IBM Security, profile picture
Uploaded byIBM Security
PPT, PDF1,633 views

In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Access to Critical Business Resources?

IBM Security Access Manager provides threat-aware identity and access management for securing access across multiple perimeters. It delivers intelligent identity and access assurance, safeguards mobile, cloud, and social interactions, and simplifies identity silos and cloud integrations. The solution uses risk-based adaptive authentication and authorization, integrated threat protection, and identity and access assurance capabilities to prevent insider threats and identity fraud in a multi-perimeter environment.

Embed presentation

Downloaded 25 times
© 2013 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation In today’s complex multi-perimeter world… are you doing enough to secure your critical business resources? IBM Security Access Manager Satyakam Jyotiprakash Market Manager, WW Security – Access Management satyakam.j@in.ibm.com Jason Keenaghan Senior Product Manager – IBM Security Access Manager jkeenagh@us.ibm.com March 12, 2014
© 2014 IBM Corporation IBM Security Systems 2 Business demands are leading to unprecedented security concerns Business Transformations mobile, cloud and social interactions Bring-your-own-device Popularity of BYOD programs Evolving Threats Targeted attacks are the new norm Compliance Mandates are increasing Strong business demands to access corporate resources anytime/anywhere through mobile devices, deploy cloud delivery models and interact via social media With the increasing popularity of bring-your-own-device (BYOD) programs, employees, contractors and business partners also use their own devices within the workplace As IBM XForce continues to see operationally sophisticated attacks, it is critical to check unauthorized access to sensitive data/applications and fraudulent execution of sensitive transactions Insights into user and application behavior especially in mobile devices is required to enhance security controls. Also, need context-based policy enforcement across B2E and B2C use cases
© 2014 IBM Corporation IBM Security Systems 3 Security is only as strong as its weakest link – People of scam and phishing incidents are campaigns enticing users to click on malicious links 55% Criminals are selling stolen or fabricated accounts Social media is fertile ground for pre-attack intelligence gathering Source: IBM X-Force® Research 2013 Trend and Risk Report Mobile and Cloud momentum continues to break down the traditional perimeter and forces us to look at security differently Mobile and Cloud momentum continues to break down the traditional perimeter and forces us to look at security differently Threat-aware Identity and Access Management become the key line of defense of the multiple perimeters Threat-aware Identity and Access Management become the key line of defense of the multiple perimeters
© 2014 IBM Corporation IBM Security Systems 4 Landscape of Identity & Access Management market is evolving By 2020, 70% of enterprises will use attribute-based access control as the dominant mechanism to protect critical assets ... ... and 80% of user access will be shaped by new mobile and non-PC architectures that service all identity types regardless of origin.1 With the growing adoption of mobile, adaptive authentication & fine-grained authorization, traditional Web Access Management is being replaced by a broader “access management.”1 A clear need exists in the market for a converged solution2 that is able to With the growing adoption of mobile, adaptive authentication & fine-grained authorization, traditional Web Access Management is being replaced by a broader “access management.”1 A clear need exists in the market for a converged solution2 that is able to provide or Predicts 2014: Identity and Access Management, November 26, 2013 MarketScope for Web Access Management, November 15, 2013 er, Predictions 2014: Identity and Access Management, January 7, 2014
© 2014 IBM Corporation IBM Security Systems 5 Fundamental Shift around Identity & Access Management The Current Enterprise The New Hybrid Enterprise Focus: Assurance • Security management • Business driven • Dynamic, context-based Focus: Administration • Operational management • Compliance driven • Static, trust-based Identity Management is centralized & internal Identity Management is decentralized and external Organizations are evolving the IAM controls for a Multi-Perimeter World
© 2014 IBM Corporation IBM Security Systems 6 Need for securing identities as a new perimeter with threat-aware Identity and Access Management Deliver intelligent identity and access assurance Deliver intelligent identity and access assurance Safeguard mobile, cloud and social interactions Safeguard mobile, cloud and social interactions Simplify identity silos and cloud integrations Simplify identity silos and cloud integrations Prevent insider threat and identity fraud Prevent insider threat and identity fraud • Validate “who is who” when users connect from outside the enterprise • Enforce proactive access policies on cloud, social and mobile collaboration channels • Manage shared access inside the enterprise • Defend applications and access against targeted web attacks and vulnerabilities • Provide visibility into all available identities within the enterprise • Unify “Universe of Identities” for security management • Enable identity management for the line of business • Enhance user activity monitoring and security intelligence across security domains
© 2014 IBM Corporation IBM Security Systems 7 Prevent insider threat and identity fraud Simplify identity silos and cloud integrations Summary of IBM’s Identity and Access Management capabilities Access Manager for Web Privileged Identity Manager Trusteer * Federated Identity Manager Directory Integrator & Server Soft Layer * Safeguard mobile, cloud and social interactions Access Manager for Mobile Access Manager for ESSO Worklight * Deliver intelligent identity and access assurance Identity Manager Identity and Access Assurance QRadar * * Offerings integrate with IBM IAM solutions for comprehensive end-to-end security
© 2014 IBM Corporation IBM Security Systems 8 Prevent insider threat and identity fraud Simplify identity silos and cloud integrations Access Manager for Web Features •Centralized Authentication •Centralized Session •Management •Centralized coarse-grained Authorization •Web SSO •Web App Firewall Federated Identity Manager Features: •Federated SSO •Identity Mediation •Secure Token Service •User Self Care •Delegated Authorization Safeguard mobile, cloud and social interactions Access Manager for Mobile Features: •Context-based Access •Strong Authentication •Identity-aware Mobile Application / Device Registration Details on key IBM Security Access Management products Delivers core capabilities for People, Data, and Application areas Focus of this webinar
© 2014 IBM Corporation IBM Security Systems 9 Guiding Principles for Simplifying Access Management with IBM
© 2014 IBM Corporation IBM Security Systems 10 More Rapidly Respond to Emerging Threats & Security Requirements  User-centric GUI for authoring comprehensive risk based policies that can be attached to multiple applications  SDK to integrate with 3rd party authentication vendors to leverage your existing investment  Highly Scalable Virtual and HW appliances reduce TCO of solution  User-centric GUI for authoring comprehensive risk based policies that can be attached to multiple applications  SDK to integrate with 3rd party authentication vendors to leverage your existing investment  Highly Scalable Virtual and HW appliances reduce TCO of solution IBM Security Access Manager Appliance form factor enables faster time to value with intuitive user experience and consistent policy enforcement across multiple applications & channels
© 2014 IBM Corporation IBM Security Systems 11  Enable secure access to web and mobile applications with SSO, session management and built-in support for IBM Worklight  Protect web and mobile applications against common attack vectors including the OWASP Top 10 web application risks with integrated X-Force threat protection  Enforce context-aware access with mobile device fingerprinting, geo-location awareness, IP Reputation and integration with Trusteer Mobile SDK  Enhance security intelligence and compliance through integration with QRadar Security Intelligence  Reduce TCO and time to value with an “all-in-one” access appliance that allows flexible deployment of web and mobile capabilities as needed IBM Security Access Manager IBM Security Access Manager 8.0 “All-in-one” access management powered by X-Force, Trusteer and QRadar
© 2014 IBM Corporation IBM Security Systems 12 Consumer / Employee Applications Manage consistent security policiesConsumers Employees BYOD Security Team Application Team DataApplications On/Off-premise Resources Cloud Mobile Internet IBM Security Access Manager IBM Security Access Manager for Web Web Single Sign-On and session management Web Application Protection (Firewall) Highly-scalable Reverse Proxy Policy Server Coarse-grained Authorization IBM Security Access Manager for Mobile Mobile Single Sign-On and session management Authentication service with built-in OTP support Context-, Risk-based Access (RBA) Trusteer Mobile SDK / Secure Browser integration Worklight integration for risk-based access enforcement Modular Feature Design Offers Secure Access with Graded Trust Virtual appliances for deployment flexibility Physical appliances for hardware performance & security
© 2014 IBM Corporation IBM Security Systems 13 1 Embedded Threat Protection for Web & Mobile 2 Integrated Security Intelligence 3 Protection from High Risk Mobile Devices 4 Built-in Identity Assurance for IBM Worklight 5 Modular Access Management Platform Tolly Group evaluation validates that ISAM for Web is able to effectively protect against 100% of OWASP Top 10 web application risks while maintaining high performance and scalability As the centralized policy enforcement point for all Web-based access, ISAM generates actionable events for QRadar SIEM that enable clients to stay ahead of threats and demonstrate regulatory compliance Out-of-the-box consumption of Trusteer Mobile SDK and Secure Browser context data enables users to create comprehensive access policies that include fraud and malware detection without modifying applications Built-in support to seamlessly authenticate and authorize users of Worklight developed mobile applications and provide additional value-add with context based access enforcement Consolidated platform allows both Web and Mobile capabilities to be licensed as needed, including flexible deployment options with both physical and virtual appliance form factors IBM Security Access Manager 8.0 - Innovative and Differentiating IAM Capabilities Empowering clients to more easily deliver end-to-end security solutions to mitigate the risks associated with a diverse set of Web, Mobile and Cloud applications
© 2014 IBM Corporation IBM Security Systems 14 IBM Security Access Manager for Web Key Highlights Native 64 bit support for improved scalability Web Reverse-proxy Virtual Appliance for fast time to value Integrated front end load balancer and web threat protection provided with virtual appliance Multiple authorization server support and high availability for policy servers Integration with QRadar Security Intelligence platform Improved policy-driven security to enforce compliance NIST compliant Enterprise or External Users Web Applications (e.g. Microsoft, SAP, Java, .NET) Web SSO ISAM for Web QRadar SIEM Benefits Reduce operational cost and strengthen access control Highly scalable to support external user access and demonstrate compliance across heterogeneous IT environment Flexible, rich integration with 3rd party applications and strong authentication vendors Simplifies managing and enforcing user access to corporate applications and help demonstrate compliance
© 2014 IBM Corporation IBM Security Systems 15 Improved Availability, Scalability and Appliance Utilization Embedded load balancing & session caching reduces overall infrastructure needs Layer 7 Load Balancing Distributed Session Cache • New application layer load balancing option (Layer 7) removes the need to have dedicated ISAM appliance to distribute load across the cluster • Reduce cost and more rapidly deploy clustered solution with embedded session cache, no longer requiring a separate session management server • Improved testing and validation of web protection policies in simulation mode with X-Force Protocol Analysis Module (PAM)
© 2014 IBM Corporation IBM Security Systems 16 IBM Security Access Manager for Mobile  Deploy mobile security gateway for user access based on risk-level (e.g. permit, deny, step-up authenticate)  Built-in Risk scoring engine using user attributes and real-time context (e.g. location, device)  Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication vendors, as needed  Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes from the device and user session  Deploy mobile security gateway for user access based on risk-level (e.g. permit, deny, step-up authenticate)  Built-in Risk scoring engine using user attributes and real-time context (e.g. location, device)  Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication vendors, as needed  Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes from the device and user session How ISAM for Mobile Can HelpHow ISAM for Mobile Can Help SSO Enterprise Applications/Data User accesses data from inside the corporate network11 User is only asked for User Id and Password to authenticate22 Corporate NetworkCorporate Network User accesses confidential data from outside the corporate network33 User is asked for User Id /Password and OTP based on risk score44 Outside the Corporate NetworkOutside the Corporate Network Audit Log Audit Log Strong Authentication Access Manager for Mobile Deliver mobile SSO and session management for employees, partners and consumer interactions across the enterprise
© 2014 IBM Corporation IBM Security Systems 17 Enforce risk-based access and strong authentication for transactions Reduce risk associated with mobile user and service transactions Example: transactions less than $100 are allowed with no additional authentication User attempts transfer of amount greater than $100 – requires an OTP for strong authentication Reduce risk associated with mobile user and service transactions Example: transactions less than $100 are allowed with no additional authentication User attempts transfer of amount greater than $100 – requires an OTP for strong authentication User attempts high-value transaction Strong authentication challenge Transaction completes
© 2014 IBM Corporation IBM Security Systems 18 Simplify the Creation of Mobile-Centric Security Policies Streamlined user experience enables rapid deployment of complex access policies • ISAM for Mobile offers new easy-to-use visual editor for creating reusable multi factor authentication policies - Out of the box MFA policies including TOTP, HOTP, etc. - Create custom auth policies • Extensible policy information points (PIPs) make it easier to include external data as part of context based access (CBA) decisions • REST (XML/JSON) • JavaScript PIP Java Script PIP REST
© 2014 IBM Corporation IBM Security Systems 19 Easier Fraud & Malware Detection with ISAM for Mobile and Trusteer Attach Trusteer context-based policy to any app resources with no code updates Mobile SDK Secure Browser • Out-of-the-box recognition of Trusteer- specific attributes being included in request messages from Secure Browser and Mobile SDK - Device attributes - Malware - Jailbroken / rooted • Author reusable policies that can be attached to multiple applications • Enforce consistent fraud & malware detection policies without updating the apps
© 2014 IBM Corporation IBM Security Systems 20 Summary  IBM Security Access Manager “all-in-one” appliance delivers threat-aware access management for Web, Mobile and Cloud – Modular platform delivery across physical and virtual appliances provides ultimate flexibility – Start with one security use case and grow to meet evolving business demands, and leverage existing technology investment  Out-of-the-box integrations with a broad range of IBM Security and other IBM software products – Provides unmatched end-to-end security for Web, Mobile and Cloud – Proven and certified integrations reduce cost, risk and time to value  IBM Security Access Manager “all-in-one” appliance delivers threat-aware access management for Web, Mobile and Cloud – Modular platform delivery across physical and virtual appliances provides ultimate flexibility – Start with one security use case and grow to meet evolving business demands, and leverage existing technology investment  Out-of-the-box integrations with a broad range of IBM Security and other IBM software products – Provides unmatched end-to-end security for Web, Mobile and Cloud – Proven and certified integrations reduce cost, risk and time to value IBM Security Access Manager 8.0
© 2014 IBM Corporation IBM Security Systems 21 North American entity secures user access from mobile and web channels 10,000 internal users by end of 2013 Securing mobile identities An international banking organization targeting mobile user access for employees and end users Safeguard mobile, cloud and social interactions Mobile Users Web & Mobile Apps Any Device Business challenge  Secure employees and contractors access to web and mobile apps  Rollout new mobile apps; ensure end user access from mobile devices  Eliminate passwords as a weak link to enforce access to web and mobile Solution benefits  Centralized user access control across web and mobile channels consistently  Reduced IT cost with self-care, single sign-on and session management  Introduced risk-based access and multi-factor authentication for 10M+ users
© 2013 IBM Corporation IBM Security Systems 22 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

More Related Content

PPTX
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
byIBM Security
 
PDF
IBM Security Identity and Access Management - Portfolio
byIBM Sverige
 
PDF
Privileged Access Manager Product Q&A
byHitachi ID Systems, Inc.
 
PDF
IBM Security Identity & Access Manager
byIBM Sverige
 
PDF
IBM - IAM Security and Trends
byIBM Sverige
 
PPTX
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
byIBM Sverige
 
PPTX
5 reasons your iam solution will fail
byIBM Security
 
PDF
Overview of Identity and Access Management Product Line
byNovell
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
byIBM Security
 
IBM Security Identity and Access Management - Portfolio
byIBM Sverige
 
Privileged Access Manager Product Q&A
byHitachi ID Systems, Inc.
 
IBM Security Identity & Access Manager
byIBM Sverige
 
IBM - IAM Security and Trends
byIBM Sverige
 
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
byIBM Sverige
 
5 reasons your iam solution will fail
byIBM Security
 
Overview of Identity and Access Management Product Line
byNovell
 

What's hot

PPTX
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
byIBM Sverige
 
PDF
Identity Governance: Not Just For Compliance
byIBM Security
 
PPTX
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
byIBM Security
 
PPT
Identity and Access Management Reference Architecture for Cloud Computing
byJohn Bauer
 
PDF
VMware Workspace One
byJürgen Ambrosi
 
PPTX
Identity and Access Management (IAM)
byIdentacor
 
PPTX
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
byGlobal Business Events
 
PPTX
Privileged Access Management (PAM)
bydanb02
 
PDF
The Year the Internet Fell Apart
byIBM Security
 
PPTX
Identity Governance Solutions
byNitai Partners Inc
 
PDF
Open day competenze digitali boverino v-mware intro
byRedazione InnovaPuglia
 
PPTX
IBM Endpoint Manager for Software Use Analysis (Overview)
byKimber Spradlin
 
PDF
MMS 2015: What is ems and how to configure it
byPeter Daalmans
 
PDF
Enhancing your mobile enterprise security with ibm worklight tips
bybupbechanhgmail
 
PPTX
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...
byJürgen Ambrosi
 
PDF
IDENTITY ACCESS MANAGEMENT
byProf. Jacques Folon (Ph.D)
 
PDF
Identity & Access Management by K. K. Mookhey
byNetwork Intelligence India
 
PPTX
Getting started with the Enterprise Mobility Suite (EMS)
byRonni Pedersen
 
PDF
SailPoint - IdentityNow Identity Governance
byArijan Horvat
 
PDF
Identity and Access Management 101
byJerod Brennen
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
byIBM Sverige
 
Identity Governance: Not Just For Compliance
byIBM Security
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
byIBM Security
 
Identity and Access Management Reference Architecture for Cloud Computing
byJohn Bauer
 
VMware Workspace One
byJürgen Ambrosi
 
Identity and Access Management (IAM)
byIdentacor
 
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
byGlobal Business Events
 
Privileged Access Management (PAM)
bydanb02
 
The Year the Internet Fell Apart
byIBM Security
 
Identity Governance Solutions
byNitai Partners Inc
 
Open day competenze digitali boverino v-mware intro
byRedazione InnovaPuglia
 
IBM Endpoint Manager for Software Use Analysis (Overview)
byKimber Spradlin
 
MMS 2015: What is ems and how to configure it
byPeter Daalmans
 
Enhancing your mobile enterprise security with ibm worklight tips
bybupbechanhgmail
 
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...
byJürgen Ambrosi
 
IDENTITY ACCESS MANAGEMENT
byProf. Jacques Folon (Ph.D)
 
Identity & Access Management by K. K. Mookhey
byNetwork Intelligence India
 
Getting started with the Enterprise Mobility Suite (EMS)
byRonni Pedersen
 
SailPoint - IdentityNow Identity Governance
byArijan Horvat
 
Identity and Access Management 101
byJerod Brennen
 

Viewers also liked

PPTX
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
byForgeRock
 
PPT
The Gartner IAM Program Maturity Model
bySarah Moore
 
PDF
World cloud identity access management
byAllied Market Research
 
PDF
Identity and Access Management and electronic Identities _ Belgian Federal Go...
byE-Government Center Moldova
 
PDF
Securing Your Cloud Applications
byIBM Security
 
PDF
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
byCA API Management
 
PPTX
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
byForgeRock
 
PDF
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
PDF
Mastering Digital Channels with APIs
byCA API Management
 
PDF
The Architecture of an API Platform
byJohannes Ridderstedt
 
PDF
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
byCA API Management
 
PDF
Are ESBs Relevant in the Age of Microservices?
byApigee | Google Cloud
 
PDF
Api architectures for the modern enterprise
byCA API Management
 
PPTX
Architecture for the API-enterprise
byApigee | Google Cloud
 
PDF
Open Source Identity Integration with OpenSSO
byelliando dias
 
PPTX
Single Sign On Considerations
byVenkat Gattamaneni
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
byForgeRock
 
The Gartner IAM Program Maturity Model
bySarah Moore
 
World cloud identity access management
byAllied Market Research
 
Identity and Access Management and electronic Identities _ Belgian Federal Go...
byE-Government Center Moldova
 
Securing Your Cloud Applications
byIBM Security
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
byCA API Management
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
byForgeRock
 
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
Mastering Digital Channels with APIs
byCA API Management
 
The Architecture of an API Platform
byJohannes Ridderstedt
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
byCA API Management
 
Are ESBs Relevant in the Age of Microservices?
byApigee | Google Cloud
 
Api architectures for the modern enterprise
byCA API Management
 
Architecture for the API-enterprise
byApigee | Google Cloud
 
Open Source Identity Integration with OpenSSO
byelliando dias
 
Single Sign On Considerations
byVenkat Gattamaneni
 

Similar to In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Access to Critical Business Resources?

PDF
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
byIBM Security
 
PPT
MDM is not Enough - Parmelee
byProlifics
 
PPTX
Are We There Yet? The Path Towards Securing the Mobile Enterprise
byIBM Security
 
PDF
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
byIBM Danmark
 
PPTX
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
byIBM Security
 
PDF
Rochester Security Event
bycalebbarlow
 
PPTX
IBM Security Portfolio - 2015
byIBM Thailand Co Ltd
 
PPTX
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
PDF
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
byIBM Security
 
PDF
2015 Mobile Security Trends: Are You Ready?
byIBM Security
 
PPTX
Take your SOC Beyond SIEM
byThomas Springer
 
PDF
Information Risk and Protection
byxband
 
PDF
Best practices for mobile enterprise security and the importance of endpoint ...
byChris Pepin
 
PDF
Tecnologie a supporto dei controlli di sicurezza fondamentali
byJürgen Ambrosi
 
PDF
Ibm mobile first protect (maas360)
bygule mariam
 
PDF
Secure Identity: The Future is Now
byLane Billings
 
PPTX
Are You Ready to Move Your IAM to the Cloud?
byIBM Security
 
PDF
Simple and secure mobile cloud access
byAGILLY
 
PPTX
Smart Identity for the Hybrid Multicloud World
byKatherine Cola
 
PDF
8 Principales Raisons de Passer du MDM à l'EMM
byAGILLY
 
Surviving the Mobile Phenomenon: Securing Mobile Access with Risk-Based Authe...
byIBM Security
 
MDM is not Enough - Parmelee
byProlifics
 
Are We There Yet? The Path Towards Securing the Mobile Enterprise
byIBM Security
 
Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...
byIBM Danmark
 
IBM Mobile Security: A Comprehensive Approach to Securing and Managing the Mo...
byIBM Security
 
Rochester Security Event
bycalebbarlow
 
IBM Security Portfolio - 2015
byIBM Thailand Co Ltd
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
byIBM Security
 
2015 Mobile Security Trends: Are You Ready?
byIBM Security
 
Take your SOC Beyond SIEM
byThomas Springer
 
Information Risk and Protection
byxband
 
Best practices for mobile enterprise security and the importance of endpoint ...
byChris Pepin
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
byJürgen Ambrosi
 
Ibm mobile first protect (maas360)
bygule mariam
 
Secure Identity: The Future is Now
byLane Billings
 
Are You Ready to Move Your IAM to the Cloud?
byIBM Security
 
Simple and secure mobile cloud access
byAGILLY
 
Smart Identity for the Hybrid Multicloud World
byKatherine Cola
 
8 Principales Raisons de Passer du MDM à l'EMM
byAGILLY
 

More from IBM Security

PPTX
Automation: Embracing the Future of SecOps
byIBM Security
 
PDF
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
byIBM Security
 
PDF
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
byIBM Security
 
PPTX
Integrated Response with v32 of IBM Resilient
byIBM Security
 
PDF
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
byIBM Security
 
PDF
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
byIBM Security
 
PDF
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
PDF
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
byIBM Security
 
PPTX
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
byIBM Security
 
PPTX
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
PPTX
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
byIBM Security
 
PPTX
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
byIBM Security
 
PDF
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
PPTX
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
PPTX
IBM QRadar UBA
byIBM Security
 
PDF
Mobile Vision 2020
byIBM Security
 
PDF
Retail Mobility, Productivity and Security
byIBM Security
 
PDF
Close the Loop on Incident Response
byIBM Security
 
PDF
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
PPTX
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
byIBM Security
 
Automation: Embracing the Future of SecOps
byIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
byIBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
byIBM Security
 
Integrated Response with v32 of IBM Resilient
byIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
byIBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
byIBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
byIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
byIBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
byIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
byIBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
byIBM Security
 
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
byIBM Security
 
IBM QRadar UBA
byIBM Security
 
Mobile Vision 2020
byIBM Security
 
Retail Mobility, Productivity and Security
byIBM Security
 
Close the Loop on Incident Response
byIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
byIBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
byIBM Security
 

Recently uploaded

PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
December Patch Tuesday
byIvanti
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The year in review - MarvelClient in 2025
bypanagenda
 
software-security-intro in information security.ppt
byismaeelsahib032
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 

In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Access to Critical Business Resources?

  • 1.
    © 2013 IBMCorporation IBM Security Systems 1© 2014 IBM Corporation In today’s complex multi-perimeter world… are you doing enough to secure your critical business resources? IBM Security Access Manager Satyakam Jyotiprakash Market Manager, WW Security – Access Management satyakam.j@in.ibm.com Jason Keenaghan Senior Product Manager – IBM Security Access Manager jkeenagh@us.ibm.com March 12, 2014
  • 2.
    © 2014 IBMCorporation IBM Security Systems 2 Business demands are leading to unprecedented security concerns Business Transformations mobile, cloud and social interactions Bring-your-own-device Popularity of BYOD programs Evolving Threats Targeted attacks are the new norm Compliance Mandates are increasing Strong business demands to access corporate resources anytime/anywhere through mobile devices, deploy cloud delivery models and interact via social media With the increasing popularity of bring-your-own-device (BYOD) programs, employees, contractors and business partners also use their own devices within the workplace As IBM XForce continues to see operationally sophisticated attacks, it is critical to check unauthorized access to sensitive data/applications and fraudulent execution of sensitive transactions Insights into user and application behavior especially in mobile devices is required to enhance security controls. Also, need context-based policy enforcement across B2E and B2C use cases
  • 3.
    © 2014 IBMCorporation IBM Security Systems 3 Security is only as strong as its weakest link – People of scam and phishing incidents are campaigns enticing users to click on malicious links 55% Criminals are selling stolen or fabricated accounts Social media is fertile ground for pre-attack intelligence gathering Source: IBM X-Force® Research 2013 Trend and Risk Report Mobile and Cloud momentum continues to break down the traditional perimeter and forces us to look at security differently Mobile and Cloud momentum continues to break down the traditional perimeter and forces us to look at security differently Threat-aware Identity and Access Management become the key line of defense of the multiple perimeters Threat-aware Identity and Access Management become the key line of defense of the multiple perimeters
  • 4.
    © 2014 IBMCorporation IBM Security Systems 4 Landscape of Identity & Access Management market is evolving By 2020, 70% of enterprises will use attribute-based access control as the dominant mechanism to protect critical assets ... ... and 80% of user access will be shaped by new mobile and non-PC architectures that service all identity types regardless of origin.1 With the growing adoption of mobile, adaptive authentication & fine-grained authorization, traditional Web Access Management is being replaced by a broader “access management.”1 A clear need exists in the market for a converged solution2 that is able to With the growing adoption of mobile, adaptive authentication & fine-grained authorization, traditional Web Access Management is being replaced by a broader “access management.”1 A clear need exists in the market for a converged solution2 that is able to provide or Predicts 2014: Identity and Access Management, November 26, 2013 MarketScope for Web Access Management, November 15, 2013 er, Predictions 2014: Identity and Access Management, January 7, 2014
  • 5.
    © 2014 IBMCorporation IBM Security Systems 5 Fundamental Shift around Identity & Access Management The Current Enterprise The New Hybrid Enterprise Focus: Assurance • Security management • Business driven • Dynamic, context-based Focus: Administration • Operational management • Compliance driven • Static, trust-based Identity Management is centralized & internal Identity Management is decentralized and external Organizations are evolving the IAM controls for a Multi-Perimeter World
  • 6.
    © 2014 IBMCorporation IBM Security Systems 6 Need for securing identities as a new perimeter with threat-aware Identity and Access Management Deliver intelligent identity and access assurance Deliver intelligent identity and access assurance Safeguard mobile, cloud and social interactions Safeguard mobile, cloud and social interactions Simplify identity silos and cloud integrations Simplify identity silos and cloud integrations Prevent insider threat and identity fraud Prevent insider threat and identity fraud • Validate “who is who” when users connect from outside the enterprise • Enforce proactive access policies on cloud, social and mobile collaboration channels • Manage shared access inside the enterprise • Defend applications and access against targeted web attacks and vulnerabilities • Provide visibility into all available identities within the enterprise • Unify “Universe of Identities” for security management • Enable identity management for the line of business • Enhance user activity monitoring and security intelligence across security domains
  • 7.
    © 2014 IBMCorporation IBM Security Systems 7 Prevent insider threat and identity fraud Simplify identity silos and cloud integrations Summary of IBM’s Identity and Access Management capabilities Access Manager for Web Privileged Identity Manager Trusteer * Federated Identity Manager Directory Integrator & Server Soft Layer * Safeguard mobile, cloud and social interactions Access Manager for Mobile Access Manager for ESSO Worklight * Deliver intelligent identity and access assurance Identity Manager Identity and Access Assurance QRadar * * Offerings integrate with IBM IAM solutions for comprehensive end-to-end security
  • 8.
    © 2014 IBMCorporation IBM Security Systems 8 Prevent insider threat and identity fraud Simplify identity silos and cloud integrations Access Manager for Web Features •Centralized Authentication •Centralized Session •Management •Centralized coarse-grained Authorization •Web SSO •Web App Firewall Federated Identity Manager Features: •Federated SSO •Identity Mediation •Secure Token Service •User Self Care •Delegated Authorization Safeguard mobile, cloud and social interactions Access Manager for Mobile Features: •Context-based Access •Strong Authentication •Identity-aware Mobile Application / Device Registration Details on key IBM Security Access Management products Delivers core capabilities for People, Data, and Application areas Focus of this webinar
  • 9.
    © 2014 IBMCorporation IBM Security Systems 9 Guiding Principles for Simplifying Access Management with IBM
  • 10.
    © 2014 IBMCorporation IBM Security Systems 10 More Rapidly Respond to Emerging Threats & Security Requirements  User-centric GUI for authoring comprehensive risk based policies that can be attached to multiple applications  SDK to integrate with 3rd party authentication vendors to leverage your existing investment  Highly Scalable Virtual and HW appliances reduce TCO of solution  User-centric GUI for authoring comprehensive risk based policies that can be attached to multiple applications  SDK to integrate with 3rd party authentication vendors to leverage your existing investment  Highly Scalable Virtual and HW appliances reduce TCO of solution IBM Security Access Manager Appliance form factor enables faster time to value with intuitive user experience and consistent policy enforcement across multiple applications & channels
  • 11.
    © 2014 IBMCorporation IBM Security Systems 11  Enable secure access to web and mobile applications with SSO, session management and built-in support for IBM Worklight  Protect web and mobile applications against common attack vectors including the OWASP Top 10 web application risks with integrated X-Force threat protection  Enforce context-aware access with mobile device fingerprinting, geo-location awareness, IP Reputation and integration with Trusteer Mobile SDK  Enhance security intelligence and compliance through integration with QRadar Security Intelligence  Reduce TCO and time to value with an “all-in-one” access appliance that allows flexible deployment of web and mobile capabilities as needed IBM Security Access Manager IBM Security Access Manager 8.0 “All-in-one” access management powered by X-Force, Trusteer and QRadar
  • 12.
    © 2014 IBMCorporation IBM Security Systems 12 Consumer / Employee Applications Manage consistent security policiesConsumers Employees BYOD Security Team Application Team DataApplications On/Off-premise Resources Cloud Mobile Internet IBM Security Access Manager IBM Security Access Manager for Web Web Single Sign-On and session management Web Application Protection (Firewall) Highly-scalable Reverse Proxy Policy Server Coarse-grained Authorization IBM Security Access Manager for Mobile Mobile Single Sign-On and session management Authentication service with built-in OTP support Context-, Risk-based Access (RBA) Trusteer Mobile SDK / Secure Browser integration Worklight integration for risk-based access enforcement Modular Feature Design Offers Secure Access with Graded Trust Virtual appliances for deployment flexibility Physical appliances for hardware performance & security
  • 13.
    © 2014 IBMCorporation IBM Security Systems 13 1 Embedded Threat Protection for Web & Mobile 2 Integrated Security Intelligence 3 Protection from High Risk Mobile Devices 4 Built-in Identity Assurance for IBM Worklight 5 Modular Access Management Platform Tolly Group evaluation validates that ISAM for Web is able to effectively protect against 100% of OWASP Top 10 web application risks while maintaining high performance and scalability As the centralized policy enforcement point for all Web-based access, ISAM generates actionable events for QRadar SIEM that enable clients to stay ahead of threats and demonstrate regulatory compliance Out-of-the-box consumption of Trusteer Mobile SDK and Secure Browser context data enables users to create comprehensive access policies that include fraud and malware detection without modifying applications Built-in support to seamlessly authenticate and authorize users of Worklight developed mobile applications and provide additional value-add with context based access enforcement Consolidated platform allows both Web and Mobile capabilities to be licensed as needed, including flexible deployment options with both physical and virtual appliance form factors IBM Security Access Manager 8.0 - Innovative and Differentiating IAM Capabilities Empowering clients to more easily deliver end-to-end security solutions to mitigate the risks associated with a diverse set of Web, Mobile and Cloud applications
  • 14.
    © 2014 IBMCorporation IBM Security Systems 14 IBM Security Access Manager for Web Key Highlights Native 64 bit support for improved scalability Web Reverse-proxy Virtual Appliance for fast time to value Integrated front end load balancer and web threat protection provided with virtual appliance Multiple authorization server support and high availability for policy servers Integration with QRadar Security Intelligence platform Improved policy-driven security to enforce compliance NIST compliant Enterprise or External Users Web Applications (e.g. Microsoft, SAP, Java, .NET) Web SSO ISAM for Web QRadar SIEM Benefits Reduce operational cost and strengthen access control Highly scalable to support external user access and demonstrate compliance across heterogeneous IT environment Flexible, rich integration with 3rd party applications and strong authentication vendors Simplifies managing and enforcing user access to corporate applications and help demonstrate compliance
  • 15.
    © 2014 IBMCorporation IBM Security Systems 15 Improved Availability, Scalability and Appliance Utilization Embedded load balancing & session caching reduces overall infrastructure needs Layer 7 Load Balancing Distributed Session Cache • New application layer load balancing option (Layer 7) removes the need to have dedicated ISAM appliance to distribute load across the cluster • Reduce cost and more rapidly deploy clustered solution with embedded session cache, no longer requiring a separate session management server • Improved testing and validation of web protection policies in simulation mode with X-Force Protocol Analysis Module (PAM)
  • 16.
    © 2014 IBMCorporation IBM Security Systems 16 IBM Security Access Manager for Mobile  Deploy mobile security gateway for user access based on risk-level (e.g. permit, deny, step-up authenticate)  Built-in Risk scoring engine using user attributes and real-time context (e.g. location, device)  Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication vendors, as needed  Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes from the device and user session  Deploy mobile security gateway for user access based on risk-level (e.g. permit, deny, step-up authenticate)  Built-in Risk scoring engine using user attributes and real-time context (e.g. location, device)  Support mobile authentication with built-in One-Time Password (OTP) and ability to integrate with 3rd party strong authentication vendors, as needed  Offer Software Development Kit (SDK) to integrate with 3rd party authentication factors and collect additional contextual attributes from the device and user session How ISAM for Mobile Can HelpHow ISAM for Mobile Can Help SSO Enterprise Applications/Data User accesses data from inside the corporate network11 User is only asked for User Id and Password to authenticate22 Corporate NetworkCorporate Network User accesses confidential data from outside the corporate network33 User is asked for User Id /Password and OTP based on risk score44 Outside the Corporate NetworkOutside the Corporate Network Audit Log Audit Log Strong Authentication Access Manager for Mobile Deliver mobile SSO and session management for employees, partners and consumer interactions across the enterprise
  • 17.
    © 2014 IBMCorporation IBM Security Systems 17 Enforce risk-based access and strong authentication for transactions Reduce risk associated with mobile user and service transactions Example: transactions less than $100 are allowed with no additional authentication User attempts transfer of amount greater than $100 – requires an OTP for strong authentication Reduce risk associated with mobile user and service transactions Example: transactions less than $100 are allowed with no additional authentication User attempts transfer of amount greater than $100 – requires an OTP for strong authentication User attempts high-value transaction Strong authentication challenge Transaction completes
  • 18.
    © 2014 IBMCorporation IBM Security Systems 18 Simplify the Creation of Mobile-Centric Security Policies Streamlined user experience enables rapid deployment of complex access policies • ISAM for Mobile offers new easy-to-use visual editor for creating reusable multi factor authentication policies - Out of the box MFA policies including TOTP, HOTP, etc. - Create custom auth policies • Extensible policy information points (PIPs) make it easier to include external data as part of context based access (CBA) decisions • REST (XML/JSON) • JavaScript PIP Java Script PIP REST
  • 19.
    © 2014 IBMCorporation IBM Security Systems 19 Easier Fraud & Malware Detection with ISAM for Mobile and Trusteer Attach Trusteer context-based policy to any app resources with no code updates Mobile SDK Secure Browser • Out-of-the-box recognition of Trusteer- specific attributes being included in request messages from Secure Browser and Mobile SDK - Device attributes - Malware - Jailbroken / rooted • Author reusable policies that can be attached to multiple applications • Enforce consistent fraud & malware detection policies without updating the apps
  • 20.
    © 2014 IBMCorporation IBM Security Systems 20 Summary  IBM Security Access Manager “all-in-one” appliance delivers threat-aware access management for Web, Mobile and Cloud – Modular platform delivery across physical and virtual appliances provides ultimate flexibility – Start with one security use case and grow to meet evolving business demands, and leverage existing technology investment  Out-of-the-box integrations with a broad range of IBM Security and other IBM software products – Provides unmatched end-to-end security for Web, Mobile and Cloud – Proven and certified integrations reduce cost, risk and time to value  IBM Security Access Manager “all-in-one” appliance delivers threat-aware access management for Web, Mobile and Cloud – Modular platform delivery across physical and virtual appliances provides ultimate flexibility – Start with one security use case and grow to meet evolving business demands, and leverage existing technology investment  Out-of-the-box integrations with a broad range of IBM Security and other IBM software products – Provides unmatched end-to-end security for Web, Mobile and Cloud – Proven and certified integrations reduce cost, risk and time to value IBM Security Access Manager 8.0
  • 21.
    © 2014 IBMCorporation IBM Security Systems 21 North American entity secures user access from mobile and web channels 10,000 internal users by end of 2013 Securing mobile identities An international banking organization targeting mobile user access for employees and end users Safeguard mobile, cloud and social interactions Mobile Users Web & Mobile Apps Any Device Business challenge  Secure employees and contractors access to web and mobile apps  Rollout new mobile apps; ensure end user access from mobile devices  Eliminate passwords as a weak link to enforce access to web and mobile Solution benefits  Centralized user access control across web and mobile channels consistently  Reduced IT cost with self-care, single sign-on and session management  Introduced risk-based access and multi-factor authentication for 10M+ users
  • 22.
    © 2013 IBMCorporation IBM Security Systems 22 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Editor's Notes

  • #4 The perimeter needs to move closer to the users Mobile and Cloud momentum continues to break down the traditional perimeter and forces us to look at security differently
  • #12 Speaker Notes: IBM Security Access Manager has two modular offerings - IBM Security Access Manager for Web and IBM Security Access Manager for Mobile. Clients can choose the IBM Security Access Manager appliance with either one or both of the modules pre-installed, based on their current need. As new use cases emerge, they can effortlessly add the other module into the same appliance, leveraging their existing investment. The IBM Security Access Manager appliance is available in both virtual and hardware form factors, each providing the same feature-rich capabilities for securing web, mobile, and cloud workloads. The appliance form factor makes it much easier to deploy and manage than complex software-only access management solutions, enabling customers to realize a faster time to value and lower total cost of ownership. IBM Security Access Manager provides threat-aware access management for web, mobile and cloud applications. It offers a centralized, policy-based user authentication and authorization system to guard against persistent security threats and provides maximum application-level protection without modifying the apps themselves. It enables IT organizations to centrally monitor and control user access to a wide array of applications, from traditional web to newer mobile and cloud-based apps. As enterprises begin to open up their IT systems to a larger number of consumers, employees, and partners using new business channels, like mobile and cloud, there is a growing need to have an end-to-end security infrastructure in place that can enforce consistent security policies, regardless of the channel or the device that is being used. The ISAM appliance enables organizations to confidently create user access policies that address the unique security concerns of their business. Easy to use tools, like a graphical policy editor, allow users to author context-aware authorization decisions in a natural language format; and the risk-based access feature is designed to determine and score risk levels using user attributes and real-time context. Access policies can be written to support multi-factor authentication schemes that require users to prove their identities in more than one way. It also integrates with broad, third-party security ecosystems for strong authentication and biometric support. All of these features combine to provide overall improvements in identity assurance. The ISAM appliance offers an even greater converged value by providing embedded web content threat protection, powered by IBM’s X-Force. It offers comprehensive coverage for the OWASP Top 10 web application risks, including common attack vectors like Cross Site Scripting and SQL Injection. It also has the ability to enhance enterprise-wide security intelligence and compliance by integrating with IBM Security QRadar Security Intelligence Platform, providing insights into how users access information hosted on-premise or in the cloud. Interfaces also exist for integrating with other third-party security information and event management (SIEM) tools. When deployed as part of a mobile security infrastructure, the ISAM appliance provides many out-of-the-box integrations with other key IBM offerings that enable users to implement more comprehensive end-to-end security solutions for a multi-channeled enterprise. The ISAM for Mobile SDK makes it easier for developers to include device-level information and other context to be used when evaluating an access decision. It also offers built-in support for IBM Worklight® applications, providing security offload and session management for Worklight developed mobile apps. Integration with Trusteer Mobile SDK helps protect the enterprise from high risk mobile devices. It also provides a self-service user interface for device registration and access revocation, eliminating the need for user-identity and password-based log in, not only providing greater security, but an improved end user experience as well.
  • #18 On the device Click register In a separate browser Open Provide an application instance friendly name Click Approve
  • #23 Mandatory Thank You Slide (available in English only).