Identity intelligence: Threat-aware Identity and Access Management


Published on

Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners"

Russell Tait, Prolifics

Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Chevron - 2 billion log and events per day reduced to 25 high priority offenses. Automating the policy monitoring and evaluation process for configuration changes in the infrastructure. Real-time monitoring of all network activity, in addition to PCI mandates

  • QRadar now supports integrations with our IAM solution beyond SIM/SAM logs.
    Qradar has built in uses cases for retrieving identity data for use cases such as privileged user activity monitoring and terminated employee access detection, to name just a couple.
  • Identity intelligence: Threat-aware Identity and Access Management

    1. 1. CONNECT WITH US: IT: Customized to Your Advantage Identity Intelligence THREAT-AWARE IDENTITY AND ACCESS MANAGEMENT RUSSELL TAIT Practice Director, Security Public | Copyright © 2014 Prolifics
    2. 2. CONNECT WITH US:  Insider incidents cost companies an average of $750,000 per year – Employees, contractors, partners exploiting weak identity controls  Insider negligence, rather than malicious behavior is often the cause – Shared passwords, weak passwords, passwords on Post-its Source: IBM and Ponemon Survey of 265 C-Level Executives, Feb 2012, “The Source of Greatest Risk to Sensitive Data” Insider Breaches Are On The Rise 2Public | Copyright © 2014 Prolifics
    3. 3. CONNECT WITH US: IT Security’s Dirty Secret Network & Perimeter Internal & Web Access Security Threats & Security Spending Are Unbalanced % of Attacks % of Dollars 75% 10% 25% 90% Security Damage Security Spending of All Damaging Attacks on Information Security Originate from Inside Trusted Boundaries75% 3Public | Copyright © 2014 Prolifics
    4. 4. CONNECT WITH US: Security Analytics Is Maturing What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization and analytics of the data generated by systems, applications and infrastructure that impacts the IT security and risk posture of an enterprise. What is Identity Intelligence? Identity Intelligence --noun 1. the actionable insight to manage risks and threats from user activity. The application of analytical monitoring to entitlements, policies, and access events, in the context of identity risk profiles. 4Public | Copyright © 2014 Prolifics
    5. 5. CONNECT WITH US: Identity/Access to Identity Intelligence Future: Assurance  Security management  Content driven  Dynamic, context-based  Real-time, actionable alerting Today: Administration  Operational management  Compliance driven  Static, Trust-based  Reporting/Monitoring is forensic Monitor Everything 5Public | Copyright © 2014 Prolifics
    6. 6. CONNECT WITH US: Traditional SIEM Provides Identity Intelligence Adds What When Who Activities Results Behaviors What was done Is it OK for THIS user? Is this user who I think it is? Outside bad guys Inside careless guys Inside guys doing bad things Identity Intelligence Provides Human Context 6Public | Copyright © 2014 Prolifics
    7. 7. CONNECT WITH US: Extensive Data Sources Deep Intelligence Exceptionally Accurate and Actionable Insight+ = High Priority Offenses Event Correlation Activity Baselining & Anomaly Detection Offense Identification Database Activity Servers & Hosts User Activity Vulnerability Info Configuration Info Security Devices Network & Virtual Activity Application Activity  Detecting threats  Consolidating data silos  Detecting insider fraud  Predicting risks against your business  Addressing regulatory mandates Security Intelligence: Integrating Across IT Silos 7Public | Copyright © 2014 Prolifics
    8. 8. CONNECT WITH US: Identity enriched security intelligence:  Technical features – Retrieves user identity data including ID mapping (from an enterprise ID to multiple application user IDs) and user attributes (groups, roles, departments, entitlements). – Queries data (events, flows, offenses, assets) relative to an enterprise user ID and mapped application user IDs – Selects user identities for easy creation of correlation rules – Reports on all the activities (using different appliance user IDs) of an enterprise user  Use cases – Privileged user activity monitoring (V7.2) – Terminated employee access detection – Separation of duty violation detection – User account recertification – Ensuring appropriate access control setting – Backdoor access detection Identity Repository C/C ++ appl s Oth er Security Access Manager for eBusiness Security Identity Manager Databases Operating Systems DatabasesDatabases Operating Systems Operating Systems ApplicationsApplications Networks & Physical Access • Identity mapping data and user attributes • SIM/SAM Server logs • Application logs QRadar – IAM Integration 8Public | Copyright © 2014 Prolifics
    9. 9. CONNECT WITH US: QRadar Rules Engine New Rules Engine tests query Reference Sets and Maps : 9Public | Copyright © 2014 Prolifics
    10. 10. CONNECT WITH US: Contact US 10 310.748.2457 Public | Copyright © 2014 Prolifics