IBM Security Intelligence Platform with Identity Management and Single Sign-On

bloatdecorumSoftware and s/w Development

Oct 30, 2013 (4 years and 13 days ago)

270 views

©
201
3

IBM Corporation

IBM Security Systems

1

©
201
3

IBM Corporation

IBM Security Intelligence

Platform with

Identity Management and Single Sign
-
On

Franc Červan
(
franc.cervan@si.ibm.com)

IBM CEE Security technical sales

©
201
3

IBM Corporation

IBM Security Systems

5

Nobody is immune. There is no end in sight.

Marketing

Services

Online
Gaming

Online
Gaming

Online
Gaming

Online
Gaming

Central
Government

Gaming

Gaming

Internet

Services

Online
Gaming

Online
Gaming

Online

Services

Online
Gaming

IT

Security

Banking

IT

Security

Government

Consulting

IT

Security

Tele
-
communic
ations

Enter
-
tainment

Consumer

Electronics

Agriculture

Apparel

Insurance

Consulting

Consumer

Electronics

Internet

Services

Central

Govt

Central

Govt

Central

Govt

Attack Type

SQL

Injection

URL Tampering

Spear Phishing

3
rd

Party Software

DDoS

SecureID

Trojan Software

Unknown

Source: IBM X
-
Force
®

Research 2011 Trend and Risk Report

Size of circle estimates relative impact of
breach in terms of cost to business

Jan

Feb

Mar

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Entertainment

Defense

Defense

Defense

Consumer

Electronics

Central

Government

Central

Government

Central

Government

Central

Government

Central

Government

Central

Government

Central

Government

Consumer

Electronics

National

Police

National

Police

State

Police

State

Police

Police

Gaming

Financial

Market

Online

Services

Consulting

Defense

Heavy

Industry

Entertainment

Banking

2011 Sampling of Security Incidents by Attack Type, Time and
Impact

©
201
3

IBM Corporation

IBM Security Systems

7

Customer Challenges

Detecting threats


Arm yourself with comprehensive security
intelligence

Consolidating data silos


Collect, correlate and report on data in one
integrated solution

Detecting insider fraud


Next
-
generation SIEM with identity correlation

Better predicting risks to your business


Full life cycle of compliance and risk management for
network and security infrastructures

Addressing regulation mandates


Automated data collection and configuration audits

©
201
3

IBM Corporation

IBM Security Systems

8

Solving Customer Challenges

Major
Electric
Utility


Discovered 500 hosts with “Here You
Have” virus, which other solutions missed

Detecting threats

Fortune 5
Energy
Company


2 Billion logs and events per day reduced
to 25 high priority offenses

Consolidating data silos

Branded
Apparel
Maker


Trusted insider stealing and destroying
key data

Detecting insider fraud

$100B
Diversified
Corporation


Automating the policy monitoring and
evaluation process for configuration
change in the infrastructure

Predicting risks against
your business

Industrial
Distributor


Real
-
time extensive monitoring of
network activity, in addition to PCI
mandates

Addressing regulatory
mandates

©
201
3

IBM Corporation

IBM Security Systems

10

10

QRadar Security Intelligence Platform

©
201
3

IBM Corporation

IBM Security Systems

11

Prediction & Prevention

Reaction & Remediation

SIEM. Log Management. Incident Response.

Network and Host Intrusion Prevention.

Network Anomaly Detection. Packet Forensics.

Database Activity Monitoring. Data Loss Prevention.

Risk Management. Vulnerability Management.

Configuration Monitoring. Patch Management.

X
-
Force Research and Threat Intelligence.

Compliance Management. Reporting and Scorecards.

What are the external
and internal threats?

Are we configured

to protect against

these threats?

What is
happening
right now?

What was the
impact?

Solutions for the Full Compliance and Security Intelligence Timeline

©
201
3

IBM Corporation

IBM Security Systems

13

Fully Integrated Security Intelligence


Turn
-
key log management and reporting


SME to Enterprise


Upgradeable to enterprise SIEM


Log, flow, vulnerability & identity correlation


Sophisticated asset profiling


Offense management and workflow


Network security configuration monitoring


Vulnerability prioritization


Predictive threat modeling & simulation

SIEM

Log
Management

Configuration
& Vulnerability
Management

Network
Activity &
Anomaly
Detection

Network and
Application
Visibility


Network analytics


Behavioral anomaly detection


Fully integrated in SIEM


Layer 7 application monitoring


Content capture for deep insight & forensics


Physical and virtual environments

©
201
3

IBM Corporation

IBM Security Systems

14

Fully Integrated Security Intelligence


Turn
-
key log management and reporting


SME to Enterprise


Upgradeable to enterprise SIEM


Log, flow, vulnerability & identity correlation


Sophisticated asset profiling


Offense management and workflow


Network security configuration monitoring


Vulnerability prioritization


Predictive threat modeling & simulation

SIEM

Log
Management

Configuration
& Vulnerability
Management

Network
Activity &
Anomaly
Detection

Network and
Application
Visibility


Network analytics


Behavioral anomaly detection


Fully integrated in SIEM


Layer 7 application monitoring


Content capture for deep insight & forensics


Physical and virtual environments


One Console Security











Built on a Single Data Architecture

©
201
3

IBM Corporation

IBM Security Systems

15

IBM X
-
Force® Threat

Information Center

Real
-
time Security Threats

and Prioritized ‘Offenses’

Identity and

User Context

Real
-
time Network Visualization

and Application Statistics

Inbound

Security Events

Security Intelligence:
QRadar provides in
-
depth security visibility

©
201
3

IBM Corporation

IBM Security Systems

16

Qradar
: Clear, concise and comprehensive delivery of relevant info


What was
the attack?

Who was
responsible?

How many
targets
involved?

Was it
successful?

Where do I
find them?

Are any of them
vulnerable?

How valuable
are the targets to
the business?

Where is all
the evidence?

©
201
3

IBM Corporation

IBM Security Systems

17

Potential Botnet Detected?

This is as far as traditional SIEM
can go

IRC on port 80?

IBM Security
QRadar

QFlow
detects a covert channel

Irrefutable Botnet Communication

Layer 7 flow data contains botnet
command control instructions

Application layer flow analysis
can detect threats others miss

Major
Electric
Utility


Discovered 500 hosts with “Here You
Have” virus, which other solutions missed

Detecting threats

©
201
3

IBM Corporation

IBM Security Systems

18

QRadar judges “magnitude” of offenses:


Credibility:

A false positive or true positive?


Severity:

Alarm level contrasted

with target vulnerability


Relevance:


Priority according to asset or

network value

Priorities can change
over

time

based
on situational
awareness

Extensive Data Sources

Deep Intelligence

Exceptionally Accurate
and Actionable Insight

+

=

Fortune 5
Energy
Company


2 Billion logs and events per day reduced
to 25 high priority offenses

Consolidating data silos

©
201
3

IBM Corporation

IBM Security Systems

19

Branded
Apparel
Maker


Trusted insider stealing and destroying
key data

Detecting insider fraud

Who?

An internal user

Potential Data Loss

Who? What? Where?

What?

Oracle data

Where?

Gmail

Threat detection in the post
-
perimeter world

User anomaly detection and application level visibility are critical

to identify inside threats

©
201
3

IBM Corporation

IBM Security Systems

20

$100B
Diversified
Corporation


Automating the policy monitoring and
evaluation process for configuration
change in the infrastructure

Predicting risks against
your business

Which assets are affected?

How should I prioritize them?

What are the details?

Vulnerability details, ranked
by risk score

How do I remediate the
vulnerability?

Pre
-
exploit Security Intelligence

Monitor the network for configuration and compliance risks,

and prioritize them for mitigation

©
201
3

IBM Corporation

IBM Security Systems

21

Unencrypted Traffic

IBM Security
QRadar

QFlow saw a cleartext service running on the Accounting server

PCI Requirement 4 states:

Encrypt transmission of cardholder data across open, public
networks

PCI compliance at
risk?

Real
-
time detection of
possible violation

Compliance Simplified

Out
-
of
-
the
-
box support for major compliance and regulatory standards

Automated reports, pre
-
defined correlation rules and dashboards

Industrial
Distributor


Real
-
time extensive monitoring of
network activity, in addition to PCI
mandates

Addressing regulatory
mandates

©
201
3

IBM Corporation

IBM Security Systems

22

Security intelligence at work: SIEM in action


Reliable, secure and scalable log data storage


Advanced security data correlation turning data into information


Advanced and easy to use rule based security event correlation engine to extract the
real

security offenses

2 Bn security records per day

25 security offenses per day

Data Activity

Servers & Mainframes

User Activity

Vulnerability & Threat

Configuration Info

Security Devices

Network & Virtual Activity

Application Activity

Security Devices

©
201
3

IBM Corporation

IBM Security Systems

23

Threat Protection & QRadar improve your visibility and prevention

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=


Networks


Servers


Endpoints


Applications


Scanners


Helps find threats other SIEMs might miss by combining Network Protection’s Protocol Analysis
Module signature analysis and
QRadar’s

anomaly detection capabilities


Enables immediate real
-
time threat awareness and powerful threat and offense prioritization
capabilities to establish definitive evidence of attack and visibility into all attacker
communications




Integrates X
-
Force security content


Outstanding coverage available within full SIEM solution or targeted Network Anomaly Detection
offering

Attacks, audits, status events
and vulnerabilities from
SiteProtector & IPS

Event
Correlation

Activity Baselining &
Anomaly Detection

Data Activity

Servers & Mainframes

User Activity

Vulnerability & Threat

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity

Security Devices

©
201
3

IBM Corporation

IBM Security Systems

25

zSecure & QRadar adds protection for mainframe environments

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=

Event
Correlation

Activity Baselining &
Anomaly Detection

Data Activity

Servers & Hosts

User Activity

Vulnerability & Threat

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity

Servers & Mainframes



System z



RACF



ACF2, Top Secret



CICS



DB2


Centralizes enterprise security view allowing identification and remediation of excess mainframe
access, threats and concerns


Strengthens mainframe security operations and helps improve protection for critical mainframe
environment


Triggers complex correlation of threats, insider fraud and business risk as easy to understand
“offenses” for further investigation and follow
-
ups


Stores event data in forensically secure database to address regulation mandates


Improves compliance reporting by simplifying audit and management efforts

Alerts, unauthorized log
-
ins, policy
violations, configuration changes, etc.
from zSecure Alert & zSecure Audit

©
201
3

IBM Corporation

IBM Security Systems

26

InfoSphere Guardium & QRadar protect your most sensitive data

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=



Databases



Data Warehouses


Hadoop

based
systems



File shares


Detects anomalistic behavior and malicious access to sensitive data


Focuses customers on key data access events coming from InfoSphere Guardium
while saving operational costs by not transmitting and storing insignificant events


Provides broader, enterprise network security context for InfoSphere Guardium
alerts and events helping identify advanced threats


Improves compliance reporting with automated data access reports

Event
Correlation

Activity Baselining &
Anomaly Detection

Database Activity

Servers & Mainframes

User Activity

Vulnerability & Threat

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity

Data Activity

In
-
depth data activity monitoring
and security insights from
InfoSphere Guardium

©
201
3

IBM Corporation

IBM Security Systems

27

Enhanced data protection:


Correlation with database activity



Collects and categorizes Guardium
events for easy searching, reporting
and correlation with other data



Correlates database activity with
QRadar network activity to detect
anomalous and suspicious behavior.
For example: Alert is issued when
multiple failed logins to a database
server are followed by a successful
login and accessing of credit card
tables, then followed by an FTP
upload to a questionable external site.


Database vulnerability sharing



Pulls database vulnerability data
from Guardium into QRadar Asset
Profiles to get more complete asset
data for databases.

Guardium and QRadar (Data Security Integration)



Identified Risk



Guardium logs



Database Vulnerability

Guardium Database
Monitoring & Vulnerability
Assessment

©
201
3

IBM Corporation

IBM Security Systems

28

AppScan & QRadar improve threat detection accuracy

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=


Web applications


Mobile applications


Web services


Desktop
applications


Strengthens threat detection and offense scoring capabilities


Correlates known application vulnerabilities with other real
-
time events and
alerts to elevate meaningful offenses


Enhances proactive risk management assessments by prioritizing critical
application vulnerabilities

Application vulnerability
assessments from AppScan

Event
Correlation

Activity Baselining &
Anomaly Detection

Data Activity

Servers & Mainframes

User Activity

Vulnerability & Threat

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity

Application Activity

©
201
3

IBM Corporation

IBM Security Systems

29

AppScan and QRadar (Application Security Integration)

AppScan Standard

(DAST desktop client)

AppScan Source

(SAST desktop client)

AppScan Enterprise Dynamic Analysis
Scanners (server
-
based DAST)

AppScan
Enterprise
Server

AppScan Enterprise
Web client



Identified Risk



Application Vulnerability

Promoting use of vulnerability :


Application vulnerability sharing



QRadar imports application
vulnerability data published by
AppScan on a regular basis.



QRadar shows vulnerability details
on Asset Profile (V7.1)


Correlation and alert



Enables QRadar to correlate
network and event activity with
application vulnerability, helping
determine the priority (ranks) of the
offenses and assess potential impact
of the attack.



initiate scanning from qradar



Sends alerts to AppScan
administrators

©
201
3

IBM Corporation

IBM Security Systems

30

Endpoint Manager & QRadar tighten endpoint security

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=

Event
Correlation

Activity Baselining &
Anomaly Detection

Data Activity

Servers & Mainframes

User Activity

Threat Intelligence

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity

Configuration Info


Servers


Clients


Mobile devices


POS, ATM, Kiosks


Increases vulnerability database accuracy improving offense and risk analytics to limit potential
offenses


Establishes baseline for endpoint states and improves alerting on variations to detect threats
other SIEMs might miss


Speeds remediation of discovered offenses using Endpoint Manager automation


Represents AV/DLP alerts within consolidated enterprise security view helping correlate
advanced threat activities


Improves compliance reporting with deep endpoint state data

Endpoint intelligence data
from Endpoint Manager

Application Activity

Vulnerability & Threat

©
201
3

IBM Corporation

IBM Security Systems

31

Tivoli Endpoint Manager and QRadar (Endpoint Security Integration)

Enforce

Evaluate

Publish

Report



Network asset data



Identified Risk

Tivoli Endpoint Manager



Fixlet status



Configuration



Vulnerability

Network & Endpoint Security Combined:


TEM


QRadar




TEM forwards endpoint
Fixlet

(policy) status
messages to
QRadar

for correlation.
(Shipping)



TEM exports endpoint configuration and
vulnerability data to
QRadar

to increase coverage
and accuracy of
QRadar

asset profiles.


QRadar



TEM



QRadar

exports network asset data to TEM,
allowing complete reporting on network devices.



QRM correlates assets, vulnerabilities,
configuration and network activities to identify
risky endpoints and export them as a group to
TEM for high priority analysis and remediation



Bidirectional



Closed
-
loop remediation workflows:
QRadar

detects vulnerable systems, forwards to TEM;
TEM executes remediation and sends update
back to
QRadar
.


©
201
3

IBM Corporation

IBM Security Systems

32

Identity & Access Management products & QRadar uncover malicious behaviors

Extensive Data Sources

Deep

Intelligence

Exceptionally Accurate and

Actionable Insight

+

=

Event
Correlation

Activity Baselining &
Anomaly Detection

Data Activity

Servers & Mainframes

User Activity

Vulnerability & Threat

Configuration Info

Offense
Identification

Security Devices

Network & Virtual Activity

Application Activity


User log
-
ins


Access rights


Group memberships


Provides ability to insert user names into reference sets used for writing
searches, reports, and rules


Improves ability to defend against insider threats involving privilege escalations
or inappropriate data access


Facilitates compliance reporting by pairing user identities with access to
sensitive data

Identity information and user
activity from IAM products

User Activity

©
201
3

IBM Corporation

IBM Security Systems

33

IAM and QRadar (Identity Security Integration)

Identity enriched security intelligence:


Technical features



Retrieves user identity data including ID
mapping (from an enterprise ID to multiple
application user IDs) and user attributes
(groups, roles, departments, entitlements).



Queries data (events, flows, offenses, assets)
relative to an enterprise user ID and mapped
application user IDs



Selects user identities for easy creation of
correlation rules



Reports on all the activities (using different
appliance user IDs) of an enterprise user


Use cases



Privileged user activity monitoring



Terminated employee access detection



Separation of duty violation detection



User account recertification



Ensuring appropriate access control setting



Backdoor access detection

Identity
Repository

Security Identity
Manager

Databases

Operating

Systems

Databases

Databases

Operating

Systems

Operating

Systems

Applications

Applications

Networks &

Phy sical Access



Identity mapping data
and user attributes



SIM/SAM Server logs



Application logs

©
201
3

IBM Corporation

IBM Security Systems

40

© 2012 IBM Corporation

40

Identity Management

©
201
3

IBM Corporation

IBM Security Systems

42

WHO
has ACCESS to
WHAT

and WHY??

People

Policy

Resources

Identity Management

©
201
3

IBM Corporation

IBM Security Systems

43

Who Users people who need access to resources.


Users can be internal or external to the organization.



Employees


Student


Customers


Business Partners


Citizens



The

Who

in Identity Management

Jane Doe’s

HR information

HR System

Name: Jane Doe

Dept: Accounting

Manager: John Smith

Address: 10 Main St.

Tel. No: 555
-
1212

Bus Role: Benefits Administrator

©
201
3

IBM Corporation

IBM Security Systems

44

The
What

in Identity Management


Examples of Resources:



Operating Systems

UNIX, Windows


Databases


DB2, Oracle




Applications


SAP, Lotus Notes


Directories


Active Directory


The user account generally consists of:


A userid


Password


Group or role assignments

AD: janedoe

UNIX: jdoe

RACF:
jd044595

What Accounts give people access to resources.

grant initial access

grant access/privileges

©
201
3

IBM Corporation

IBM Security Systems

45

How is
Access

granted …

and
Why


Policy defines who can access resources.


Policy is made up of membership and entitlements


Workflow and Approvals define the business process and ensure that the right
people are given the right access.


Policy Membership can be defined through Roles

Business Roles



collections of users by job function

Application Roles



collection of resources or entitlements.



Membership
-

Individual
vs

Group


Examples of group Membership: Active Directory group policies, SAP
authorizations

People
-

who

Policy

Resources
-

what

©
201
3

IBM Corporation

IBM Security Systems

47

Roles / Requests

IBM Security
Identity
Manager
(ISIM)

©
201
3

IBM Corporation

IBM Security Systems

48

Tivoli Identity Manager

Identity

change

(add/del/mod)

HR Systems/
Identity Stores

Approvals
gathered

Accounts
updated

Accounts on 70 different
types of systems managed.
Plus, In
-
House Systems &
portals

Databases

Operating

Sy stems

Databases

Databases

Operating

Sy stems

Operating

Sy stems

Applications

Applications

Networks &

Phy sical Access

Access
policy
evaluated

Detect and correct local privilege settings

Cost

Complexity

Compliance


Automate user privileges
lifecycle across entire IT
infrastructure


Match your workflow processes


Know the
people

behind
the accounts and
why

they
have the access they do


Fix non
-
compliant accounts

Automates
, audits, and remediates user access rights across your IT infrastructure


Reduce Cost


Self
-
service
password reset


Automated user
provisioning


Simplify
Complexity


Consistent security
policy


Quickly integrate
new users & apps


Address
Compliance


Closed
-
loop
provisioning


Access rights
audit & reports

IBM Security Identity Manager


How it works

©
201
3

IBM Corporation

IBM Security Systems

51

Application

Owner

Manager

Sending

Request

John Smith

Position

Approvers

Notification

Reminder

Acceptance

Notification

Automatic permission

grant

Delay

NEW EMPLOYEE PROCESS



HR

WORKFLOW

HR

System

Automatic permission

termination

ISIM
-

Workflow

©
201
3

IBM Corporation

IBM Security Systems

57

Ongoing
Operational
Labor

Publish
Service
Catalog

Define Coarse
Roles Plus
Optional Access

Define Role Based
Access Control
Model & Policies

User Initiates
Access
Request

Update to User
Attribute Initiates
Access Change

Major Changes
Automated,
Minor Ones
Requested

Approvals
Gathered

Periodic
Recertification

Access
Provisioned

Access Auto
Provisioned,
Approvals for
Exceptions

Recertify
Exceptions
Only

Automatic
Provisioning
and Rights
Verification

Investments

Policy
Design

ISIM


Role vs Request based access control

©
201
3

IBM Corporation

IBM Security Systems

59

Reconciliation

Who has access to what? Identify
orphan and dormant accounts


big
security exposures!

1

Reporting

Prove it. Show auditors who has
access to what and how they got it.

3

Recertification

Does this user still need this account
or access entitlement? Establish an
automated process for review and
enforcement.

2

R

E

A

L

I

T

Y

MATCH?

ISIM


Compliance

©
201
3

IBM Corporation

IBM Security Systems

60


Sample Operational Reports


Orphan Accounts Report


Dormant Accounts Report


Recertification Change History Report


Pending Recertification Report


Recertification Policies Report


Individual Access Report


Access Report


ISIM


Reporting

©
201
3

IBM Corporation

IBM Security Systems

61

Solving the Privileged Identity Management problem requires

going beyond traditional approaches
:

Requires solution to provide control, automation and accountability

of privileged account access

Each administrator has a User ID

on every system

Administrators share

privileged User IDs


Exponential increase in privileged
User IDs


Increased risk of mismanagement
of privileged User IDs


Increased
User ID
administration
costs



Risk of losing individual
accountability


Issues with password management
and security


Out of step with regulatory thinking

User ID

User ID

User ID

User ID

User ID

©
201
3

IBM Corporation

IBM Security Systems

62

© 2012 IBM Corporation

62

Enterprise Single Sign
-
On

©
201
3

IBM Corporation

IBM Security Systems

63

Users logging on to the same shared Windows account without
logging off applications!


policy/regulation violations!

Access to sensitive data

Complex

passwords

Impossible to remember

Need
much

quicker access

EMR


PACS
Imaging

HR Web

Mainframe

SAP

Lotus Notes

Java

Cloud

Access Management

©
201
3

IBM Corporation

IBM Security Systems

64

SECURITY

Virtual desktops and
applications accessed
ubiquitously are
protected by weak,
shared passwords

COSTS

Help
-
desk calls due
to forgotten
passwords can be
expensive

COMPLIANCE

Do you know which
nurse accessed
which critical patient
records from her
virtual desktop?

PRODUCTIVITY

Desktop and
application lockouts,
slow access to
applications hamper
productivity

Access Management challenges

©
201
3

IBM Corporation

IBM Security Systems

65


1 password

to sign
-
on to Windows, Windows applications, Web
applications, Java, Telnet, in
-
house developed and mainframe
applications, . . .


With no need to modify applications


Without modifying the directory used (Active Directory, etc.)


With automatic renewal for expired passwords


With Self
-
service if password is forgotten (no Help Desk call)


And with quick deployment and incremental ROI (that just got quicker!)

In fact, what if we simplified user access with single password access, while
strengthening security, saving costs and improving your compliance
posture?

. . . users only needed to remember
1 password
?

What if …

©
201
3

IBM Corporation

IBM Security Systems

66

STRENGTHEN

SECURITY

REDUCE

COSTS

INCREASE

PRODUCTIVITY

DEMONSTRATE

COMPLIANCE

Strong passwords

Strong Authentication

Fine
-
gained audit logs

Session Management

No Account Lockouts

Fast access to information

Fewer helpdesk calls

Save up to $25 per call!

IBM Security Access Manager for Single Sign
-
On
(ISAM ESSO)
-

Access Management solution

©
201
3

IBM Corporation

IBM Security Systems

67

TAM E
-
SSO enables
visibility

into user activity,
control

over access to business
assets, and
automation

of the sign
-
on process in order to drive value for our
clients.


Single sign
-
on


Supports strong authentication


Kiosk sharing


Password self service


Web
-
based administration


Browser
-
based remote access


User access tracking & audit


No change to the infrastructure

ISAM ESSO
-

Overview

©
201
3

IBM Corporation

IBM Security Systems

68

ISAM ESSO
-

Architecture

©
201
3

IBM Corporation

IBM Security Systems

70


Profiling

templates

for
applications


Windows


Java


Terminal


Mainfrafe

(
cursor
-
based
,
HLLAPI)


Wizard


Sign

On


Sign

Off


Password

Change


Advanced
profiles


Ability

to test
profiles


Simple and
quick

implementation


Automatic
profiles

for:


Windows Explorer, Internet
Explorer


Web
based

applications


GINA, RDP

ISAM ESSO


Access Studio

©
201
3

IBM Corporation

IBM Security Systems

74


End
user

activity

tracking


Configuration

change



Corporation

application

access

tracking


Own

events

tracking


Sample

audit

data


Sign

On/
Sign

Off


Password

Change


2FA


Offline

access


Integration with
external

reporting

tools

ISAM ESSO


Audit and Tracking

©
201
3

IBM Corporation

IBM Security Systems

75


Support

for:


Passive

RFID (
Mifare
, HID
iClass
)


Active RFID (
Xyloc
)


Tokens

(Vasco,
Authenex
)


USB
Key

(
DigiSafe
,
Charismathics
)


MobileAccessCode


SMS


E
-
mail


Sonar


Biometrics

(UPEK,
DigitalPersona
)


Support

for :


Sign

On to system


Sign

On to
application


Sign

Off

USB Key

ACTIVE

RFID

TOKEN
S

SMS

E
-
MAIL

SONAR

BIOMETRIC

ISAM ESSO


2FA

©
201
3

IBM Corporation

IBM Security Systems

78


Logins

and
passwords

generated

by ISIM
are

pushed

to SAMESSO End User


Wallet

automaticaly

updated

during

password

change


Blocking

wallet

for End User from ISIM
interface


Support

for ISIM 4.6, 5.0, 5.1, 5.2


ISAM ESSO


ISIM Integration

©
201
3

IBM Corporation

IBM Security Systems

80

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved.
The information contained in these materials is provided for informational purposes only, and is
provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of

th
e use of, or otherwise related to,
these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties
or
representations from IBM or its
suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM so
ftw
are. References in these materials
to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Prod
uct

release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors,

an
d are not intended to be a
commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are
tra
demarks of the International
Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be

tr
ademarks or service marks of
others.


Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, dete
cti
on and response to improper
access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappr
opr
iated or can result in damage to
or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no
sin
gle product or security measure
can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensiv
e s
ecurity approach, which will
necessarily involve additional operational procedures, and may require other systems, products or services to be most effecti
ve.

IBM DOES NOT WARRANT
THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.