IBM Security Systems
IBM Security Intelligence Platform with
Identity Management and Single Sign-On
Franc Červan (franc.cervan@si.ibm.com)
IBM CEE Security technical sales
©
1 2013 IBM Corporation
© 2013 IBM Corporation
IBM Security Systems
Nobody is immune. There is no end in sight.
2011 Sampling of Security Incidents by Attack Type, Time and Impact
Attack Type
Online
Gaming
SQL Injection
Gaming
URL Tampering
Spear Phishing
3rd Party Software
Defense
Entertainment
DDoS
Central
Govt
Central
Government
Consumer
Electronics
Banking
Consulting
SecureID
Banking
Marketing
Services
Trojan Software
National
Police
Gaming
Internet
Services
Unknown
Consumer
Electronics
IT
Security
IT
Security
Size of circle estimates relative impact of
breach in terms of cost to business
Entertainment
Mar
Gaming Central
Govt
State
Police
Apparel
Telecommunic
ations
Defense
Apr
May
Jun
Online
Services
Online
Gaming
Financial
Market
Online
Gaming
Jul
Aug
Central
Government
Government Consulting
Central
Govt
Internet
Services
Central
Government
Online
Gaming
National
Police
Central
Central
Government Government
Feb
Online
Services
Insurance
Central
Agriculture
Government
State
Police
Central
Government
Online
Gaming
Online
Gaming
Online
Gaming
Defense
Police
Defense
Heavy
Industry
Consulting
Entertainment
Consumer
Electronics
Jan
Central
Government
IT
Security
Consumer
Electronics
Sep
Oct
Nov
Dec
Source: IBM X-Force® Research 2011 Trend and Risk Report
5
© 2013 IBM Corporation
IBM Security Systems
Customer Challenges
Detecting threats
• Arm yourself with comprehensive security
intelligence
Consolidating data silos
• Collect, correlate and report on data in one
integrated solution
Detecting insider fraud
• Next-generation SIEM with identity correlation
Better predicting risks to your business
• Full life cycle of compliance and risk management for
network and security infrastructures
Addressing regulation mandates
• Automated data collection and configuration audits
7
© 2013 IBM Corporation
IBM Security Systems
Solving Customer Challenges
8
Major
Electric
Utility
Detecting threats
• Discovered 500 hosts with “Here You
Have” virus, which other solutions missed
Fortune 5
Energy
Company
Consolidating data silos
• 2 Billion logs and events per day reduced
to 25 high priority offenses
Branded
Apparel
Maker
Detecting insider fraud
• Trusted insider stealing and destroying
key data
$100B
Diversified
Corporation
Predicting risks against
your business
• Automating the policy monitoring and
evaluation process for configuration
change in the infrastructure
Industrial
Distributor
Addressing regulatory
mandates
• Real-time extensive monitoring of
network activity, in addition to PCI
mandates
© 2013 IBM Corporation
IBM Security Systems
QRadar Security Intelligence Platform
10
© 2013 IBM Corporation
IBM Security Systems
Solutions for the Full Compliance and Security Intelligence Timeline
What are the external
and internal threats?
11
Are we configured
to protect against
these threats?
What is
happening
right now?
What was the
impact?
Prediction & Prevention
Reaction & Remediation
Risk Management. Vulnerability Management.
Configuration Monitoring. Patch Management.
X-Force Research and Threat Intelligence.
Compliance Management. Reporting and Scorecards.
SIEM. Log Management. Incident Response.
Network and Host Intrusion Prevention.
Network Anomaly Detection. Packet Forensics.
Database Activity Monitoring. Data Loss Prevention.
© 2013 IBM Corporation
IBM Security Systems
Fully Integrated Security Intelligence
Log
Management
SIEM
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
13
• Turn-key log management and reporting
• SME to Enterprise
• Upgradeable to enterprise SIEM
• Log, flow, vulnerability & identity correlation
• Sophisticated asset profiling
• Offense management and workflow
• Network security configuration monitoring
• Vulnerability prioritization
• Predictive threat modeling & simulation
• Network analytics
• Behavioral anomaly detection
• Fully integrated in SIEM
• Layer 7 application monitoring
• Content capture for deep insight & forensics
• Physical and virtual environments
© 2013 IBM Corporation
IBM Security Systems
Fully Integrated Security Intelligence
Log
Management
SIEM
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
14
• Turn-key log management and reporting
• SME to Enterprise
• Upgradeable to enterprise SIEM
One Console Security
• Log, flow, vulnerability & identity correlation
• Sophisticated asset profiling
• Offense management and workflow
• Network security configuration monitoring
• Vulnerability prioritization
• Predictive threat modeling & simulation
• Network analytics
• Behavioral anomaly detection
• Fully integrated in SIEM
• Layer 7 application monitoring
• Content capture for deep insight & forensics
• Physical and virtual environments
Built on a Single Data Architecture
© 2013 IBM Corporation
IBM Security Systems
Security Intelligence: QRadar provides in-depth security visibility
IBM X-Force® Threat
Information Center
Identity and
User Context
15
Real-time Security Threats
and Prioritized ‘Offenses’
Real-time Network Visualization
and Application Statistics
Inbound
Security Events
© 2013 IBM Corporation
IBM Security Systems
Qradar: Clear, concise and comprehensive delivery of relevant info
What was
the attack?
Was it
successful?
Who was
responsible?
Where do I
find them?
How many
targets
involved?
How valuable
are the targets to
the business?
Are any of them
vulnerable?
Where is all
the evidence?
16
© 2013 IBM Corporation
IBM Security Systems
Major
Electric
Utility
Detecting threats
• Discovered 500 hosts with “Here You
Have” virus, which other solutions missed
Potential Botnet Detected?
This is as far as traditional SIEM
can go
IRC on port 80?
IBM Security QRadar QFlow
detects a covert channel
Irrefutable Botnet Communication
Layer 7 flow data contains botnet
command control instructions
Application layer flow analysis can detect threats others miss
17
© 2013 IBM Corporation
IBM Security Systems
Fortune 5
Energy
Company
Consolidating data silos
• 2 Billion logs and events per day reduced
to 25 high priority offenses
QRadar judges “magnitude” of offenses:
• Credibility:
A false positive or true positive?
• Severity:
Alarm level contrasted
with target vulnerability
• Relevance:
Priority according to asset or
network value
Priorities can change over time
based on situational awareness
Extensive Data Sources
18
+
Deep Intelligence
=
Exceptionally Accurate
and Actionable Insight
© 2013 IBM Corporation
IBM Security Systems
Branded
Apparel
Maker
Detecting insider fraud
• Trusted insider stealing and destroying
key data
Potential Data Loss
Who? What? Where?
Who?
An internal user
What?
Oracle data
Where?
Gmail
Threat detection in the post-perimeter world
User anomaly detection and application level visibility are critical
to identify inside threats
19
© 2013 IBM Corporation
IBM Security Systems
$100B
Diversified
Corporation
Predicting risks against
your business
• Automating the policy monitoring and
evaluation process for configuration
change in the infrastructure
Which assets are affected?
How should I prioritize them?
What are the details?
Vulnerability details, ranked
by risk score
How do I remediate the
vulnerability?
Pre-exploit Security Intelligence
Monitor the network for configuration and compliance risks,
and prioritize them for mitigation
20
© 2013 IBM Corporation
IBM Security Systems
Industrial
Distributor
Addressing regulatory
mandates
• Real-time extensive monitoring of
network activity, in addition to PCI
mandates
PCI compliance at
risk?
Real-time detection of
possible violation
Unencrypted Traffic
IBM Security QRadar QFlow saw a cleartext service running on the Accounting server
PCI Requirement 4 states: Encrypt transmission of cardholder data across open, public
networks
Compliance Simplified
Out-of-the-box support for major compliance and regulatory standards
Automated reports, pre-defined correlation rules and dashboards
21
© 2013 IBM Corporation
IBM Security Systems
Security intelligence at work: SIEM in action
Security
Devices
Security Devices
Servers & Mainframes
Network & Virtual Activity
Data Activity
Application Activity
Configuration Info
Vulnerability & Threat
User Activity
2 Bn security records per day
25 security offenses per day
•Reliable, secure and scalable log data storage
•Advanced security data correlation turning data into information
•Advanced and easy to use rule based security event correlation engine to extract the
real security offenses
22
© 2013 IBM Corporation
IBM Security Systems
Threat Protection & QRadar improve your visibility and prevention





Networks
Servers
Endpoints
Applications
Scanners
Attacks, audits, status events
and vulnerabilities from
SiteProtector & IPS
Security
Devices
Security Devices
Servers & Mainframes
Network & Virtual Activity
Event
Correlation
Data Activity
Application Activity
Configuration Info
Activity Baselining &
Anomaly Detection
Offense
Identification
Vulnerability & Threat
User Activity
Extensive Data Sources
•
•
•
•
23
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Helps find threats other SIEMs might miss by combining Network Protection’s Protocol Analysis
Module signature analysis and QRadar’s anomaly detection capabilities
Enables immediate real-time threat awareness and powerful threat and offense prioritization
capabilities to establish definitive evidence of attack and visibility into all attacker
communications
Integrates X-Force security content
Outstanding coverage available within full SIEM solution or targeted Network Anomaly Detection
offering
© 2013 IBM Corporation
IBM Security Systems
zSecure & QRadar adds protection for mainframe environments
 System z
 RACF
 ACF2, Top Secret
 CICS
 DB2
Alerts, unauthorized log-ins, policy
violations, configuration changes, etc.
from zSecure Alert & zSecure Audit
Security Devices
Servers
Servers&&Mainframes
Hosts
Network & Virtual Activity
Event
Correlation
Data Activity
Application Activity
Configuration Info
Activity Baselining &
Anomaly Detection
Offense
Identification
Vulnerability & Threat
User Activity
Extensive Data Sources
•
•
•
25
•
•
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Centralizes enterprise security view allowing identification and remediation of excess mainframe
access, threats and concerns
Strengthens mainframe security operations and helps improve protection for critical mainframe
environment
Triggers complex correlation of threats, insider fraud and business risk as easy to understand
“offenses” for further investigation and follow-ups
Stores event data in forensically secure database to address regulation mandates
Improves compliance reporting by simplifying audit and management efforts
© 2013 IBM Corporation
IBM Security Systems
InfoSphere Guardium & QRadar protect your most sensitive data
Security Devices
Servers & Mainframes
 Databases
 Data Warehouses
 Hadoop based
systems
 File shares
Network & Virtual Activity
Event
Correlation
Data
Activity
Database
Activity
Application Activity
Configuration Info
Activity Baselining &
Anomaly Detection
Offense
Identification
Vulnerability & Threat
In-depth data activity monitoring
and security insights from
InfoSphere Guardium
User Activity
Extensive Data Sources
•
•
•
•
26
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Detects anomalistic behavior and malicious access to sensitive data
Focuses customers on key data access events coming from InfoSphere Guardium
while saving operational costs by not transmitting and storing insignificant events
Provides broader, enterprise network security context for InfoSphere Guardium
alerts and events helping identify advanced threats
Improves compliance reporting with automated data access reports
© 2013 IBM Corporation
IBM Security Systems
Guardium and QRadar (Data Security Integration)
Guardium Database
Monitoring & Vulnerability
Assessment
Enhanced data protection:
 Correlation with database activity
– Collects and categorizes Guardium
events for easy searching, reporting
and correlation with other data
• Guardium logs
• Database Vulnerability
• Identified Risk
– Correlates database activity with
QRadar network activity to detect
anomalous and suspicious behavior.
For example: Alert is issued when
multiple failed logins to a database
server are followed by a successful
login and accessing of credit card
tables, then followed by an FTP
upload to a questionable external site.
 Database vulnerability sharing
– Pulls database vulnerability data
from Guardium into QRadar Asset
Profiles to get more complete asset
data for databases.
27
© 2013 IBM Corporation
IBM Security Systems
AppScan & QRadar improve threat detection accuracy
Security Devices
Servers & Mainframes
Network & Virtual Activity




Web applications
Mobile applications
Web services
Desktop
applications
Event
Correlation
Data Activity
Application
Activity
Application Activity
Configuration Info
Activity Baselining &
Anomaly Detection
Offense
Identification
Vulnerability & Threat
Application vulnerability
assessments from AppScan
User Activity
Extensive Data Sources
•
•
•
28
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Strengthens threat detection and offense scoring capabilities
Correlates known application vulnerabilities with other real-time events and
alerts to elevate meaningful offenses
Enhances proactive risk management assessments by prioritizing critical
application vulnerabilities
© 2013 IBM Corporation
IBM Security Systems
AppScan and QRadar (Application Security Integration)
AppScan Enterprise
Web client
 Application vulnerability sharing
AppScan
Enterprise
Server
– QRadar imports application
vulnerability data published by
AppScan on a regular basis.
AppScan Standard
(DAST desktop client)
– QRadar shows vulnerability details
on Asset Profile (V7.1)
AppScan Source
(SAST desktop client)
AppScan Enterprise Dynamic Analysis
Scanners (server-based DAST)
• Application Vulnerability
Promoting use of vulnerability :
• Identified Risk
 Correlation and alert
– Enables QRadar to correlate
network and event activity with
application vulnerability, helping
determine the priority (ranks) of the
offenses and assess potential impact
of the attack.
– initiate scanning from qradar
– Sends alerts to AppScan
administrators
29
© 2013 IBM Corporation
IBM Security Systems
Endpoint Manager & QRadar tighten endpoint security
Security Devices
Servers & Mainframes
Network & Virtual Activity
Event
Correlation
Data Activity




Servers
Clients
Mobile devices
POS, ATM, Kiosks
Application
Activity
Application Activity
Configuration
Configuration Info
Info
Activity Baselining &
Anomaly Detection
Vulnerability
& Threat
Threat Intelligence
Endpoint intelligence data
from Endpoint Manager
User Activity
Extensive Data Sources
•
•
•
•
•
30
Offense
Identification
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Increases vulnerability database accuracy improving offense and risk analytics to limit potential
offenses
Establishes baseline for endpoint states and improves alerting on variations to detect threats
other SIEMs might miss
Speeds remediation of discovered offenses using Endpoint Manager automation
Represents AV/DLP alerts within consolidated enterprise security view helping correlate
advanced threat activities
Improves compliance reporting with deep endpoint state data
© 2013 IBM Corporation
IBM Security Systems
Tivoli Endpoint Manager and QRadar (Endpoint Security Integration)
Tivoli Endpoint Manager
Network & Endpoint Security Combined:
 TEM  QRadar
Report
Enforce
Publish
Evaluate
– TEM forwards endpoint Fixlet (policy) status
messages to QRadar for correlation. (Shipping)
– TEM exports endpoint configuration and
vulnerability data to QRadar to increase coverage
and accuracy of QRadar asset profiles.
 QRadar  TEM
• Fixlet status
• Configuration
• Vulnerability
– QRadar exports network asset data to TEM,
allowing complete reporting on network devices.
• Network asset data
• Identified Risk
– QRM correlates assets, vulnerabilities,
configuration and network activities to identify
risky endpoints and export them as a group to
TEM for high priority analysis and remediation
 Bidirectional
– Closed-loop remediation workflows: QRadar
detects vulnerable systems, forwards to TEM;
TEM executes remediation and sends update
back to QRadar.
31
© 2013 IBM Corporation
IBM Security Systems
Identity & Access Management products & QRadar uncover malicious behaviors
Security Devices
Servers & Mainframes
Network & Virtual Activity
Event
Correlation
Data Activity
Application Activity
Configuration Info
 User log-ins
 Access rights
 Group memberships
Extensive Data Sources
•
•
•
32
Activity Baselining &
Anomaly Detection
Offense
Identification
Vulnerability & Threat
Identity information and user
activity from IAM products
User
Activity
User Activity
+
Deep
Intelligence
=
Exceptionally Accurate and
Actionable Insight
Provides ability to insert user names into reference sets used for writing
searches, reports, and rules
Improves ability to defend against insider threats involving privilege escalations
or inappropriate data access
Facilitates compliance reporting by pairing user identities with access to
sensitive data
© 2013 IBM Corporation
IBM Security Systems
IAM and QRadar (Identity Security Integration)
Security Identity
Manager
Applications
Databases
Operating
Systems
Networks &
Physical Access
Identity
Repository
• Identity mapping data
and user attributes
• SIM/SAM Server logs
• Application logs
Identity enriched security intelligence:
 Technical features
– Retrieves user identity data including ID
mapping (from an enterprise ID to multiple
application user IDs) and user attributes
(groups, roles, departments, entitlements).
– Queries data (events, flows, offenses, assets)
relative to an enterprise user ID and mapped
application user IDs
– Selects user identities for easy creation of
correlation rules
– Reports on all the activities (using different
appliance user IDs) of an enterprise user
 Use cases
– Privileged user activity monitoring
– Terminated employee access detection
– Separation of duty violation detection
– User account recertification
– Ensuring appropriate access control setting
– Backdoor access detection
33
© 2013 IBM Corporation
IBM Security Systems
Identity Management
40
© 2012
2013 IBM Corporation
IBM Security Systems
Identity Management
WHO has ACCESS to WHAT
and WHY??
People
42
Policy
Resources
© 2013 IBM Corporation
IBM Security Systems
The Who in Identity Management
Who
Users
people who need access to resources.
Users can be internal or external to the organization.





43
Employees
Student
Customers
Business Partners
Citizens
Jane Doe’s
HR information
HR System
Name:
Jane Doe
Dept:
Accounting
Manager: John Smith
Address: 10 Main St.
Tel. No: 555-1212
Bus Role: Benefits Administrator
© 2013 IBM Corporation
IBM Security Systems
The What in Identity Management
What
Accounts
give people access to resources.
Examples of Resources:
Operating Systems
Databases
Applications
Directories
UNIX: jdoe
UNIX, Windows
DB2, Oracle
SAP, Lotus Notes
Active Directory
AD: janedoe
The user account generally consists of:
• A userid
grant initial access
• Password
• Group or role assignments
grant access/privileges
44
RACF:
jd044595
© 2013 IBM Corporation
IBM Security Systems
How is Access granted … and Why
People - who
Policy
Resources- what
 Policy defines who can access resources.
 Policy is made up of membership and entitlements
 Workflow and Approvals define the business process and ensure that the right
people are given the right access.
 Policy Membership can be defined through Roles
Business Roles – collections of users by job function
Application Roles – collection of resources or entitlements.
 Membership - Individual vs Group
Examples of group Membership: Active Directory group policies, SAP
authorizations
45
© 2013 IBM Corporation
IBM Security Systems
IBM Security Identity Manager (ISIM)
Roles / Requests
47
© 2013 IBM Corporation
IBM Security Systems
IBM Security Identity Manager – How it works
Automates, audits, and remediates user access rights across your IT infrastructure
Identity
change
(add/del/mod)
Access
policy
evaluated
Approvals
gathered
Accounts
updated
Cost
• Self-service
password reset
Detect and correct local privilege settings
• Automated user
provisioning
Accounts on 70 different
types of systems managed.
Plus, In-House Systems &
portals
Tivoli Identity Manager
Applications
Complexity
HR Systems/
Identity Stores
48
• Reduce Cost
• Simplify
Complexity
Databases
• Consistent security
policy
Operating
Systems
• Quickly integrate
new users & apps
Networks &
Physical Access
Compliance
• Know the people behind
the accounts and why they
have the access they do
• Automate user privileges
lifecycle across entire IT
infrastructure
• Fix non-compliant accounts
• Match your workflow processes
• Address
Compliance
• Closed-loop
provisioning
• Access rights
audit & reports
© 2013 IBM Corporation
IBM Security Systems
ISIM - Workflow
NEW EMPLOYEE PROCESS
Notification
WORKFLOW
Application
Owner
Approvers
Reminder
Notification
John Smith
Sending
Request
Manager
Acceptance
Automatic permission
termination
HR
System
HR
Position
Delay
51
Automatic permission
grant
© 2013 IBM Corporation
IBM Security Systems
ISIM – Role vs Request based access control
Investments
Publish
Service
Catalog
Define Coarse
Roles Plus
Optional Access
Define Role Based
Access Control
Model & Policies
57
Ongoing
Operational
Labor
User Initiates
Access
Request
Approvals
Gathered
Major Changes
Automated,
Minor Ones
Requested
Update to User
Attribute Initiates
Access Change
Access
Provisioned
Access Auto
Provisioned,
Approvals for
Exceptions
Automatic
Provisioning
and Rights
Verification
Periodic
Recertification
Recertify
Exceptions
Only
Policy
Design
© 2013 IBM Corporation
IBM Security Systems
ISIM – Compliance
1
Reconciliation
2
Recertification
3
59
Who has access to what? Identify
orphan and dormant accounts – big
security exposures!
MATCH?
R
E
A
L
I
T
Y
Does this user still need this account
or access entitlement? Establish an
automated process for review and
enforcement.
Reporting
Prove it. Show auditors who has
access to what and how they got it.
© 2013 IBM Corporation
IBM Security Systems
ISIM – Reporting
 Sample Operational Reports
–
–
–
–
–
–
–
60
Orphan Accounts Report
Dormant Accounts Report
Recertification Change History Report
Pending Recertification Report
Recertification Policies Report
Individual Access Report
Access Report
© 2013 IBM Corporation
IBM Security Systems
Solving the Privileged Identity Management problem requires
going beyond traditional approaches:
Each administrator has a User ID
on every system
User ID
User ID
Administrators share
privileged User IDs
User ID
User ID
User ID
 Exponential increase in privileged
User IDs
 Risk of losing individual
accountability
 Increased risk of mismanagement
of privileged User IDs
 Issues with password management
and security
 Increased User ID administration
costs
 Out of step with regulatory thinking
Requires solution to provide control, automation and accountability
of privileged account access
61
© 2013 IBM Corporation
IBM Security Systems
Enterprise Single Sign-On
62
© 2012
2013 IBM Corporation
IBM Security Systems
Access Management
Access to sensitive data
EMR
PACS
Imaging
Complex passwords
HR Web
Impossible to remember
Mainframe
SAP
Need much quicker access
Lotus Notes
Java
Cloud
Users logging on to the same shared Windows account without
logging off applications!
policy/regulation violations!
63
© 2013 IBM Corporation
IBM Security Systems
Access Management challenges
SECURITY
Virtual desktops and
applications accessed
ubiquitously are
protected by weak,
shared passwords
COSTS
Help-desk calls due
to forgotten
passwords can be
expensive
64
COMPLIANCE
Do you know which
nurse accessed
which critical patient
records from her
virtual desktop?
PRODUCTIVITY
Desktop and
application lockouts,
slow access to
applications hamper
productivity
© 2013 IBM Corporation
IBM Security Systems
What if …
. . . users only needed to remember 1 password?
 1 password to sign-on to Windows, Windows applications, Web
applications, Java, Telnet, in-house developed and mainframe
applications, . . .
• With no need to modify applications
• Without modifying the directory used (Active Directory, etc.)
• With automatic renewal for expired passwords
• With Self-service if password is forgotten (no Help Desk call)
• And with quick deployment and incremental ROI (that just got quicker!)
In fact, what if we simplified user access with single password access, while
strengthening security, saving costs and improving your compliance
posture?
65
© 2013 IBM Corporation
IBM Security Systems
IBM Security Access Manager for Single Sign-On
(ISAM ESSO) - Access Management solution
STRENGTHEN SECURITY
Strong passwords
Strong Authentication
REDUCE COSTS
Fewer helpdesk calls
Save up to $25 per call!
66
DEMONSTRATE COMPLIANCE
Fine-gained audit logs
Session Management
INCREASE PRODUCTIVITY
No Account Lockouts
Fast access to information
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO - Overview
 Single sign-on
 Supports strong authentication
 Kiosk sharing
 Password self service
 Web-based administration
 Browser-based remote access
 User access tracking & audit
 No change to the infrastructure
TAM E-SSO enables visibility into user activity, control over access to business
assets, and automation of the sign-on process in order to drive value for our
clients.
67
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO - Architecture
68
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO – Access Studio
Profiling templates for applications
– Windows
– Java
– Terminal
– Mainfrafe (cursor-based,
HLLAPI)
Wizard
– Sign On
– Sign Off
– Password Change
Advanced profiles
Ability to test profiles
Simple and quick implementation
Automatic profiles for:
– Windows Explorer, Internet
Explorer
– Web based applications
– GINA, RDP
70
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO – Audit and Tracking
End user activity tracking
Configuration change
Corporation application access
tracking
Own events tracking
Sample audit data
– Sign On/Sign Off
– Password Change
– 2FA
– Offline access
Integration with external reporting
tools
74
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO – 2FA
Support for:
– Passive RFID (Mifare, HID
iClass)
– Active RFID (Xyloc)
– Tokens (Vasco, Authenex)
– USB Key (DigiSafe,
Charismathics)
– MobileAccessCode
• SMS
• E-mail
– Sonar
– Biometrics (UPEK,
DigitalPersona)
Support for :
– Sign On to system
– Sign On to application
– Sign Off
ACTIVE
RFID
TOKENS
USB Key
E-MAIL
SMS
SONAR
BIOMETRIC
75
© 2013 IBM Corporation
IBM Security Systems
ISAM ESSO – ISIM Integration
Logins and passwords generated by ISIM
are pushed to SAMESSO End User
Wallet automaticaly updated during
password change
Blocking wallet for End User from ISIM
interface
Support for ISIM 4.6, 5.0, 5.1, 5.2
78
© 2013 IBM Corporation
IBM Security Systems
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is
provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to,
these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its
suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials
to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a
commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International
Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of
others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper
access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to
or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure
can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will
2013 IBM Corporation
80 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT ©
WARRANT
THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.