The IBM Onion of Security – It Will Make Hackers Cry! Part 1
I can still recall the watershed moment it all fell into place …
It was halfway through the prestigious three day IBM Security Top Gun training, and we had already been bombarded by so many security product names and best practices that my head was swimming. I desperately needed to make sense of why there were so many products and how they all fitted together (particularly as there were tests ahead and the esteemed Top Gun cap to win ;-)
Sat at lunch, chatting to the other students and toying with a slice of onion ring in my salad, I had my security epiphany! Protecting an enterprise’s business critical data and intellectual property (IP) was like an Onion of Security! The data and IP were at the heart of the onion, with hackers, criminals and other cyber-malcontents on the outside, trying to get through numerous layers of integrated and intelligent security.
So, what does the IBM Onion of Security look like and how does it work to protect business critical assets? Here is my own personal take on this question …
The IBM Onion of Security, is comprised of …
Perimeter Intrusion Protection
The tough skin on the outside of the Onion provides Perimeter Intrusion Protection for your enterprise. The IBM Security Network Protection appliances (and virtual appliances) provide the front line in terms of your security protection. They intercept comms traffic into and out of your enterprise, delivering industry leading network security protection including, visibility and logging of network activity, control of the actions that can be performed in web and other Apps and protection from threats (such as SQL Injection and cross-site scripting attacks). The Security Network Protection appliances are updated in real time on new risks and vulnerabilities, and communicate with the other IBM security solutions to provide complete and up to date security for your enterprise.
Identity and Access Management
The next layer delivers effective and efficient Identity and Access Management providing secure user authentication and authorisation to applications and data. Security Identity Manager and Security Access Manager work as an integrated pair to provide single sign-on, user lifecycle management, automated user-ID and password management, and support your compliance needs with audit trail collection, analysis and reporting.
After that, Application Security is covered by AppScan, which operates like an expert ethical-hacker. With the knowledge of how apps and web pages are built, as well as the most up to date information on new risks and vulnerabilities, AppScan will “sniff” your app or website to determine its characteristics, then rigorously plan and execute its attack – employing tens of thousands of tricks and techniques to test the app. AppScan can also be used as part of you cyber governance, scanning for compliance against a comprehensive list of industry regulations such as PCI, SoX and Hippa.
The next layer, Infrastructure Security, ensures that all parts of the Onion (and your diverse and complex IT estate) are identified and provided with the most up to date security protection, such as security patches and fixes, installed and working. IBM’s Rigorous endpoint management ensures that there are no vulnerabilities or holes in the security posture of all of the components within your IT estate; BigFix and MaaS360 manage all aspects of your traditional and mobile endpoints respectively.
The final layer of Data Security is delivered by Guardium, which acts like a protective shell that safeguards your data, monitoring who is accessing the information and for what purpose, and preventing and reporting any suspect activity. Guardium can also be used to encrypt your data (a typical compliance requirement) so that in the unlikely event that any data is accessed by an unauthorised 3rd party, it is useless to them.
Lastly, nurturing and orchestrating the activity of the Onion and its layers, and giving it its smarts (what? Can’t an onion be clever?) are some very valuable security requirements: Security Information and Event Management (SIEM), Malware Protection and updates on the very latest IT security risks and vulnerabilities. These are provided respectively by QRadar, Trusteer Apex, and by the IBM X-Force team of elite ethical-hackers.
Hopefully, sharing my epiphany about the IBM Onion of Security has helped you understand what the IBM Security solutions can do for the customer and how they all fit together into an integrated and complete security solution.
In Part 2 of this Blog I explain in detail the tangible benefits the IBM security solutions can deliver.
This post was written as part of the Arrow TESA Community. John Watkins is an Arrow Technical Account Manager within the IBM team.
Arrow Bandwidth Episode 6 - Security 101: What are the threats of today?
This week we're shedding light on the deep, dark world of IT security, David is joined by joined by Lorcan Murphy, Pre-Sales Manager and Alex Tijhuis, Technical Architect.
Arrow Bandwidth Special - Infosec 2016
Arrow Bandwidth is live from Infosec 2016, with a huge number of guests dropping by the roaming studio!
Arrow Bandwidth Episode 7 - Security Solutions, Getting to 99%
This week we continue our voyage into the dark world of IT Security to look at practical solutions. Where should I start with security? We talk you through the process.