Today’s post is brought to you by Veronica Shelley, Product Marketing
Manager, IBM Security Solutions.
A typical user can have multiple log-in and password
combinations, often with different requirements and update intervals. With so
many log-ins to keep track of, users either forget or resort to unsafe
practices (i.e. writing them down) to help remember their passwords. Yet, there
are times when youruser community
simply can’t remember their log-in information. How many calls to the Help
Desk, how many hours of lost user productivity, can be attributed to workers
who can’t log into a particular application or database because they forgot
their password? Precious time is wasted finding, remembering, and resetting
passwords, so this can become a major productivity issue for organizations of
As the number of enterprise applications and access points
continue to increase IBM Tivoli Access Manager for Enterprise Singe Sign-On
(TAM ESSO) delivers a balance between easy access and strong security. This
industry leading access management solution supports a wide variety of
authentication factors (including smart cards, badges, tokens, and biometrics),
meeting the needs of different user groups and industries. TAM ESSO provides single sign-on capabilities,
meaning users have to remember just one password to automatically log into all
their applications and data sources. No more time consuming and expensive help
desk calls, no more frustrated users, no more lost hours of productivity. Users
benefit from fast access to all of their applications, while organizations benefit
from the increase in productivity, security and compliance with security
What is IBM Tivoli Software? We know you want the short version. Steven Wright of Tivoli Software breaks it all down for us in less than 7 minutes on a white grease board. Check it out while you have your morning coffee, afternoon tea, or while you get your miles in on the treadmill or trail with your smart phone. Then visit ibm.com/software/tivoli for more details on how IBM Tivoli Software can help you run a smarter business. .
Today's post comes from Sandy Hawke, Manager IBM Security Solutions.
I recently presented to the ISACA community on a live webinar. I focused the discussion on how to leverage automation to improve endpoint security and compliance. The archived webinar is available here. Just as a brief background, ISACA is an international professional association that focuses on all aspects of IT Governance and has over 95,000 members worldwide.
The online event drew a pretty substantial audience which is good, and yet a bit surprising in two key ways. First of all, many of the recommendations I made to the audience were not radically new concepts, but basic foundational controls that all security professionals agree are critical for achieving and maintaining solid security and demonstrable compliance. So haven't they heard this story before?
Maybe not. And that's the second observation. Most of the ISACA membership is in the IT audit/Risk Management line of business. While they're not the folks who are implementing security technologies on a daily basis (i.e. "hands at keyboards")- they are keen to understand how security is implemented, how it works, how automation can be used to facilitate audits, etc. And that's the new trend we've been witnessing. While the audit team knows what the policy controls should be, they may not know if/how these controls get enforced, maintained, monitored and reported on- essentially how security is "operationalized." The more that they know what's possible with respect to security operations and automation, the better they'll be at knowing what questions to ask IT operations during audits, what technologies to recommend, etc.
Years ago, the IT Audit/Risk Manager organization and activities were kept quite separate from the IT Operations/IT Infrastructure teams. And at the time there were pretty good reasons to keep these groups as distinct as possible- you've all heard of "keeping the fox out of the hen house" analogy, right? The IT Audit/Risk Mgmt teams could set and enforce policy and conduct assessments that wouldn't be influenced by the operations staff. Well, with the advent of converging technologies, economic trends, and the increased importance of measuring security investments and compliance program- in real time, these groups are coming together. More so than ever before.
And technologies that can foster that type of trust, cooperation, and collaboration are indispensable.
When I saw Tom Cross give a talk at Innovate 2010 in June, I was first struck with the nonchalance with which he spoke of the black market business of Internet data. I could not have been more intrigued if I were watching a movie adapted from a John Grisham novel. He seemed to have some emotional distance from what creeps most of us out about our mail. And I’m not even talking about email. I mean the good old-fashioned USPS mail. I KNOW I am not the only one who has worn out a few paper shredders thanks to Citibank, Chase, and the like.
The second thing that hijacked my thought train for more than a few moments was how network vulnerabilities are created for the explicit purpose of learning cyber criminal behavior. Like signing up for as much spam as you can. Sure it makes sense to me now. But I am still vaguely uncomfortable talking publicly about threat and attacks. It seems akin to Batman and the Joker building websites to promote their plans to outsmart the other. What was I not getting? By now I was considering slipping quietly out of the room to silence the voice in my head saying I had been foolish, very, very foolish in my confidence as a clever and vigilant consumer of Internet Things.
Realizing that I had some mental catching up to do, I stayed for the lasting impression that could keep me awake at night: just how easy it is to steal digital data. As I struggled with the impartial irony of how enormous yet simple a cat and mouse game Web App security is, visions of Tom and Jerry danced in my boggled brain.
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security.
Many enterprises run their mission critical application workloads on their mainframe systems. They would like to centralize their application security controls, security policy enforcement, data protection, auditing reporting and compliance management for a consolidated view of security. They are looking for smarter security intelligence that will help them leverage the mainframe as their enterprise security hub.
IBM Security zSecure suite V1.13 consists of multiple individual components designed to help you administer your mainframe security server, monitor for threats, enforce policy compliance, audit usage and configurations, and assist in compliance management and audit reporting.
• IBM Security zSecure Admin, Visual, and CICS Toolkit provide administrative, provisioning, and management components that can significantly reduce administration time, effort, and costs, and help improve productivity and response time, as well as help reduce training time for new administrators.
• IBM Security zSecure Audit, Alert, and Command Verifier provide security policy enforcement, audit, monitoring and compliance management components. These offerings help ease the burden of compliance audits, can improve security and incident handling, and can increase overall operational effectiveness.
New Security zSecure suite V1.13 capabilities offer enhancements for DB2, CICS, and IMS application security auditing that:
• Automates security analysis of CICS and IMS transactions and programs
• Provides automated determination of which System Authorization Facility (SAF) classes are being used by each active IBM DB2, IBM CICS, or IBM IMS subsystem
• Enhances Access Monitor and allows you to improve data consolidation
• Allows annotating userid displays with data from external human resource files such as department and employee number
• Adds globalization enhancements to support international language support and auditing
• Allows addition of your own sensitivity classification, audit concern, and priority to data set names and general resources
• Supports currency with z/OS V1R13, ACF2 R14 and R15, CICS V4R2, and Top Secret R12, R14, and R15
• Extends integration with Communications Server and provides various interface improvements
Today's post comes from Perry Swenson, Market Manager, IBM Security Solutions.
IT departments at financial services firms are under tremendous pressure to ensure servers, desktops, mobile devices and other endpoints are secure and compliant. At the same time, they’re continually looking for ways to save time and resources in areas like software licensing, patch management, asset inventory and security configuration. IBM Tivoli Endpoint Manager, built on BigFix technology, is helping these firms better understand and manage the status of their endpoints, regardless of where they’re located.
In the below video of Nate Howe, VP of Risk Management at Western Federal Credit Union talks about how Tivoli Endpoint Manager provides real-time patching for operating systems and third party applications and utilities. With over $1.4 billion in assets and 32 branches in 10 states serving more than 120,000 members nationwide, Western Federal Credit Union is one of the leading credit unions in the United States. Nate explains that they now have a single view into all aspects of the systems and security for their 400 employees, 100 servers and 2 data centers, including a better inventory of installed software. And, they can do more with fewer people, which enables them to focus less on infrastructure and more on business applications and enabling business automation.
Another customer that’s realizing benefits from Tivoli Endpoint Manager is SunTrust Banks, Inc. Based in Atlanta, SunTrust enjoys leading market positions in some of the highest growth markets in the United States and also serves clients in selected markets nationally. SunTrust has a highly distributed environment with nearly 1,800 branch locations and no local IT resources at most of those locations. Using Tivoli Endpoint Manager, SunTrust now maintains a 98.5 percent patch and update compliance rate. They’ve also decreased update and patch cycle times from 2-3 weeks to 2-3 days while increasing productivity through automation. Read the SunTrust case study here.
By enabling improved endpoint visibility and new levels of automation, Tivoli Endpoint Manager is a powerful solution to help financial services firms enhance their security and compliance.
IBM will be showcasing many of its innovative security solutions at RSA conference and hosting many keynote sessions, pedestals, demos, customer appreciation events, and more. You can find out more in the following ways:
IBM customers: Join IBM on April 21 for the exciting SC Magazine awards presentation and dinner! RSVP to Karen Krieger at email@example.com if you would like to attend.
Date: April 21, 2009
Time: 6:30 pm – 10:30 pm
Where: Hilton San Francisco, 333 O’Farrell Street
We are very excited since IBM is a finalist in several categories:
Best Security Company!
Best Enterprise Firewall: IBM Proventia Network Intrusion Prevention as Layer II Firewall
Best Identity Management Solution: IBM Tivoli Access Manager for Enterprise Single Sign-On
Best Integrated Security Solution: IBM Proventia SiteProtector
Best Vulnerability Management Solution: IBM Proventia Network Enterprise Scanner
Best Web Application Security Solution: IBM Rational AppScan
Best Security Software Development Solution: IBM Rational AppScan Developer Edition
As part of the IT security industry's leading global awards program, the SC Awards U.S. was organized to honor the professionals, companies and products that help fend off the myriad security threats confronted in today's corporate world.
SC Awards hones in on the achievements of the guys and gals in the trenches, the innovations happening in the vendor and service provider communities, and the passionate work of government, commercial and nonprofits working to help the industry.
When IBM first kicked off the Dynamic Infrastructure announcement at Pulse 2009 conference, we heard some rumblings on whether Dynamic Infrastructure was just another executive buzzword or if there was real meat behind "the concept."
Doug McClure summarized the feeling well in his blog: “While this is great for executive level folks, I think we needed to drive this message into consumable and actionable things that lower level technical attendees could take back to their companies. They may be the ones who need to execute and show how previous or planned investments could help their company become smarter and more dynamic.”
After IBM’s announcement yesterday on new Dynamic Infrastructure offerings, critics will be hard-pressed to wonder whether Dynamic Infrastructure is actionable.Not only did IBM announce new products and services in the areas of Information Infrastructure, Virtualization, Service Management, and Energy Efficiency, but they also demonstrated how these solutions are helping three of our clients--the Taiwan High Speed Rail Corporation, Tricon Geophysics and the United States Bowling Congress--build new, more dynamic infrastructures to help reduce costs, improve service and manage risk.
A key piece of the announcement is the IBM Service Management Center for Cloud Computing, which now includes new IBM Tivoli Identity and Access Assurance, IBM Tivoli Data and Application Security, and IBM Tivoli Security Management for z/OS, for Cloud environments. I don’t know about you, but all that’s more meat than this vegetarian can handle. :)
To continue driving home the Dynamic Infrastructure success, IBM is sponsoring a variety of events for the public to learn more. Register for a free, local Pulse Comes to You event to see how Service Management is a key component for enabling a DyanmicInfrastructure for a Smarter Planet.
It’s Good Friday, and it not only has been a good, but a GREAT week. Did you hear? IBM made the list of Top 50 social brands for March 2009: “The Social Radar Top 50 measures the most social brands by the number of unique topics of conversation. These brands are top of mind for consumers and bloggers today.”
If you haven’t noticed by now. IBM’s presence is growing more and more in the social media arena. Below are some of the hot topics lighting up this space this month.
Ewwww, that almost sounds as decadent as eating chocolate. If you’re into networking with SOA strategists and architects, learning about real-life examples and benefits of SOA in action, then this event is for you. Dressed in character as an Imperial Servant, an IBM virtual guide will lead a tour of Virtual Worlds and share how SOA can solve architectural challenges, adding immediate value and business flexibility.
This post is dedicated specifically to IBM Business Partners, but we encourage all security professionals to help make our world a better place to live. So read on.
If you haven’t heard by now, IBM will be talking security at the place where “the world talks security” next week—the RSA 2009 conference. On April 23, Brian Truskowski, GM of Internet Security Systems (ISS), will provide an RSA keynote on “Securing the Smarter Planet.” His talk will address how security professionals are in a key position to enable effective change to create a smarter planet as our world and systems become more instrumented, interconnected, and intelligent.
As an IBM Business Partner, you are critical to the success of using innovative security solutions to enable a smarter planet. We'd like you to join us in shaping this conversation and activity in new IBM Security social media channels on ibm.com, LinkedIn, Twitter, and YouTube.
Use this presentation to get a quick overview of these new channels and how you can help.
This week IBM kicked off the Impact conference from May 3 - 8 in Las Vegas at the Venetian Resort Hotel Casino. In addition to focusing on Smart SOA and WebSphere, themes will concentrate on Smart, Economic Climate, Cost Optimization & Agility, Cloud computing, and Service Management.
The Impact conference is using social media in some of the most creative ways I’ve seen at IBM yet! They have a cool social media game where you can earn points for participating in Twitter, blogs, videos, etc. Hmm, I wonder how many points I can earn? Check out these links to learn more:
IBM Service Management is a big theme at the conference since Smart SOA makes business processes easy to change, but those changes create the demand for a Dynamic Infrastructure to be adaptive and support those business processes. IBM Service Management anticipates how business processes shift their pressures on the infrastructure, enabling the infrastructure to adapt quickly while enabling smart choices for a smarter world.
As Robert LeBlanc said at Pulse 2008, you can have Service Management without SOA, but you can’t have SOA without Service Management. Al Zollar, IBM General Manager of Tivoli Software, will give a keynote on May 5 during the Impact general session, discussing how a smarter planet requires a dynamic infrastructure based on IBM Service Management capabilities.Expect to hear announcements on ServiceManagementCenter for Cloud Computing, ITCAM for SOA Platform, and IBM Service Management for Healthcare.
IBM Service Management has the following activities at Impact:
18 IBM Service Management experts and executives will be available for one-on-one meetings with clients.
Smart SOA Service Management in the IBMSOAFitnessCenter.
Two pedestals in the Expo:
-Service Management (ITCAM for Transactions | OMEGAMON XE for Messaging, TBSM | ITCAM for SOA Platform, TUAM, ITCAM for WebSphere)
-Security Management (TSPM/TFIM)
Service Management speaking sessions include:
TSM - Managing the Virtual Enterprise
Rob Goodling, IBM
Venetian - Murano 3305
TSM - SOA Management on IBM System z®,
Divyesh Vaidya, IBM
Venetian - Murano 3203
BIA - The Last Mile to SOA Success: Service Management,
Casey Plunkett, IBM
Venetian - Galileo 1003
BID - Transforming Your Business Through BPM - Four Primary Use-Cases ,
Janelle Hill, Gartner, Inc , Kramer Reeves, IBM
Venetian - Galileo 904
TMC - Managing your IBM WebSphere MQ and IBM WebSphere Message Broker Environment
Jim Palistrant, IBM
Venetian - Delfino 4105
TSM - Lab: Monitoring Transactions in SOA Infrastructure,
Pradeep Nambiar, IBM, Jim Palistrant, IBM
Venetian - Marcello 4403
TMC - Meet the Experts and Demo for WebSphere MQ and Message Broker management
Divyesh Vaidya, IBM
Venetian - Tech Zone – Messaging
TSM - Manage your SOA Environment with IBM Tivoli
Todd Kindsfather, IBM and Jim Palistrant, IBM
Venetian - Palazzo D
BIS - Extending SOA Principles to the Infrastructure for Greater Flexibility and Cost Effectiveness
Kristin Hansen, IBM and Bruce Otte, IBM
Venetian - Galileo 907
BIS - Creating Secure and Compliant SOA Environments
Casey Plunkett, IBM and Ravi Srinivasan, IBM
Venetian - Galileo 906
TSM - Service Automation: Key To Exploiting and Managing the Virtual Enterprise
Wait!!! you say. What 's this about new product announcements? Well, of course, that's always the big news at a conference, and this installment of RSA was no different. Welcome IBM Network Intrusion Protection System (IPS) GX7800 to the IBM Security Solutions portfolio! Designed to help enterprises meet the challenges of an increasingly sophisticated and rapidly changing threat landscape, this new offering helps organizations protect their data and infrastructure from unauthorized access and attacks, without compromising on the performance and availability of business-critical applications. Read the press release to get the scoop on IBM Network IPS GX7800.
As you can see, RSA 2011 is proving to be a great lead-in to Pulse 2011, coming to Las Vegas February 27-March 2, where IBM Security will be front and center throughout the conference. In other words, the IBM Security Solutions story is to be continued...
Signing off for now, Your friendly roving Integrated Service Management reporter
It almost goes without saying, but, hey, I'll say it anyway...Security is top of mind for everyone these days, no matter your industry, no matter the size of your organization - and even on a personal level, too. You certainly don't have to be a security manager to be concerned about security, particularly internet security.
Case in point: Which of the following internet vulnerabilities is keeping you up at night these days?
Perhaps a more precise answer would be "All of the above plus a few more."
So, how can you stay ahead of these types of threats - understanding what the most critical and recurrent vulnerabilities are and what you can do to prevent them? One excellent source of emerging information is the IBM X-Force Research and Development team. For more than a dozen years, these security specialists have tracked well over 40,000 different vulnerabilities, from Trojan horses to malware to Web spoofing, and documented them in the world's largest and most comprehensive threat database.
The IBM X-Force researches and monitors the latest internet threat trends, develops security content for IBM customers, and helps advise customers and the general public on how to respond to emerging and critical threats. Twice a year, the team releases a detailed report discussing the latest security complexities. These reports are far more than just abstract information. They are actionable intelligence, designed to lead to more comprehensive security and a better business outcome. Take a look at the latest report.
For more information about how the IBM X-Force research can help your organization (and perhaps even keep you from losing sleep worrying about security threats), check out this Service Management in Action article.
Signing off for this week,
Your friendly roving Integrated Service Management reporter