This post is written by Anne Lescher, Product Marketing Manager with IBM Security Solutions.
It seems like everyone is rushing to keep up with the latest IT innovations supporting our business operations. There is pressure to implement hot new state-of-the-art technologies supporting BYOD (Bring Your Own Device), cloud computing, mobile applications, social media, and data analytics all while allowing access to business partners, vendors and customers on the internet. But these technologies can introduce a new set of threats and risks to your business environment.
Is the mainframe the perfect platform on which to implement these new technologies?
Many businesses overlook the potential of the mainframe as a flexible secure foundation for these new applications. They forget the advantages that originally drew them to the mainframe such as security, data protection, system integrity, privacy, auditability, availability, business recovery, scalability, performance and more. They forget that the mainframe can provide a strong security platform to build on that integrates hardware encryption, system architecture, operating system design, security software and secure middleware to protect applications and data.
In a recent Forrest survey commissioned by IBM, security leaders across North American and Western Europe were questioned about their company's information security preferences. The results of that survey remind us of the strengths that keep major Fortune 1000 companies running their production systems and data warehouses on the mainframe. Here are some sample findings from the Forrester survey:
97% percent of executives surveyed said that information security is highly critical to their company's ability to compete in their market or industry
91% percent of executives surveyed said that their company's brand could be harmed if client and partner data was not handled securely
88% percent of respondents felt that regulatory authorities are increasing the information security requirements for these companies' applications and infrastructure
65% percent of executives surveyed agreed that they have too many point security solutions
More than 90% of those surveyed and interviewed for this research felt that using a platform that has security natively designed into its architecture made the most sense
87% percent of research participants recognized the mainframe as their most available, scalable, and secure platform.
The survey includes customer concerns on regulatory compliance, increased complexity in security management, essential characteristics and features of security platforms, and additional results we think you will find interesting. Especially the conclusion that:
"The Modern Mainframe Shines As A Secure Application Platform"
Post byVikash Abraham, Product Marketing Manager for IBM Security Solutions
What Zen, Ancient Wisdom and Infrastructure Security Have in Common
Ancient wisdom continues to amaze me, and this struck me: Isn't there a strong correlation between ancient philosophies and infrastructure security? This blog post does not look at measuring the superiority of any one school of thought, but explores possible learnings that can be implemented in a security environment.
From a philosophical perspective, for simplicity, let's consider two parts of spiritual practices: one that looks at external activities, and the other at internal introspection.
Recognizing patters from external activities
The looking-outward practice focuses on external deeds that should be restricted or practiced, categorizing them as 'bad' or 'good' for your spiritual journey. For example: giving in to anger and greed are categorized as bad, while patience and generosity are categorized as good. What is bad has been recognized through previous experiences, as it could lead to attacking a human weakness that could hinder enlightenment. Now let's draw a parallel with security. The bad activity can be an 'exploit', which can attack a system and lead to it being compromised. Over a period of time, security experts have recognized patterns of typical exploits and are able to identify the exploit by its characteristics, hence preventing it from compromising IT infrastructure. This is the 'signature based' approach to protecting IT infrastructure.
Awareness of self to help secure vulnerabilities
Zen propagates the need for self-awareness. This deep internal understanding of the true self is considered as the first step to awakening. From a security perspective, we look at our existing IT infrastructure to be totally aware of its vulnerabilities. Once we understand the vulnerability, we shield it, hence the exploit's form is not of prime importance. We are not patterning the external attack, but our total awareness of self is helping us secure our own vulnerabilities. This synchronizes with IBM's approach to infrastructure security. IBM's network, host and virtual intrusion prevention solutions use a technology called virtual patching to shield - vulnerabilities within the infrastructure, hence known or unknown attacks trying to exploit this vulnerability are decapitated and the system is secure.
Zen suggests multiple tools to achieve self-awareness: examples include Zazen (just sitting), Koan (Short stories) and Kinhin (walking meditation). IBM's X Force team uses its research and various information sources as tools to create the largest database of vulnerabilities present in general IT environments. The knowledge of vulnerabilities is then transferred as virtual patches to the individual IPS agents that sit at the client's datacenters, hence creating a protection shield.
Having a mirror that reflects gaps
However, like individuals, each IT environment is different, with its own customized applications and products, which again opens up a new world of vulnerabilities. Zen emphasizes the importance of having a master, whose role is to be a mirror that reflects gaps that can hinder his pupil's awakening. IBM provides this through tight integration between its IPS solutions and Application Scanning product. The AppScan product carries out both Dynamic and Static testing of various applications in the client environment, identifies vulnerabilities and feeds it back to IPS solutions. Virtual patches can then be created for these vulnerabilities, completely securing the entire IT infrastructure.
In addition to the above approach, IBM NIPS can also import SNORT signatures, to leverage signature based approach to identify exploits. Truly the best of all wisdom brought together to achieve a totally secure IT infrastructure.
By Nilesh Patel
IBM Security Specialist Identity and Access Management and Security Intelligence
A few weeks ago I was playing a car racing game with some remote friends on our game console over the Internet connection, and we were all really enjoying the game. At one point, I was about to cross the finish line to win that all decisive last race, when the game console network connection was lost. Our home Internet connection was still up and running, so I contacted the help desk of the game console provider. I was very upset when I learned that the network had been compromised on their side, and was shut down as a precaution.
Being a technical person, a few unanswered questions were popping up in my head, including:
Who compromised the network?
What was the reason behind the network shutdown?
Has any of my personal subscription data fallen into the wrong hands?
Can this happen again?
After a few days I read some news on my iPad regarding the network shutdown at the game solution provider. It was acknowledged that the shutdown was a direct response to stop an ongoing breach inside the provider's network, and that it potentially initiated from the workstation of one of their system administrators. Attackers had infiltrated the network by introducing malware through a fishing email. From my understanding prevention is better than a cure, but where have been the prevention controls, and was shutting down the network really a solution? This incident severely affected the provider's business. At the time of the outage the customers couldn't buy any new games or play online for a prolonged period of time. But the more serious impact became apparent weeks later when business did not return to normal due to a loss in confidence about the ability to keep customers' data safe and secure.
A variety of security controls can potentially help organizations mitigate this kind of risk rather than shutting down the whole network.
Intrusion Detection System
Intrusion Prevention System
Most of these security controls are deployed and correctly configured at almost every organization today, but still these controls alone are NOT able to protect you from the bad guys. As a security specialist, I always emphasize the facts that although the security experts are becoming smarter day by day, so are the bad guys. But it's not all about being smart - another difference you can notice in the attack patterns today is the shift from a "target of opportunity" towards a "target of choice", where the bad guys are continuously, and even more important, patiently planning and executing advanced persistent threats (APTs).
All of the individual security controls that I mentioned above are very good at what they are supposed to do. But if attackers manage to take over the identity of legitimate privileged users, these tools cannot help in understanding the bigger contextualized picture of an advanced persistent threat.
The individual security controls are producing far too much "noise" for any human (or superhuman) administrator to simply see patterns for those APTs. It is time that organizations go about making sense of the security data collection jungle using security intelligence systems, just as they are already employing the help of business intelligence systems to improve their business processes and, ultimately, their revenue streams.
Organizations need to collect security data generated from distributed security controls, like network devices, servers, and applications, to gain complete visibility of their IT infrastructure. In the next step they need to apply specially tuned security analytic algorithms to gain insight into the collected data from an overall security and behavioral perspective.
How are you making sense of all the collected security control data records in your organization? Are you already employing a security intelligence solution? If not, this IBM Redguide may be an excellent start to understand the foundation that can help you battle the advanced persistent threats that are out there.
As part of its efforts to fuel global innovation, IBM regularly opens its lab doors to people from business and academia so they can work directly with our researchers to fine-tune their skills and help develop solutions for solving key local and global challenges - like traffic, healthcare, energy, water and e-government.
Today, there is a greater understanding of cyber security risks and challenges than ever before because it is hard to go even a single day without reading a story about an organization that has been breached. For many people the challenges around internet and computer security are also ones that hit close to home as identity theft and credit card fraud can seem almost commonplace.
Threats have made the transition to the digital world because it is simply a better means of accessing an end. Organized crime, sabotage, espionage, terrorism, civil disobedience and the theft of intellectual property are all issues that have moved from the physical world to the digital one because our investment in the internet has made these cyber attacks on people, networks and systems both possible and effective.
This trend is only going to continue because the unfortunate reality is that for attackers it is almost always preferable to be in front of a computer than physically at the scene of an incident.
The increasing sophistication of attacks
The two decades of the commercial internet can really be broken up into two decades of security threats. Much of the attack activity we saw during the early days of the internet was without focus, it was opportunistic and there was very little specific targeting of systems, organizations and individuals.
As a result, the security technology most companies deployed only needed to be as good or better than one's peers. If the attack is opportunistic, your organization needed to be a slightly more difficult opportunity.
Today, all that has changed and the data and systems we have now exposed to the internet have produced new opportunities for illegal and criminal activity, and that opportunity has produced an associated class of attackers that are well-funded, motivated and often times very innovative. They conduct reconnaissance, are more operationally proficient, frequently use custom, never before seen malware and will often do whatever they can to mask and hide their activity.
To warrant this type of effort, the types of data they target is also the data the organizations frequently consider to be most critical.
Essential to detecting and defending against sophisticated threats in both the physical and digital world is intelligence. If an attacker isn't going to merely give up if their first, second or thirtieth attack gets blocked, we have to adopt strategies designed to assemble a more complete picture of the threat.
The role of security analytics and intelligence
This is where we are seeing the convergence of internet and computer security with the big data and analytics space. The reality is that most organizations have an incredible amount of data relevant to security. They have data about threats on the internet, users and where they are going, about system configurations, about attack activity constantly peppering firewalls and intrusion prevention systems, about applications and their security vulnerabilities, about who is accessing what data, and then where that data is going.
Each of the actions an attacker takes as they move within an organization produces small, digital footprints and these footprints are the pieces of data that security teams are trying to do identify and combine to better understand the attack.
We work with some organizations that see over two billion security events every day and while you might believe such a number makes managing security impossible, the irony is that the more data we collect, the fewer incidents that actually require investigation. The more we understand about what is normal and what is not normal within an environment, the more clarity we have and the better we can identify deviations and incidents that require priority investigation and response.
Today it isn't good enough to merely block an attack, we are trying to understand as much as possible about who is attacking us, what tactics they are using and then developing a real understanding of what they are after and how to stop them before they get there.
Building for the future- new insights from big data
For many of the most advanced and forward looking organizations, the next step will be combing security data with other sets of data that had never previously been considered relevant, things like business process data and baselines around normal financial transaction behavior. If today's attackers are after the most critical data and systems, it means security intelligence will need to evolve to include a more complete understanding of the business and the processes within it.
If the attackers are going to continue to become more sophisticated and if the volume and variety of relevant security data is going to continue to explode, there are two essential questions organizations need to be asking themselves.
First, am I designing a strategy that welcomes and embraces more data from every relevant source imaginable?
Second, if the keys to detecting and defending against the threats of the future will be understanding and connecting data, am I building a new set of security skills within my organization that will position me for success not just today, but five years from now?
For more information from around IBM and the security world more generally, please feel free to follow me on Twitter: @BryanCasey_
Like everything you know now, like you've never seen before.
Children will learn…from classrooms on their phone.
Travelers will still check into flights - with neither paper nor people.
You'll hail a cab - from a company with no cabs.
In a concluding general session that stretched back to Antiquity before leaping into the future, attendees of Impact 2013 saw their skills acknowledged, their curiosity encouraged, their achievements applauded.
It was a lot to take in.
Getting things started was a dapper Jerry Cuomo, IBM Fellow and WebSphere CTO, who applauded the work and achievements of IBM Champions - those IBM clients and partners who make the most innovative uses of IBM software and solutions in the service of their organizations. Panning the thousands of assembled attendees with his iPhone, Cuomo joked, "I'm recording this for my daughters so they can see all the people paying their tuition."
Following the acknowledgement was a charming - and sometimes amusing - video tribute. Not only did it showcase the scope of Champions' accomplishments, it gave them a chance to reveal something of themselves as well. Melvin Greer of Lockheed Martin - who later took the stage as the first Champion to helm the Impact main stage - is a scuba diver. John Capriotti of TBC Corporation is an urban chicken farmer.
From chickens and scuba diving Cuomo adroitly guided the conversation back to Systems of Interaction and the opportunities they present to organizations to reinvent their processes. "Interactions are transforming all industries and mobile is the driving force," he observed. "Mobile is reinventing every day life. It's allowing us to reinvent mundane business processes to make them amazing."
How so? To those mundane processes, Cuomo said, mobility adds dimensions such as time, velocity, location, direction, acceleration and others. The accumulation of data from these details, the myriad ways they interact and their availability in the cloud yields developers, business analysts and IT additional context.
New opportunities to innovate on familiar activities.
Take hailing a cab, for example. Cuomo showed how a four-stage System of Interaction - Detect, Enrich, Perceive, Act - can improve the experience the passenger and the business outcome for the driver. In this example, Gerry Cuomo owns the GC Cab Company, yet he owns no cabs. What he has instead is a network of cabs enabled with a mobile app.
Here's how it works:
Detect opportunities to engage: a passenger uses the GC Cab Finder app to hail a cab. The app selects the closest taxi based on the passenger's location, which is fed by the app's geo location feature. Taxi assigned, the in-cab app pings Google Maps to generate the quickest route to the passenger (the app has been built using the geo-location triggers in IBM Worklight).
Enrich the interaction of historical content: now en route, the app automatically creates a geo-fence around the passenger's destination. The geo-fence will trigger a mobile payment once the passenger arrives, a capability enabled in part by IBM Oauth support.
Perceive "in the now" context: it's rush hour, and the demand for cabs is rising. Other cabbies in the GC Cabs network know this because the of the glowing and growing red dots on their displays that show them who's been waiting the longest and their location. The quick response - driven by business rules - leaves more time for additional fares.
Act on insights to enable positive outcomes: GC Cabs is an analytically driven company. Using insights from IBM Tealeaf, he can analyze passenger travel history, patterns, satisfaction levels and more. From these insights he has more data about his passengers that he can use to tailor the ride to each passenger.
An everyday activity, like you've never experienced it before.
Transformations on a global scale were next on the agenda, as Cuomo ceded the stage to Doug Schmidt, Chief Enterprise Architect at publishing and educational company Pearson PLC.
With a nod to the day's theme of "Technology In Motion," Schmidt illustrated the increasingly rapid adoption of new technologies around the world: whereas it took 30 years for Americans to embrace radio, it took a mere 18 to embrace TV and only seven to adopt the Web. He also pointed out the concurrent trends in global demographics: another billion people on the planet in the next 20 years, a middle class rising from one to three billion, yet millions still living on less than $2 a day; millions of children not in school.
"Pearson's history goes back more than 300 years. We understand the pace of change. Global education is a once-in-a-lifetime opportunity."
Schmidt then explained how by putting technology in motion - including SOA and WebSphere - Pearson is working to improve people's lives through learning by making education more accessible, affordable, effective and open:
Accessible: the rise of mobility in developing countries means children can learn wherever they are. Next-generation education learning is modern, interactive and social, said Schmidt. Now, a child's education can be provisioned, paid for and delivered entirely through a mobile device.
Affordable: the precipitous drop in the cost of mobile devices and the infinite scalability of the cloud have driven down costs to the point where a child can learn for pennies a day - as is currently happening for students in Uganda and India.
Effective: the pairing of cloud and mobile present new opportunities to analyze and assess childrens' learning for individual students and in the aggregate. It also lets educators apply new algorithms to drive increased student engagement. "Measuring educational effectiveness is essentially a big data problem."
Open: Pearson shares its content to build strong partnerships among educators, students, administrators and developers. A cloud-based exchange and open APIs mean any party can contribute, adopt, adapt or deploy new modules and materials. Such "content without borders," as Schmidt called it, can serve as a "catalyst for education."
Catalysts of a different sort took the stage in the session's final segment - a conversation between tech publisher (and Classics scholar) Tim O'Reilly and IBM Fellow, publisher and innovator Grady Booch. In a lively and relaxed chat, the two titans of technology traded anecdotes and observations about the people and ideas that inspired them and the role of hackers throughout history. Both found common ground in prototypical hacker Archimedes, whose discoveries continue to influence and guide our world.
"Studying Greek and Latin taught me to recognize patterns," said O'Reilly. "As a technologist, I discovered I had incredible power," replied Booch. "I had a long lever I could use to change the world."
Software is the invisible thread running through so many products that we use today; It's what animates them, gives them their purpose, and acts as the "brains" to make them smarter.
You have a car that can talk to a mechanic, to signal the fact that it needs a repair; you have store shelves that can talk to a supply chain when they're running low on inventory of a certain product; you have meters that can talk to utilities about the ebb and flow of electricity; you have entire cities becoming systems of connected networks of that gather information to form a complete picture about traffic, water, energy and buildings in the blink of an eye.
And getting things right is increasingly tied to how well everything talks and interacts. If these different technologies don't work together and communicate, the anticipated benefit is lost.
Data is flowing like mighty rivers from all of these connected devices and machines. This requires a heavy dose of analytics software to quickly make sense of all the data and put it to immediate use, and the power of the cloud, which makes it easy to access and share.
The good news is there's now new messaging software that makes it easy for every device on the network to communicate and share information instantly with wider range of systems and devices. This way, all the information the devices produce can be quickly analyzed and acted upon -- leading to better decisions and steps to a smarter, connected world.