tivoli security overview 061506test

8/11/2019 Tivoli Security Overview 061506test

http://slidepdf.com/reader/full/tivoli-security-overview-061506test 1/29

© 2006 IBM Corporation

Tivoli LIVE -- Identity ManagementHursley Park – 15th June 2006

Casey Plunkett

Director, WW Sales, Tivoli Security



IBM IT Service Management

© 2006 IBM Corporation2 2006 ITSM Partner Summit

Agenda

Identity Management Drivers

Tivoli Identity Management Overview

Deployment Proof Points

Analysts’ Perspective





Gather businesscomplianceinformation

Establ ish Trust and Comp l iance

Evaluatebusinesscompliance Report

Create SecurityControls &Compliancecriteria

Protect Systems

Build andDeploy softwarepackages

Verify installimages andrequest changes

Request Updatedinstall images

Learn aboutvulnerabilities

Windowstools

Windowsexperts

Internettools

Internetexperts

Applicationtools

Applicationexperts

Unixtools

Unixexperts

Databasetools

Databaseexperts

Integrationtools

Integrationexperts

Linuxtools

Linuxexperts

Mainframetools

Mainframeexperts

Networktools

Networkexperts

Storagetools

Storageexperts

Key processes in IT Security ManagementThe activities and processes associated with IT Security Management can be summarizedinto four patterns that will remain current as technology changes.

Manage Threats

Gather and analyzesecurity related

eventsand symptoms

Correlate eventsand InitiateResponse

Report

Process / Service

view of IT Security

Management

Access Management

Privacy Management

Identity Management

Security Controls Definition

Security Compliance

Business Risk Management

Incident Management

Threat Management

Security Event Management

Vulnerability Management

Security Configuration

Security Patch Management

Manage Users

Apply businesssecurity controls

Apply resourcesecurity controls

Gather securitycontrol information





Increased Collaboration

Collaboration

T r u s t

Legend

IsolatedOperations

1

Select ‘Trusted

Partners’

2

Value ChainVisibility

3

Industry-CentricValue Web

4

Cross-IndustryValue Coalition

5

C o s t & c o m

p l e x i t y o f

T h r e a t s a n d A d

m i n i s t r a t i o n

Eco-system integrationimproves market agility but

brings with it increased riskcosts in complexity,administration and

vulnerability.

Core Business

Subsidiary/JV

Customer

Partner/Channel

Supplier/Outsourcer





Product Life Cycle Management

Phase I Phase II Phase III Phase IV Phase V

IdeationDefinition/

Feasibility Development LaunchPost

Launch

Assessproduct,

team andprocess

performance

Produce andship product

intomarketplace

Fully developproduct/

packagingmanufacturing

process andbusiness plan

Defineconceptsbased on

new

productideas

Identifynew

productideas

The “sweet spot “occurs when process design, organization/performance management

and enabling technologies are integrated and optimized across this value chain

R&D

Packaging and Design GraphicsMarketingOperations and ProductionFinance

Engineering

Brand ManagementSales ManagementPublic Relations/AdsLegal

Key Stakeholders in the PLM Process:





PLM (Summary) Reference Architecture

Adapter Instances

Adapter Instances

Resourcesand

Relationships

(RDF store)

AdapterRegistry

Adapter Instances

Workflows

EventRegistry

EventDispatcher

Knowledge

Manager

InferenceRules

InferenceEngine

PresentationManager

Adapter Manager(run-time and monitor)

EventLog

AdminConsole

WPSportlet portlet portletView

Generator

Content

Manager

Log

Adapter Instance

Store

instantiates

WorkflowManager

DocumentRepository

CAD

Team(QuickPlace, Sametime)

ProjectSchedule

Bill ofMaterials

PDM Mktg/Adv.

portlet

Key Needs:•ESSO

•Provisioning

•Directory Integ.

•Access Control

•Root Control





Can You Answer the following Questions Across Your Core Business Processes?

1. WHO can use our IT systems?

2. WHAT can these people do on our IT systems?

3. Can I easily PROVE to the auditor what these people did?

Tivoli’s Identity and Access Management productsautomates these internal controls





Identity Management Challenges/Opportunities…

How much am I spending on routine password resets?

3-4 times per year, per user and a £14 average cost per call

How long does it take to make new employees/contractors productive?

Up to 12 days per user to create and service accounts

How many of my former employees/contractors still have access to sensitive data?

30-60% of accounts are orphans (potential security exposure)

How confident are we that only the right people have access to our Enterprise data?

70% of fraud cases involving customer data are related to an insider attack

How much time is spent on Account Management by User Community?

– 10-20% of the LoB community typically provides Account Management

How long does it take to pull together reports for an audit?

Can take weeks and some company’s have designated FTE’s for this purpose





SecurityCompliance

Manager

IdentityManager

AccessManager

PrivacyManager

IBM’s Integrated Identity Management Portfolio

Users & Applications

Federated IdentityManager

Directory Server

Directory IntegratorNeuSecure

Componentized Strategy





Tivoli Identity Manager


Identity

changerequested

Identity Stores

HR Systems

Approvals

gathered

Detect and correct local privilege settings

Access

policy

evaluated

Accounts

updated

Databases

OperatingSystems

Applications


Identity

changerequested

Identity

changerequested

Identity StoresIdentity Stores

HR SystemsHR Systems

Approvals

gathered

Approvals

gathered

Approvals

gathered

Detect and correct local privilege settingsDetect and correct local privilege settings

Access

policy

evaluated

Access

policy

evaluated

Accounts

updated

Accounts

updated

DatabasesDatabases

OperatingSystemsOperatingSystems

Applications Applications

Identity Managerprovisionsaccounts

Access Managerprovides runtime

enforcement

Integrated:: Automated provisioning/de-provisioning from anauthoritative source.

Workflow forprovisioning requests.

Additional user self-service options forpassword reset,registration etc.

Single sign-on forIdentity and Accesscombined administration.





ITIM Express 4.6

Request-based provisioning with approvalworkflow

User self-care and password management Intuitive GUI Recertification of user access rights Installed/Bundled adapters Out-of-the-box reporting Email notification HR Feeds Account reconciliation





Complete Single Sign-on Management

A

c c e s s C on t r ol

ID

Please enter your IDand password

Login

PasswordC

Flexible Authentication

139576

SECURID

User

Digital Identity Services eMail

Enterprise

Mainframe

eHR

Claims

Federated

Web

eExpenses

Portal

iBanking

http://www.projectliberty.org/index.php





Tivoli Access Manager Family

Tivoli Access Manager for e-business (TAMeB)

– Web SSO, Centralized Authentication/Authorization/Audit

Tivoli Access Manager for Enterprise Sign-On (TAMES-ESSO)

– Enterprise (or Host) SSO

Tivoli Federated Identity Manager – Federated SSO, Trust Mgmt/Brokering, Web Services Security Mgmt, Cross-

Enterprise Identity Mapping

Tivoli Access Manager for Business Integration (TAMBI)

– WMQ-based Access Control, Data Integrity and Confidentiality

Tivoli Access Manager for Operating Systems (TAMOS)

– Locking down Root in UNIX and LINUX





Tivoli XML Gateway Integration

Case in point:

Securely implement web services, secure once for manyapplications, aggregate user interactions and adhere tostrong security protection and verification

Solution:

Helps protect SOA implementations addressing XMLthreats with fine-grain access control. Integrates withTivoli Security for enterprise SOA deployments andcentralized security policy management

XS40 XML SecurityGateway

Identity, Security and

Directory Services

Centralized Security Policy

Management

DataRepository

Policy-driven securitygateway for web services

EnterpriseDirectory

Suppliers

Partners

Users

Liberty

SAML

WS-Federation

http://www.ibm.com/systems/p/news/features/2005/annc_1004.html





Security Compliance Management

OperatingSystems

Applications

Workstations

Databases

IT securityCxO

IT Environment

Businessissues:

regulations,standards

IT concernsSlammer,MSBlaster,OS patchespasswordviolations

Users

Checking systems and applications

– For vulnerabilities and identifiesviolations against security policies

Key benefits:

– Helps to secure corporate data and integrity

– Identifies software security vulnerabilities

– Decreases IT costs through automation,centralization, and separation of duties

– Assists in complying with legislative andgovernmental standards





Vendor integration for faster time-to-valueDesktop SSO ActivCard ActivClient Microsoft Kerberos (SPNEGO) Microsoft NTLM

Directory sync & virtualization Aelita Ent. Directory Manager IBM Tivoli Directory Integrator OctetString Virtual Directory Radiant Logic

Encryption, SSL & VPN Aventail EX-1500 Eracom ProtectServer Orange IBM 4758 IBM 4960 Ingrian Secure Transaction Appliance nCipher nForce

Neoteris IVE

Integration and Consulting 3000 trained personnel across

Business Partners worldwide

Messaging security IBM WebSphere BI Message Broker IBM WebSphere BI Event Broker IBM WebSphere MQ

Web Server Plug-in Apache IBM HTTP Server

IBM WebSphere Edge Server Microsoft IIS Sun ONE Web Server

Web Application Server BEA WebLogic Server IBM WebSphere App. Server

(Any J2EE Platform) Microsoft .NET

Web Portal Server BEA WebLogic Portal (SSO) IBM WebSphere Portal

Plumtree Portal* Sun ONE Portal Server (SSO)

XML and Web Services DataPower Digital Evolution / SOA Software Forum Systems Layer 7 SecureSpan Gateway Reactivity XML Firewall VordelSecure

Application Single Sign-On Adexa collaboration products (9) Blockade ESconnect Broadvision One to One Cash-U Pecan Centric Product Innovation (3) Citrix Metaframe / Nfuse XP Documentum Content Server/Webtop Documentum eRoom IBM Content Manager IBM Host on Demand IBM Host Publisher IBM Lotus Domino IBM Lotus iNotes IBM Lotus Quickplace IBM Lotus Sametime IBM Lotus Team Workplace Intelliden R-Series

Interwoven TeamSite Kana Platform Kintana Suite (Mercury Interactive) Microsoft Exchange (OWA) Microsoft SharePoint Portal/Services OpenConnect WebConnect Oracle Application server PeopleSoft Enterprise Application PeopleSoft Enterprise PeopleTools Rocksteady Rocknet SAP Enterprise Portal SAP Internet Transaction Server Secur-IT C-Man

Secur-IT D-Man Siebel Sourcefire ISM Sun Calendar Server* Sun Messenger Server* Vasco Digipass (via C-Man)

* By request

Platform & Traffic Mgmt. Crossbeam Security Svcs. Switch F5 Networks BIG IP Sanctum AppShield

Strong Authentication ActivCard Aladdin Knowledge Systems Daon Engine (Biometrics) Entrust TruePass VeriSign

UNIX Deployment Lockdown HP-UX IBM AIX IBM DB2 IBM HTTP Server IBM WebSphere App. Server Oracle DB Red Hat Linux Sun Solaris SuSE Linux

User repository CA eTrust Directory IBM Tivoli Directory Server Microsoft Active Directory Novell eDirectory Siemens Nixdorf DirX Directory Sun ONE Directory Server Vasco Digipass

Integration factory

http://www.developer.ibm.com/tivoli/learnmore.html

http://www.digev.com/deweb/export/content/en/index.html

http://www.layer7-tech.com/

http://www.rocksteady.com/index.html

http://log.bitpipe.com/log/log?sid=169816672&u=http%3A%2F%2Fwww.rainbow.com%2F&uid=4706915085779672836&s=bp&o=977347639_996&y=ui&x=1619438020

http://www.oc.com/index.jsp

http://www.developer.ibm.com/solutions/isv/igssg.nsf/ISVHotLink?OpenAgent&F=U&W=www.intelliden.com&V=Intelliden+Corporation&P=The+Intelliden+R-Series

http://www.crossbeamsystems.com/default.asp

http://images.google.com/imgres?imgurl=www.scripting.com/images/novell.gif&imgrefurl=http://www.scripting.com/images/&h=13&w=50&sz=2&tbnid=TV7wc4hLmfAJ:&tbnh=13&tbnw=50&prev=/images%3Fq%3Dnovell%26imgsz%3Dicon%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8

http://images.google.com/imgres?imgurl=www.nocom.no/upload/constituent/SunLogo65.gif&imgrefurl=http://www.nocom.no/index.cfm%3Ffuseaction%3Dproducts.category%26category_id%3D4&h=29&w=65&sz=1&tbnid=rtn0D4cB_vcJ:&tbnh=28&tbnw=62&prev=/images%3Fq%3Dsun%2Bone%26imgsz%3Dicon%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8

http://images.google.com/imgres?imgurl=www.possessionstudios.com/pix/entrust.jpg&imgrefurl=http://www.possessionstudios.com/network.tpl&h=29&w=72&sz=9&tbnid=iyOgmSoXAr8J:&tbnh=26&tbnw=64&prev=/images%3Fq%3DEntrust%26imgsz%3Dicon%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8

http://images.google.com/imgres?imgurl=starlet.deltatel.ru/sys%24examples/rdb/oracle.gif&imgrefurl=http://starlet.deltatel.ru/sys%24examples/rdb/*.*&h=11&w=72&sz=2&tbnid=wO7R3ErxWiIJ:&tbnh=10&tbnw=65&prev=/images%3Fq%3Doracle%26imgsz%3Dicon%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8

http://images.google.com/imgres?imgurl=www.microsoft.com/windowsmobile/resources/providers/images/citrix.jpg&imgrefurl=http://www.microsoft.com/windowsmobile/resources/providers/logos.mspx&h=24&w=57&sz=2&tbnid=rMuKVMgd0v0J:&tbnh=24&tbnw=57&prev=/images%3Fq%3Dcitrix%26imgsz%3Dicon%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26sa%3DG

http://www.activcard.com/index.html

http://www.ariba.com/index.cfm

http://www.adexa.com/default.asp





Tivoli Identity Management Proof Points…

on demand Solution: – Automate user provisioning, discovery and correction of invalid access

Case Studies:

Saves $500k/year in HR Enrollment process for 20k employees

Products:

– IBM Tivoli Identity Manager (TIM)

Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditing useraccess to business systems

1 week...

3 weeks…

…to 10 minutes

…to 20 minutes andprovisioning costs cut 93%

http://images.google.co.uk/imgres?imgurl=http://www.nhhc.org/C%26S%2520Wholesale%2520Grocers%2520Inc_RED%25202.GIF&imgrefurl=http://www.nhhc.org/programs-chautauqua.htm&h=900&w=1500&sz=18&tbnid=VUn4xH33FUDGOM:&tbnh=90&tbnw=150&hl=en&start=3&prev=/images%3Fq%3DC%2526S%2BWholesale%26svnum%3D10%26hl%3Den%26lr%3D%26sa%3DG






on demand Solution: – Automate user provisioning, discovery and correction of invalid access

Case Studies:

Deployed Provisioning for 9,000 employees across 80 endpoints,

6 countries and 20 roles within 90 days

5 days to implement Provisioning (TIM Express) across 2,500 users

Products:

– IBM Tivoli Identity Manager (TIM) or TIM Express, IDI and TAMeB

Up to 40% of user access is invalid – IT must spend weeks manually provisioning and auditinguser access to business systems

http://images.google.co.uk/imgres?imgurl=http://pics.hoobly.com/full/COI7WOVI49AX.jpg&imgrefurl=http://www.hoobly.com/0/0/72326.html&h=180&w=276&sz=8&tbnid=kaZbBH2HQHP0VM:&tbnh=71&tbnw=109&hl=en&start=2&prev=/images%3Fq%3Dlevi%2Bstrauss%26svnum%3D10%26hl%3Den%26lr%3D%26sa%3DG

http://images.google.com/imgres?imgurl=http://www.pottsboroyouthassociation.org/pya_images/pya_unnico.gif&imgrefurl=http://www.pottsboroyouthassociation.org/pya_team_sponsors.asp&h=213&w=271&sz=5&hl=en&start=3&tbnid=0h65bsk675JO-M:&tbnh=84&tbnw=108&prev=/images%3Fq%3Dunnico%26svnum%3D10%26hl%3Den%26lr%3D%26sa%3DG






on demand Solution: – Single sign-on and self-service for password resets

Case Studies:

Most successful IT project in 25 years – cost justified in 8 months

Orange projects savings of millions of Euros annually (4M Secure SOA users)

Product: –IBM Tivoli Access Manager for Enterprise Single Sign-On

– SOA: IBM Tivoli Federated Identity Manager

Up to 50% of help desk calls are for password resets – Every call incurs 14 in IT costs

http://www.orange.co.uk/





Process Obtain a list of orphanaccounts and determinevalidity

Complianceand Audit

Issue

Link all user accounts to

an identity

BusinessProcessInefficiency

Manual processes,custom scripts

IBM on

demand Approach

Automated reconciliation

Proof Point Wall Street Example

Identity Manager


Identity

change

requested

Identity Stores

HR Systems

Approvals

gathered

Detect and correct local privilege settings

Access

policy

evaluated

Accounts

updated

Databases

OperatingSystems

Applications


Identity

change

requested

Identity

change

requested

Identity StoresIdentity Stores

HR SystemsHR Systems

Approvals

gathered

Approvals

gathered

Approvals

gathered

Detect and correct local privilege settingsDetect and correct local privilege settings

Access

policy

evaluated

Access

policy

evaluated

Accounts

updated

Accounts

updated

DatabasesDatabases

OperatingSystemsOperatingSystems

Applications Applications

Identify Orphan Accounts

Business Process: User Validation





Process Implement rules forapplication access consistently

Complianceand AuditIssue

Consistent policyimplementation

BusinessProcessInefficiency

Up to 30% ofdevelopment costs forsecurity infrastructure.Too many passwords toremember.

IBM on

demand Approach

Centralized Application

Access Control and SSOacross applications.

Proof Point T. Rowe Price – $13.5Mreduction in developmentcosts

Access Manager

Business Process: New Business Initiative





Tivoli Identity Management -- Facts of Interest

>1,500 Access Management customers

>500 Provisioning customers

~20% of IdM customers are small & medium businesses

>3,000 professionals trained and certified to deploy IBM Identity

Management solutions worldwide





Tivoli Identity Management -- Facts of Interest

IBM Tivol i Secu r i ty so ftware is used by:

•15 of the top 20 commercial Banks worldwide

•6 top Healthcare companies worldwide

•4 of the top 5 Telecommunications companies worldwide•6 of the top 10 Aerospace and Defense companies worldwide

•7 of the top 10 Computer and Data Services companies worldwide

S





IBM Identity Management SolutionsContinue to be Recognized for Leadership

2006 Provisioning Leadership Position – Gartner Magic Quadrant

2005 #1 Provisioning Vendor, Gartner Vendor Selection Tool

2005 Frost & Sullivan Global Market Leadership Award for Identity

Management

2005 Frost & Sullivan Market Leader designation for Access Management

2005 #1 Provisioning and Web SSO Vendor, IDC 2005 Web Services Leadership Position, Gartner Magic Quadrant

2004 SYS-CON Best Web Services Security Solution Award

IBM IT S i M t





Analyst View:Identity and Access Management Market Share (IDC)

Source: IDC, Worldwide [IAM] Market Forecast 2005-2009, Market Share for Web SSO and User Provisioning in 2004

IBM Tivoli 35%

CA

34%

Oracle

7%

Novell

7%

BMC

5%

Sun

4%

HP

4%

RSA

3%

Microsoft

1%

IBM IT S i M t





Frost & Sullivan- Provisioning Market Share- Feb 2006

IBM IT S i M t





Frost & Sullivan- Web Access share- Feb 2006

IBM IT Ser ice Management





Gartner- Web Services Magic Quadrant


tivoli security overview 061506test

Documents