Identity-Powered Security

Similar documents
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

1 Hitachi ID Suite. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Safelayer's Adaptive Authentication: Increased security through context information

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

AS emas emudhra Authentication Solution

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Revised: February 14, 2012

User Lifecycle. 1 Service Desk Express and Hitachi ID Password Manager (P-Synch) 2 Hitachi ID / BMC Partnership. Managing The User Lifecycle

Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues.

SAP Security in a Hybrid World. Kiran Kola

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

THE SECURITY LEADER S GUIDE TO SSO

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Next Generation Authentication

SAML-Based SSO Solution

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

McAfee Database Security

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

The Old is New Again Engineering Security in the Age of Data Access from Anywhere

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

CA Identity Governance Platform Support Matrix

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Identity & Access Management

Virtual Machine Encryption Security & Compliance in the Cloud

Keep the Door Open for Users and Closed to Hackers

Yubico with Centrify for Mac - Deployment Guide

Are You Flirting with Risk?

Are You Flirting with Risk?

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

NetIQ Identity Manager Overview and Planning Guide- DRAFT. February 2018

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

IBM Tivoli Identity Manager V5.1 Fundamentals

Google Identity Services for work

Giovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

CipherCloud CASB+ Connector for ServiceNow

Self-Serve Password Reset

CAN MICROSOFT HELP MEET THE GDPR

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Cloud Access Manager Overview

Features Comparison Sheet

SAML-Based SSO Solution

Security Diagnostics for IAM

WSO2 Identity Management

Welcome to the SafeNet Executive Day! Новые ГоризонтыИнформа ционной Безопасности

IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]

Crash course in Azure Active Directory

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

How Next Generation Trusted Identities Can Help Transform Your Business

SOFTWARE DEMONSTRATION

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

1 Introduction to Identity Management. 2 Access needs evolve. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Cybersecurity Roadmap: Global Healthcare Security Architecture

MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK

Features Comparison Sheet

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Identity Management as a Service

ENTERPRISE PASSWORD RESET. ReACT. So your Help Desk doesn t have to.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Access Management Handbook

VMware Identity Manager Administration

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

Dell One Identity Cloud Access Manager 8.0. Overview

SYMANTEC DATA CENTER SECURITY

NetIQ Identity Manager Password Management Guide. October 2014

Mapping BeyondTrust Solutions to

SSO Integration Overview

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

News and Updates June 1, 2017

Index. NOTE: Boldface indicates illustrations; t indicates a table. 209

SysAid Technical Presentation. Phone (Toll-Free US): Phone: +972 (3)

IBM Multi-Factor Authentication in a Linux on IBM Z environment - Example with z/os MFA infrastructure

TrustedX - Adaptive Authentication. Whitepaper

Go mobile. Stay in control.

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Securely Enable the Open Enterprise

Enterprise Password Assessment Solution. The Future of Password Security is Here

Hyperion System 9 BI+ Analytic Services

Liferay Security Features Overview. How Liferay Approaches Security

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

DigitalPersona for Healthcare Organizations

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Dissecting NIST Digital Identity Guidelines

Cloud Customer Architecture for Securing Workloads on Cloud Services

IBM Security Access Manager

Regulatory Compliance Using Identity Management

Oracle Buys Automated Applications Controls Leader LogicalApps

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

APPLICATION ACCESS MANAGEMENT (AAM)

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Introduction. SecureAuth Corporation Tel: SecureAuth Corporation. All Rights Reserved.

EnterSpace Data Sheet

Transcription:

Identity-Powered Security

Innovation created a very complex environment. z / OS PL / I Public Cloud Private Cloud Internet of Things (IoT) COBOL CICS IMS

Cloud How is leveraging cloud impacting risk and how can I manage it? Mobile Is our use of mobile devices secure? Compliance Are we complying with all applicable mandates? How do we reduce the cost of compliance? Data Breach Are we doing enough to control access to sensitive information? Do we understand our threat landscape? IoT How do we securely take advantage of IoT? Service Delivery Are we doing enough to ensure availability and data security? Network Are we ensuring the security of the network? Third Party Risk Are we doing enough to manage partner, contractor, and customer access?

Identity is More Important Than Ever DEVICES Mobile Browser Desktop ID SOURCES Social Internal Directory WAM Cloud USERS Partners Customers Consumers Employees APLICATIONS ebusiness SaaS Legacy/Custom API

Identity Manager

Evolution of Identity Manager. Auditory and reporting Compliance Roles and resources Roles based Workflows and web forms Rights User self service Correct rights Policies Policy based Synchronization Identity integration 1998 DirXML 1.0 2001 IDM 2 2004 IDM 3 2006 IDM 3.5 2008 IDM 3.6 2010 IDM 4 2014 IDM 4.5 2017 IDM 4.6

Philosophy of Identity Manager.

Identity Manager Real time user provisioning. Delegated administration and user self service. Reduce the complexity with their provisioning based in roles. Out of the box enterprise connectors for local solutions and cloud applications. User life cycle auditory system. User friendly web interface and graphical configuration tools. Design to be interoperable and flexible to integrate easily with standard protocols.

Administrator interface.

Connectors included with the base license. - Identity Manager Standard. o Windows Microsoft Active Directory o Email GroupWise, Microsoft Exchange, and Lotus Notes o Directory NetIQ edirectory and other LDAP v3 directories o Engine Services Manual Task Services (M-Task), Loopback, Null o Others Privileged Identity Management - Identity Manager Advance Edition. o Windows-Microsoft Active Directory o Email-GroupWise, Microsoft Exchange, and Lotus Notes o Directory-NetIQ edirectory and other LDAP v3 directories o Engine Services-Manual Task Services (M-Task), Loopback, Null o Others-Privileged Identity Management o Database JDBC driver (IBM DB2, Informix, Microsoft SQL Server, MySQL, Oracle and Sybase) o Message System JMS o Driver for Salesforce.com o Tools (Delimited Text, SOAP, and REST drivers) Complete list of connector for Identity Manager: https://www.netiq.com/documentation/idm45drivers/

Out of the box enterprise connectors. Applications HP Service Desk Microsoft Sharepoint Oracle E-Business Suite BMC Remedy PeopleSoft RSA ACE SAP Enterprise SAP GRC SAP HR & Portal SAP R/3 4.6 SAP Web Application Server Ellucian Banner SugarCRM Blackboard Data bases Microsoft SQL Server Oracle Database IBM DB2 Universal Database Informix Dynamic Server Sybase Adaptive Server PostgreSQL MySQL JDBC Midrange IBM i (i5/os and OS/400) Directories IBM Directory Server (SecureWay) iplanet Directory Server Microsoft Active Directory Microsoft Windows NT Domain Netscape Directory Server Sun Microsystems NIS+ Sun ONE Directory Server NetIQ edirectory LDAP v.3.0 Operative Systems Microsoft Windows 7, 8 y 10, Microsoft Windows Server 2008 y 2012 SUSE Linux Enterprise Server Debian Linux FreeBSD HP-UX IBM AIX Red Hat AS y ES Red Hat Linux Oracle Solaris UNIX Email servers Microsoft Exchange Novell GroupWise Lotus Notes PBX PBX de Avaya Asterisk VoiceRD Mainframes-z/OS RACF ACF2 Other SOAP DSML SPML Cloud Ready GoogleApps Salesforce.com Microsoft Office 365 Complete list of connector for Identity Manager: https://www.netiq.com/documentation/idm45drivers/

Self-Service Password Reset. Allows users to change and reset passwords according to the security and complexity policies. Provides self service web interface and it is integrated with the Windows Login Gina. Set and respond to challenge questions for forgotten passwords rather than resetting / changing passwords. Protected by secure Tokens OTP, SMS or Google Authenticator, to prevent social engineering attacks. Support help desk panel, to attend the user call safety and compliance.

Integrated with the Windows login. Interfaz web en HTML5 con Responsive Web Design. 13

Helpdesk interface. 14

Initial Login - End User

Request Form

Compare Users

User Catalog Card View

User Catalog

Settings - Branding

Graphical design of workflows.

Identity Manager Approvals App. NetIQ Identity Manager Approvals - Apple Store: https://itunes.apple.com/us/app/netiq-identity-manager-approvals/id599071228 NetIQ Identity Manager Approvals - Google Play: https://play.google.com/store/apps/details?id=com.netiq.idm.mobile.approval

User life cycle auditory and reporting.

Access Review

You now know who has access to what, but should they?

Compliance requirements and penalties. Governance Privacy Mandates HIPAA / HITECH NERC CIP Audits! European Data Protection Regulation SOX User demands! Right to be forgotten ISO 27001/2 PCI DSS European Data Protection Regulation

Certification process based in the users.

Certification process based in applications.

Policies of segregation of duties.

Compliance dashboard to have full visibility.

Manual or automatically remediation.

Proactive detection of orphans accounts.

Identity risk management.

Simple and clear for business approver

Access Manager

Work is an Activity, Not a Place The who, where, and what of access has changed dramatically Delivering convenience without putting the business at risk.

63% of confirmed data breaches involved weak, default or stolen passwords. Source: Verizon Data Breach Investigation Report, 2016

Ensuring the Right Access Employees and Contractors Internal Applications & Services Partners Access Management Customers / Citizens Cloud-Based Services

Access Manager Mobile Applications Web Applications Cloud Applications Access Manager Internal users External users Simplifies access and give more productivity with Single Sign-On. Authentication with advance authentication methods. Advance access controls to the corporative web resources. Full auditory in the access to the web applications and cloud solutions. Create an identity federation relationships with other companies.

Web resources management.

Authentication methods. Authentication with LDAP Login. Active Directory, edirectory y LDAP v.3. Certificates with support of CRL and OCSP (X.509). Authentication with Radius (802.11x). Authentication with Kerberos. Authentication with Identity Federation. Authentication with Active Directory Federation Services Authentication with OAuth & Social Authentication. Authentication with OpenID & SAML v.2.0. Authentication with SmartCard. Authentication with Google Authenticator. Authentication with FreeOTP. Authentication with SMS OTP. Api to integrate third party authentication methods. 41

Easy customization.

User access.

User web authentication.

User application dashboard.

User application administration.

User interface in multiple languages.

Google recaptcha

Integrated with Google recaptcha.

Mobile Access

Delivering Secure Mobile Access Backend Systems Access Management

Access For Various Form Factors

Secure access to corporate applications.

Secure access to corporate applications.

Mobile Access administration.

Mobile Access applications management.

Simplified SSO Apps.

Application Connectors Out of the Box. Micro Focus Application Connector Catalog: https://catalog.netiq.com

Application Connectors Catalog.

Easy application configuration.

Adaptive Authentication.

Security based in the user context Who is attempting access? Where are they located right now? Where are they normally located? What are they trying to access? What is the associated risk? When should I allow access? What else have they accessed lately? Does this reflect past behavior?

Step-up Authentication When Warranted Risk Score 132 PARAMETERS Username, Password HTTP Header IP Address & History Geo Location Known Cookie Device Fingerprint Last Login Cookie User Attributes CURRENT PATTERN ern Entered Inline with Configuration Within Valid Range Standard location Valid Cookie Valid Device Fingerprint Login from last used device present Valid user attributes

Risk Too High for the Business Risk Score 321 PARAMETERS Username, Password HTTP Header IP Address & History Geo Location Known Cookie Device Fingerprint Last Login Cookie User Attributes CURRENT PATTERN Entered Request contains different values in header field Different IP address with no history Suspect location Not sure Not determined No cookie present Valid user attributes

Risk-Based Authentication Contextual information Managing risk to information IP Address Geolocation User Profile External Parameters Risk Engine HTTP Headers User Cookies Device ID Assurance levels Low risk Medium Risk High Risk Allow Access Step-up Authentication Regulated (finance, healthcare, retail) Customer data Financial (internal, customer, partner) Intellectual property Internal emails Partner collaboration, supply chain Classified data User History Deny Access

Definition of risk policy

Advanced Authentication FIDO U2F PIN Code Live Ensure Voice Bio Soft Token Emergency HSM Challenge NFC Face Biometric Hard Token LDAP Password SMS Fingerprint RFID Email OTP Smartphone Voice Call LDAP PKI

Social Identity

Social Networks Will Become Identity Brokers / Providers By end of 2015 30% of all new retail customer identities will be based on social network identities. Today identity is delivered by the enterprise. If you look at business partners and customers, identities may come from somewhere else. In a decade or so depending on the mobility of the social media environment and our ability to build an enterprise-class shell around that identity, they could become the dominant identity providers.

Social identity out of the box.

Analytics Dashboard

Analytics Dashboard.

Analytics Dashboard.

Analytics Dashboard.

Analytics Dashboard.

Analytics Server and Reporting.

Analytics Server and Reporting.

Analytics Server and Reporting.

Report User Login Contract Summary.

Advanced Authentication

Long-term theft and damage the incidents that take the longest to discover were these inside jobs... (these took) months or longer to discover... Time to discover Over 80 % took weeks or more to discover Time to compromise Over 90 % happened in seconds or minutes Source: Verizon Data Breach Investigation Report, 2016

'One billion' affected by Yahoo hack.

Have i been pwned? https://haveibeenpwned.com

The Numbers are Staggering 84

Preventive and Detection Controls are Needed Identity and Access are preventative controls; they always have vulnerabilities Also, people with legitimate access misbehave Insider Threat can t be avoided with preventative controls only Our customers need monitoring to ensure Identity and Access are functioning correctly.

The three pillars of Authentication.

Advanced Authentication. Solution with multiple authentication methods. Authentication chains with multiple factors. Integrated with the login of Microsoft Windows, Linux and Apple MacOS. Software appliance with easy deployment. Designed for high availability environments. Smartcards Biometrics Smartphone Radius protocol Hardware Tokens Question / Answers Voice call and SMS Open API to integrate with third party solutions.

Administration dashboard

Administration dashboard.

User self-service interface

User self-service interface.

Helpdesk dashboard

Helpdesk dashboard.

Responsive Web Design

Interface for Smartphones and Tablets.

Interface for Smartphones and Tablets.

NetIQ Auth App

Smartphone Authentication App.

Interoperability of the solution.

Integration with Microsoft Windows.

Integration with Linux.

Integration with Apple MacOS.

Integration with web applications.

Integration with Radius protocol.

Interoperability of the solution.

Analytics Dashboard

Analytics Dashboard.

Analytics Dashboard.

www.microfocus.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback