View
819
Download
2
Embed Size (px)
DESCRIPTION
Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners" Speaker: Russell Tait, Prolifics Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.
Citation preview
CONNECT WITH US:IT: Customized to Your Advantage
Identity IntelligenceTHREAT-AWARE IDENTITY AND ACCESS MANAGEMENT
RUSSELL TAITPractice Director, Security
Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Insider incidents cost companies an average of $750,000 per year– Employees, contractors,
partners exploiting weak identity controls
Insider negligence, rather than malicious behavior is often the cause– Shared passwords, weak passwords,
passwords on Post-its
Source: IBM and Ponemon Survey of 265 C-Level Executives, Feb 2012, “The Source of Greatest Risk to Sensitive Data”
Insider Breaches Are On The Rise
2Public | Copyright © 2014 Prolifics
CONNECT WITH US:
IT Security’s Dirty Secret
Network &
Perimeter
Internal&
Web Access
Security Threats & Security Spending Are Unbalanced
% of Attacks % of Dollars
75%
10%
25%
90%
SecurityDamage
SecuritySpending
of All Damaging Attacks on Information Security Originate from Inside Trusted Boundaries
75%3Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Security Analytics Is MaturingWhat is Security Intelligence?
Security Intelligence--noun 1. the real-time collection, normalization and analytics of
the data generated by systems, applications and infrastructure that impacts the IT security and risk posture of an enterprise.
What is Identity Intelligence?
Identity Intelligence--noun 1. the actionable insight to manage risks and threats from
user activity. The application of analytical monitoring to entitlements, policies, and access events, in the context of identity risk profiles.
4Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Identity/Access to Identity Intelligence
Future: Assurance Security management Content driven Dynamic, context-based Real-time, actionable
alerting
Today: Administration Operational management Compliance driven Static, Trust-based Reporting/Monitoring is
forensic
Monitor Everything
5Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Traditional SIEM Provides Identity Intelligence Adds
What When Who
Activities Results Behaviors
What was done Is it OK for THIS user? Is this user who I think it is?
Outside bad guys Inside careless guys Inside guys doing bad things
Identity Intelligence Provides Human Context
6Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Extensive Data Sources
Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
High Priority Offenses
Event CorrelationActivity Baselining & Anomaly Detection
Offense Identification
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
Detecting threats Consolidating data silos Detecting insider fraud
Predicting risks against your business
Addressing regulatory mandates
Security Intelligence: Integrating Across IT Silos
7Public | Copyright © 2014 Prolifics
CONNECT WITH US:
Identity enriched security intelligence:
Technical features– Retrieves user identity data including ID
mapping (from an enterprise ID to multiple application user IDs) and user attributes (groups, roles, departments, entitlements).
– Queries data (events, flows, offenses, assets) relative to an enterprise user ID and mapped application user IDs
– Selects user identities for easy creation of correlation rules
– Reports on all the activities (using different appliance user IDs) of an enterprise user
Use cases– Privileged user activity monitoring (V7.2)– Terminated employee access detection– Separation of duty violation detection– User account recertification– Ensuring appropriate access control setting– Backdoor access detection
Identity Repositor
y
C/C++ appls
Other
Security Access Manager for eBusiness
Security Identity Manager
Databases
OperatingSystems
DatabasesDatabases
OperatingSystemsOperatingSystems
ApplicationsApplications
Networks &Physical Access
• Identity mapping data and user attributes• SIM/SAM Server logs• Application logs
QRadar – IAM Integration
8Public | Copyright © 2014 Prolifics
CONNECT WITH US:
QRadar Rules EngineNew Rules Engine tests query Reference Sets and
Maps :
9Public | Copyright © 2014 Prolifics
CONNECT WITH US: 10
Contact US
www.prolifics.com
310.748.2457
Public | Copyright © 2014 Prolifics