SlideShare ist ein Scribd-Unternehmen logo

IBM Security Identity and Access Management - Portfolio

IBM Sverige
IBM Sverige

IBM Security Identity and Access Management - Products updates and what is coming

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
© 2014 IBM Corporation IBM Security Identity and Access Management Products updates and what is coming Sven-Erik Vestergaard Pan-IOT security architecht IBM Security svest@dk.ibm.com
© 2014 IBM Corporation IBM Security 2 Agenda  ISAM  ISIM  PIM  Z/Secure
© 2014 IBM Corporation IBM Security 3 IBM Security Access Manager
© 2014 IBM Corporation IBM Security 5 Federated Registry Support  Allow ISAM to address a federated registry space where different suffixes are distributed across LDAP servers  Current Registry becomes “Primary registry” – Management suffix (e.g. secAuthority=Default) is stored here • This is where all ISAM user/group/policy/GSO meta-data is stored – Users and groups can also be stored here  Can also define one or more “Federated Registries” – These only store User and Group objects – No schema changes required in these registries – Identified by the suffixes they contain
© 2014 IBM Corporation IBM Security 6 IBM Security Access Manager Native Kerberos Single Sign-On
© 2014 IBM Corporation IBM Security 7 Kerberos SSO  For Windows applications, Kerberos provides the best SSO – It is supported by Windows services without the need for plug-ins – It generally causes the least number of integration issues  Kerberos Delegation is required to support this in ISAM – Allows an intermediate server to request tickets on behalf of an end user  Kerberos Delegation is now supported by non-Windows Kerberos – Previously it required Windows APIs  ISAM Appliance includes a Kerberos client for native support – Federated Identity Manager is no longer required for this
© 2014 IBM Corporation IBM Security 8 IBM Security Access Manager Trusteer Pinpoint
© 2014 IBM Corporation IBM Security 9 Proposed Architecture WebSEAL Filter Framework Web Engine Snippet Filter Update Manager Trusteer Endpoint Servers Poll Snippet Delivery Endpoint Access Page Delivery Web Application Page Access Snippet Files  A new filter will be added to the WebSEAL filter framework;  An update manager which is embedded within the appliance will be used to monitor updates and retrieve these updates;  Configuration will be contained in: – WebSEAL configuration file; – Snippet files;
© 2014 IBM Corporation IBM Security 10 IBM Security Access Manager Appliance Monitoring
© 2014 IBM Corporation IBM Security 11 SNMP added for Appliance Monitoring  Systems monitoring is an important part of operations – Often we may overlook it in pre-sales but customers will not  Customer tools cannot be added to an appliance – So it needs to provide sufficient capability out-of-the-box  In ISAM 8.0.0.5 an SNMP daemon has been added – It monitors standard system parameters such as disk, cpu, memory, interfaces, processes etc.  Currently it doesn’t monitor ISAM-specific functions – syslog can provide integration for monitoring of this kind
© 2014 IBM Corporation IBM Security 12 ISAM Appliance shown in Tivoli Enterprise Monitoring
© 2014 IBM Corporation IBM Security 13 IBM Security Access Manager DataPower
© 2014 IBM Corporation IBM Security 14 Applications and Systems Silos of security are impeding business agility DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS CONSUMERS EMPLOYEES PARTNERS CONSULTANTS DEVELOPERS API MANAGEMENT B2B GATEWAY SOA GATEWAY WEB ACCESS PROXY MOBILE GATEWAY Business Channels Users Security Solutions
© 2014 IBM Corporation IBM Security 15 MULTI-CHANNEL GATEWAY Reduce cost and improve security posture with a converged gateway Business Channels Users DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS CONSUMERS EMPLOYEES PARTNERS CONSULTANTS DEVELOPERS Security Solutions Applications and Systems
© 2014 IBM Corporation IBM Security 16 Introducing IBM’s multi-channel gateway solution Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway solution IBM DataPower Gateway ISAM for DataPower Traffic control & optimization Message security User access security KeyBenefits Reduce Operating Costs Improve Business Agility Improve Edge Security Secure User Interactions Secure App Interactions Single gateway reduces hardware footprint and uses common set of management and operational skills Common security policy framework that can be shared across business channels Comprehensive security at the message-level, infrastructure-level, and user-level Safeguard mobile, cloud, and social access Protect applications at the message-level and provide optimized application delivery Message & transport bridging
© 2014 IBM Corporation IBM Security 17 ISAM for Mobile & FIM provide advanced authentication, authorization, & federation capabilities with out-of-the-box integrations  ISAM for Mobile: Addresses the needs for emerging web and mobile security requirements for strong and multi-factor authentication and dynamic, context based access policies from multiple data sources including Trusteer Mobile, Pinpoint and Fiberlink MaaS360  Federated Identity Manager: Provides a robust platform for centrally managing federated business partner relationships and access to SaaS applications Federated Identity Manager Federated single sign on Identity mediation Security token services ISAM for Mobile  Mobile single sign on  Strong auth & MFA  Context-based access  Device registration Policy Enforcement Point ISAM for DataPower
© 2014 IBM Corporation IBM Security 18 IBM Security Identity Manager
© 2014 IBM Corporation IBM Security 19 New Capabilities Across All Products  Identity Manager v6.0.0.4 and v7.0 – Simultaneous announcement: • Same functions, different delivery: V6.0.0.4 is software stack version for installed base; v7.0 is virtual appliance-only for new customers – Phase 3: Identity Service Center - business user interface – Platform/Middleware updates – Adapter updates including Oracle, Microsoft, UNIX/Linux platform updates – Customer-sponsored enhancements  Privileged Identity Manager v2.0 – Virtual appliance only delivery – PIM-SIM separation with integration – PIM for Applications option – User experience improvement – PIM administration in Service Center UI – SoftLayer administrative account management support  Identity Governance v5.1 – Virtual Appliance Delivery – Integration from SIG to SIM
© 2014 IBM Corporation IBM Security 20 Identity Service Center – Home screen - updated (Optional)
© 2014 IBM Corporation IBM Security 21 Introducing SIM Virtual Appliance  SIM is Virtual Appliance only starting with SIM v7 – Positioned as “fresh start” – Continued SIM 6.0.x software stack maintenance  Same platform as PIM and Access Manager (“Mesa”)  Offers customers a quick-to-deploy and easy-to-maintain IdM solution – Pre-installed components & middleware, configured through VA panels. • External data tier required (DB2 and LDAP) for storing operational data. • Uses existing, common admin/user web user interfaces • Supports HA clustering – Reduces time to value significantly • Reduces the skills requirements for IT admins. e.g. no WAS admin skills needed. • Reduces patch/upgrade effort via single “firmware” update - not individual component
© 2014 IBM Corporation IBM Security 22 SIM Virtual Appliance – cont.  Target for new Identity Manager installations  Key limitations to note: – DB2 and Oracle (non SSL) only – Simplification -> configurability streamlining – no access to WAS – console, middleware install hidden etc. • We support customization “best practices” and incorporate into VA console configuration, but will discourage customization that makes upgrades difficult – Role and Policy Modeler not included (transition to SIG/CrossIdeas)  Migration: Existing SIM 5.1 and 6.0 customers will need to migrate environments – no automated upgrade – Fresh start: opportunity to rethink customizations and clean up the deployment – Tech note describing customization supports/limits to be published – Migration assistance on 2015 Roadmap
© 2014 IBM Corporation IBM Security 23 SIM 6.0.0.4 SIM VA 7.0 OS / ESX AIX 6.1, 7.1 RHEL 5,6 SLES 10,11 Solaris 10 Windows 2008, 2012 VMware ESXi5.x DB DB2 9.5, 9.7, 10.1, 10.5 Oracle 10g, 11g , 12c DB2 10.1 Oracle 12c TDS SDS 6.2, 6.3, 6.3.1 Sun Directory 6.3, 7.0 ODS 11.1 SDS 6.3.1 SDI/TDI TDI 7.1, 7.1.1 SDI 7.2 TDI 7.1.1 WAS WAS 7.0 (Without ISC) WAS 8.5, WAS 8.5.5 -- (Inside VA) Reports Cognos 10.2.1 Cognos 10.2.1 Browser IE 9, 10, 11 Firefox 17 ESR, 24 ESR IE 11 Firefox 24 ESR Identity Manager Virtual Appliance – Component versions
© 2014 IBM Corporation IBM Security 24 PIM 2.0 is Appliance Only  PIM Appliance now includes less “Identity Manager” – Only what is required to support PIM use cases  It can integrate with an Identity Manager system – To provide full Enterprise Identity + PIM functionality  New PIM opportunities should be directed towards appliance offering – Existing software stack customers will continue to receive support and fixes but little to no new PIM functionality  PIM Licence still includes entitlement for SIM and ESSO – So can still deploy and integrate these to get more function • At the cost of additional deployment complexity 24
© 2014 IBM Corporation IBM Security 25 Authenticating applications without password ss OAuth 2.0 Token Authorization given by a PIM domain admin to an application instance. OAuth tokens are set to one-time use. ss Instance Fingerprint App instance host info, user info, network, binary hash and path, etc. Ensures that the instance is authentic. Token request and fingerprinting are done automatically during registration, using the App ID Toolkit.
© 2014 IBM Corporation IBM Security 26 IAM Deployment Option Road Map V. APPLIANCE PIM Greenfield Identity Greenfield Identity Appliance (direction) Meets requirements for PIM scenarios for greenfield customers Meets requirements for SIM, PIM or SIG greenfield customers. Independent VA deployment Full IAM suite from a single VA Enable SIM, PIM, SIG or any combo Migration for sw stack customers IAM Software Stack Update in parallel with VA to provide customers time to consider VA or cloud Lighthouse IAM Initial Cloud IAM release Lower cost and faster deployment CLOUD SOFTWARE Lighthouse (direction) Updated to latest IAM releases Provide IBM Service Center UI
© 2014 IBM Corporation IBM Security 27 IBM Security Z/Secure
© 2014 IBM Corporation IBM Security 28 zSecure products that enable integration with QRadar RACF CA ACF2 CA Top Secretz/OS CICS DB2 Event sources from System z . . .
© 2014 IBM Corporation IBM Security 29 New zSecure Adapters for QRadar SIEM product  Features  Collects and formats information from over 40 different IBM System z SMF record types - such as, z/OS, RACF, ACF2, Top Secret, DB2, and CICS events (customizable)  Additional SMF record types generated by IBM z/OS® and its sub-systems, for data set access, z/VM, PDS member updates and deletes, UNIX file activity, FTP, Telnet and other TCP/IP activity and many others.  Adds enriched descriptive audit information about the user and the resource from the security database and zSecure system snapshot information  Support for more frequent collection than once a day – job available for use with scheduling software  Benefits  Extend best practices and comply with regulatory/legal/compliance requirements  Provides a holistic, centralized approach for Security Monitoring and plugs a hole in the Enterprise Security Monitoring practice  Supports separation of duties – stop the legacy practice of self-policing!  Maximize QRadar capabilities for: Log management , Anomaly detection, Incident forensics, Configuration Management, Vulnerability Management, and Risk management
© 2014 IBM Corporation IBM Security 30 Stay Focused Stay Ahead Questions ?

Empfohlen

CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdf
Infosec Train
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Alain Huet
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 

Empfohlen

CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdf
Infosec Train
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
Alain Huet
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
IBM Security
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Jack Forbes
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
CyberArk
CyberArkCyberArk
CyberArk
Jimmy Sze
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
Sarah Moore
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor Technology
David J Rosenthal
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
Jerod Brennen
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access Manager
IBM Sverige
 
IBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutionsIBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutions
David Spurway
 

Weitere ähnliche Inhalte

Was ist angesagt?

Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
NetIQ
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
Hitachi ID Systems, Inc.
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor Technology
David J Rosenthal
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 

Was ist angesagt? (20)

Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
 
CyberArk
CyberArkCyberArk
CyberArk
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor Technology
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 

Ähnlich wie IBM Security Identity and Access Management - Portfolio

IBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutionsIBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutions
David Spurway
 
IBM Endpoint Manager for Server Automation presentation
IBM Endpoint Manager for Server Automation presentationIBM Endpoint Manager for Server Automation presentation
IBM Endpoint Manager for Server Automation presentation
RMayo22
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
 
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
IBM Sverige
 

Ähnlich wie IBM Security Identity and Access Management - Portfolio (20)

IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access Manager
 
IBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutionsIBM i at the eart of cognitive solutions
IBM i at the eart of cognitive solutions
 
IBM Endpoint Manager for Server Automation presentation
IBM Endpoint Manager for Server Automation presentationIBM Endpoint Manager for Server Automation presentation
IBM Endpoint Manager for Server Automation presentation
 
IBM Endpoint Manager for Server Automation (Overview)
IBM Endpoint Manager for Server Automation (Overview)IBM Endpoint Manager for Server Automation (Overview)
IBM Endpoint Manager for Server Automation (Overview)
 
59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Ims keeping current for phoenix
Ims keeping current for phoenixIms keeping current for phoenix
Ims keeping current for phoenix
 
IBM Private Modular Cloud
IBM Private Modular CloudIBM Private Modular Cloud
IBM Private Modular Cloud
 
Avaya Network Management Overview
Avaya Network Management OverviewAvaya Network Management Overview
Avaya Network Management Overview
 
System Center 2012 Virtual Machine Manager
System Center 2012 Virtual Machine ManagerSystem Center 2012 Virtual Machine Manager
System Center 2012 Virtual Machine Manager
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
Tivoli Live – Nyckelfärdig molntjänst för dina behov inom Service Desk and Mo...
 
System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2System Center Endpoint Protection 2012 R2
System Center Endpoint Protection 2012 R2
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
 
Bsm mw10
Bsm mw10Bsm mw10
Bsm mw10
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
 

Mehr von IBM Sverige

Mehr von IBM Sverige (20)

Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18
Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18
Trender, inspirationer och visioner - Mikael Haglund #ibmbpsse18
 
AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18
AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18
AI – hur långt har vi kommit? – Oskar Malmström, IBM #ibmbpsse18
 
#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar

#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar
#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar

#ibmbpsse18 - The journey to AI - Mikko Hörkkö, Elinar

 
#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion
#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion
#ibmbpsse18 - Koppla säkert & redundant till IBM Cloud - Magnus Huss, Interexion
 
#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM
#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM
#ibmbpsse18 - Den svenska marknaden, Andreas Lundgren, CMO, IBM
 
Multiresursplanering - Karolinska Universitetssjukhuset
Multiresursplanering - Karolinska UniversitetssjukhusetMultiresursplanering - Karolinska Universitetssjukhuset
Multiresursplanering - Karolinska Universitetssjukhuset
 
Solving Challenges With 'Huge Data'
Solving Challenges With 'Huge Data'Solving Challenges With 'Huge Data'
Solving Challenges With 'Huge Data'
 
Blockchain explored
Blockchain explored Blockchain explored
Blockchain explored
 
Blockchain architected
Blockchain architectedBlockchain architected
Blockchain architected
 
Blockchain explained
Blockchain explainedBlockchain explained
Blockchain explained
 
Grow smarter project kista watson summit 2018_tommy auoja-1
Grow smarter project kista watson summit 2018_tommy auoja-1Grow smarter project kista watson summit 2018_tommy auoja-1
Grow smarter project kista watson summit 2018_tommy auoja-1
 
Bemanningsplanering axfood och houston final
Bemanningsplanering axfood och houston finalBemanningsplanering axfood och houston final
Bemanningsplanering axfood och houston final
 
Power ai nordics dcm
Power ai nordics dcmPower ai nordics dcm
Power ai nordics dcm
 
Nvidia and ibm presentation feb18
Nvidia and ibm presentation feb18Nvidia and ibm presentation feb18
Nvidia and ibm presentation feb18
 
Hwx introduction to_ibm_ai
Hwx introduction to_ibm_aiHwx introduction to_ibm_ai
Hwx introduction to_ibm_ai
 
Ac922 watson 180208 v1
Ac922 watson 180208 v1Ac922 watson 180208 v1
Ac922 watson 180208 v1
 
Watson kista summit 2018 box
Watson kista summit 2018 box Watson kista summit 2018 box
Watson kista summit 2018 box
 
Watson kista summit 2018 en bättre arbetsdag för de många människorna
Watson kista summit 2018 en bättre arbetsdag för de många människornaWatson kista summit 2018 en bättre arbetsdag för de många människorna
Watson kista summit 2018 en bättre arbetsdag för de många människorna
 
Iwcs and cisco watson kista summit 2018 v2
Iwcs and cisco watson kista summit 2018 v2Iwcs and cisco watson kista summit 2018 v2
Iwcs and cisco watson kista summit 2018 v2
 
Ibm intro (watson summit) bkacke
Ibm intro (watson summit) bkackeIbm intro (watson summit) bkacke
Ibm intro (watson summit) bkacke
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

IBM Security Identity and Access Management - Portfolio

  • 1. © 2014 IBM Corporation IBM Security Identity and Access Management Products updates and what is coming Sven-Erik Vestergaard Pan-IOT security architecht IBM Security svest@dk.ibm.com
  • 2. © 2014 IBM Corporation IBM Security 2 Agenda  ISAM  ISIM  PIM  Z/Secure
  • 3. © 2014 IBM Corporation IBM Security 3 IBM Security Access Manager
  • 4. © 2014 IBM Corporation IBM Security 5 Federated Registry Support  Allow ISAM to address a federated registry space where different suffixes are distributed across LDAP servers  Current Registry becomes “Primary registry” – Management suffix (e.g. secAuthority=Default) is stored here • This is where all ISAM user/group/policy/GSO meta-data is stored – Users and groups can also be stored here  Can also define one or more “Federated Registries” – These only store User and Group objects – No schema changes required in these registries – Identified by the suffixes they contain
  • 5. © 2014 IBM Corporation IBM Security 6 IBM Security Access Manager Native Kerberos Single Sign-On
  • 6. © 2014 IBM Corporation IBM Security 7 Kerberos SSO  For Windows applications, Kerberos provides the best SSO – It is supported by Windows services without the need for plug-ins – It generally causes the least number of integration issues  Kerberos Delegation is required to support this in ISAM – Allows an intermediate server to request tickets on behalf of an end user  Kerberos Delegation is now supported by non-Windows Kerberos – Previously it required Windows APIs  ISAM Appliance includes a Kerberos client for native support – Federated Identity Manager is no longer required for this
  • 7. © 2014 IBM Corporation IBM Security 8 IBM Security Access Manager Trusteer Pinpoint
  • 8. © 2014 IBM Corporation IBM Security 9 Proposed Architecture WebSEAL Filter Framework Web Engine Snippet Filter Update Manager Trusteer Endpoint Servers Poll Snippet Delivery Endpoint Access Page Delivery Web Application Page Access Snippet Files  A new filter will be added to the WebSEAL filter framework;  An update manager which is embedded within the appliance will be used to monitor updates and retrieve these updates;  Configuration will be contained in: – WebSEAL configuration file; – Snippet files;
  • 9. © 2014 IBM Corporation IBM Security 10 IBM Security Access Manager Appliance Monitoring
  • 10. © 2014 IBM Corporation IBM Security 11 SNMP added for Appliance Monitoring  Systems monitoring is an important part of operations – Often we may overlook it in pre-sales but customers will not  Customer tools cannot be added to an appliance – So it needs to provide sufficient capability out-of-the-box  In ISAM 8.0.0.5 an SNMP daemon has been added – It monitors standard system parameters such as disk, cpu, memory, interfaces, processes etc.  Currently it doesn’t monitor ISAM-specific functions – syslog can provide integration for monitoring of this kind
  • 11. © 2014 IBM Corporation IBM Security 12 ISAM Appliance shown in Tivoli Enterprise Monitoring
  • 12. © 2014 IBM Corporation IBM Security 13 IBM Security Access Manager DataPower
  • 13. © 2014 IBM Corporation IBM Security 14 Applications and Systems Silos of security are impeding business agility DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS CONSUMERS EMPLOYEES PARTNERS CONSULTANTS DEVELOPERS API MANAGEMENT B2B GATEWAY SOA GATEWAY WEB ACCESS PROXY MOBILE GATEWAY Business Channels Users Security Solutions
  • 14. © 2014 IBM Corporation IBM Security 15 MULTI-CHANNEL GATEWAY Reduce cost and improve security posture with a converged gateway Business Channels Users DEVELOPERSPARTNERS CONSUMERS EMPLOYEES WEBMOBILEB2B SOA APIS CONSUMERS EMPLOYEES PARTNERS CONSULTANTS DEVELOPERS Security Solutions Applications and Systems
  • 15. © 2014 IBM Corporation IBM Security 16 Introducing IBM’s multi-channel gateway solution Leverage the combined capabilities of IBM DataPower Gateway and IBM Security Access Manager in a single, converged security and integration gateway solution IBM DataPower Gateway ISAM for DataPower Traffic control & optimization Message security User access security KeyBenefits Reduce Operating Costs Improve Business Agility Improve Edge Security Secure User Interactions Secure App Interactions Single gateway reduces hardware footprint and uses common set of management and operational skills Common security policy framework that can be shared across business channels Comprehensive security at the message-level, infrastructure-level, and user-level Safeguard mobile, cloud, and social access Protect applications at the message-level and provide optimized application delivery Message & transport bridging
  • 16. © 2014 IBM Corporation IBM Security 17 ISAM for Mobile & FIM provide advanced authentication, authorization, & federation capabilities with out-of-the-box integrations  ISAM for Mobile: Addresses the needs for emerging web and mobile security requirements for strong and multi-factor authentication and dynamic, context based access policies from multiple data sources including Trusteer Mobile, Pinpoint and Fiberlink MaaS360  Federated Identity Manager: Provides a robust platform for centrally managing federated business partner relationships and access to SaaS applications Federated Identity Manager Federated single sign on Identity mediation Security token services ISAM for Mobile  Mobile single sign on  Strong auth & MFA  Context-based access  Device registration Policy Enforcement Point ISAM for DataPower
  • 17. © 2014 IBM Corporation IBM Security 18 IBM Security Identity Manager
  • 18. © 2014 IBM Corporation IBM Security 19 New Capabilities Across All Products  Identity Manager v6.0.0.4 and v7.0 – Simultaneous announcement: • Same functions, different delivery: V6.0.0.4 is software stack version for installed base; v7.0 is virtual appliance-only for new customers – Phase 3: Identity Service Center - business user interface – Platform/Middleware updates – Adapter updates including Oracle, Microsoft, UNIX/Linux platform updates – Customer-sponsored enhancements  Privileged Identity Manager v2.0 – Virtual appliance only delivery – PIM-SIM separation with integration – PIM for Applications option – User experience improvement – PIM administration in Service Center UI – SoftLayer administrative account management support  Identity Governance v5.1 – Virtual Appliance Delivery – Integration from SIG to SIM
  • 19. © 2014 IBM Corporation IBM Security 20 Identity Service Center – Home screen - updated (Optional)
  • 20. © 2014 IBM Corporation IBM Security 21 Introducing SIM Virtual Appliance  SIM is Virtual Appliance only starting with SIM v7 – Positioned as “fresh start” – Continued SIM 6.0.x software stack maintenance  Same platform as PIM and Access Manager (“Mesa”)  Offers customers a quick-to-deploy and easy-to-maintain IdM solution – Pre-installed components & middleware, configured through VA panels. • External data tier required (DB2 and LDAP) for storing operational data. • Uses existing, common admin/user web user interfaces • Supports HA clustering – Reduces time to value significantly • Reduces the skills requirements for IT admins. e.g. no WAS admin skills needed. • Reduces patch/upgrade effort via single “firmware” update - not individual component
  • 21. © 2014 IBM Corporation IBM Security 22 SIM Virtual Appliance – cont.  Target for new Identity Manager installations  Key limitations to note: – DB2 and Oracle (non SSL) only – Simplification -> configurability streamlining – no access to WAS – console, middleware install hidden etc. • We support customization “best practices” and incorporate into VA console configuration, but will discourage customization that makes upgrades difficult – Role and Policy Modeler not included (transition to SIG/CrossIdeas)  Migration: Existing SIM 5.1 and 6.0 customers will need to migrate environments – no automated upgrade – Fresh start: opportunity to rethink customizations and clean up the deployment – Tech note describing customization supports/limits to be published – Migration assistance on 2015 Roadmap
  • 22. © 2014 IBM Corporation IBM Security 23 SIM 6.0.0.4 SIM VA 7.0 OS / ESX AIX 6.1, 7.1 RHEL 5,6 SLES 10,11 Solaris 10 Windows 2008, 2012 VMware ESXi5.x DB DB2 9.5, 9.7, 10.1, 10.5 Oracle 10g, 11g , 12c DB2 10.1 Oracle 12c TDS SDS 6.2, 6.3, 6.3.1 Sun Directory 6.3, 7.0 ODS 11.1 SDS 6.3.1 SDI/TDI TDI 7.1, 7.1.1 SDI 7.2 TDI 7.1.1 WAS WAS 7.0 (Without ISC) WAS 8.5, WAS 8.5.5 -- (Inside VA) Reports Cognos 10.2.1 Cognos 10.2.1 Browser IE 9, 10, 11 Firefox 17 ESR, 24 ESR IE 11 Firefox 24 ESR Identity Manager Virtual Appliance – Component versions
  • 23. © 2014 IBM Corporation IBM Security 24 PIM 2.0 is Appliance Only  PIM Appliance now includes less “Identity Manager” – Only what is required to support PIM use cases  It can integrate with an Identity Manager system – To provide full Enterprise Identity + PIM functionality  New PIM opportunities should be directed towards appliance offering – Existing software stack customers will continue to receive support and fixes but little to no new PIM functionality  PIM Licence still includes entitlement for SIM and ESSO – So can still deploy and integrate these to get more function • At the cost of additional deployment complexity 24
  • 24. © 2014 IBM Corporation IBM Security 25 Authenticating applications without password ss OAuth 2.0 Token Authorization given by a PIM domain admin to an application instance. OAuth tokens are set to one-time use. ss Instance Fingerprint App instance host info, user info, network, binary hash and path, etc. Ensures that the instance is authentic. Token request and fingerprinting are done automatically during registration, using the App ID Toolkit.
  • 25. © 2014 IBM Corporation IBM Security 26 IAM Deployment Option Road Map V. APPLIANCE PIM Greenfield Identity Greenfield Identity Appliance (direction) Meets requirements for PIM scenarios for greenfield customers Meets requirements for SIM, PIM or SIG greenfield customers. Independent VA deployment Full IAM suite from a single VA Enable SIM, PIM, SIG or any combo Migration for sw stack customers IAM Software Stack Update in parallel with VA to provide customers time to consider VA or cloud Lighthouse IAM Initial Cloud IAM release Lower cost and faster deployment CLOUD SOFTWARE Lighthouse (direction) Updated to latest IAM releases Provide IBM Service Center UI
  • 26. © 2014 IBM Corporation IBM Security 27 IBM Security Z/Secure
  • 27. © 2014 IBM Corporation IBM Security 28 zSecure products that enable integration with QRadar RACF CA ACF2 CA Top Secretz/OS CICS DB2 Event sources from System z . . .
  • 28. © 2014 IBM Corporation IBM Security 29 New zSecure Adapters for QRadar SIEM product  Features  Collects and formats information from over 40 different IBM System z SMF record types - such as, z/OS, RACF, ACF2, Top Secret, DB2, and CICS events (customizable)  Additional SMF record types generated by IBM z/OS® and its sub-systems, for data set access, z/VM, PDS member updates and deletes, UNIX file activity, FTP, Telnet and other TCP/IP activity and many others.  Adds enriched descriptive audit information about the user and the resource from the security database and zSecure system snapshot information  Support for more frequent collection than once a day – job available for use with scheduling software  Benefits  Extend best practices and comply with regulatory/legal/compliance requirements  Provides a holistic, centralized approach for Security Monitoring and plugs a hole in the Enterprise Security Monitoring practice  Supports separation of duties – stop the legacy practice of self-policing!  Maximize QRadar capabilities for: Log management , Anomaly detection, Incident forensics, Configuration Management, Vulnerability Management, and Risk management
  • 29. © 2014 IBM Corporation IBM Security 30 Stay Focused Stay Ahead Questions ?