...

IBM Tivoli Security for SA Government IBM Software Group Jan Claus Julicher

by user

on
Category: Documents
27

views

Report

Comments

Transcript

IBM Tivoli Security for SA Government IBM Software Group Jan Claus Julicher
IBM Software Group
IBM Tivoli Security
for SA Government
Jan Claus Julicher
Senior Security Specialist
[email protected]
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM’s security management vision and strategy:
Preemptive, comprehensive security and compliance offerings
ASSESS
the overall
security and compliance
status of business
infrastructure
WATCH
internal
and external
behaviors; address
aberrations and
violations
Watch
Assess
Access
Defend
Manage ACCESS of
business systems and
information to ensure
integrity and compliance
2
IBM Tivoli Identity Manager
DEFEND
against
potential security threats
and business risks
© 2007 IBM Corporation
IBM Software Group | Tivoli software
T I
A M
ivoli
ccess
3
IBM Tivoli Identity Manager
dentity &
anager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Identity and Access Management Business Drivers
– SECURE MY ENVIRONMENT!!!
– Automate and audit starter/mover/leaver process
– Single ID & Password
– Internet Banking Principles – delegated administration and
self-service
– Strong Audit Control – purge of invalid accounts, reporting
– PW Reset Automation and Self-Service
4
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Manual Provisioning
Request for
Access
Generated
Organizations use slow
User Change
and inconsistent
processes to provision
user access rights
Users with
Accounts
Administrators
Create Accounts
Policy &
Role
Examined
Elapsed turn-on time: up
to 12 days per user
Account turn-off
performance: 30-60% of
accounts are invalid
5
IT InBox
1 FTE user admin only
handles 300-500 users
IBM Tivoli Identity Manager
Approval
Routing
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Increase speed and efficiency of security management
processes with Tivoli Identity Manager
• Manage changes
in minutes, not
days
Identity
change
(add/del/mod)
Approvals
gathered
Accounts
updated
Detect and correct local privilege settings
• Reduce errors
Accounts on 70 different
types of systems
managed. Plus, In-House
Systems & portals
• Free valuable
administrators for
more productive
work
Tivoli Identity Manager
• Support scalable
business
processes
Applications
Databases
Operating
Systems
HR Systems/
Identity Stores
6
Access
policy
evaluated
IBM Tivoli Identity Manager
Networks &
Physical Access
© 2007 IBM Corporation
IBM Software Group | Tivoli software
The TIM Provisioning Model
attr
Provisioning
Policy
User
Role
Service
(Resource)
Users assigned to roles based on responsibilities
Role members are provisioned to resource(s) via a Provisioning
Policy
Provisioning Policies can also define attributes for a user
7
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Reconciliation Compares “What Is” to “What Should Be”
Provisioning
Policy
User
Role
Service
(Resource)
Policy enforced during reconciliation (I.e. permissions on resource)
• TIM can “roll back” unauthorized changes made by local admin
Reconciliation identifies orphan accounts
• Adopted, suspended, restored or de-provisioned
8
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Delegated Administration Reduces Admin Overhead
The “Virtual” Enterprise
User & Privilege
Information
“Junior” administrators can control
people and attributes
Sales
Workgroup
Administrator
Marketing
Finance
Workgroup
Administrator
Can restrict internal TIM resources
• Services, Provisioning Policies, Reports, etc
Workgroup
Administrator
9
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Self Service Reduces Help Desk Calls
Users may service all of their own attributes (address, title, etc)
Challenge response for password reset
Changes can be reviewed and approved through workflow
Password Pickup
Cross-platform password sync for TIM services
Reverse password sync for Windows and/or Access Manager users
1
10
IBM Tivoli Identity Manager
2
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Access Management Problems
Time & Money
User frustration and complaints due to password
and security complexity.
Employees locked out interrupting work and
revenue producing activity.
High password-related user support costs.
Security
Weakened security due to poor password selection
and management.
Difficulty in securing critical applications.
Difficulty of integrating advanced authentication for
applications.
Regulatory
Need to prevent public access to private data
(HIPAA, GLBA) and track and report on all access
(SOX).
11
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Tivoli Access Manager for Enterprise SSO
IBM Tivoli Access Manager for ESSO is a
powerful solution for web and legacy single
sign-on and Windows-based self-service
password reset
Key Features
IBM Tivoli Access Manager for Enterprise Single Sign
12
on is our core enterprise SSO solution
The Desktop Password Reset Adapter enables end
users to reset their Windows password, directly from
their locked workstation
The Authentication Adapter allows organizations to
use any combination of tokens, smart cards,
biometrics and passwords to control access to their
applications
The Provisioning Adapter enables system
administrators to directly distribute usernames and
passwords to TAM for ESSO
The Kiosk Adapter provides automated termination of
inactive sessions and application shutdown for
Kiosks or shared workstation users
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Tivoli Access Mgr. for Enterprise Single Sign-On
(Benefits)
Simplifies the end user experience by eliminating the need to
remember and manage usernames and passwords.
Enhances security by eliminating poor end-user password
behavior.
Reduces help desk costs by lowering the number of password
reset calls.
Deploys without requiring modification to target systems,
platforms or applications - delivers quick time to value!
Advances identity management, compliance and authentication
initiatives.
13
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Tivoli Access Manager for e-business
IBM Tivoli Access Manager is an awardwinning, policy-based, access control security
solution for e-business and enterprise
applications, featuring Web-based single
sign-on and distributed Web-based
administration.
Key Features
Delivers unified authentication and authorization
14
access to diverse Web-based applications within
entire enterprise
Supports flexible single sign-on to Web, Microsoft,
telnet and mainframe application environments
Achieves rapid and scalable deployment of Web
applications, with standards-based support for
Java 2 Enterprise Edition (J2EE) applications
Offers design flexibility through a highly scalable
proxy architecture and/or easy-to-install Web
server plug-ins, rule- and role-based access
control, support for leading user registries &
platforms, and advanced APIs for further
customized security
Common Criteria certified
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
What does TAMeB do?
Tivoli Access Manager lets you create a secure domain(s) where all
communication is protected from unauthorized access and undetected
corruption.
Tivoli Access Manager processes a client/access request in the
following manner:
1. Proves who the client is using authentication.
2. Acquires rights in the form of authorization credentials.
3. Performs an authorization decision that is based on these credentials.
Using the authorization decision (yes or no),
either the resource requested is returned
to the user or an error message can be
sent with access denied.
15
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TAMeB & TAM-ESSO
TAMeB (scope: Internet, extranet, intranet)
SSO and strong authentication to back-end Web applications protected behind WebSEAL.
TAMESSO (scope: intranet)
SSO and strong authentication to desktop-based applications (including TAMeB) via desktop / kiosk.
You get SSO from desktop to TAMeB to back-end Web apps.
TAMeB and TAMESSO share the same directory
The same user is defined one time to TAMeB and TAMESSO.
Extranet
User
Internet
External
User
Internet
(External)
Firewall
Enterprise
(Internal)
Firewall
LDAP
TAMeB
proxies
and/or
plug-ins
TAMESSO
enabled
desktops
Trusted
Network
Load
Balancer
Web Servers
TAMeb
Proxies
Load
Balancer
Internal
Users
TAM Policy Server
16
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Why IBM Tivoli Identity and Access Manager?
Integration with Tivoli Security and NetCool portfolio
Out-of-the-box adapters – widest platform support
Tivoli Directory Integrator
Tivoli Directory Server
All necessary components included and supported
by IBM (Database, AppServer, LDAP, etc)
Powerful but easy to use workflow
Standards-based
– HTTP/HTTPS, SSL, DSML, DAML, JNDI, XML etc
17
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
What is
T S I
E M ?
ivoli
ecurity
vent
18
IBM Tivoli Identity Manager
nformation
anager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM SIEM is…
Tivoli Compliance Insight Manager (TCIM)
Log Collection and Management with Raw Logs
Compliance Reporting
Privileged user monitoring with behavioral anomaly detection
Tivoli Security Operations Manager (TSOM)
Event Correlation with Alerting and Notification
Dashboard that supports and assists with investigation
A platform for Incident Response and Management
19
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Comprehensive Security Should Address Both
Threats and Access
1. “IT Security”
Primarily address security threats
Look at, correlate and alert on events generated by your
perimeter security devices
2. “Line of Business Security”
Look at audit events generated by your apps, dbases and
security devices
Primarily address user security
– Who can come in?
– What can they do?
– Can I easily prove it to an auditor?
20
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
T S
O M
ivoli
perations
21
IBM Tivoli Identity Manager
ecurity
anager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
The problem we solve….
22
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Tivoli Security Operations Manager 4.1
The TSOM application (previously GuardedNet neuSECURE, MicroMuse NetCool neuSECURE)
has been re-branded as part of IBM Tivoli’s security product line, as IBM Tivoli Security
Operations Manager.
Guardednet released neuSECURE in 2001
MicroMuse acquired GuardedNet in August 2005
IBM acquired Micromuse in Dec. 2005
23
New name is reflective of the product’s role as the core platform for an enterprise or service
provider Security Operations Center (SOC).
Supports both real-time correlation and incident management needs (SEM) and internal policy
monitoring and regulatory compliance reporting, (SIM).
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Security Operations Challenges
Operational Efficiency - Too much data, too
many formats, complex processes
Business
Resource Constraints – Making the most of
fixed resources – people, hardware,
software
Business Risk - Managing the ripple affect
of security breaches to the business
Security
Regulatory Compliance – Support for
regulatory and policy initiatives
Operations
IT Process Optimization - Cross-silo
information sharing (NOC, SOC, Help Desk)
24
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Single SIM Interface for Heterogeneous Point Solutions
Heterogeneous
collection &
correlation threat
analysis
Vendor-specific
configuration &
control of point
solutions
i.e. Firewall-1, Site Protector
Routers
Application
s
Servers
Antivirus
Firewall
IBM Tivoli Identity Manager
Configuration &
Control Product
Network IDS
25
Host IDS
Vendorspecific point
solutions
Security
Information
Management
(SIM)
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Business Relevant Incident Recognition
>Database for historical analysis
>Dashboard for real-time view
>Action: e.g. email/ticket/script
“TSOM automates the aggregation and correlation process. It mitigates false positives and
alerts my team to real threats in a timely manner. The product is more or less what I would
have designed and built myself, given four years and a pool of developers.”
– Jeff Hartley, Cox Communications
26
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TSOM Architecture
27
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Event Collection
EAM
28
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Event Correlation
29
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Result
30
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Frequency
Results - Consolidated View via Main Dashboard
Event
Class
Event Class
Domain
Frequenc y
Frequency
31
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Results - Centralised Reporting
Powerful Reporting Engine
Leveraging the power of TSOM’s complete set of
reports and report templates provides a
comprehensive view of your security posture over
time. (140 standard reports +)
32
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
T C
I M
33
ivoli
ompliance
nsight
anager
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
activity
How do you Capture, Comprehend and Communicate your
security data?
time
34
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
The Problems We Help to Solve
“I need to provide reports to
my auditors and regulators”
“My staff lacks the time,
expertise, and desire
to scan logs”
“I need to store logs
for forensics”
35
IBM Tivoli Identity Manager
“I need to prove that I have
effective IT security controls”
“I’m concerned about
privileged actions”
Communicate
Comprehend
Capture
“I have no idea which
logs to collect or how”
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Enterprise Log Management
Capabilities:
Secure, reliable log capture from any
Capture
36
platform
Auto collection of syslogs
Full support for native log collection
Store in an efficient, compressed depot
Access data when needed
Search across all logs
Reports to prove complete collection
Benefits:
Reduce costs by automating and
centralizing collection
Save time by decreasing the length of
audits
Im plem entation tim e: plug and play.
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Log Continuity Report
37
IBM Tivoli Identity Manager
Log Continuity Report
Instant proof to auditors and
regulators that your log
management program is
complete and continuous.
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Investigate
38
IBM Tivoli Identity Manager
Depot Investigation Tool
Information at your fingertips,
with easy to use search
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Sophisticated Log Interpretation and Correlation
Capabilities:
W7 normalization
Interpret EVERY log (Syslog
Comprehend
and native logs) into English
Compare billions of log
entries to baseline policy
39
Benefits:
Interpret and monitor all logs
with fewer and less expensive
resources
More quickly detect and solve
security problems
Out of the box log normalization!
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Comprehend
How do I make sense of all this?
40
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Comprehend
Translate Logs into English - TCIM’s W7 Methodology
41
1.
2.
3.
4.
5.
6.
7.
Who did
What type of action
on What file/data
When did he do it and
Where
from Where
Where to
TCIM does the hard work, so you don’t have to!!
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Compliance Dashboard
42
IBM Tivoli Identity Manager
Compliance Dashboard
Logs after W7 – Billions of
log files summarized on one
overview graphic!
© 2007 IBM Corporation
IBM Software Group | Tivoli software
W& Eventlist
43
IBM Tivoli Identity Manager
W7 Eventlist
Note!: Mike Bonfire, a DBA,
is reading the payroll
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Full Audit and Compliance Reporting
Communicate
Capabilities:
Hundreds of reports
Compliance modules
Real-time alerts
Custom reports
44
Benefits:
Reduce length and effort
required for audits
Reports in an instant, thereby
saving time
Reduce risk of insider threat:
Info protection
Change control
User management
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Compliance Modules
45
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Regulation specific modules with
tailored reports to jumpstart your
compliance efforts – saving you
staff time and reducing audit costs
46
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Operational Change Control
47
IBM Tivoli Identity Manager
Operational Change Control Report
See a summary of all the operational
changes made by different groups
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Event List
Zoom in into the all actions
that IT admin did on the
financial Server and see the
creation of the user account
of Chin055
Eventlist
48
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
EventDetail
49
IBM Tivoli Identity Manager
An Event Detail Report
Even drill down into that specific
event and see all the event details,
and we can even go to the raw log-file
© 2007 IBM Corporation
IBM Software Group | Tivoli software
The IBM Tivoli SIEM Solution Deployment
Event Sources
Points of Presence
IBM Tivoli SIEM Install
Output
TCIM Server
Compliance Dashboard
Applications
Collectors
Reports
Databases
SYSLOG NG
Mainframe
Retrieve Log-files
Operating Systems
Operational Dashboard
IDS & IPS
TSOM EAMs
TSOM CMS Server
Third party integration
Firewalls
alerts
50
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Questions?
51
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Architectural Overview - TSOM
CMS
(Central M anagement System)
AIX, Linux or Solaris
`
Database
DB2 or Oracle
TSOM UI
Java App
EAM
(Event Aggregation M odule)
AIX , Linux or Solaris
Asia
South America
EAM
(Event Aggregation M odule)
North America
EAM
Europe
(Event Aggregation M odule)
EAM
EAM
(Event Aggregation M odule)
(Event Aggregation M odule)
Lower Tier SIM
Windows Servers
NIDS/NIPS
Universal Collection M odule(UCM)
Syslog/ Cisco IDS
Firewalls
Unix Servers
Check Point OPSEC/ SNM P/ Syslog
52
IBM Tivoli Identity Manager
Syslog
© 2007 IBM Corporation
IBM Software Group | Tivoli software
What is T E L
M ?
ivoli
vent
og
anager
53
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Tivoli Event Log Management (TELM) 1.0 PRPQ
Why TELM?
Response to competitive pressure from Log Management solutions
(LogLogic, SenSage)
Customers may need Log Management first to quickly check a box, but if
competitors get in at this layer, it will be harder to upsell to full SIEM
capabilities
What is TELM 1.1?
TCIM 8.5 Enterprise Server, with limited report usage, specially priced to
compete
It is not feature reduced TCIM – customer is limited to specific reports by
paper TELM license only
It is a PRPQ, and requires special approvals
TELM v 2.0 will be a future sellable component of TSIEM 2.0 as a
growth path for TELM 1.1 customers
Available from February 22, 2008
54
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TSOM - Supports over 200 event & log sources, including:
Firewalls
Check Point Firew all-1
Cisco PIX
CyberGuard
Fortinet FortiGate
GNATBox
Juniper (Netscreen)
Linux IP Tables
Lucent Brick
Microsoft ISA Server
Nortel Sw itched Firew all
Stonesof t's StoneGate
Secure Computing's Sidew inder
Symantec's Enterprise Firew all
SonicWALL
Sun SunScreen
Vulnerability Assessment
Nessus
Vigilante
ISS Inte rne t Scanne r
QualysGuard
Foundstone
eEye Retina, REM
SPI Dynamics WebInspect
nCircle IP360
Harris STAT
Tenable Lightning
Routers/Switches
Cisco Routers
Cisco Catalyst Sw itches
Cisco RCMD
Foundry Sw itches
F5 Big IP, 3-DNS
Juniper JunOS
TACACS / TACACS+
Nortel Ethernet Routing Sw itch
5500, 8300, 8600, 400 series
Extreme Netw orks
Policy
55 Compliance
Vericept
Network Intrusion Detect/Prevention
McAfee Intrushield
Sourcefire Network Sensor
Sourcefire RNA
Juniper IDP
ISS RealSecure
ISS Proventia G, M
ISS BlackICE Sentry
Cisco Secure IDS
SNORT IDS
Enterasys Dragon
Nortel Threat Protection System (TPS)
Intrusion's SecureNetPro
Mirage Networks
NFR NID
Symantec ManHunt
ForeScout ActiveScout
QRadar
Top Layer Attack Mitigator
Labrea TarPit
IP Angel
Lancope StealthW atch
Tipping Point UnityOne NDS
Arbor Networks PeakflowX
Mazu Networks
Host-based Intrusion Detect/Prevention
Type80 SMA_RT (zOS-Mainframe RACF)
PowerTech (iSeries-AS/400)
Cisco CSA
NFR HID
IBM Netcool SSMs
Sana
Snare
Symantec Intruder Alert (ITA)
Sygate Secure Enterprise
Tripwire
ISS Server Sensor
McAfee Entercept
VPN
Juniper SSL VPN
Nortel VPN Router (Contivity)
Check Point
Cisco IOS VPN
Cisco VPN 3000
Juniper VPN
Nortel VPN Gateway (SSL VPN)
Applications
Apache
Microsof t IIS
IBM We bSphe re
Oracle
Lotus Dom ino
SAP R3
IBM DB2 (comi ng soon)
Access and Identity Management
Operating Systems Logs, Logging
Platforms
Oracle Identity Management (Oblix)
Solaris (Sun) *
AIX (IBM )
RedHat Linux
SuSE Linux
HP/UX
Microsof t Window s Event Log
(W2K3 DHCP, W2K DHCP, IIS)
Microsof t SNMP Trap Sender
Nokia IPSO
Novell NetWare
OpenBSD
Tru64
Tripplight UPS
Monitorw are SYSLOG
Kiw iSyslog
zOS-M ainfram e IDS
Cisco ACS
IBM Tivoli Acce s s M anage r
IBM Tivoli Ide ntity M anage r
CA eTrust Access
CA eTrust Secure Proxy Server
CA eTrust Siteminder (Netegrity)
RSA SecureID RADIUS
Antivirus
CipherTrust IronMail
McAf ee Virus Scan
Norton AntiVirus (Symantec)
McAf ee ePO
Trend Micro InterScan
Application Security
Blue Coat Proxy
Nortel ITM (Intelligent Traff ic Mgmt)
Teros APS
Sentryw are Hive
IBM Da ta Power (coming
Sun Java System Directory Server
Wireless Security
AirMagnet
AirDefense
Management Systems
TSOM escalates to:
IBM Ne tcool (M icrom us e )
IBM /Tivoli Ente rpris e Cons ole
Cisco Information Center
Remedy ARS
HP OpenView
CA Unicenter
Management Systems
Source of events into TSOM:
Check Point Provider-1
CiscoWorks
IBM Ne tcool (M icrom us e )
ISS Site Prote ctor
Juniper Global Pro (Netscreen)
Juniper NSM (Netscreen)
Tripw ire Manager
Intrusion, Inc. SecureNet Manager
McAfee ePO
Nortel Def ense Center
Sourcef ire Defense Center
Q1 QRadar Mgmt Server
soon)
Discovery Tools
IBM Tivoli Identity Manager
Lumeta IPSonar
NMAP
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TELM 1.1 Capabilities
The Management Console to set up the necessary event sources
Through the Depot Investigation tool, you can access the following:
Log Management Dashboard
Log Collect History Report
Log Continuity Report
Log Retrieval
Depot Investigation to create ad hoc reports of raw data in the Depot
Configuration tools
Events by type: Summary of audited event types
Daily verification
Failed system operations: List of failed operator and configuration commands
Failed system services: List of system processes that ended with a security error
condition
Logon failure summary: Summary of logon failures
Restarts: List of system starts and restarts
Users: List of users
Detailed investigation
56
Administration: List of administrative actions
Logon history by user: List of platforms users with logon events
Platform
history: List of all platforms with events
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Security Management Strategy
The TSOM offering is part of the broader ITSM Compliance initiative
where Security Threats and Security Information monitoring
capabilities are reconciled in real-time in support of IT and Business
Controls
TSOM replaces Tivoli Risk Manager in 2006 & 2007 (has already
replaced Netcool for Security Management - NfSM)
Netcool for
Security Management
GuardedNet neuSECURE
Tivoli Risk Manager
57
IBM Tivoli Identity Manager
IBM Tivoli
Security
Operations
Manager
(TSOM)
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Thank you
Questions?
58
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TSOM Customers
Netcool/NeuSecure Customers
59
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Automatic provisioning
With IBM Tivoli Identity Manager, each step in the provisioning process can be
done as efficiently as possible.
Request–The request is typically received as a Web form.
Approval–IBM Tivoli Identity Manager sends e-mail to the appropriate
approver(s). The list of requests pending approval is also available through the
Web interface. If an approver does not respond within a set time, IBM Tivoli
Identity Manager can forward the request for approval to the approver's
backup.
Activation–Using adapters, IBM Tivoli Identity Manager can provision
accounts to most services.
Notification–IBM Tivoli Identity Manager sends e-mail to the requester.
60
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Workflows and policies
Approvals in IBM Tivoli Identity Manager are created using
workflows. A workflow represents the steps that are required by
the business before an account can be activated.
61
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Escalating requests
If an approver does not respond within a preset time
frame, the workflow can specify that the request will be
escalated to a different approver. This ensures that
even when managers are out of the office, the work will
still get done.
62
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Separation of duties
Separation of duties is one of the principles of security.
This principle states that sensitive operations should require
more than one approval. This is because fraud is a lot less
likely when it requires collusion between multiple parties.
IBM Tivoli Identity Manager allows for separation of duties in
workflows. If approval is required from multiple people, then
by default they all have to approve the creation of new
accounts.
63
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Policies
IBM Tivoli Identity Manager supports various kinds of policies to
control account provisioning. The following policy types are
supported:
Identity Policies–determine the user ID that a user will have in
provisioned accounts
Provisioning Policies–determine which services a role is entitled to
Service Selection Policies–extend provisioning policies by
allowing more sophisticated processing using JavaScript
Password Policies–determine which passwords will be allowed
64
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TIM architecture
IBM Tivoli Identity Manager uses three different middleware
products.
IBM WebSphere Application Server provides the user interface
and application framework.
IBM Tivoli Directory Server stores user information.
Alternatively, IBM Tivoli Identity Manager can use Sun ONE
Directory Server.
IBM DB2 stores auditing information. Alternatively, IBM Tivoli
Identity Manager can use Oracle or Microsoft SQL Server 2000.
65
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Websphere application server
IBM WebSphere Application Server provides the
user interface and application framework for IBM
Tivoli Identity Manager. It allows users and
administrators to access IBM Tivoli Identity
Manager using a Web browser.
66
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Configuring Services for Provisioning
IBM Tivoli Identity Manager adapters communicate with Identity
Manager and manage the accounts for their service. From the
perspective of Identity Manager, the adapters provide an
interface to add and remove accounts. From the perspective of
the service, the adapter functions as a virtual administrator that
adds and removes accounts.
67
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Tivoli Directory Server
IBM Tivoli Identity Manager uses a Lightweight Directory Access Protocol (LDAP) directory to
store most of its configuration. The LDAP Directory Server, typically IBM Tivoli Directory Server,
can sit on a separate machine or on the Identity Manager computer. Identity Manager
communicates with the directory server using LDAP and may use SSL (Secure Socket Layer).
68
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TDI adaptors
IBM Tivoli Directory Integrator allows
implementers to develop new adapters by
defining AssemblyLines to create, modify,
and destroy accounts.
69
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Tivoli Directory Integrator
Synchronize data across multiple repositories
Overview
Enables synchronization, transformation and migration of generic and identity
data across heterogeneous systems, helping organizations maintain consistent
and trusted data across multiple resources.
Events
Connectors
Assembly
Line
LDIF File
Directory
RDBMS
Parsers
Highlights
Transforms, moves and synchronizes generic as well as identity data residing in heterogeneous directories,
databases, files, collaborative systems and applications, with real-time automated updates to the authoritative
data source
Helps accelerate deployment of IBM Tivoli® security management software such as IBM Tivoli Identity
Manager, IBM Tivoli Access Manager and IBM Tivoli Federated Identity Manager, and other IBM infrastructure
software, including IBM Tivoli Change and Configuration Management Database (CCMDB), IBM Tivoli Service
Request Manager, IBM WebSphere®, IBM Lotus® Domino® and IBM Lotus Connections middleware
Provides an intuitive graphical user interface for development, deployment and maintenance of
synchronization rules, as well as a scalable, Web-based operations monitoring administrative management
console
Provides an open synchronization architecture that supports multivendor IT infrastructures with ease of use,
ease of deployment, and rapid time to value, while flexibly scaling from small to very large deployments
Supports a broad set of platforms, including IBM AIX®, IBM System z™, Microsoft® Windows®, UNIX® and
Linux® environments
TIP14022-USEN-00
70
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Tivoli Directory Integrator v6.1.2
People & Identity
Events
Assembly Line
RDBMS
What’s new!
Original TDI offering is now called Identity
Edition
Synchronize all instances of identity data and other data
across enterprise to the authoritative source, which
increases accuracy & decreases administrative costs
Connectors
MQ
Web Service
Parsers
New TDI offering (introduced April 2008) is
called General Purpose Edition
New edition allows customers to utilize TDI for general
purpose data integration
Restricted license Ts & Cs prevent identity usage
Now offered with Processor Value Unit pricing metric
Extensive data integration capabilities
Powerful data transformation including access to
JavaScript and Java APIs at transformation time
Reusable integration solutions
Configuration Editor allows quick configuration and
deployment of new connections
71
IBM Tivoli Identity Manager
Business Benefits
Tivoli Directory Integrator provides batch and real-time
synchronization between multiple disparate identity or
generic data sources so that enterprises can establish an
authoritative data infrastructure for data integration
Flexibility to handle varied data with a wide array of
available connectors, including files, RDBMS, JMS/MQ,
HTTP, Web Services, LDAP and custom JavaScript and
Java connectors
Open, Java-based architecture supports all major
platforms, leveraging existing infrastructure investments
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Usage Examples
Identity Edition
TDI IE is to be used when the primary business requirement is moving, copying, transforming or synchronizing information
about users (people) between two or more systems
The following are examples of such usage:
The customer has information about employees in both Microsoft Active Directory and Lotus Domino. The requirement is
that certain information managed in Lotus Domino is automatically propagated to Active Directory.
The customer has information about employees in an LDAPv3 compliant directory and RACF. Furthermore, they have
information about external users in a DB2 database. The business need is to provide a common repository of users
that will be used to authenticate and authorize both internal and external users in an internet-facing WebSphere Portal
application. TDI is used to read information from LDAP, RACF and DB2, and maintain all of these users in a new
LDAP directory used by Portal to authenticate users.
General Purpose Edition
TDI GPE can be used for any purpose where information about users is not the primary business requirement.
The following are examples of such usage:
The customer needs to transform data in flat files and update records in a DB2 database.
The customer regularly needs to scan a database for changes and call a Web Services, or send a message to an ESB.
The customer needs to monitor an ESB for certain messages, and then perform operations on databases or other targets
that TDI supports.
The customer needs to move tickets between helpdesk systems. This example illustrates how identity data is a secondary
- supplementary - requirement, and therefore falls inside the usage scope of TDI GPE. The customer uses Remedy in
a business unit, and needs to drive certain tickets into Rational ClearQuest. In that process, the customer needs to
add information about the ticket owner - located in a LDAP directory - to the ticket that's inserted into ClearQuest
The customer needs to add information about people to RFID events. TDI GPE is used to read RFID events from
WebSphere Premises Server. The events contain location information that can be correlated to individuals, where
more information is located in the SAP HR system. TDI GPE looks up the information, adds it to the RFID event data,
and drives the aggregated data into DB2 for Alphablox analysis.
72
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Simplify
Industry leading agentless adapters accelerate time to value
Authentication
& Security
IBM RACF zOS*
IBM Tivoli Access Manager
CA ACF2
CA Top Secret
Entrust PKI*
RSA ACE/Server*
CA Siteminder
Oracle Netpoint
Cisco ACS*
Relational
Database
IBM DB2/UDB
Informix Dynamic Server
Oracle
Microsoft SQL Server 2000
Sybase
RDBMS-based Applications
Design Characteristics:
• Secure
• Bi-directional
• Firewall friendly
• Network friendly
Complexity
Operating
Systems
Applications
&
Messaging
HP/Compaq Tru64 Unix
HP-UX
HP-UX NIS
IBM AIX
IBM AS/400*
OpenVMS*
RedHat Enterprise Linux
Sun Solaris
Sun Solaris NIS
SuSE Linux Enterprise Server
Windows Active Directory
Windows Local 2000, 2003, XP
Amdocs ClarifyCRM *
EMC Documentum *
Lotus Notes/Domino
Windows Exchange 2000, 2003
Novell e-Directory (NDS)
Novell GroupWise
Oracle E-Business Suite
PeopleSoft (People Tools)
SAP Enterprise Portal 6
SAP R/3
Siebel
Peregrine Service Center
Remedy
IBM Rational ClearCase
LDAP-based Applications
Command Line-based Applications*
Universal Provisioning – for Manual
Applications
*Requires local adapter
73
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
TDI Simplifies Integration with Existing Environments
Authoritative Identity Feed
Directory Integrator
Custom Agent
TIM Srv
Agent(s)
User
Bulk Loading of User Information
LDAP
DB
Synchronization of Data
Event Handlers
Assembly Lines
Directory
TDI Included, but not required
74
IBM Tivoli Identity Manager
Event
Connectors
LDIF File
RDBMS
Parsers
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Java API’s Integrate with Existing Systems
Provisioning front-end
application
Portals
Account mgmt
Password sync
Provisioning
requests
Approvals
IVR Systems
Password resets
Identity
Manager
Opening/closing
of help desk tickets
Help Desk Systems
75
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Tivoli Identity Manager Demonstration
HR Portal
HR feed
IBM Tivoli Identity
Manager
IT Portal
Self
Registration
Extranet
76
Self Registration
Self Care
HR feed with TDI
W orkflow Overview
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Backup slides
77
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
IBM Tivoli Directory Integrator – Identity Edition
IBM Tivoli Directory Integrator – Identity Edition
provides batch and real-time synchronization
between identity data sources so that enterprises
can establish an authoritative, up-to-date, identity
data infrastructure.
Events
Connectors
Assembly
Line
LDIF File
Directory
RDBMS
Parsers
Key features
On Demand Data Infrastructure for Security
–
–
–
–
Build Metadirectory, Identity data warehouse, or provision directly into existing systems
with one tool and one skill set to manage
Open, Java-based architecture supports all major platforms, thereby leveraging existing infrastructure
investments
Applications can run TDI synchronizations remotely & asynchronously
Excellent Web services support, including rich XML, DSML and SPML parsing
Authoritative Infrastructure for Identity Management
–
–
–
–
A wide array of available connectors, including using TIM Agents as TDI connectors
Synchronize all instances of identity data and other data across enterprise to the authoritative source, which
increases accuracy & decreases administrative costs
Configuration Editor allows quick configuration and deployment of new connections
Administrative management console simplifies monitoring of TDI, unifying complex deployments into a single,
customizable view with monitoring and remediation for high availability
Highly Manageable Metadirectory Connections
–
–
78
Reusable integration solutions
Enhanced failover capabilities for high-availability and Assembly Line Pooling for bandwidth management
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Analysts Affirm IBM Leadership
Gartner: TIM Product Leadership
79
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Demo Detailed Architecture
80
IBM Tivoli Identity Manager
© 2007 IBM Corporation
IBM Software Group | Tivoli software
Integrated Identity Management Pyramid
Self-Regulating
Access Controls
Across Organizations
Access Control
Policy Automation
Productivity: Enforce security
policies proactively
Distributed Administration
Scale: Support large, distributed user
base
Access Request Audit Trails
Compliance: Ease support of audits
Access Request Approval
Process Automation
Orphan Account Control
Password Management
Connectors to Access Control Systems
Data Integration Layer
Access Controlled Systems
81
Competitive Advantage: Extend security
automation to business partners
IBM Tivoli Identity Manager
Productivity: Speed accurate account
creation
Risk: Eliminate Backdoor Access
ROI: Cut Helpdesk Costs by 40%
Fundamental: Administer web and
legacy environments consistently
Integration: Meta view of Enterprise
Data Assets
Security: Consistent Authentication and
Authorisation to all Resources
© 2007 IBM Corporation
IBM Software Group | Tivoli software
The TIM components
TIM Server handles most operations
• Provisioning, Workflow, Self-Service and Admin Operations
LDAP stores all person and account information
Database mainly stores audit information
Agents perform operations on the target system
Web Server provides admin and self service
Web
Server
TIM Server
Agent(s)
User
LDAP
82
IBM Tivoli Identity Manager
DB
© 2007 IBM Corporation
Fly UP