Identity & Access Management Congres, HeliviewAndré van Winssen, 28 mei 2013SIEM & IAM
2Who am I• André van Winssen• 20+ years in IT• Oracle and Security consultant• Sometimes too involved in application proje...
Company profile• Actief vanaf 1991• Financieel gezond• 95 medewerkers• + 100 projecten succesvol• + 1000 jr Oracle en Java...
4• The Changing Enterprise Security Model• Current IT initiatives
5SIEM• SIM - Security Information Management– Analysis & compliance reporting of log data– Long term storage of this infor...
6SIEM strength• User activity• Access monitoring• Collection of critical log data• Identification of IS threats & response...
7IAM• Identity Access Management• Initiate, capture, record, manage– User identities– Access permissions• IAM Policy descr...
8IAM strength• Acces control– Applications & Data• Entitlement management– Fine-grained access to• Structured/unstructured...
9Technology integration• SIEM consumes IAM data– For exception monitoring it needs some IAM policy context• IAM consumes S...
10Technology integration• Self-integrated– Enterprise Integrated– Combine best of breed– a point solution• Vendor integrat...
11Oracle• Where is Oracle in SIEM-IAM integration?– Ad hoc interfacing IAM audit data with SIEM• FMW audit framework• Data...
12Q & A
SIEM & IAM
Upcoming SlideShare
Loading in …5
×

SIEM & IAM

871 views
683 views

Published on

Deze presentatie gaat over de integratie van SIEM (Security Incident en Event Management) en IAM (Identity en Access Management). SIEM geeft inzicht in de activiteiten van gebruikers, maar ontbeert de kennis van access en entitlement policies om beveiligingsincidenten in hun context te kunnen plaatsen. IAM heeft juist veel kennis van access en entitlement policies maar biedt geen goed inzicht in de daadwerkelijke activiteiten van gebruikers. Een goede integratie van deze twee technologieën stelt SIEM in staat de juiste exception monitoring te doen en IAM om op basis van handelingen van gebruikers Access en Entitlement Policies scherper bij te stellen en af te dwingen.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
871
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SIEM & IAM

  1. 1. Identity & Access Management Congres, HeliviewAndré van Winssen, 28 mei 2013SIEM & IAM
  2. 2. 2Who am I• André van Winssen• 20+ years in IT• Oracle and Security consultant• Sometimes too involved in application projects– but then I don’t mind
  3. 3. Company profile• Actief vanaf 1991• Financieel gezond• 95 medewerkers• + 100 projecten succesvol• + 1000 jr Oracle en Java kennis• 3 ACE Directors en 2 ACEs aan boord• 2 Agile Masters• Oracle Platinum partner– Database - BPM– SOA - OEM– ADF - Webcenter
  4. 4. 4• The Changing Enterprise Security Model• Current IT initiatives
  5. 5. 5SIEM• SIM - Security Information Management– Analysis & compliance reporting of log data– Long term storage of this information• SEM - Security Event Management– Real-time analysis, monitoring & notification– Networks, security-devices, systems, applications, databases• SIEM - Security Information & Event Management– Compliance– Threat Management– Incident Response
  6. 6. 6SIEM strength• User activity• Access monitoring• Collection of critical log data• Identification of IS threats & responses• Broad based monitoring of security events
  7. 7. 7IAM• Identity Access Management• Initiate, capture, record, manage– User identities– Access permissions• IAM Policy describes– How to Authenticate– Authorizations– What to Audit
  8. 8. 8IAM strength• Acces control– Applications & Data• Entitlement management– Fine-grained access to• Structured/unstructured data, devices & services• User and role provisioning– Provision & deprovision– Role engineering/role mining• Context based– Circumstantial factors (time, IP, application)
  9. 9. 9Technology integration• SIEM consumes IAM data– For exception monitoring it needs some IAM policy context• IAM consumes SIEM data– Adjust access when SIEM detects abuse of privileges• Security intelligence
  10. 10. 10Technology integration• Self-integrated– Enterprise Integrated– Combine best of breed– a point solution• Vendor integrated– Platform approach– Burden of integration to vendor– More value for money
  11. 11. 11Oracle• Where is Oracle in SIEM-IAM integration?– Ad hoc interfacing IAM audit data with SIEM• FMW audit framework• Database auditing• Oracle API gateway• Oracle Platform Security Services• Oracle Database Firewall Integration with Arcsight SIEM• Adaptive Access management• real-time (online) and batch (offline) risk analytics• Automated behavioral profiler• Configurable decision engine (for non-IT personnel)• Device fingerprinting
  12. 12. 12Q & A

×