IBM Locks down IT Security at RSA 2010

RSA 2010 will be the premiere security event of the year

Service Management in Action Consider this proverb in the context of IT security: “An ounce of prevention is worth a pound of cure.”

For security professionals today, confronted by increasingly diverse threats and complexities, the argument for prevention over cure has become stronger than ever. Getting the most accurate and targeted information, from the most proven and insightful sources, is an investment that will pay impressive dividends—fast.

Toward that end, the annual RSA Conference (link resides outside of ibm.com) at the Moscone Center in San Francisco is an outstanding learning opportunity. And this year’s show, to be held from March 1 to March 5, will deliver key information on more topics, in more ways and from more perspectives, than ever before. More than 17,000 security professionals will be on hand to experience the leading security event of the year—swapping insights on solutions and strategies, emerging challenges, best practices and technical tips.

IBM will be a major presence at RSA

Few, if any, organizations can equal IBM as a thought leader and solution provider in the enterprise IT security field. And IBM’s substantial presence at the event highlights that leadership—contributing insights, best practices, real-world experiences and best-in-class solutions.

In addition to a keynote address, to be delivered by IBM Tivoli General Manager Al Zollar, there will be nine IBM-led speaking sessions on a compelling range of subjects, and IBM security executives will also be available to discuss specific subjects in detailed, one-on-one meetings for clients and customers.

What’s more, at two booths in the expo hall (#1316 and #632), IBM will also be offering hourly product demos and hacking demonstrations that illustrate today’s most challenging security issues and explore how IBM can help mitigate or preclude them. How effective are these solutions? Consider that IBM is a finalist in six categories of the 2010 SC Magazine awards.

And, for security professionals who would like to attend but whose organizations may find themselves budget-challenged in today’s difficult economic climate, IBM is also offering a free expo pass to the show floor. Simply use priority code SC10IBM when registering to receive your pass.

IBM sessions and peer-to-peer events explore today’s leading security topics

For many of the show attendees, the primary educational attraction will be the event’s many technical tracks, peer-to-peer events and panel sessions.

To begin with, there will be Al Zollar’s keynote address: “Welcome to the Decade of Smart Security.” As the enterprise increasingly integrates services across what has been operationally-separate silos in order to simplify management, drive down costs and drive up service levels, the risks associated with those services will also tend to converge. Zollar’s keynote will explore the consequences of this emerging phenomenon, illustrating his points with examples drawn from the real world and clarifying the strategies organizations should consider to stay ahead of this trend.

Internet security in particular will be the subject of a track session led by four IBM security professionals. “The Unprecedented State of Web Insecurity: New and Emerging Internet Threats” will demonstrate that for organizations today, the Web itself can generate more operational risk than ever. Web applications represent one of today’s biggest threats. Malware and criminal activity can and do arise from Web sites originating from almost any source, including trusted professional sites and sites in every country and organizations should take proactive and stronger steps to beef up Web security. Representing IBM in this important track session will be Kristin Lovejoy, Vice President, IBM Security Strategy; Venkat Raghavan, Director of Security, Risk and Compliance; Marc van Zadelhoff, Director of Security Marketing; and Michael Weider, Director of Security Solutions.

And Tom Cross, manager of IBM’s X-Force team, will be participating in a panel on Internet security threats. For today’s organizations, the Internet can a mixed blessing—both a platform of new service delivery through which they can more directly serve clients and customers, and a growing source of security threats and breaches. In “The End of the Internet As We Know It? Separating Reality from Hype,” Cross and other panelists will discuss new Internet-centric security complexities with regard to real-world business consequences, suggesting logical steps going forward.

Smart worms, smart hackers and smart Web applications: 3 peer-to-peer sessions

One of the most damaging and well-known examples of Internet-sourced malware in recent times is the Conficker worm of 2008, which was delivered in several variations and included advanced techniques to evade detection and propagate with exceptional speed. While worms had been largely dismissed as a solved problem by many security professionals, Conficker unfortunately proved them wrong. Given this daunting context, IBM’s Tom Cross will be on hand to discuss the extent to which worms are (or are not?) a rising security issue in a peer-to-peer session titled “In Light Of Conficker, Are Worms Resurfacing as a Threat?”

Turning the spotlight on human threats will be another peer-to-peer event titled “The Hacker’s Roadmap.” For organizations to act preemptively in warding off the threat from hackers, they must first be able to understand how hackers think. What kinds of techniques, technology trends and likely targets will play a part in hacker psychology in the coming year? And what steps should organizations take, given that insight? Dan Holden of IBM’s X-Force team will be facilitating this event.

And on the topic of securing Web applications, a peer-to-peer event—”Black Box vs. White Box”—will be led by Ryan Berg, Senior Architect of Security Research for IBM. This discussion will review the pros and cons of two different application testing paradigms: black box and white box testing. Here, too, real-world technical examples will drive discussion, showing how each paradigm has strengths and weaknesses that apply differently in different contexts.

Research & Development, Web 2.0 and Oracle databases: The security ramifications

In today’s challenging economy, when budgeting can be challenged, to what extent should research and development in security drive organizational activity? A panel titled “The Role of Research in Industry and Government” will help answer that question for organizations of various sizes in both the public and private sectors. Participating in the panel will be Kris Lamb, IBM Director of Research and Development.

For IT managers everywhere, the proliferation and popularity of social networking has developed as a considerable new security headache. With the proliferation of Web 2.0 technologies, how can companies maintain comprehensive, end-to-end security? Danny Allan, Director of Security Research for IBM’s Rational arm, will be leading a peer-to-peer session on this topic titled “Web 2.0 Hangover.”

And for any organization using Oracle databases, securing those databases from all forms of unauthorized access will certainly be a mission-critical task. Unfortunately, it’s also a task that is not always accomplished as thoroughly as it might be. Ron Ben Natan, CTO of Guardium (which was recently acquired by IBM), will turn a spotlight on common errors of configuration and deployment that can result in Oracle security breaches, suggesting preemptive best practices and techniques to avoid them.

Invitation to attend our customer dinner

You are cordially invited to join the IBM Security Executives for a dinner on Wednesday March 3 at Postrio (link resides outside of ibm.com) where you can learn more about our vision for security and our comprehensive family of security solutions. Please RSVP to join us for dinner.