, IBM Security 11/4/2015

IBM Security QRadar Integration with IBM MobileFirst Protect (MaaS360)

2 © 2015 IBM Corporation

Duration – 60 minutes Submit your questions to all panelists in the Q&A

box located in the bottom right corner of your screen

Recording and slides will be emailed to you

Housekeeping items

3 © 2015 IBM Corporation

Today’s landscape and the IBM mobile security framework Overview

– IBM QRadar – IBM MobileFirst Protect – Integration of QRadar + MobileFirst Protect Demo: QRadar + MobileFirst Protect

Summary

Q&A

Agenda

4 © 2015 IBM Corporation

Today’s challenges Keeping external and internal mobile threats on the radar

Enterprise Resource Access Broad range of devices and applications interfacing with or attempting to connect to corporate network

Mobile Threats Compromised, jailbroken/rooted devices, and those afflicted with malware introducing threats and compromising enterprise data

Security & Productivity IT departments hard-pressed to secure enterprise data and maintain regulatory compliance while keeping workers productive

5 © 2015 IBM Corporation

387new threats every minute or more than six every second McAfee

As mobile grows, so do security threats

“With the growing penetration of mobile devices in the enterprise, security testing and protection of mobile applications and data become mandatory.”

Gartner

“Enterprise mobility… new systems of engagement. These new systems help firms empower their customers, partners,

and employees with context-aware apps and smart products.” Forrester

Arxan

Top mobile devices and apps hacked 97% Android

87% iOS

6 © 2015 IBM Corporation

The IBM mobile security framework

CA, Oracle, RSA

Configure devices & manage security policies

Automate enforcement

Mitigate risks of lost or compromised devices

Distribute & manage enterprise apps

Separate work & personal data

Protect apps & data from vulnerabilities

Enable work content availability & sharing

Create & edit content

Contain sensitive corporate information

Provide secure web & mobile access control

Deliver ease-of-use with SSO & unified identity

management

Extend Security Intelligence

Extend security information & event management (SIEM) to mobile environment

Incorporate log management, anomaly detection, configuration & vulnerability management

Manage Access and Fraud

Secure Content and Collaboration

Safeguard Applications and Data

Protect Devices

© 2015 IBM Corporation

IBM Security QRadar

8 © 2015 IBM Corporation

IBM Security QRadar Providing actionable intelligence

IBM QRadar Security Intelligence

Platform

AUTOMATED Driving simplicity and

accelerating time-to-value

INTEGRATED Unified architecture delivered in a single console

INTELLIGENT Correlation, analysis and massive data reduction

9 © 2015 IBM Corporation

• Provides near real-time visibility for threat detection and prioritization • Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents • Enables more effective threat management while producing detailed data access & user activity reports • Produces detailed data access and user activity reports to help manage compliance

IBM Security QRadar Security Intelligence to protect assets and information from advanced threats

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

Automated Offense Identification • Unlimited data collection,

storage and analysis

• Built in data classification

• Automatic asset, service and user discovery and profiling

• Real-time correlation and threat intelligence

• Activity baselining and anomaly detection

• Detects incidents of the box

Embedded Intelligence

Prioritized Incidents

Mobile data

Suspected Incidents

10 © 2015 IBM Corporation

IBM zSecure IBM Security AppScan

IBM MobileFirst Protect

IBM Security Access Manager

IBM Security Privileged Identity Manager

IBM InfoSphere Guardium

IBM Security Identity Manager

IBM Security Directory Server and Integrator

IBM Endpoint Manager

IBM Trusteer Apex

IBM QRadar is the centerpiece of IBM security integration

IBM QRadar Security Intelligence

Platform

© 2015 IBM Corporation

IBM MobileFirst Protect

12 © 2015 IBM Corporation

IBM MobileFirst Protect

Advanced Management Visibility & Control

Secure Productivity Suite Trusted Workplace

Secure Document Sharing Content Collaboration

Mobile Threat Management Malware Protection

Mobile Enterprise Gateway Enterprise Access

Complete mobility management and security

13 © 2015 IBM Corporation

IBM MobileFirst Protect

Secure PIM App Security & Management

File Sync, Edit & Share

Secure Browser

Trusted Workplace

Separates work & personal data with anytime access to corporate resources

Works across iOS, Android, & Windows Phone platforms with a native user experience

Supports Box, Microsoft, Google, IBM & other collaboration tools, apps & containers

Unleash end-user productivity

14 © 2015 IBM Corporation

IBM Security QRadar integration with IBM MobileFirst Protect

Continuous Mobile Visibility – Detect when smartphones and tablets are attempting to connect to the network – Monitor enrollment of personally owned and corporate-liable devices – Gain awareness of unauthorized devices – Learn when users install blacklisted apps and access restricted websites

Compromised Device Remediation – Uncover devices infected with malware before they compromise your enterprise data – Identify jailbroken iOS devices and rooted Android devices – Set security policies and compliance rules to automate remediation – Block access, or perform a selective wipe or full wipe of compromised devices

View MobileFirst Protect compliance rule violations through QRadar

15 © 2015 IBM Corporation

Simple, yet powerful, addition to QRadar

Single pane of glass view on QRadar, with data feeds from MobileFirst Protect

16 © 2015 IBM Corporation

Mobile log activity in QRadar

Mobile log activity as viewed directly from QRadar console MobileFirst Protect alerts, events and information Displays type of violation, time of occurrence and threat severity

17 © 2015 IBM Corporation

Event detail of mobile activity in QRadar

System administrator view of specific mobile compliance violation via QRadar portal Displays context surrounding threat severity Aids in prioritization of response between violations

18 © 2015 IBM Corporation

Question: Of the following mobile device threat categories, which does your organization classify as most severe? Answers: A. Malware infected devices B. Jailbroken (iOS) or Rooted (Android) devices C. Lost/Stolen devices D. Personally-owned/BYOD devices E. Outdated OS Versions

Poll Question #1

© 2015 IBM Corporation

Live demonstration

20 © 2015 IBM Corporation

Summary Continuous visibility into mobile threats and events

End-to-end risk protection and analysis provided by IBM Mobile Security solutions

Ongoing mobile event detection displayed from a single pane of glass

Access to detailed, customizable reports on events and user activity

Option to drill down to individual events to evaluate the severity of threats

IBM QRadar Security

Intelligence Platform

IBM MobileFirst Protect

© 2015 IBM Corporation

Getting started

22 © 2015 IBM Corporation

Get started with IBM MobileFirst Protect now

Instant Access a free, fully functional trial for 30 days

Mobile Manage and secure your devices, apps and content

Easy Set up and configure your service in minutes

1 2 3

23 © 2015 IBM Corporation

Integrate IBM MobileFirst Protect with IBM QRadar

1. If automatic updates are not enabled, download the following RPMs: • DSMCommon • IBM Fiberlink REST API Protocol • IBM Fiberlink MaaS360

2. Configure your MobileFirst Protect instance to enable communication

with QRadar

3. Create a MobileFirst Protect log source on the QRadar console

Additional details: http://ibm.co/1Sdmc3C

24 © 2015 IBM Corporation

Question: Would you like more information? Answers: A. Yes, please send me more information on IBM Security QRadar B. Yes, please send me more information on IBM MobileFirst Protect C. Yes, please send me more information on both QRadar and

MobileFirst Protect D. No, not at this time

Poll Question #2

© 2015 IBM Corporation

Questions?

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOU www.ibm.com/security

© 2015 IBM Corporation

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml

Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.

Legal notices and disclaimers