This document provides an agenda for the Insight2015 security conference, which includes sessions on data security, privacy, encryption, key management, and security trends. Some key sessions include a Forrester study on the ROI of IBM Security Guardium, how Nationwide uses Guardium and QRadar together for data security, new features in Guardium v10, and how IBM solutions like Guardium and QRadar integrate to enhance security intelligence and data protection. The agenda covers topics across multiple days and includes various speakers from IBM and customers like Nationwide discussing challenges and best practices around data security.
1. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 1
@
A New Way to Think About Security
#ibm
insight
Conference General Session
Wednesday, October 28
Mandalay Bay South Convention Center Level 3 South Seas F
Time Session number Session type Location
10:30 AM – 11:30 AM ISP-3143 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Forrester: Total Economic
Impact of IBM Security
Guardium
Jon Erickson, Forrester
Research
In August 2015, IBM commissioned Forester consulting to conduct
a Total Economic Impact (TEI) study to examine the potential return
on investment (ROI) that organizations may realize by deploying
IBM Security Guardium. Join this session to hear directly from our
guest, Forrester TEI consultant and director Jon Erickson, about the
results of study. Based on online interviews conducted with existing
IBM Security Guardium customers, the study uncovered that
organizations may acheive results like cost reduction, risk reduction,
and productivity increases, as well as tactical efficiencies and
strategic benefits from implementations on a common platform.
Time Session number Session type
10:30 AM – 11:30 AM SUP-4052 Super Session
Session title Abstract
Stop unknown threats: Apply analytics to
the challenge of security
As organizations drive innovation and engage with customers in new ways, protecting
against cyberattacks becomes more critical. Traditional security tools focus on the known.
You need a different approach to stop advanced attacks, unknown or never-before-seen
threats from outside the organization, and to deter risky behavior of insiders as well. We will
explore how analytics and a big data approach to security can help you proactively protect
your most critical assets.
Data Security and Privacy
Monday, October 26
2. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 2
Time Session number Session type Location
1:00 PM – 2:00 PM ISP-3364 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Nationwide Case Study:
Data Security and Security
Intelligence Equals Better
Results
Lee March, Nationwide
Sandeep Shah, IBM
Patrice Bordron, Nationwide
Nationwide, a Fortune 100 company based in Columbus, Ohio,
is one of the largest and strongest diversified insurance and
financial services organizations in the U.S. Nationwide deeply values
customer loyalty and the security of customer data: They have been
a leader in considering how to prevent data loss. In this session,
representatives from Nationwide share their views on data security,
security intelligence, and why these two capabilities should be used
together for a more complete and robust data security system, their
lessons learned, and the benefits they gain from deploying IBM
Security Guardium and IBM Security QRadar together.
Data Security and Privacy (continued)
Monday, October 26
Time Session number Session type Location
2:30 PM – 3:30 PM ISP-3313 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Cloud Has Torn Down the
Firewalls: Do You Have What It
Takes to Protect Your Data?
Luis Casco-Arias, IBM As clients embrace cloud environments, firewalls come down
and new types of users start accessing data. Join this session
to learn about data security challenges in this exciting new world
and learn how IBM can help you to address these issues. Learn
about traditional and emerging data security requirements, and
hear specific client use cases with common problems as well as
the best solutions.
Tuesday, October 27
Time Session number Session type Location
10:30 AM – 11:30 AM ISP-3098 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Data Security Architecture: Best
Practices, Tips and Tricks
Nir Carmel, IBM
Yosef Rozenblit, IBM
This session will cover the IBM Data Security architecture, and
provide useful hints and guidelines to help you understand how
this solution can provide you with maximum return on investment.
Typical use cases will be demonstrated to show how functionality
can be applied to solve many customer requirements.
3. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 3
Data Security and Privacy (continued)
Tuesday, October 27
Time Session number Session type Location
1:00 PM – 2:00 PM ISP-3318 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
The IBM Security Guardium
Environment: Going Virtual in
the 21st Century
James Albright, Athene
Mitch Glass, Athene USA
As physical hardware ages, costs will only continue to rise. Virtual
environments avoid those costs and offer additional advantages.
Join this session to learn how Athene has deployed IBM Security
Guardium virtually to capitalize on resources, improve performance
and reduce data center costs. This session will provide details
on how robust reporting and documentation can keep your
organization in compliance with both company policy and
regulation. The presentation will also examine the value of using
Guardium professional services in your next project or health check.
Time Session number Session type Location
4:00 PM – 5:00 PM ISP-2249 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Yazaki Case Study: Real
Time Data Security With IBM
InfoSphere Guardium for SAP
Solutions
Juergen Laudien, Yazaki
Europe Ltd.
Karsten Stoehr, IBM
Today’s economy seeks a fast performing environment for analytic
and transactional workloads, all while being sensitive to database
security. Join this session to learn how IBM InfoSphere Guardium
enabled Yazaki Europe to build a real time platform that deals
with the security challenges of their SAP and non SAP data
environments.
Time Session number Session type Location
10:30 AM – 11:30 AM ISP-3327 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon E
Session title Speaker Abstract
Who’s in My Data? Securing
User Access Rights with IBM
Security Guardium
Eric Bryan, Great American
Insurance Group
Tim Tait, Great American
Insurance Group
Securely managing the assignment of user access rights is
critical to good IT security and governance. In fact, it is increasingly
becoming required by many regulations. As the cost of compliance
increases with new regulations, and as IT environments become
more heterogeneous and complex, tools must be used to ensure
user access rights are kept to ‘least privilege access’ while not
unintentionally removing any privileges that are needed for business
use. Join this session to learn how Great American Insurance has
used IBM Security Guardium to review and secure user access
rights, including entitlement reporting, ‘last used’ field use, as well
as to streamline and manage access reviews using Guardium’s built
in workflow system.
4. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 4
Time Session number Session type Location
2:30 PM – 3:30 PM ISP-3130 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Introducing IBM Guardium v10
and the Data Security Road Map
Nir Carmel, IBM This session discusses the market requirements around data
security and privacy and introduces you to what’s new in IBM
Guardium v10. It also describes the IBM data security vision
and product road map.
Data Security and Privacy (continued)
Wednesday, October 28
Time Session number Session type Location
1:00 PM – 2:00 PM ISP-2351 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
How to Get the Most From IBM
InfoSphere Guardium S TAP
Installation for DB2 z/OS
Peter Bongiovanni, American
International Group
Is your security officer asking about auditing your DB2 on z/OS
environment? Are you concerned about the impact of auditing
on application performance and availability? Are you looking for
guidance from someone who has “been there, done that?” In this
presentation, you will learn AIG’s best practices for installing and
tuning the InfoSphere Guardium S-TAP for DB2 on z/OS in a data
sharing environment. The presentation includes critical planning
information and upgrade steps. There will also be an overview of
the business value provided by InfoSphere Guardium for providing
granular auditing capabilities for security mandates and federal
regulation. The presentation will be given by IBMer, Ernie Mancil.
Time Session number Session type Location
10:30 AM – 11:30 AM ISP-3092 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon E
Session title Speaker Abstract
Big Data: Monitoring Usage
and Implementing Security
and Privacy Controls
Leslie Wiggins, IBM Big data is the rage in the marketplace with lots of potential to solve
a myriad of customer and corporate issues. With this opportunity
comes a new set of issues around security and privacy. The more
data we have and want to use, the more potential there is for cyber
criminals to attempt to harvest that same data. In this session, you
will discover the latest strategies for monitoring big data usage and
implementing controls to ensure your sensitive data is not exploited.
5. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 5
Time Session number Session type Location
11:15 AM – 12:15 PM ISP-2813 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Dynamic Data Protection with
Fine Grained Access Control
and Masking From InfoSphere
Guardium
Sundari Voruganti, IBM
Steve Tallant, IBM
Do new privacy regulations have you confused about how to make
a legacy ad hoc query application conform? Is making application
changes a risky proposition? Is the access control in the application
inadequate to protect leakage? Are there data elements in your
legacy web applications you’d like to mask from certain classes
of users? In this session, learn about exciting new technology
from IBM InfoSphere Guardium that can help you address such
challenging situations across different kinds of database
management systems.
Data Security and Privacy (continued)
Wednesday, October 28
Time Session number Session type Location
9:45 AM – 10:45 AM ISP-3151 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Who Is Accessing Your Files
and IP? Keep Control With IBM
Security Guardium File Activity
Monitoring
Dan Stanca, IBM Up to 80 percent of enterprise data is unstructured and includes
text files, spreadsheets, presentations, source code files, log files
and the ubiquitous PDFs. Do you know which of your files contain
proprietary or sensitive data? Is your organization doing enough to
protect this valuable intellectual capital? Are you able to prevent PII
data leakage? In this session, you will learn about the many aspects
of unstructured data protection and how IBM Security Guardium for
Files can help you protect yourself. The presenter will also share a
use case that highlights how this feature helps IBM protect our own
source code.
Time Session number Session type Location
4:00 PM – 5:00 PM ISP-3170 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Avoid the Headlines: Proactively
Protect Your Data By Creating
Appropriate Controls
Steve Tallant, IBM In a world where data breaches are happening with increasing
frequency, you need a plan to proactively protect your data, before
you end up reacting to a breach. This session will cover the seven
most common use cases that help customers operationalize
security controls within their environment.
Thursday, October 29
6. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 6
Data Security and Privacy (continued)
Thursday, October 29
Time Session number Session type Location
3:30 PM – 4:30 PM ISP-1922 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Bridging the Gap Between
Security Intelligence and Data
Protection
Walid Rjaibi, IBM
Johan Varno, IBM
Hardly a week goes by without headlines about a data security
breach. Staying a step ahead of these increasing and sophisticated
attacks requires a comprehensive and proactive approach to data
security that helps organizations identify risks and automatically
adjust the security defenses before any serious damage can occur.
IBM QRadar and IBM Guardium are trusted by many organiza-
tions worldwide as comprehensive security intelligence and data
protection platforms. This session will thoroughly explore how these
solutions integrate to enhance business agility and resiliency by
automating the process of adjusting the Guardium data defenses
in response to real time security intelligence events from QRadar.
7. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 7
Time Session number Session type Location
1:00 PM – 2:00 PM ISY-3516 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon G
Session title Speaker Abstract
Cloud Security: A New
Approach to Embrace the Cloud
Dan Wolff, IBM There are thousands of cloud applications out there. How can I
enable my users and not just say no? Attend this session and learn
about the IBM strategy for securing cloud environments, new
techniques and solutions for addressing security threats, how
hosted cloud security services can help, and techniques for using
the shift to the cloud as an opportunity to improve the security
of your organization.
Security Trends and Innovation
Monday, October 26
Time Session number Session type Location
4:00 PM – 5:00 PM ISY-1535 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
IBM z Systems Mainframe: The
Ultimate Data Security Hub
Julie Bergh, IBM Traditionally up to 80 percent of mission critical data either
originates or resides on mainframes, especially for financial
institutions. The mainframe offers integrated hardware and
software security capabilities that have been evaluated at EAL 5+
including high speed encryption. Mainframes offer many levels of
data protection from masking and encryption to data classification,
data access controls, storage protection for data at rest, and secure
communication for data in motion. All these capabilities combine
to make the mainframe the ultimate secure data repository hub for
your enterprise. Come learn how IBM security solutions integrate
to provide the ultimate data security hub with RACF, DB2, zSecure,
Guardium, QRadar and SKLM.
Time Session number Session type Location
1:00 PM – 2:00 PM ISY-1137 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon E
Session title Speaker Abstract
Trends in Encryption of Data and
Key Management, On Premises
and in the Cloud
Rick Robinson, IBM Data is everywhere; on premise, mobile and cloud systems. These
are the initial applications of data propagation across a boundless
world of storage. As the storage of data across these seamless
platforms becomes ubiquitous, the need for protecting the data, re-
gardless of its location, also needs to be protected through the use
of encryption (and that means centralized key management). The
person who controls the keys to encryption of data holds control
over the data itself. But how has the industry adopted encryption?
What are the standards? Where are we missing adoption? This
presentation looks at trends in encryption and key management,
and presses the questions on where we need improvement.
8. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 8
Security Trends and Innovation (continued)
Tuesday, October 27
Time Session number Session type Location
4:00 PM – 5:00 PM ISY-3528 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon G
Session title Speaker Abstract
IBM Security Business Unit:
Helping Organizations Meet
Security Challenges
Patrick Vandenberg, IBM This session provides an overview of the security business
challenges faced by organizations today, and discusses how the
IBM Security Business Unit can help you meet these challenges
and protect your data.
Time Session number Session type Location
2:30 PM – 3:30 PM ISY-3468 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon L
Session title Speaker Abstract
Common Themes in Targeted
Attacks and Counter Tactics
Etay Maor, IBM Are current security measures enough to stop targeted attacks?
Could common security practices even aid an attacker? This
presentation will review the common themes of targeted attacks,
specifically focusing on infections and access to internal networks,
exploitation of software vulnerabilities and the use of remote access
tools. The techniques attackers use will be explored along with the
weak points (both in technologies and in humans) they look for and
discuss possible choke points. The session will include multiple live
demos and case studies as well as strategies and tactics for coun-
tering the threats discussed.
Time Session number Session type Location
10:30 AM – 11:30 AM ISY-3454 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon L
Session title Speaker Abstract
Community Countermeasures:
The Need for Collaborative
Threat Protection
Patrick Vandenberg, IBM Defending against today’s threats requires collaboration on a scale
never seen before in our industry. Security professionals must turn
to new strategies, employing community based defenses, shared
threat intelligence, and integrated systems of capabilities to disrupt
advanced attacks. A well coordinated system can shift the balance
back to our teams to effectively prevent, detect and respond to
these attacks. Join us to hear how IBM is helping chart a way
forward with coordinated and open security technology, services
and threat intelligence.
Wednesday, October 28
9. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 9
Time Session number Session type Location
4:00 PM – 5:00 PM ISY-2629 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon G
Session title Speaker Abstract
Using IBM Security Intelligence
and Analytics to Protect Your
Business Data
Roger J. Hellman, IBM
Matt Carle, IBM
Your organization is at risk of attack every day, and security threats
continue to grow in sophistication and severity. Fortunately IBM
offers solutions that use intelligence and advanced analytics to
help keep your data safe. Attend this session and learn more about
how IBM Security QRadar detects threats, identifies vulnerabilities,
performs forensic analysis, manages risks and compliance, and
can be deployed in the Cloud. We will also cover the open extension
framework API, and how IBM is creating new opportunities for
Business Partners, developers, and clients to collaborate and
enhance the capabilities of QRadar.
Security Trends and Innovation (continued)
Wednesday, October 28
Time Session number Session type Location
4:00 PM – 5:00 PM AIM-2243 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon E
Session title Speaker Abstract
Surviving the Mobile
Phenomenon: Reduce Risk
While Deploying Mobile Access
to the Enterprise
Jason Hardy, IBM The number of mobile cyber security attacks is continuing to grow.
At any given time, malicious code is infecting more than 11.6 million
mobile devices. Recent research shows that nearly 40 percent of
large companies, including many in the Fortune 500, aren’t taking
the right precautions to secure the mobile applications they build for
customers. The alarming state of mobile insecurity expands beyond
applications, to gaps in mobile device management, data and
content and user access. In this session, learn how you can simplify
and streamline mobile security and understand how a holistic
approach to mobile security can help you tackle known risks and
address the unique interdependencies between them.
10. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 10
Time Session number Session type Location
2:00 PM – 3:00 PM ISY-3525 Breakout Session – Technical Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Protect Your Business Critical
Data with Intelligent Access
Management Solutions
Jason Keenaghan, IBM With web applications under constant attack, organizations need
more secure ways to adopt web, mobile and cloud technologies,
protect online resources, and address compliance requirements.
Intelligent Identity and Access Management solutions, leveraging
information such as user analytics, threat data, and other metrics,
can help reduce risk and mitigate internal/external threats. Join this
session to learn how user auditing data, device fraud and malware
indicators, and threat awareness can highlight user anomalies and
enable appropriate access decisions.
Security Trends and Innovation (continued)
Thursday, October 29
Time Session number Session type Location
9:45 AM – 10:45 PM ISY-3912 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon E
Session title Speaker Abstract
Critical Data Protection Program Nev Zunic, IBM This session discusses how to have visibility into, and manage,
sensitive data assets across the organization. There are troves
of sensitive data spread across an organization’s environment.
Understanding the critical nature and value of the sensitive data
assets is vital to apply necessary controls to protect these assets.
Identifying, discovering, and classifying sensitive data needs to
become an established business process that is performed on an
ongoing basis. The classification of sensitive assets allows controls
to be defined and implemented for data according to its value to the
organization. Understanding the risks associated with sensitive data
enables proactive actions to be taken to mitigate any potential risks.
11. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 11
Security Trends and Innovation (continued)
Thursday, October 29
Time Session number Session type Location
3:30 PM – 4:30 PM ISY-2687 Breakout Session – Business Mandalay Bay South Convention
Center Level 2 Lagoon J
Session title Speaker Abstract
Ensuring Your Mission Critical
Data Stays Protected in the
Digital Age: Mobile to the M
Robert Kennedy, IBM In today’s mobile era, there are over 10 billion devices accessing
information. Enterprises are challenged with integrating new mobile
services with existing organizational processes, while retaining
security of mission critical assets. IBM z Systems provides you with
an enterprise backbone for mobility solutions, which can scale
to handle the huge volumes, deliver proven mobile end to end
integration with reliability, availability, and security, and ensure that
your data is protected. But some of that security is dependent on
effective deployment strategies. This session will review the security
challenges for mobile deployments and discuss the broad set of
solutions that IBM can offer to help with your mobile deployments.
Governance
Monday, October 26
Time Session number Session type Location
2:00 PM – 5:00 PM LCG-1640 Lab Mandalay Bay South Convention
Center Level 1 Bayside F – 06
Session title Speaker Abstract
Simplify Data Security and
Compliance for Big Data Using
IBM Security Guardium
Tina Chen, IBM
Sundari Voruganti, IBM
This year has seen a significant increase in the level of interest
in the topic of security and auditing for Hadoop. Hadoop vendors
are responding with better security features and by partnering
with the market-leading data security and compliance solution
for Hadoop, IBM Security Guardium provides organizations the
value of real-time monitoring, alerting, reports, compliance
workflow, and more for Hadoop. Get hands-on experience with
Guardium and IBM BigInsights and see how to configure real-time
alerts for suspicious behavior, customize prebuilt reports, and use
other Guardium features such as quick search and compliance
workflow.
12. Agenda subject to change. Please reference online agenda builder at IBM.com/InsightSecurity @ Insight2015 12
Data
Thursday, October 29
Time Session number Session type Location
2:00 PM – 5:00 PM LCD-3535 Lab Mandalay Bay South Convention
Center Level 1 Bayside F – 07
Session title Speaker Abstract
IBM InfoSphere Guardium: An
Enterprise Data Security and
Auditing Solution
Martin Dizon, IBM
Raki Roberts, IBM
Organizations of all types must secure their data to meet
compliance regulations and to minimize data attacks. This session
discusses the extensive database auditing and security capabilities
of IBM InfoSphere Guardium and how they help meet data security
and auditing needs. This session includes a business and technical
overview of the Guardium solution and its ability to scale across
the enterprise. It also prepares attendees to help their organization
reduce the cost of compliance by implementing Guardium’s
auditing features, mitigating internal threats using data level
access control, and integrating with enterprise security and
monitoring systems.