The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for the ‘ISS’ Category

Moving On and adding some Bits

Posted by Xavier Ashe on January 11, 2013

As of February 1st, I will be leaving IBM.   It’s been a great 7 years.   I never thought I could enjoy working for a large company, or working so long in the same position.   Man was I wrong.   IBM really has some great people, and I had the best quality of life during my tenure.   Even though I was in the same position, life was rarely dull with constant acquisitions (nearly one per year that affected me!).   I started off working with NeuSecure/TSOM, then TDI, then TCIM, then TSIEM, then AppScan, then Proventia and SiteProtector, then BigFix/TEM, and finally QRadar.   That’s a busy seven years!

Well, what’s next?  I have accepted a position at Bit9 as a client partner. I am excited about this on several fronts.   One, I think the technology is amazing.   I’ve never been a big supporter of virus scan products.   They just never seem to offer adequate protection.   Bit9′s approach is to whitelist the good stuff as opposed to trying to find all the bad stuff.   I really think this is a better way to secure endpoints.   I’ll be posting more on my security philosophy soon.

Secondly, I’m excited to be moving to a small company.   Not only is moving to a start-up* exciting, the people there are too.   Everyone I’ve talked to so far seems to be on the same page as me when it comes to security philosophy, business philosophy, and look to be very fun to work with.   I was lucky to find a good crew at IBM, and it looks like my luck continues at Bit9.

Also the client partner role looks to be very fulfilling.   When I look back on my time at IBM, I really enjoyed the time that I could form long-term relationships with my customers.   That’s also where I found the greatest success.   This position looks to mix engagement management, relationship management, and technical account management. I’m also planning on doing some evangelist work too.

I am so excited to get started at Bit9 in February.   I will have to spend some time deprogramming myself as an IBMer, but I think this is a good move with a good company with a great product.

* Bit9′s been around for about 7 years and can hardly be called a start-up anymore.   But every company seems like start-up when coming from IBM.

Posted in Bit9, ISS, Personal Note | 4 Comments »

Videos about IBM XGS 5000, NextGen IPS

Posted by Xavier Ashe on October 8, 2012

It’s been interesting to watch the firewall and IPS space over the years.  First we had firewall vendors adding IPS features.  Then we had IPS vendors adding firewalls features.  Personally, I’ve always thought it made sense to use an IPS with firewall features because I’ve never seen a firewall with an IPS worth using.  Now application aware firewalls have proven useful, it’s time for IPS vendors to add more application awareness.  Hey look, I work for an IPS vendor 😉

IBM’s Security Network Protection XGS 5000 is a next generation intrusion prevention system, adding tons of features to IPS like web content, application and application action control, protocol analysis based intrusion prevention, URL filtering, Injection Logic Protection, Shell Code Heuristics, and virtual patch.

Marketing bullet points:

  • Help stop threats from compromising unpatched vulnerabilities without sacrificing high-speed network performance.
  • Help protect networks, servers, desktops, and business critical applications from malicious threats.
  • Conserve network bandwidth and provide insight into what users are doing on the corporate network. It helps control user bandwidth consumption by limiting or eliminating access to nonbusiness critical applications.
  • Help enforce compliance and internal corporate usage of nonbusiness critical applications such as social networking, peer to peer file transfers, instant messaging traffic, and streaming media.
  • Provide an extensible security platform that can grow as threats evolve, help consolidate network protection technologies, and help reduce the cost of deploying and managing point solutions.

You can get lots of print literature here, but who wants to read when you can watch videos on YouTube.

IBM Security NextGen IPS Use Case Videos

IBM Security NextGen IPS How to Videos

Posted in IBM, ISS, Security | Tagged: , , , | Leave a Comment »

Introducing the updated IBM Security Framework.

Posted by Xavier Ashe on January 16, 2012

The Updated IBM Security Framework

The Updated IBM Security Framework

How does an IBMer describe how IBM covers security?  How can you map the product offerings we have to various security domains in frameworks like CoBIT, ISO, etc.?  Whats a good way to learn all the products in our portfolio?  The answer in the IBM Security Framework.  First used in 2008. it’s been modified to evolve with IBM’s broadening capabilities.  It’s the high-level overview that’s perfect for opening discussions with customers, business partners, and other IBMers.  The deep-dive version is the IBM Security Blueprint – a must read for security practitioners.  From Marc van Zadelhoff:

Today, we launch the updated version of the IBM Security Framework, depicted here.  The Framework represents a comprehensive way to view security risks and in turn the areas where IBM has invested in solutions.  As you can see, it identifies the four foundational aspects we continue to be focused on: People, Data, Applications and Infrastructure. You need best-in-class capabilities in each area in order to be secure and compliant today.  We’ve found that these dimensions extend equally well to solving problems that have become more prominent in the last few years: cloud security and mobile security.  The same dimensions apply and customers are using the Framework and IBM’s capabilities in each area to solve these newer issues like they do with traditional data centers security.

That box at the the top, Security Intelligence, Analytics and GRC, is my main playground. Traditionally this was just “SIEM”, but now we are looking to fill lots of roles.  We need advance intelligence to provide to the SOC teams.  We need in-depth analysis for compliance and CERT teams.  We need dashboarding and business relative data for GRC.  So just trowing around the term SIEM isn’t effective.

Go read Marc’s overview of the change to the framework and start using the new graphic with the new ISS division.

READ MORE:  Introducing the Updated IBM Security Framework

Posted in IBM, ISS | Leave a Comment »

Rise, ancient unused blog! Be Reborn!

Posted by Xavier Ashe on January 16, 2012

Hello World. This poor under used blog needs some love. There is much to talk about. Starting at the beginning of this year IBM create a new software division for most of it’s security software. So I no longer work for Tivoli, but am a proud member of IBM Security Systems. Yes, unfortunately we are using the same ISS acronym. That will make things confusing, so I will do my best to clear things up. ISS is now a full fledged software brand, just like Tivoli, Websphere, Rational and Lotus.

What will I be doing in the new org? I am still in services, meaning that I still am focusing on making out products work for our customers. I’m not in sales, but occasionally help our sales teams. I not in development, but give lots of feedback to our product managers. I build solutions for our customers, and look to build tools and documentation to make it easier and more productive to implement IBM Security Systems.

We have a broad portfolio in the ISS division now, but I will be focusing on Security Intelligence and Data Protection. In particular I am focusing on the recent Q1 Labs acquisition and ensuring their success under big blue. I will be writing future posts about TSOM, TSIEM and QRadar, so stay tuned. I just needed to get this “first post” out the way.

Posted in IBM, ISS, Security Intelligence | 1 Comment »

IBM software bundle targets retail theft, data breaches

Posted by Xavier Ashe on October 2, 2008

IBM is targeting retail security with a package of software and services designed to prevent physical loss of merchandise, protect against electronic threats and comply with credit card industry regulations.

SecureStore, announced Wednesday, combines surveillance and RFID systems with software that protects online and in-store transactions, as well as software that protects databases and applications from network-based threats, IBM said. While SecureStore mainly consists of pre-released products from IBM divisions such as Internet Security Systems (ISS), Tivoli and Rational, Big Blue’s Val Rahmani says it is unique in that it brings together products from various parts of IBM to address one industry segment, and re-architects the products so they fit together and are optimized for retail.

Read the full article on Network World.

Posted in IBM, ISS, Security, TSOM | Leave a Comment »

TSOM + CloudShield + ISS + Blade = Awesome

Posted by Xavier Ashe on September 4, 2008

IBM (NYSE: IBM) on Tuesday introduced a blade server that supports CloudShield Technologies’ software for real-time analysis of network traffic to prevent viruses and denial of service attacks.

“The IBM BladeCenter PN41 enables service providers to manage their network, security and telecommunications technology on a integrated platform,” Jim Pertzborn, VP of telecommunications industry solutions for IBM Systems Group, said in a statement. “This integration can help service providers meet their customers’ evolving requirements for data, voice and video services.”The new blade and software support are key components of IBM’s hardware, software and services framework for service providers. The package also includes IBM’s intrusion prevention technology and Tivoli Security Operations Manager.

Read the full article on InformationWeek.  I first heard about this project about 2 years ago when I was helping develop solutions for the Telecom group at IBM.  It’s taken a lot of work to get this packaged together and I am glad to see it finally hit the streets.  Other sites that have picked this up:

Posted in IBM, ISS, Security, TSOM | Leave a Comment »

 
%d bloggers like this: