EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

Similar documents
ObserveIT User Activity Monitoring

1 Introduction Product Description Strengths and Challenges Copyright... 5

1 Introduction Product Description Strengths and Challenges Copyright... 5

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Protecting the keys to your kingdom against cyber-attacks and insider threats

NextLabs Rights Management Platform

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

SOLUTION BRIEF CA CONTROLMINDER. Privileged Identity Management with CA ControlMinder

SIEM and IAM Technology Integration

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

CA ControlMinder for Virtual Environments May 2012

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Security and Identity Management Auditing Converge

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

IBM Security Privileged Identity Manager helps prevent insider threats

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Leveraging Privileged Identity Governance to Improve Security Posture

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

How To Manage A Privileged Account Management

BeyondInsight Version 5.6 New and Updated Features

Sun and Oracle: Joining Forces in Identity Management

Trust but Verify: Best Practices for Monitoring Privileged Users

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

<Insert Picture Here> Oracle Identity And Access Management

2013 AWS Worldwide Public Sector Summit Washington, D.C.

White paper December Addressing single sign-on inside, outside, and between organizations

An Oracle White Paper January Oracle Database Firewall

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Research. Identity and Access Management Defined

Secure Cloud Computing

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

How can Identity and Access Management help me to improve compliance and drive business performance?

CA Automation Suite for Data Centers

Safeguarding the cloud with IBM Dynamic Cloud Security

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Mobile App Containers: Product Or Feature?

Securing Remote Vendor Access with Privileged Account Security

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio

PowerBroker for Windows

Zenoss for Cisco ACI: Application-Centric Operations

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

This research note is restricted to the personal use of

KuppingerCole Product Research Note. Virtual Forge CodeProfiler. by Prof. Dr. Sachar Paulus March 2012

How To Protect Your Cloud From Attack

Key Issues for Identity and Access Management, 2008

Symantec Control Compliance Suite Standards Manager

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

An Oracle White Paper January Oracle Database Firewall

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

PowerBroker for Windows Desktop and Server Use Cases February 2014

Information & Asset Protection with SIEM and DLP

Virtualization Case Study

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Solving the Security Puzzle

The Four "A's" of Information Security

Identity and Access Management

Privileged Session Management Suite: Solution Overview

Securely maintaining sensitive financial and

CA SiteMinder SSO Agents for ERP Systems

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Windows Least Privilege Management and Beyond

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

How To Achieve Pca Compliance With Redhat Enterprise Linux

IBM QRadar Security Intelligence April 2013

Vulnerability Management

can I customize my identity management deployment without extensive coding and services?

Deployment Options for Microsoft Hyper-V Server

Provide access control with innovative solutions from IBM.

An Overview of Samsung KNOX Active Directory and Group Policy Features

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Privileged Access Management 15.3 Available Features

CloudPassage Halo Technical Overview

Nessus Agents. October 2015

The Cloud App Visibility Blindspot

Ensuring the Security of Your Company s Data & Identities. a best practices guide

EMA Radar for Workload Automation (WLA): Q2 2012

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski March 2015 is a comprehensive Privileged Identity Management solution for physical and virtual environments with a very broad range of supported target systems and impressive integration capabilities. by Alexei Balaganski ab@kuppingercole.com March 2015 Content 1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 Related Research Leadership Compass: Privilege Management 70960 Advisory Note: Privilege Management 70736

1 Introduction CA Technologies is a multinational publicly held software company headquartered in New York, USA. Founded in 1976 to develop and sell mainframe software, over the decades CA Technologies has grown significantly via a series of strategic acquisitions. Although it used to produce consumer software, currently CA Technologies is a major player in the B2B segment, offering a wide range of products and services for mainframe, cloud and mobile platforms in such areas as security, infrastructure management, automation and DevOps. The company employs over 13,000 people and reported revenues over $4.5bln in 2014, making it a Fortune 500 company and one of the world s largest independent software corporations. CA Technologies is a market leader in Identity and Access Management, providing a complete identity management ecosystem with its ca Securecenter portfolio. is the part of this portfolio responsible for Privileged Identity Management in both physical and virtual environments, providing such functionality as credentials management for shared accounts, user activity audit and fine-grained segregation of duties across the whole enterprise. Ongoing trends within the IT industry, such as continued deperimeterization of corporate networks, growing adoption of virtualization technologies, as well as increasing sophistication of advanced persistent threats have made the task of protecting sensitive corporate information more and more difficult. Since traditional perimeter security tools like firewalls are no longer efficient against hackers, the focus of information security has gradually shifted towards defense against insider threats, and privileged accounts continue to be the primary target for these threats. It is well known that compromised administrator credentials have been the cause of most recent data breaches, including the notorious NSA leak. Pressured by the increasing complexity of IT environments, rapidly growing cybercriminal activity, and the growing number of compliance regulations, IT security specialists are in desperate need of reliable and comprehensive tools to control and manage privileged identities. No wonder that PxM solutions have grown from a niche market into a mandatory component for every enterprise security infrastructure. The competition among PxM vendors is still strong, with innovative technologies being constantly developed, and CA Technologies is definitely one of the veteran players in this market. CA Technologies solutions are known for the broadest range of supported systems, including the most exotic and legacy ones, and a high degree of integration between individual products. is a comprehensive and mature solution that fits well in most organizations, especially those maintaining heavily virtualized environments. In KuppingerCole s Leadership Compass on Privilege Management 1 has been recognized as one of the overall leaders. Although current support for cloud PaaS platforms is limited, broader adoption of IaaS and PaaS is a strategic part of CA Technologies roadmap, so for organizations developing a long-term PxM deployment plan is definitely an obvious contender. 1 http://www.kuppingercole.com/report/leadershipcompass_privmgmt_70960 Page 2 of 6

2 Product Description is a suite that provides a comprehensive solution for privileged identity management in physical and virtual environments. enables centralized control and management of privileged user access to a broad range of servers, network devices and applications, provides fine-grained access controls beyond the native capabilities of operating systems and maintains accountability by providing an audit trail of all administration activities. Thus, CA Privileged Identity Manager helps to improve security and data protection, reduce administration costs and maintain regulatory compliance. The suite consists of the following components, which can be licensed separately or in various combinations: Shared Account Management: this core module provides secure storage and access to privileged user credentials. It implements the key functionality of a PxM product, such as: Workflows for regular and emergency access to privileged accounts Privileged access audit and reporting Automatic account discovery Password policy management Unified web management console Integration with 3 rd party ticketing and helpdesk systems Shared Account Management is a server-based agentless solution that handles connections to target systems via a number of connectors based on standard protocols. It supports over 20 connectors out of the box and additionally provides an SDK and a scripting framework for the development of custom connectors. Naturally, besides manual password checkout, supports various application checkout methods. It can, for example, automate management of service account credentials for Windows services and scheduled tasks, apply password reset policies to IIS or J2EE application servers, and automatically manage access to databases by intercepting ODBC and JDBC connections (without any modification to original applications). It also provides an agent for programmatic credential checkout from scripts and batch files, eliminating the need for hard-coded passwords. Fine-grained access controls: by deploying secure, hardened and self-healing endpoint agents on supported operating systems (which include all Windows versions and major UNIX and Linux variants), is capable of enforcing privileged access policies independently and far beyond the native capabilities of operating systems. It can regulate access to system resources on a finegrained level, for example, by limiting administrator privileges based on the user s original identity, assigned roles or access control lists. Because the agents operate on the OS kernel level, not even Administrator/root accounts can bypass these controls. Page 3 of 6

endpoint agents also provide multiple server hardening capabilities, such as file system and registry protection, trusted application lists, Windows service protection, application jailing, etc. In this regard, they partially overlap with traditional antimalware solutions, that s why special care is taken not to cause conflicts with other vendors endpoint protection products. UNIX Authentication Bridge: a lightweight Pluggable Authentication Module (PAM) that enables management of *nix users through Microsoft Active Directory. This module not only provides centralized authentication for *nix users, but can also retrieve user attributes such as home directory or shell from Active Directory (AD). This enables consolidated account management across various server platforms, as well as centralized logging and integration with third-party SIEM tools. The module supports various integration scenarios depending on requirements and available AD schema, provides optional offline login support in case AD is unavailable and can even serve as a Single Sign-On solution for hosts supporting the Kerberos authentication protocol. for Virtual Environments: this product extends privileged identity management to virtual environments. It includes a HyTrust appliance for hypervisor hardening along with CA Technologies own module that provides management of hypervisor privileged accounts as well as virtualization-aware automation of security controls. Currently, the product provides full integration with VMware products (facilitated by the HyTrust appliance), as well as basic support for Microsoft Hyper-V and Citrix XenServer. also offers a complete reference architecture for Amazon AWS and support for managing Debian- and Ubuntu-based instances commonly used on the Amazon EC2 platform. for Virtual Environments has a separate management console. CA Session Recording: although technically a standalone product, it is deeply integrated with CA Privileged Identity Manager and is not sold separately. This module provides recording of privileged user sessions, along with searchable metadata for forensic analysis. Without the CA Session Recording module, is still able to provide basic reporting on privileged user activities. Although can be deployed as a standalone product without dependencies, integration with other products from the IAM portfolio is another big highlight for CA Technologies. For example, adding CA Strong Authentication to the infrastructure enables strong twofactor authentication both for endpoints and for the enterprise management console. By integrating with CA Identity Governance, provides a complete Privileged Identity Governance solution, addressing such issues as orphaned accounts, privilege creep and low visibility into privileged account usage. Page 4 of 6

3 Strengths and Challenges is a comprehensive and mature Privileged Identity Management solution with flexible licensing and deployment options, a very broad range of supported target systems and impressive integration capabilities with both CA Technologies and third party products. This makes it a natural fit for most organizations, especially those with heterogeneous and heavily virtualized environments. Relatively limited support for cloud platforms in the current release could be a setback for some, but broader adoption of IaaS and PaaS is a strategic part of CA Technologies roadmap, so for organizations developing a long-term PxM deployment plan is definitely an obvious contender. Strengths Support for a broad range of target systems Kernel-based fine grained access control Privilege management and security automation for virtualized environments Unix authentication bridging for managing Unix accounts in Active Directory Integrates with CA Identity Governance to provide a complete Privileged Identity Governance solution Integrates with other CA Technologies products and 3 rd party SIEM solutions (service desk integration coming in the next release) Challenges Relatively small partner ecosystem Support for cloud environments currently limited to Amazon AWS (other platforms planned in a future release) Not all components are integrated into a single management console yet 4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. Page 5 of 6

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst company, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Straße 16 65193 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information