- IBM Security Identity Governance and Intelligence
IBM Security Identity Governance and Intelligence helps organizations ensure enforcement of access policies and automate existing IT identity management processes. It provides:
- Risk analytics and intelligence to analyze, model, and accurately represent complex role, entitlement, and permission data from enterprise resource planning (ERP), IBM z/OS(R) mainframe, and enterprise applications (SAP GRC) in order to perform access policy and segregation of duties validation across the entire organization.
- Direct integration with systems and applications to provision and control access through an advanced and feature rich adapters framework.
- Access request self-service extensions to integrate segregation of duties and access policy validations into service desk portals, such as ServiceNow, to deliver seamless and secure user experience.
- External access request authorization through third-party service desk applications, such as ServiceNow.
- Enhanced integration with existing identity management deployments, such as IBM Security Identity Manager to provide strong support for role and user access management, access policies, and segregation of duties validations.
- IBM Security Access Manager
IBM Security Access Manager simplifies and secures user experiences with single sign-on across applications and protects critical assets using strong multi-factor authentication and risk-based access. It also enables the mobile enterprise with mobile access control policies that integrate with mobile device management, mobile application development and malware detection solutions.
This highly scalable and configurable access management solution is available as a virtual or hardware appliance.
IBM QRadar is an enterprise security information and event management (SIEM) solution. It collects security data from network devices, hosts, operating systems and applications in an enterprise. It correlates vulnerabilities, user activities and behaviors. It performs real-time analysis of the log data and network flows to identify malicious activity so it can be stopped quickly, preventing or minimizing damage to the organization. IBM QRadar has been rated consistently the top SIEM product by Gartner.
IBM Security Guardium products focus on data privacy and integrity. These data security products oversee databases, data warehouses, file shares and Hadoop-based systems for custom and packaged applications on all leading operating platforms.
- Monitor access to data sources and automates compliance controls.
- Provide high performance encryption to help safeguard structured and unstructured data.
- Centralize, simplify and automate data activity monitoring and compliance
- Scan database infrastructures to detect vulnerabilities, and suggests remedial actions.
- Provide encryption for DB2 for IMS z/OS, and IMS data systems.
Entersekt’s push-based authentication solutions transform just about any mobile phone into a powerful weapon in the fight against account takeover fraud. Our patented technology picks up where password-based approaches have failed, by introducing an isolated communication channel between phone and financial institution that avoids reliance on the open Internet for user and transaction verification.
Transakt, lies at the center of all of Entersek’s solutions. Using industry-standard X.509 digital certificates and proprietary validation techniques developed specifically for the mobile phone, Transakt achieves two things: It converts the mobile device into a trusted second factor of authentication It ensures that no communications can be decrypted or spoofed by anyone at any point between the device and Entersekt’s FIPS 140-2 Level 3 hardware appliance installed at the bank
A complete solution to protect, monitor, detect, alert, and respond to privileged account activity
Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.
CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry’s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.
The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform™, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.
Axiomatics brings next-generation Attribute Based Access Control (ABAC) for a broad range of application environments.
Access control has evolved to meet the changing security challenges organizations face in the digital age. Attribute Based Access Control is quickly becoming the standard model for organizations confronted by the need for a robust and flexible solution to today’s increasingly complex security demands. Unlike earlier access control models, ABAC provides a multi-dimensional system that through its use of attributes and policies prevents role explosion, increases scalability, enables relationships, eliminates Segregation of Duty conflicts, and externalizes authorization for ease of management and control. Additionally, it allows organizations to comply with an ever-growing body of regulations in an increasingly demanding regulatory environment.
Axiomatics Policy Server (APS) is the most complete solution available for enterprise-wide roll out of Attribute Based Access Control (ABAC). With three different types of authorization services combined in one, it handles any and every type of access control requirements.
- IBM Security Directory Suite
IBM Security Directory Suite is a scalable, standards-based identity store (LDAP) and identity integration engine (ETL/Proxy). Directory Suite helps collapse identity silos into a single authoritative identity source. This unified identity enables faster and more agile application deployment and improved user experience. It provides
- Flexible directory consolidation
- Virtual appliance form factor
- Scalable directory backbone
- Simplified cloud integration
- Flexible, automated data manipulation
- Intelligent White Pages search capabilities with social networking
- IBM Security Privileged Identity Manager
Privileged Identity Manager helps thwart insider threat by tracking the use of user credentials who have elevated access privileges, allowing organizations to centrally manage and audit privileged users across systems, applications, and platforms to help protect sensitive assets and maintain compliance. Privileged Identity Manager includes entitlement to IBM Security Identity Manager V7.0 and IBM Security Access Manager for Enterprise Single Sign-On V8.2.1 capabilities for licensed privileged users, which can be installed separately and integrated with the Privileged Identify Manager Virtual Appliance.
Privileged Identity Manager delivers a single solution to help secure, automate, and track the use of privileged identities. Based on underlying IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On capabilities for licensed privileged users, the solution delivers privileged user entitlement provisioning, strong password management policies, and support for all IBM Security Identity Manager adapter endpoints. Privileged Identity Manager helps thwart insider threat by tracking the use of user credentials with elevated access privileges. It also provides:
- An encrypted credential vault with controlled check out and check in of shared IDs for entitled users.
- Automated login with available strong authentication that delivers an additional level of assurance while hiding the current password from the user.
- Password update capability, after use and upon check in, to help ensure passwords are not reused outside the governance structure.
- User activity logging that contains an audit trail on use of privileged credentials.
- A Privileged Session Recorder option, which can record all user activity on the privileged endpoints, with subsequent playback by auditors or IT management for audit or troubleshooting purposes.
- A new option, IBM Security Privileged Identity Manager for Applications, which helps secure application to application credentials and tracks their use.
It is not just privileged users that have elevated access rights. Applications and scripts also use credentials for privileged access. For example, an application may need a privileged credential to make database calls or a script may need privileged credentials to access an application. Typically, these sources are trusted by the target resource and can bypass stronger user authentication mechanisms such as biometrics. In addition, the credentials used by these source programs are often hardcoded into the application or script, sometimes even in clear text. This can leave them vulnerable to exposure and can lead to unauthorized use. Furthermore, these hardcoded credentials are rarely, if ever changed, bypassing usual password management processes.
With Privileged Identity Manager for Applications, applications, scripts, and programs can leverage the same secure credential checkout mechanism employed for human users. This eliminates the need for hardcoded passwords in applications and scripts, and allows governance of those application credentials under password management policies.
As a further safeguard, every application instance (script or individual application instance) must be preregistered by an authorized Privileged Identity Manager user in order to assure accountability for every system credential. Every nonhuman Privileged Identity Manager user must be associated with a known human user. During the registration process, certain characteristics of the requesting application instance are saved and later authenticated at credential request time. This helps assure that only known applications and scripts, with known human sponsors, can access the credentials.
A virtual appliance deployment, which can speed time to value, while supporting optional integration to a separate Identity Manager environment to simplify and optimize the maintenance of each environment.