IBM Security Privileged Identity Manager helps prevent insider threats



Similar documents
Strengthen security with intelligent identity and access management

Safeguarding the cloud with IBM Dynamic Cloud Security

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Security Intrusion Prevention Solutions

IBM Security QRadar Vulnerability Manager

IBM Security X-Force Threat Intelligence

Boosting enterprise security with integrated log management

Preemptive security solutions for healthcare

Reducing the cost and complexity of endpoint management

Simplify security management in the cloud

Applying IBM Security solutions to the NIST Cybersecurity Framework

IBM QRadar Security Intelligence April 2013

IBM Security re-defines enterprise endpoint protection against advanced malware

8 Steps to Holistic Database Security

When millions need access: Identity management in an increasingly connected world

IBM QRadar Security Intelligence Platform appliances

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Securing the mobile enterprise with IBM Security solutions

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Select the right solution for identity and access governance

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM Tivoli Federated Identity Manager

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Cloud Security Who do you trust?

Stay ahead of insiderthreats with predictive,intelligent security

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Provide access control with innovative solutions from IBM.

Breaking down silos of protection: An integrated approach to managing application security

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Leverage security intelligence for retail organizations

IBM Tivoli Netcool Configuration Manager

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

IBM Software Four steps to a proactive big data security and privacy strategy

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Easily deploy and move enterprise applications in the cloud

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

Win the race against time to stay ahead of cybercriminals

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Windows Least Privilege Management and Beyond

IBM Endpoint Manager for Mobile Devices

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Leveraging Privileged Identity Governance to Improve Security Posture

Addressing Security for Hybrid Cloud

Security Intelligence

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Under the Hood of the IBM Threat Protection System

Securing and protecting the organization s most sensitive data

Risk-based solutions for managing application security

Taking control of the virtual image lifecycle process

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

IBM Tivoli Endpoint Manager for Lifecycle Management

Selecting the right cybercrime-prevention solution

Real-Time Security for Active Directory

Security and HIPAA Compliance

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

IBM Endpoint Manager for Core Protection

Solving the Security Puzzle

IBM Tivoli Endpoint Manager for Lifecycle Management

IBM Security Intelligence Strategy

IBM Software Cloud service delivery and management

Payment Card Industry Data Security Standard

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

The Oracle Mobile Security Suite: Secure Adoption of BYOD

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Cloud computing White paper November IBM Point of View: Security and Cloud Computing

Strategies for assessing cloud security

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM Tivoli Directory Integrator

IBM MobileFirst Managed Mobility

Cloud Security Who do you trust?

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

Optimizing government and insurance claims management with IBM Case Manager

Three significant risks of FTP use and how to overcome them

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

IBM Security Access Manager for Web

White paper December Addressing single sign-on inside, outside, and between organizations

Transcription:

IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged user identities and audit privileged user access Secure application-to-application credentials and track their use Simplify privileged identity management functions with an intuitive user interface Support management of SoftLayer 1 administrative accounts Control check-in and check-out of shared IDs for entitled users Boost compliance and audit support with optional session recording/replay support and archival management of stored recordings Help reduce costs and speed time to value with a scalable, highly available virtual appliance and administrative tools Within virtually every organization, there is a set of privileged users IT administrators, systems managers and others who have elevated access to sensitive IT resources across systems, applications and databases. With their super user status, they can cause major accountability and compliance issues, increasing the risk for sabotage and data theft. From inadvertent mistakes to intentional malfeasance, the misuse of these privileged IDs can cause serious damage. Organizations, however, don t need to leave themselves vulnerable to insider threats. IBM Security Privileged Identity Manager delivers a single solution for securing, automating and tracking the use of privileged IDs. Based on underlying IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-On capabilities for licensed privileged users, the solution delivers privileged user entitlement provisioning, strong password management policies and support for all IBM Security Identity Manager adapter endpoints. By centralizing the management of privileged identities, IBM Security Privileged Identity Manager helps organizations track and audit the activities of privileged users for effective governance while also reducing the total number of privileged IDs needed, improving overall security and efficiency.

IBM Software The need for increased visibility into privileged activity The solution: IBM Security Privileged Identity Manager Data center consolidation, outsourcing, cloud computing and virtualization are increasing the overall number of privileged users within today s IT infrastructures. When doing business with outside service providers, organizations need to protect their information from misuse by vendors and to maintain an effective governance posture. Government regulations outline the technical accountability issues with which organizations must comply, or face financial and criminal penalties. Industry standards also require more fine-grained control of the activities and accesses of privileged users. Maintaining regulatory compliance while also guarding against insider security breaches has resulted in a compelling business need to securely manage and track privileged user identities. Traditionally, IT administrators have been given their own individual accounts with privileged access to every system causing the number of unique IDs needed for each server to escalate exponentially. The typical organization has to manage hundreds of privileged passwords, along with the risks and costs associated with provisioning, deprovisioning and recertifying large numbers of privileged users. Simply sharing a single privileged ID among privileged users does not address the problems, either. Deciding how to store and communicate a shared password can be an issue, often leaving an organization s most sensitive privileged accounts as the most vulnerable. When employees terminate employment Privileged identity management lifecycle Control shared access Approve, revalidate privileged IDs and shared ID pools Monitor and track usage Automate single sign-on and password management IBM provides a comprehensive solution for securely managing privileged identity use. 2

or change jobs, a shared password has to be immediately changed. In addition, the anonymity provided by a shared ID makes it difficult to tie a security breach back to a specific individual, guaranteeing problems with regulatory compliance. Organizations must therefore implement tools and processes to help manage privileged access and reduce the threat to enterprise security, including: Secure provisioning of privileged user accounts Strong password management and strong authentication policies Fine-grained activity logging for shared and privileged identities Automated processes that improve productivity while strengthening security IBM Security Privileged Identity Manager can meet these challenges with complete identity management and single signon capabilities for privileged users, mitigating insider threats by securing and tracking the use of privileged identities. It can centrally manage and audit a pool of privileged user IDs, which can be checked in and checked out by authorized people as needed, enabling organizations to effectively control shared access, manage privileged accounts, track usage and automate password management. IBM Security Privileged Identity Manager is a comprehensive solution for managing the privileged identity lifecycle and reducing costs. It also provides comprehensive tracking and reporting to enhance accountability and compliance by capturing both how a privileged ID was used and what a user did with that privileged ID. Control shared access to privileged IDs IBM Security Privileged Identity Manager helps enable a predefined group of authorized users to securely share access to designated accounts. A user s credential is automatically checked out of the encrypted credentials vault and used to log the user into the shared account, and then checked back in when the user logs out. The solution can be configured to enforce strict check-in and check-out of a pool of shared accounts to ensure accountability. Key features include: An encrypted secure vault for securely storing privileged user credentials Shared identity services that allow users to request access to a privileged account Extended self-service interface for users to optionally check out credentials, view passwords and check in credentials Timed auto check-in that gives users a limited time to use a privileged identity Password reset that can be configured to run at every checkin, ensuring that passwords aren t compromised Faster loading of credentials into the vault with a bulk loading tool Protect sensitive assets in the cloud The cloud extends services, applications and resources to a broad user base that may include employees, customers and partners. But with cloud computing, organizations also are introduced to a new tier of privileged users: operations personnel working for the cloud providers. The importance of monitoring and regulating privileged users only increases with cloud and virtualized environments, because organizations no longer control the infrastructure and have limited visibility inside clouds. Organizations should implement policies that can manage privileged accounts regardless of where they reside and that include the ability to enforce policies, even with cloud providers. 3

IBM Security Privileged Identity Manager provides control over and visibility into what privileged users and system administrators are doing in the cloud environment, such as within SoftLayer cloud services. IBM Security Privileged Identity Manager supports management of SoftLayer administrative accounts from an on- premises environment. With IBM Security Privileged Identity Manager, SoftLayer cloud services customers can allow their system administrators to securely share SoftLayer portal administrative customer service credentials. Secure access for applications It is not just privileged users that have elevated access rights. Applications and scripts also use credentials for privileged access. For example, an application may need a privileged credential to make database calls, or a script may need privileged credentials to access an application. Typically, these sources are trusted by the target resource and can bypass stronger user authentication mechanisms such as biometrics. In addition, the credentials used by these source programs are often hardcoded into the application or script, sometimes even in clear text. This leaves them vulnerable to exposure and can lead to unauthorized use. Furthermore, these hardcoded credentials are rarely changed, if ever, bypassing usual password management processes. With the optional IBM Security Privileged Identity Manager for Applications tool, applications, scripts and programs can leverage the same secure credential check-out mechanism employed for human users. This eliminates hardcoded passwords in applications and scripts and allows governance of those application credentials under established password management policies. As a further safeguard, every application instance (script or individual application instance) must be preregistered by an authorized IBM Security Privileged Identity Manager user in order to assure accountability for every system credential. Every nonhuman IBM Security Privileged Identity Manager user must be associated with a known human user. During the registration process, certain characteristics of the requesting application instance are saved and later authenticated at credential request time. This helps assure that only known applications and scripts, with known human sponsors, can access the credentials. Request, approve and revalidate privileged access IBM Security Privileged Identity Manager helps automate the creation, modification and termination of user privileges throughout the entire user lifecycle. As part of its identity management capabilities, the solution features the Identity Service Center, an intuitive user interface that can help business managers request access rights including accounts, roles and group membership for their employees, including privileged users. The roles-based control helps streamline administration of privileged identities to reduce risk and ensure compliance. Organizations can: Secure access via a hierarchical role structure Enable self-service requests to improve productivity Add, remove or change privileged access from a central location Automate approvals and recertifications to eliminate costly manual processes Create audit trails with detailed reports Track usage for improved governance and compliance With its fine-grained logging of user activity, IBM Security Privileged Identity Manager helps organizations demonstrate compliance with government security regulations. Privileged identities are checked out exclusively by individual users and all steps of authentication and privileged account actions are recorded in a detailed audit trail, helping ensure individual accountability. 4

An optional Privileged Session Recorder tool provides visual recording of privileged user activities with on-demand search and playback of stored recordings. The tool enables full-session auditing, recording and replays of privileged-user activities, delivering forensics and reporting on privileged users to help improve security compliance. With the Privileged Session Recorder tool, each user s session activity, including typed characters and mouse clicks, is recorded, stored and made available for forensics and compliance reviews. The Privileged Session Recording tool encourages appropriate behavior by privileged users and enables organizations to demonstrate compliant access to protected resources. During the recording process, additional metadata is captured, such as date/time, target system, client application, user ID and shared ID. The metadata can store recordings by user, application, date, endpoint system or command for streamlined archival and subsequent record retrieval. Auditors and managers can subsequently search and replay these recordings for governance or troubleshooting purposes, supporting compliance with regulations such as the Payment Card Industry (PCI) Data Security Standard (DSS) v10.2, Internet Banking and Technology Risk Management (IBTRM) guidelines of Singapore and the Telecom Regulatory Authority of India. Automate password management IBM Security Privileged Identity Manager supports single sign-on access with strong authentication that hides the current password from the end user, delivering an additional level of assurance. With automated password management, organizations can: Prevent advanced insider threats Session recording Data Systems Credential vault Network IBM Security Privileged Identity Manager Ensure compliance and audit support with the IBM Security Privileged Session Recorder option Automate the check-out of IDs Hide passwords from the requesting employee Require password resets after use and upon check-in to eliminate password theft and reuse outside the governance structure 5

Why IBM? IBM Security identity and access management solutions are trusted by organizations worldwide to safeguard, automate and track the use of privileged identities; improve identity governance; avoid the high cost of identity proliferation; and strengthen security across the entire enterprise. IBM can help organizations build on their core security infrastructure with a full portfolio of products, services and business partner solutions. These products build on the threat intelligence expertise of the IBM X-Force research and development team to provide a preemptive approach to security. For more information To learn more about IBM Security Privileged Identity Manager, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/security Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America November 2014 IBM, the IBM logo, ibm.com, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml SoftLayer is a registered trademark of SoftLayer, Inc., an IBM Company. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. 1 SoftLayer Technologies was acquired by IBM in July of 2013. Please Recycle WGS03005-USEN-02

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information