Identity intelligence: Threat-aware Identity and Access Management
•Als PPTX, PDF herunterladen•
0 gefällt mir•3,394 views
Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners" Speaker: Russell Tait, Prolifics Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (11)
Ähnlich wie Identity intelligence: Threat-aware Identity and Access Management
Ähnlich wie Identity intelligence: Threat-aware Identity and Access Management (20)
Mehr von Prolifics
Mehr von Prolifics (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Identity intelligence: Threat-aware Identity and Access Management
- 1. CONNECT WITH US: IT: Customized to Your Advantage Identity Intelligence THREAT-AWARE IDENTITY AND ACCESS MANAGEMENT RUSSELL TAIT Practice Director, Security Public | Copyright © 2014 Prolifics
- 2. CONNECT WITH US: Insider incidents cost companies an average of $750,000 per year – Employees, contractors, partners exploiting weak identity controls Insider negligence, rather than malicious behavior is often the cause – Shared passwords, weak passwords, passwords on Post-its Source: IBM and Ponemon Survey of 265 C-Level Executives, Feb 2012, “The Source of Greatest Risk to Sensitive Data” Insider Breaches Are On The Rise 2Public | Copyright © 2014 Prolifics
- 3. CONNECT WITH US: IT Security’s Dirty Secret Network & Perimeter Internal & Web Access Security Threats & Security Spending Are Unbalanced % of Attacks % of Dollars 75% 10% 25% 90% Security Damage Security Spending of All Damaging Attacks on Information Security Originate from Inside Trusted Boundaries75% 3Public | Copyright © 2014 Prolifics
- 4. CONNECT WITH US: Security Analytics Is Maturing What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization and analytics of the data generated by systems, applications and infrastructure that impacts the IT security and risk posture of an enterprise. What is Identity Intelligence? Identity Intelligence --noun 1. the actionable insight to manage risks and threats from user activity. The application of analytical monitoring to entitlements, policies, and access events, in the context of identity risk profiles. 4Public | Copyright © 2014 Prolifics
- 5. CONNECT WITH US: Identity/Access to Identity Intelligence Future: Assurance Security management Content driven Dynamic, context-based Real-time, actionable alerting Today: Administration Operational management Compliance driven Static, Trust-based Reporting/Monitoring is forensic Monitor Everything 5Public | Copyright © 2014 Prolifics
- 6. CONNECT WITH US: Traditional SIEM Provides Identity Intelligence Adds What When Who Activities Results Behaviors What was done Is it OK for THIS user? Is this user who I think it is? Outside bad guys Inside careless guys Inside guys doing bad things Identity Intelligence Provides Human Context 6Public | Copyright © 2014 Prolifics
- 7. CONNECT WITH US: Extensive Data Sources Deep Intelligence Exceptionally Accurate and Actionable Insight+ = High Priority Offenses Event Correlation Activity Baselining & Anomaly Detection Offense Identification Database Activity Servers & Hosts User Activity Vulnerability Info Configuration Info Security Devices Network & Virtual Activity Application Activity Detecting threats Consolidating data silos Detecting insider fraud Predicting risks against your business Addressing regulatory mandates Security Intelligence: Integrating Across IT Silos 7Public | Copyright © 2014 Prolifics
- 8. CONNECT WITH US: Identity enriched security intelligence: Technical features – Retrieves user identity data including ID mapping (from an enterprise ID to multiple application user IDs) and user attributes (groups, roles, departments, entitlements). – Queries data (events, flows, offenses, assets) relative to an enterprise user ID and mapped application user IDs – Selects user identities for easy creation of correlation rules – Reports on all the activities (using different appliance user IDs) of an enterprise user Use cases – Privileged user activity monitoring (V7.2) – Terminated employee access detection – Separation of duty violation detection – User account recertification – Ensuring appropriate access control setting – Backdoor access detection Identity Repository C/C ++ appl s Oth er Security Access Manager for eBusiness Security Identity Manager Databases Operating Systems DatabasesDatabases Operating Systems Operating Systems ApplicationsApplications Networks & Physical Access • Identity mapping data and user attributes • SIM/SAM Server logs • Application logs QRadar – IAM Integration 8Public | Copyright © 2014 Prolifics
- 9. CONNECT WITH US: QRadar Rules Engine New Rules Engine tests query Reference Sets and Maps : 9Public | Copyright © 2014 Prolifics
- 10. CONNECT WITH US: Contact US 10 www.prolifics.com 310.748.2457 russell.tait@prolifics.com Public | Copyright © 2014 Prolifics
Hinweis der Redaktion
- Chevron - 2 billion log and events per day reduced to 25 high priority offenses. Automating the policy monitoring and evaluation process for configuration changes in the infrastructure. Real-time monitoring of all network activity, in addition to PCI mandates
- QRadar now supports integrations with our IAM solution beyond SIM/SAM logs. Qradar has built in uses cases for retrieving identity data for use cases such as privileged user activity monitoring and terminated employee access detection, to name just a couple.