Archive for the ‘IBM’ Category
Posted by Xavier Ashe on October 7, 2008
IBM Tivoli Security Operations Manager 4.1 – Fundamentals
Course description
In this 4-hour Web-based training course, you will use IBM Tivoli Security Operations Manager 4.1 to learn its fundamentals and operator tasks.
Objectives
After completing this course, you should be able to:
- Install and configure IBM Tivoli Security Operations Manager 4.1
- Configure and collect events from sensors
Course outline
- Introduction
- Installation
- Administration
- Investigating Events
- Correlating Events
Who will benefit from this course
This course is intended for implementers and administrators who need to correlate security events.
Required skills/knowledge
- Intrusion detection: Understand the basic concepts of intrusion detection
- TCP/IP: Understand IP addresses, networks, and ports
Recommended courses
Click here for order information.
Posted in IBM, Security, TSOM | Leave a Comment »
Posted by Xavier Ashe on October 2, 2008
IBM is targeting retail security with a package of software and services designed to prevent physical loss of merchandise, protect against electronic threats and comply with credit card industry regulations.
SecureStore, announced Wednesday, combines surveillance and RFID systems with software that protects online and in-store transactions, as well as software that protects databases and applications from network-based threats, IBM said. While SecureStore mainly consists of pre-released products from IBM divisions such as Internet Security Systems (ISS), Tivoli and Rational, Big Blue’s Val Rahmani says it is unique in that it brings together products from various parts of IBM to address one industry segment, and re-architects the products so they fit together and are optimized for retail.
Read the full article on Network World.
Posted in IBM, ISS, Security, TSOM | Leave a Comment »
Posted by Xavier Ashe on September 29, 2008
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on September 5, 2008
Network and resource availability is critical to business and service assurance. But enterprises, federal agencies, and service providers can lose millions of dollars per year as a result of worms and other types of malware that bring down corporate resources and customer-facing services. That is why information security is one of the top concerns of every CIO in any organization. To maximize resource and service availability and protect customer information, today’s information security teams must be able to:
- Quickly recognize and handle security incidents.
- Enforce security policies.
- Support audit and compliance initiatives.
The problem is that each of these activities involves security data that resides throughout the organization. Enterprises and service providers need to be able to access and quickly analyze this time disparate data quickly and efficiently. In today’s complex, multi vendor environments that means leveraging an automated, integrated solution. In response to these challenges, IBM Tivoli Security Operations Manager, a security information and event management (SIEM) platform is designed to improve the effectiveness, efficiency and visibility of security operations and information risk management.
This IBM Redbooks publication helps you design/create a solution using Tivoli Security Operations Manager to centralize and store security data from throughout the technology infrastructure so that you can:
- Automate log aggregation, correlation and analysis.
- Recognize, investigate and respond to incidents automatically.
- Streamline incident tracking and handling.
- Enable monitoring and enforcement of policy.
- Provide comprehensive reporting for compliance efforts.
This book is a valuable resource for security officers, administrators and architects who wish to understand and implement a Security Event and Information Management system.
Download the new IBM Redbook: Deployment Guide Series: IBM Tivoli Security Operations Manager 4.1
Posted in IBM, TSOM | Leave a Comment »
Posted by Xavier Ashe on September 4, 2008
IBM (NYSE: IBM) on Tuesday introduced a blade server that supports CloudShield Technologies’ software for real-time analysis of network traffic to prevent viruses and denial of service attacks.
“The IBM BladeCenter PN41 enables service providers to manage their network, security and telecommunications technology on a integrated platform,” Jim Pertzborn, VP of telecommunications industry solutions for IBM Systems Group, said in a statement. “This integration can help service providers meet their customers’ evolving requirements for data, voice and video services.”The new blade and software support are key components of IBM’s hardware, software and services framework for service providers. The package also includes IBM’s intrusion prevention technology and Tivoli Security Operations Manager.
Read the full article on InformationWeek. I first heard about this project about 2 years ago when I was helping develop solutions for the Telecom group at IBM. It’s taken a lot of work to get this packaged together and I am glad to see it finally hit the streets. Other sites that have picked this up:
Posted in IBM, ISS, Security, TSOM | Leave a Comment »
Posted by Xavier Ashe on August 12, 2008
This IBM Redbooks publication is a study guide for IBM Tivoli Compliance Insight Manager Version 8.5 and is meant for those who want to achieve IBM Certifications for this specific product.
The IBM Tivoli Compliance Insight Manager Certification, offered through the Professional Certification Program from IBM, is designed to validate the skills required of technical professionals who work in the implementation of the IBM Tivoli Compliance Insight Manager Version 8.5 product.
This book provides a combination of theory and practical experience needed for a general understanding of the subject matter. It also provides sample questions that will help in the evaluation of personal progress and provide familiarity with the types of questions that will be encountered in the exam.
This publication does not replace practical experience, nor is it designed to be a stand-alone guide for any subject. Instead, it is an effective tool which, when combined with education activities and experience, can be a very useful preparation guide for the exam.
Planned Publish Date: 30 September 2008
Download the Redbook here.
Posted in IBM, Security, TCIM | 1 Comment »
Posted by Xavier Ashe on June 13, 2008
Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company’s sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming.
The IBM Tivoli zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning and management components can significantly reduce administration, contributing to improved productivity, faster response time and reduced training time needed for new administrators.
This book is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.
Table of Contents
Part 1. Architecture and design
- Chapter 1. Business context
- Chapter 2. Tivoli zSecure component structure
- Chapter 3. zSecure Admin
- Chapter 4. zSecure Alert
- Chapter 5. zSecure Audit
- Chapter 6. zSecure Visual
- Chapter 7. zSecure Command Verifier
- Chapter 8. z/OS compliance enablers
- Chapter 9. zSecure CICS Toolkit
- Chapter 10. Planning for deployment
Part 2. Customer scenario
- Chapter 11. Delft Transport Authority
- Chapter 12. Project requirements and design
- Chapter 13. Implementation phase I
- Chapter 14. Implementation phase II
- Chapter 15. Implementation phase III
Part 3. Appendixes
- Appendix A. Troubleshooting
- Appendix B. An introduction to CARLa
- Appendix C. User roles for zSecure Visual
- Appendix D. A look at the Consul/Tivoli transformation
Download the PDF here.
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on June 6, 2008
Threats come from a unique variety of sources. Insider threats, as well as malicious hackers are not only difficult to detect and prevent, but many times they have been using resources without the business even aware they are there.
This IBM Redbook deliverable describes the various threats and how to prevent them through a distributed array of protection technologies and services. We take a closer look at preemptive security that is designed to stop Internet threats before they can impact networks. We also explore technologies that can help complement threat mitigation techniques such as identity management solutions as well as network mapping tools and behavior techniques.
This book is a valuable resource for senior officers, architects as well as C level executives who want to understand and implement enterprise security following architectural guidelines.
Table of Contents
Part 1. Terminology and infrastructure
- Chapter 1. Business context
- Chapter 2. Common security architecture and network models
- Chapter 3. IT threat mitigation concept.
Part 2. Threat mitigation components
- Chapter 4. Security intelligence and research
- Chapter 5. Centralized Management
- Chapter 6. Network intrusions and anomalies
- Chapter 7. Vulnerability management
- Chapter 8. E-mail, instant messaging and Web content security
- Chapter 9. Host security solutions
- Chapter 10. Managed Security Services
Part 3. Business scenarios
- Chapter 11. Threat mitigation deployment guide
- Chapter 12. Business scenarios
Part 4. Appendixes
- Appendix A. Method for Architecting Secure Solutions
- Appendix B. Base technologies
Download the Redbook here.
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on May 29, 2008
This IBM® Redpaper takes a close look at the enterprise IT network perimeter, which has been diluted from a well defined set of ingress and egress points to a mesh of undetectable flows from devices capable of accessing and penetrating corporate resources. The time of keeping the bad guys out by attempting to build a well defined wall is definitely over. Buisnesses and organizations require collaboration with internal and external business partners, customers, and employees, which further removes walls and protective barriers.
In this Redpaper, we discuss how the variety of end-points that were once considered to be inside have now become the perimeter itself. With this idea in mind, we investigate how you can build a strong security solution in order to protect your valuable assets that are accessible through the IT infrastructure.
The target audience for this IBM Redpaper are IT architects, IT specialists, and security administrators.
Download the draft Redpaper here. This IBM Redpaper I was not involved in, but looks to be a good doc. Check it out.
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on February 26, 2008
The nuts and bolts of an information risk management (IRM)
framework are best put in place long before you install the technology.
But it's never too late to mitigate business risk by working out the
mechanics of functions, requirements and controls. Discover and report
on the right priorities, and you can construct a framework for making
well-informed decisions.
Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:
 |
 |
|
Defining domains for your IRM framework |
|
|
Three questions to ask when assessing the criticality of IRM requirements |
|
|
Overcoming two significant challenges in defining security metrics programs |
|
|
Converging physical and logical security through process collaboration |
Kark is a principal analyst at Forrester Research. His research focuses
on information risk management strategy, governance, best practices,
measurement and reporting.
This expert advice is part of a continuing series on
IBM best practices for IT security management. IBM security services
and solutions such as Tivoli®, Internet Security Systems™, and
Rational® enable customers to better manage their infrastructure,
operations and IT processes.
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on February 19, 2008
Great interview with Kristin Lovejoy, the director of IBM Governance and Risk Management Strategy over at Information Security Magazine.
When Consul was acquired, how difficult was the technology integration?Kristin
Lovejoy: There was a good bit of integration work that had to occur.
Most of it was around assuring that the product offering met the
scalability requirements that had to be defined by IBM. IBM's
acquisition of the technology undergoes a blue-washing process. The
blue washing process assures that the technology sold to IBM customers
are not packaged with any kind of code that is not documented—no open
source components. Also the database infrastructure had to be reworked
and released for DB2.
You've been viewed as a leader in driving the implementation of
auditing as a required step in identity and access management. Talk
about the importance of auditing.
Lovejoy: Of course it was
Sarbanes Oxley where the concept was initiated. Section 404 required
organizations to not only look at their business controls but also
their IT controls. It points to a requirement that organizations adopt
a control framework within the finance, accounting organization, making
sure there's no conflict of interest. Sarbanes Oxley made people say
trust is ok but now I have to verify. We saw a lot of companies want to
be able to monitor privileged users such as database administrators and
developers. They wanted to ensure that those that were working in the
preproduction environment were only working in the preproduction
environment.
In addition to Sarbanes Oxley, there have been over time lots
of requirements like PCI DSS and HIPPA that requires you to do audit
logging. These requirements, which always said you need to maintain the
logs, are now beginning to indicate that it's not simply collecting
logs, but you also have to be able to review the activity in logs and
identify areas potentially anomalous activity.
Read More.
Posted in IBM, Security | Leave a Comment »
Posted by Xavier Ashe on February 19, 2008
In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure.
The Tivoli Compliance Insight Manager v8.0 solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting.
We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario.
This is the second IBM Redbook covering IBM Tivoli Compliance Insight Manager – the first book being the Compliance Management Design Guide with IBM Tivoli Compliance Insight Manager, SG24-7530.
This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.
Download the Deployment Guide Series: IBM Tivoli Compliance Insight Manager
Publish Date: February 15, 2008 ISBN Number: 0738485705
Posted in IBM, Personal Note, Security | Leave a Comment »
Posted by Xavier Ashe on February 5, 2008
Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance. Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources. Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.
IBM offers two SIEM complementary capabilities for the security information and events:
- A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
- An information analysis dashboard to assess how well an organization adheres to its security and governance policies
IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products: IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.
Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements. As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures. TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.
Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives. Integration between TSOM and TCIM can provide additional unique capabilities:
- Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting. This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
- Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.
The integration described in this document provides the foundation to accomplish these two general use cases. It describes the specific of configuring TSOM to send events to TCIM.
Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide
Posted in IBM, Security | 3 Comments »
Posted by Xavier Ashe on January 29, 2008
This product offering is the next evolution of what I've been doing at IBM. Finally, a public announcement!!
IBM Tivoli Security Information and Event Manager V1.0 helps IT security organizations obtain valuable security insights that your organization can act on, by:
* Facilitating compliance by using centralized dashboard and reporting capabilities.
* Helping to protect intellectual property and privacy by auditing the behavior of all users — privileged and nonprivileged.
* Managing security operations effectively and efficiently with centralized security event correlation, prioritization, investigation, and response.
IBM Tivoli Security Information and Event Manager V1.0 offers:
* Integration and exchange of events between IBM Tivoli Security Operations Manager and IBM Tivoli Compliance Insight Manager correlation engines.
* New endpoint pricing for both security incident and audit log collection.
Security information and event management (SIEM) is a primary concern of CIOs and CSOs in many enterprises and organizations. There is a need to centralize security-relevant events and analyze the consolidated data to obtain valuable security and compliance insights.
IBM offers two complementary perspectives on SIEM:
* A real-time, network event-oriented management dashboard that facilitates attack recognition and security incident management.
* An information analysis dashboard to monitor how well an organization adheres to its security and governance policies.
IBM Tivoli® Security Information and Event Manager V1.0 is comprised of two products that work closely together to help realize the full promise of enterprise SIEM: IBM Tivoli Security Operations Manager V4.1 and IBM Tivoli Compliance Insight Manager V8.5. Now you can centralize log collection and event correlation across the enterprise, and can leverage an advanced compliance dashboard and regulatory compliant reports to link security events and user behavior to corporate policies.
Tivoli Security Information and Event Manager V1.0 delivers a foundation from which to address your SIEM requirements — now and into the future. As a result, IT organizations can lower their exposure to security breaches; control the costs of collecting, analyzing, and reporting on compliance related events; and manage the complexity of heterogeneous technologies and infrastructures. IBM Tivoli Security Information and Event Manager offers end-to-end capabilities including:
* Security compliance dashboard.
* Security operations dashboard for security incident management.
* Real-time log aggregation, correlation, and analysis of security incidents.
* IT operations integration.
o Recognize, investigate, and respond to security incidents automatically.
o Streamline incident tracking, handling, and resolution.
* Mainframe, operating system, application, and database audit analysis.
* Privileged user monitoring and auditing (PUMA).
* Log management reporting.
Posted in IBM, Security | Leave a Comment »
