So, I was at Pulse this year and was the source of a pretty constant ridicule for carrying around what felt like a fifty pound laptop bag.It was horrible, and inconvenient, and not even effective.I had hard copies of schedules that were out of date about 30 seconds after I clicked print.By the end of the conference I had calluses on my fingers and I couldn’t walk more than about ten steps without having to change hands.It was really a constant reminder that I need to go to the gym more.
Anyway, interestingly enough, most vendors in the endpoint security space have basically adopted this same approach in designing their technology.Incoming attacks get blocked by signatures, and in order to keep you “prepared,” some companies just create and update these huge signature files, shoot them across the network, fold their hands and hope they get properly installed, and then get right back to work because the files they just sent are more or less immediately out of date.I can tell you from experience that lugging around a bulky bag of incomplete, outdated information is no way to do your job.It’s also no way to keep your employees, and by extension, your company, ahead of threats.
What companies need to do is focus on what a defense-in-depth of the endpoint would really look like.It means you need a lot of things.You need to have antivirus and firewall protection.You need a patch process that actually works.You need centralized policy management that is easily enforceable.And, of course, you need all of this in real-time.Until recently, that also meant you needed a lot of aspirin.
With its acquisition of BigFix last July, IBM basically invested in the convergence of security and systems management, two pieces of the operational infrastructure that will continue to become more intertwined.You can’t just write the policy, or obtain the patch, you also need to be confident that these changes and updates are continually being enforced at every single endpoint.Try automatically applying patches to computers that aren’t turned on and you’ll pretty quickly understand why convergence is so important.
Up until this week there were four offerings that were part of the Tivoli Endpoint Manager suite of products, all of which are managed under the same roof.We have solutions for lifecycle management, security and compliance, power management and patch management.This week, we were pleased to announce Tivoli Endpoint Manager for Core Protection, a solution designed to add another layer of depth to your endpoint security posture.Tivoli Endpoint Manager for Core Protection is the result of the relationship between IBM and Trend Micro, and offers the real-time, lightweight threat protection that other endpoint security solutions can’t really compete with.
I spoke earlier about how other vendors were sending these huge signature files across their network, files that were outdated before you even figured out how to install them on your PC.Tivoli Endpoint Manager for Core Protection is different because while it does employ the use of some signature files, it also leverages the cloud to reduce the amount of information that needs to be sent across the network and also provides the real-time protection that static signature files cannot.As the cloud is updated with the latest threat information, so too are all of the endpoints that are in conversation with that cloud.
This has proven to be extremely effective. In a recent third party test, the Trend Micro technology blocked 100% of all incoming malware (the second place competitive product came in at 77%) by taking a multi-layer approach. Nearly all (97.5%) of the malware was detected and blocked in the first layer (URL reputation) and the remaining pieces of malware were blocked in the two subsequent layers of defense. Now, here's where it gets even more impressive. An hour after the original test, they again tested just the malware that got through URL reputation, but this time it did not get through even that first layer of defense. This is protective technology that is updating and hardening its defenses as new threats come in.
I don't think I really need to explain the importance of endpoint security to anyone reading this. We all have different things at stake, whether it's your back accounts, your music collection, confidential information for work or even just a photo album. What I can say is that 77% isn't good enough when it comes to protecting any of those things.
The strength of Tivoli Endpoint Manager is that it combines first-rate security with the systems management capabilities needed to ensure that protection is deployed across the entire infrastructure. When it comes to endpoint management, it's about no longer looking at technology in silos, it's about understanding why and how we can integrate different complementary offerings. Tivoli Endpoint Manager is built on that philosophy.
For more information about Tivoli Endpoint Manager, please visit:
Today's post comes from Veronica Shelley, Market Manager, IBM Security.
With IBM's October 12th SmartCloud launch, perhaps you're considering cloud computing for your organization. After all, the benefits of cloud computing are well known. Cloud computing is flexible, scalable, and cost-effective, and it's a proven delivery platform for providing business or consumer IT services over the Internet. Cloud computing can help you cut costs and IT complexity, provide new services to customers, and streamline business processes. Cloud computing is gaining in popularity and may be the wave of the future. Yet, many organizations hesitate to get started due to security concerns and confusion over how to get started.
Perceived risk versus actual risk
Cloud computing may seem new, but the fact is companies have been outsourcing services and technology for years. Providers already deliver hosted technology offerings that are located off-site with client access via the Internet. This is a common scenario for services such as remote storage or hosted email and other software as a service (SaaS) solutions. And just because companies may give up some control to the provider when they move to a cloud-based environment (just as they give up some control in any outsourced arrangement), it doesn't mean they have to compromise on security. By asking the right questions and adequate preparation, companies can build a "trust and verify" relationship with the cloud provider they are working with.
Questions to ask to ensure cloud security
It's important to remember that the same factors apply to ensuring security whether it is cloud-based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means companies need to understand the environment beyond their own data center and consider how it impacts the organization from a security standpoint. To help ensure security and peace of mind, as well as a good working relationship with the cloud provider, the client company should always identify and prioritize cloud-specific security risks beforehand. Often, companies will find they have the same amount of control, if not more, with a cloud service.
There are specific tactics an organization can use to enhance cloud security. For identity and access management issues, companies need to control passwords, support privileged users and enable role-based access to these cloud services. With data protection, a key concern is knowing whether or not a company's hosted data is secure, especially if data from rival companies is also being stored on the provider's cloud service. Companies should also ensure the cloud provider is deploying antivirus software on all supported systems that could be exposed to attacks, and ensuring that selected programs can identify and protect against malicious software or processes. From an auditing and monitoring perspective, companies need to determine how the cloud provider is testing and monitoring the infrastructure to meet legal and regulatory requirements.
Reaping the benefits of cloud
Organizations interested in reaping the benefits of cloud can best begin by understanding the security ramifications of a cloud deployment to their business, keeping in mind they can start small by deploying cloud in low-risk workload areas like email services. This easing-in process gives organizations valuable time to become familiar with cloud on a scale that's simpler to grasp and doesn't put them at increased security risk. And as familiarity of cloud and trust in the provider grows over time, companies can expand their use of cloud computing into other areas of business. By following this gradual path, companies can start enjoying the benefits of cloud in a way that's safe and secure.
Learn all about the latest strategies and smarter software for design and development innovation through next generation service delivery from the Integrated Service Management track at Innovate 2010, June 6-10. The Integrated Service Management track at Innovate is a continuation of the discussion and training of the Software Delivery Lifecycle Management stream at Pulse 2010, which showcased how clients, IBM and IBM Business Partners use software delivery lifecycle management solutions to help realize greater value from software investments and optimize business outcomes at reduced cost and risk.
The Integrated Service Management track kickoff will be hosted by Jamie Thomas, Vice President of Tivoli Strategy and Development, formerly of worldwide development, client support and product management for the Rational software brand. Jamie will be joined by Bala Rajaraman, Distinguished Engineer, IBM Software, Tivoli and John Wiegand, Distinguished Engineer, Rational Analysis, Design and Construction.
At Innovate 2010, IBM clients and partners will learn innovative approaches to optimizing the service lifecycle, driving better efficiencies and lowering their TCO. Attendees of the Integrated Service Management track will also learn how to leverage the existing tight integrations with Rational solutions. Specifically, clients can find out how to:
Speed up the deployment processes and maximize resource utilization with automation solutions
Reduce cost and improve efficiency with Visibility and Automation brought about by the integration of Rational and Tivoli
Fully realize the benefits of newer technologies such as virtualization, cloud etc in the dev and test processes that will improve TCO and efficiency
Create a robust dev and test processes that will have minimal chances of failure and cause an outage
What I love about this solution, and I'm going to quote from the press release, "...quickly and cost-effectively enable hundreds or even thousands of new services and use an integrated cloud service management platform to create, deliver and manage those services."
This is another real-world (purchasable) example of the type of game-changing solutions that could not be solved without a comprehensive service management strategy like the one IBM has with Integrated Service Management.
There's more information about this particular release for the CSP solution on the press release and customers from all industries can visit the Cloud Computing website for more information on all of our cloud computing solutions.
If you want to sit down with someone to discuss this or other solutions, you can contact your IBM sales rep and/or Business Partner (Business Partner Locator Site) and have them sit down with you now to discuss Integrated Service Management and be sure to ask them about conducting a whiteboarding session.
Over 51 million tourists travel to Orlando, Florida every year, but only the cool ones go to attend IBM Edge and IBM Innovate.
As I type this, so many of our customers, partners and my colleagues are in the "brutal" 88°F* weather learning more about storage and software & system innovation.
Since much of my focus is around product announcements, I wanted to point folks to the IBM Tivoli Storage Productivity Center V5.1 announcement that happened yesterday (Announcement Letter 212-189).
For content coming from the conference, a number of the marketing team are on the ground at Edge and tweeting. Be sure to follow Maria, Martha and Branavan (and of course, @ibmstorage) as well as the hashtag #ibmedge.
The Rational team have a number of exciting new announcements around Jazz and they will be talking quite a bit about mobile, cloud, industry solutions and a few other things including DevOps.
For us service management folks, DevOps translates into tangible benefits we can bring back to the business; like fewer errors and faster time to resolving errors if they do occur.
Back at Pulse 2012, we announced, among other things, the Beta for IBM SmartCloud Continuous Delivery (see the blog post and press release).
Along with IBM SmartCloud Control Desk and IBM SmartCloud Provisioning Manager (among others), it's about developers and testers having access to the same tools, data and information that operations uses and leveraging them to fix problems before they occur. And if problems do occur, the linkages with tools like Rational Application Developer and Rational Performance Tester allow the developers and testers to quickly resolve these issues as everyone and everything is connected.
As stated before, fewer errors and faster time to resolving errors if they do occur. This translates into using time to be productive and being innovative. Innovation is what provides value back to the business.
A bit different from yesterday, I spent the morning helping our customers register for industry round tables and then followed that up with showing customers the new Integrated Service Management Simulator Game in the Expo Center.
Tuesday, as you know, is when IBM makes product announcements and this Tuesday was no different.
Jamie Thomas talked about a number of announcements (including the ones below) in her portion of the general session (which can be found on the Livestream)
I would call your attention to the following two Announcement Letters that were released today:
The adoption of cloud and virtualization technologies by the market is increasing.
For these technologies to be meaningful to our customers, it is on us to ensure that we can provide the levels of Visibility, Control and Automation (TM) they require to match their Integrated Service Management best practice. (and that's just what we're doing)
Press Release Round Up
The press team put out some great articles that I'd also like to call your attention to:
Some great coverage of the successful client relationships we've built with our industry solutions. They are worth a read (especially the Cities one).
I'd also point you to the excellent blog post Christina wrote about Intelligent Metering Network Management
Speaking of Coverage
As a sequel to yesterday's general session visual note-taking adventure, I present to you my notes from day 2 (Flickr link:
What's Next For Noah?
Tomorrow, I'll be talking to Scott Laningham on the Livestream at 12:40pm PST about Integrated Service Management and then closing out the conference and staffing the Simulator Game in the Expo Center.
If you want, stop by and say hello. I'll show you the demo and can also talk to you about anything Integrated Service Management -related.
The following article was written by Cameron Allen, Pierre Coyne and Beth Sarnie and is the second in our OSLC series.
In fact, if you were at Pulse 2012...you heard how IBM Watson will be used to help doctors diagnose medical conditions and improve patient care at WellPoint.
For those of you, like myself, that don’t have a Watson-like recollection, here’s a quick flashback detailing a millisecond in Watson's brain on a sample patient:
Watson is given specific information on a patient’s symptoms, and makes a preliminary diagnosis of the flu as the most likely illness.
Based on the unique patient's name, Watson looks up records of the patient's history for the past few years, providing new insights that point to the better possible cause of, for example, a Urinary Tract Infection.
Based on the patient's family connections, Watson is able to use the family history to derive that the mostly likely cause is now diabetes.
And finally, Watson is able to access a patient’s latest tests to derive a final diagnosis.
If you're in the business of IT, this may sound a lot like incident management. And as any level 1 support person can attest, diagnosing the root cause of an incident is much like diagnosing a patient's condition. You need information from multiple sources (e.g. service desk, license, CMDB, monitoring, and asset management systems), but more importantly, it has to be in context, up to date, and delivered in a timely basis to make an accurate diagnosis of the root cause.
The problem has always been that an incident manager, like a doctor, has to jump between tools, entering requests in each system for the right information...and that is time consuming. In some cases, information isn't readily available and must be requested from other sources, not under their direct control.
One of the ways Watson is able to be such a great diagnostician (and incident manager) is through "linked data," which allows it to seek out and find related information on the patient from multiple sources in a fraction of a second to facilitate faster, more accurate patient diagnosis.
Until now, an incident manager did not have this same luxury.
That's where Jazz for Service Management comes in. Jazz is IBM's realtime platform for integrating management across multivendor tools, and across service lifecycle processes and functions. Like Watson, Jazz for service management uses principles of linked data, along with community standards (including OSLC) to support Watson-like service management decisions, regardless of what vendor tools you have in place.
FYI, the recent IBM Service Management Jam on Cloud Computing, "Cloud Computing: Innovation that drives IT and operations efficiencies" is the #1 most popular of the 41 Jams aired to date.
Cloud Computing Jam link: http://bit.ly/9mt8N
Jams page link: http://bit.ly/ultmC
Two great IBM
conferences were held in Las Vegas this year--IBM Pulse and IBM Impact.
However, I have to say that I truly envy the IBM
Rational Software Conference taking place from May 31-June 4,
since it will be at the Walt Disney World Swan and Dolphin Resort in Orlando, Florida (where Pulse 2008 was held).
The effervescent ambience in the air is unparalleled. The awseome fountains are
a key contributor.
Tivoli fans will be pleased to know
that several Service
Management topics will be covered at the conference since the integration
of development and operational tools, data, and processes is essential to
improving the success rate of application deployments and improving service
quality. The topics will cover ways businesses can improve the integration of
development, test, and operations to simplify high-quality application
deployment, enhance provisioning, streamline problem diagnosis, and enable
effective service management. The
conference will include the following Service Management topics:
General Manager sessions
Al Zollar, General Manager of IBM Tivoli
Software, will participate in three executive sessions:
IBM Cloud Computing
Breaking down the barriers between development and operations
General Manager roundtable
Software Lifecycle Track
“Enhancing The Application Life Cycle with Tivoli
Composite Application Manger (ITCAM)”-- Todd Kindsfather
Abstract: Discover how IBM Rational and Tivoli's joint solution helps reduce development and
rollout costs, while increasing rollout success rates. This session will
Discussion of how to enhance testing with ITCAM performance data
Description of how to use Rational test scripts with ITCAM for
Overview of how to leverage the ITCAM products to help resolve
problems earlier in the application life cycle
Tivoli Birds of a Feather session
“Bridging the chasm between build,
deployment and production”--Rich Johnston
Abstract: Today’s IT departments have more
systems to manage, more locations to support and more mission-critical
applications to build, deploy and maintain than ever before. In many
organizations, the processes employed to move applications from build, to
deploy, to production phase can be manual, time-consuming and error-prone. The
data, tools, and workflows are not well integrated or automated resulting in
inefficient processes which inevitably lead to slower time to market, long
resolution cycles and even loss of revenue. This session offers a chance for
attendees to discuss issues, challenges and solutions for bridging development
and IT operations across different aspects of the application and service
Service Management pedestals
Ped 1: "Service Management with CCMDB, TSRM,
and RAM: Total
Application Lifecycle management"--Rich Johnston
Abstract: The inability to quickly
identify application performance bottlenecks can lead to system downtime and
unnecessary cycles spent firefighting defects. See how ITCAM
can provide monitoring data from operations needed to better understand
performance characteristics prior to relase and speed correction of defects.
Ped 2: "Integrating the Service
Management Lifecycle across Development & Operations: Optimize Application
Performance in Production"--Todd Kindsfather
Abstract: Integration across application
development and configuration management tools is critical for complete
component life-cycle managmenet. With a Tivoli/Rational integrated solution,
customers can experience total application management from development to
deploymentt to operation.
For those who can’t
attend the conference in Florida, check out http://www.remotersc.com for other
opportunities to participate in the Rational Software Software conference
It's been said that the only difference between a native Texan and an adopted Texan is who complains more about the crazy, long hot summers. For those of you who know neither, believe me when I tell you the natives complain a lot more. The adoptees relish it.
A lifelong Texan and passionate runner, my idea of good weather is not based on how hot and sunny it is outside. I prefer a temperature just shy of 50 degrees with plenty of cloud coverage, and even a little rain is welcome. As my skin sizzled under the 97 degree sky yesterday, I was thinking about IBM CloudBurst and wishing I could order up my own personal cloud . . . maybe someday IBM will invent that!
In the mean time, here are some of the features and benefits you can expect when you introduce IBM CloudBurst in your enterprise with the dynamic infrastructure of IBM Service Management.
Faster time to value: Delivered on site as a prepackaged and self-contained service delivery platform for cloud computing... virtualization included! Flexibility: Scalable platform allows you to deploy now and easily scale as business needs change. Ease of use: Self service portal for rapid access to cloud delivery Simplified systems administration: Integrated systems management of both physical and virtual workloads - through a single interface to blade servers, storage and networking Superior reliability: Keeps your virtualized infrastructure up and running - with multiple layers of redundancy built into the hardware platform resulting in no single point of failure. Energy efficiency: Designed from the ground up to dramatically improve power utilization and reduce energy costs. Integrated power management to help you plan, predict, monitor and actively manage power consumption of your BladeCenter servers.
While preventing security breaches is paramount, security administrators are frequently bogged down with tedious, time-consuming, complex day-to-day tasks that divert their attention from security issues.These time-consuming tasks can be reduced by improving security administration processes and automating audit documentation, allowing administrators to focus on innovative extensions to their business applications in order to maximize investments.
Join us for this webcast on July 14th to learn about the new capabilities in Security zSecure suite, Security Key Lifecycle Manager, Tivoli Federated Identity Manager, Tivoli Security Information and Event Manager, and other security products that enhance cloud security on the mainframe.
In this session, you’ll learn how Tivoli Security Management for zEnterprise can help:
·Reduce the cost of administrating security on the mainframe by reducing complexity and using fewer staff resources
·Automate security policy enforcement to implement best practices and compliance requirements
·Analyze data to detect and respond rapidly to the large volume of security events and threats both internal and external
·Proactively handle events with automated closed-loop remediation that closes exposures
·Protect sensitive data and simplify the lifecycle management of encryption keys
·Consolidated cloud security management for zEnterprise
Are you interested in learning more about Cloud Computing and Virtualization? Be sure to register and attend these two community webcasts happening this week on June 8th and 9th. These promise to be very informative events you don’t want to miss!
WEBCAST on Wednesday, June 8, 2011 at 11:00AM Eastern USA Webcast title: Get your image sprawl monster under control – secrets to image management from an expert Sign up for this webcast here
Description: Companies have embraced virtualization primarily to impro! ve utilization of hardware and save costs. However, virtualization especially on x86, has led to significant growth in management costs. Much of this increased cost stems from growth in images. We will discuss some of the key challenges around managing images and how IBM is taking a holistic approach to solving these pain points and restoring control.
Speaker: Ruth Willenborg, IBM Distinguished Engineer in IBM Software Group, Tivoli
WEBCAST on Thursday, June 9, 2011 at 11:00AM Eastern USA Cloud - Extending your virtualization into the cloud Sign up for this webcast here
Description: The benefits from cloud computing seem clear: cost reduction, better flexibility, scale to meet business demands, etc. However, getting to cloud involves a lot of decisions Learn how some of your colleagues are leveraging Tivoli solutions to automate virtualized environments and move to private clouds.
Speaker: Mohamed Abdula, IBM Director, Service Automation and Cloud Solutions Product Management and Bowman Hall, IBM Director, Cloud Computing Client Engagements, IBM Software Group
As you know, the team held a Cloud Service Management Simulator Workshop at Pulse 2012 and I was in the room for a portion of the session (look for me in the background at 1:03) and I know that the attendees had their eyes opened.
The team cut together a pretty cool trailer to give you an idea of what goes on at one of these simulator sessions.
If it looks like chaos, that's because there is a good bit of chaos in the process of role-playing the real-world interaction between IT and business when they are not aligned properly.
The goal is to keep the company profitable. That lasts for about 3 minutes...
But here's the thing. As the workshop progresses, the transformation occurs and balance is achieved (and money starts to be made).
Every service management practitioner should bring their co-workers to this workshop. It is an experience that will help drive your company towards innovation.
Watch the video to see what I mean, and for more information on the simulator, send an email to tivmktg [at] us [dot] ibm [dot] com.