Weitere ähnliche Inhalte Ähnlich wie IBM Cloud Security Enforcer (20) Mehr von Francisco González Jiménez (20) Kürzlich hochgeladen (20) IBM Cloud Security Enforcer1. © 2015 IBM Corporation
The first CASB solution with integrated access control,
visibility, and threat protection
Patrick Wardrop, Chief Product Architect
October 7th, 2015
IBM Cloud Security Enforcer
2. 2© 2015 IBM Corporation
MOBILE
BYOD
ON PREM
RISKY APPS
APPROVED APPS
A new SaaS solution to help securely deploy cloud services
EMPLOYEES
Identity and
Access Control
Threat
Prevention
Policy
Enforcement
Discovery
and Visibility
Cloud Event
Correlation
DETECT CONNECT PROTECT
3. 3© 2015 IBM Corporation
Integrating leading IBM security technology into a single platform
• Risk scoring for
1000’s of apps
• Continuous stream
of cloud activity data
• Mapping of network
data to specific users
• Mobile integration to
uncover blind spots
• Federated cloud SSO
• Connectors to
popular cloud apps
• Simplified
access controls
• Self-service catalogs
• Delegated administration
• User activity and
traffic monitoring
• Behavioral analysis
and correlation to
company policies
• Alerting, reporting,
and auditing
• Intrusion Prevention
and global threat
intelligence from
IBM X-Force
• Threat signatures,
network analysis,
and zero-day
threat protection
• User coaching
• Redirection for
out-of-policy usage
• Policy and anomaly
rule implementation
Identity and
Access Control
Threat
Prevention
Policy
Enforcement
Discovery
and Visibility
Cloud Event
Correlation
DETECT CONNECT PROTECT
4. 4© 2015 IBM Corporation
IBM Cloud Security Enforcer – Discovery and monitoring
Microsoft
Active Directory
Enterprise
Cloud,
SaaS, & Private
Applications
Secure
Gateway
. . .(plus many more)
- Users authenticate against Active Directory
- All Cloud, SaaS & Private Applications traffic is
logged by the Secure Gateway (e.g., Bluecoat,
WebSense, McAfee, XGS … etc)
- Active Directory, Secure Gateway logs can be
manually uploaded to IBM Cloud Security Enforcer
or an appliance can be deployed to continually
upload them automatically on a scheduled basis
Enterprise Bridge Appliance
Log
Collection
ID
Bridge
Directory
Sync
IBM Cloud Security Enforcer
Application
Discovery
Optional SIEM
(or other
log
archiving)
5. 5© 2015 IBM Corporation
IBM Cloud Security Enforcer – World Wide Mobile Cloud Proxy
Home WiFi /
Cellular Data
Network
Cloud,
SaaS, & Private
Applications
. . .(plus many more)
- Users use mobile device at the office and out of
the office via their home WiFi or cellular data
networks.
- This creates a ‘mobile blind spot’ for most
corporations.
- Without a secure gateway or IPS there is a risk of
malware being downloaded or other threats.
- Leveraging the built-in mobile VPN clients we will
direct traffic to our WW deployments of Cloud
Proxies to inspect, monitor, and provide controls on
the traffic.
IBM Cloud Security Enforcer
World Wide Mobile Cloud Proxy
Client Gateway
[VPN]
Intrusion Prevention
System
6. 6© 2015 IBM Corporation
Live Walkthrough
Discovery and Visibility
7. 7© 2015 IBM Corporation
IBM Cloud Security Enforcer – Single Sign-On & Launchpad
Microsoft
Active Directory
Enterprise
Cloud,
SaaS, & Private
Applications
Secure
Gateway
. . .(plus many more)
- SSO from either the Enterprise Bridge Identity
Bridge component or via a federation product
(TFIM, ADFS or Ping)
- User arrives at launch pad and can single click on
an entitled application or browser application
catalog
Enterprise Bridge Appliance
Log
Collection
ID
Bridge
Directory
Sync
IBM Cloud Security Enforcer
Launchpad &
Catalog
SSO
[Service
Provider]
SSO
[Identity
Provider]
FIM
(or
federation
product)
Optional
8. 8© 2015 IBM Corporation
Live Walkthrough
Single Sign-on & Access Control