Improving Security And User Productivity With E-SSO
Improving security and userproductivity with E-SSOSpeaker: Randeep Singh Chhabra
Why Single Sign On? Passwords must be: End User’s Solution:– Nontrivial To avoid being guessedPassword strength policy rulesProblem: hard to guess hardto remember– Changed frequently To avoid brute force attacks– Unique 2To limit risk if compromisedThe PC Sunflower
SSO addresses hot buttons for SecurityMgrs, CFOs, CCOs and UsersSECURITYINCORRECTPASSWORDHelp Desk 20 US to 25 US PER CALL!3DO WE REALLY KNOWTHE WHO, WHAT, &WHEN INFO WE NEEDTO DEMONSTRATECOMPLIANCE?
IBM provides complete coverage of SSO needsWebServicesTFIMInternet: B2CTAMebFederatedSOAWeb SSOTargetsWeb ServersWeb ApplicationsExtranet: B2EPortals, e.g. WPSNon-WebTargetsWindowsTAM E-SSOManaged Desktops44 KioskURLJavaCitrix/ Term. Svcs.Mainframe
TAM E-SSO v8 Solution OverviewTAM E-SSO provides: Enterprise SSO Two-Factor Authentication Access and Security WorkflowAutomation Fast user switching User Access Tracking & Audit Centralized Identity & PolicyManagementwith no change to the infrastructureTAM E-SSO enables visibility into user activity, control over access to businessassets, and automation of the sign-on process in order to drive value for ourclients.55
Key Differentiation Integrated Strong Auth: “What you know, and what you have,ALREADY” Comprehensive coverage of access points Powerful profiling tools: Wizard and Visual Profiling Complete session management Integration with IBM Tivoli IAM offerings66
Case Studies
Government Outsourced ServiceCompany– Government Agency responsible for central government wide projects– More than 70,000 users, across 27 agencies and more than 390 sitesProblem– Ease password management issue– Require two-factor authentication for VPN access to central networkSolution– Implement Encentuate based on USB smartcard token– Currently deployed to more than 45,000 usersImpact– Compliance with government policy for secure remote access– Ease login for users– Reduce password reset8
Integrated Healthcare NetworkCompany––Integrated delivery network of 16-facilities in central CaliforniaPrivately-held, for-profit organization; over 7,800 employees & doctorsProblem–––Regulatory compliance requirements (HIPAA)Securing workstations shared by multiple usersStrong user resistance to new security policiesSolution––Implement Encentuate with HID Prox cardsFully deployedImpact–––9Immediate compliance to HIPAA regulationsDramatic improvement in user acceptanceAbility to provide user centric access logs to applications
Large ManufacturerCompany– Fortune 100 company– 40b in revenue– 100,000 employees worldwideProblem– Reduce keystrokes as part of lean mfg efforts. Users burdened withmultiple sign-on credentials for each “tool” interaction.– Securing workstations from potential “IP leakage” by tools shared bymultiple users.– Improve the accountability of technicians regarding work product andoverall productivity– Improve compliance posture re: SOXSolution– Implement Encentuate with roaming sessions– Encentuate iTag (passive RFID wrist badges) for user authenticationImpact– Enhanced security– Improved accountability– Demonstrated productivity gains for shop floor workers10
Large Insurance ProviderCompany– Largest insurance provider worldwide with operations in 10 markets in AsiaPacific (ex Japan)– Provides Life insurance, wealth management, advice and asset– management– APAC regional headquarters have a staff of 4,392 and 9,550 agentsProblem– Rising operational cost in managing identities in APAC– Complex heterogeneous environment due to ongoing M&A exacerbatescost of identity admin– Increased number of new users from emerging markets such as India andChina exacerbates cost of identity admin– Strategic need to establish a centralized shared services within the regionSolution– Implement the Encentuate IAM SuiteImpact–––––11End-user productivity enhancementImproved compliance and auditEstablished a centralized identity authentication frameworkManage and reduce operational costImproved overall identity security
Why TAM E-SSO? Improve user productivity- Through faster access to information- Through better sharing of workstations Enhance security- Through better password security enforcement- Through stronger identity assurance- Through security policy automation Improve audit and tracking- Through central collation of user-centric logs- Through better tracking of user access Reduce help desk cost- Through reduction of password reset calls1212
IBM Security Intelligence and PeopleSecurity Solutions
The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks DATAEXPLOSIONThe age of Big Data – the explosion of digitalinformation – has arrived and is facilitated bythe pervasiveness of applications accessedfrom everywhereCONSUMERIZATIONOF ITWith the advent of Enterprise 2.0 and socialbusiness, the line between personal andprofessional hours, devices and data hasdisappearedEVERYTHINGIS EVERYWHEREOrganizations continue to move to newplatforms including cloud, virtualization,mobile, social business and moreATTACKSOPHISTICATIONThe speed and dexterity of attacks hasincreased coupled with new motivations fromcyber crime to state sponsored to terrorinspired making security a top concern, from the boardroom down
Security - within and across domains PeopleEmployees Consultants Hackers Terrorists Outsourcers Customers temsApplicationsWebapplicationsAt restWeb 2.0In motionMobile AppsInfrastructure 77% of firms feel cyber-attacks harder to detect and 34% low confidence to prevent 75% felt effectiveness would increase with end-to-end solutionsSource: Ponemon Institute, June 2011
Our customers’ pain points:Security challenges and risks can impact innovationExternal threatsInternal threatsComplianceSharp rise in external attacksfrom non-traditional sourcesOngoing risk of careless andmalicious insider behaviorGrowing need to address anincreasing number of mandates Cyber attacks Administrative mistakes National regulations Organized crime Careless inside behavior Industry standards Corporate espionage Internal breaches Local mandates State-sponsored attacks Disgruntled employee actions Corporate governance Social engineering Mix of private / corporate dataImpacting innovationMobilityCloud / VirtualizationSocial BusinessBusiness Intelligence
2011 – The Year of the Targeted AttackAttack TypeBethesdaSoftwareSQL InjectionURL TamperingNorthropGrummanIMFFox NewsX-FactorSpear PhishingItalyPMSiteCitigroup3rd Party SWSpanish Nat.PoliceDDoSSecure ownSonyPBSRSAHB GaryLockheedMartinSize of circle estimates relativeimpact of breachSony BMGGreeceMonsantoMalaysianGov. Site efenseSOCABrazilGov.TurkishGovernmentAZ PoliceSKCommunicationsKoreaUS Senate NATOFebMarAprilIBM Security X-Force 2011 Midyear Trend and Risk Report September 2011MayJuneJulyAug
IBM Security: Delivering intelligence, integration and expertise across acomprehensive framework Only vendor in the market with end-toend coverage of the security foundation 6K security engineers and consultants Award-winning X-Force research Largest vulnerability database in theindustryIntelligence Integration Expertise
IBM has security resources that span the globe 9 Security operations centers9 Security research centers11 Security solution development labs5500 Security professionals
Total Visibility: Product Portfolio, Services and Research
Defense-in-Depth: A Key IBM DifferentiatorUnlike competitors, our solutions cover each and every domain of security: people,applications, data and infrastructureThis layered approach is analogous to a key security concept: defense-in-depth.Think of how many security controls you see in a bank, and it’s all just protecting the money.And don’t forget the auditors behind the scenes!
Security and Business Intelligence offer insightful parallelsIBM Security IntelligenceSecurity IntelligenceDASCOMSecurity as a ServiceApplication SecurityDatabase MonitoringBI Convergencewith SecuritySOA SecurityManaged Security ServicesDecision ManagementNetwork Intrusion PreventionSimplified Delivery (i.e., Cloud )Compliance ManagementBI Convergence with CollaborationMarket ChangesIdentity and Access ManagementText & Social Media AnalyticsMainframe andServer Security - RACFPredictive AnalyticsIOD Business OptimizationPerformance ManagementTimeBusiness Intelligence SuiteEnterprise ReportingIBM Business Intelligence
Solving Customer Business Pains that Point Products Can’t AddressDETECTING THREATSOTHERS MISSDiscovered 500 hosts with “Here YouHave” virus, which all other securityproducts missedCONSOLIDATINGDATA SILOS2 Billion log events per day reduced to25 high priority offensesDETECTINGINSIDER FRAUDAddressed a trusted insider situationinvolving the stealing and destroying ofkey dataPREDICTING RISKSAGAINST YOURBUSINESSAutomate the policy monitoring andevaluation process for configurationchanges in the e monitoring of all networkactivity, in addition to PCI mandates
QRadar- SOC 2.0PCIHIPAAFISMACoCoNERCSOXKey Capabilities: Sophisticated correlation of events, flows,assets, topologies, vulnerabilities andexternal data to identify & prioritize threats Network flow capture and analysis for deepapplication insight Workflow management to fully track threatsand ensure resolution Scalable architecture to support the largestdeployments
Solutions Across the Entire Compliance andSecurity Intelligence LifecycleVulnerabilityExploitPrediction/Prevention PhasePre-ExploitRisk Management , Compliance Management,Vulnerability Management, Configuration ManagementRemediationReaction/Remediation PhasePost-ExploitSIEM, Network/User Anomaly Detection,Log Management Detecting threats, consolidating data silos, predicting business riskand exceeding regulation mandates require security intelligence SIEM is the anchor tenant, collecting and analyzing all telemetryand delivering information in context“It [enterprise security intelligence] also requires the integration and correlation of security andcontextual information to bridge security with business, risk and other key enterprise values,thereby enabling optimal decision making.” --Joseph Feiman, VP and Gartner Fellow
Fully Integrated Security Activity &AnomalyDetectionNetwork andApplicationVisibility Turnkey log management SME to Enterprise Upgradeable to enterprise SIEMOne Console Security Integrated log, threat, risk & compliance mgmt.Sophisticated event analyticsAsset profiling and flow analyticsOffense management and workflow Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysis Network analytics Behavior and anomaly detection Fully integrated with SIEM Layer 7 application monitoring Content capture Physical and virtual environmentsBuilt on a Single Data Architecture
The QRadar Security Intelligence SolutionsDeploy, Expand at Your Pace Turnkey log management SME to Enterprise Upgradeable to enterprise SIEMLogManagement Integrated log, cyber threat, risk and compliancemanagement Sophisticated event analytics Asset profiling and flow analyticsSIEM/SEM Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysisRiskManagementHihgScaleHigh orVFlowCollector Event Processors Network Activity Processors High Availability Stackable Expansion Embedded, real-time database Layer 7 application monitoring Content capture Network Analysis
QRadar Product FamilyBuilt On a Common Foundation of QRadar neWorkflowQRadarRiskManagerNewReal-TimeViewerRules EngineReportingAPIAnalytics tionNetflowOffenseIntelligent Integrated Automated – One Console Security
QRadar: The Most Intelligent, Integrated,Automated Security Intelligence Platform in the IndustryExceedRegulation redictRiskConsolidateData Silos
QRadar Security Intelligence Platform:Context and Correlation Drive Deepest Insight
Next Generation IntelligenceSuspectedIncidentsUser network-wideintegrationfraud detectionprior to anddeliveredenabledvastly improvedthreat detectionexploit completioncompliance reporting.2Bn log and event records a day reduced to25 high priority
QRadar: Integration EliminatesFalse Choice Between Capability & SimplicityBolted Together Solution Scale problemsDisparate reporting, searchingNo local decisionsComplex High AvailabilityMulti-product admin and DBAForklift upgradesDuplicate log repositoriesOperational bottleneckUnified AdministrationTime spent managing securityevents was reduced by 80%compared to siloed systemsQRadar Integrated Solution Highly scalableCommon reporting, searchingDistributed correlationIntegrated High AvailabilityUnified administrationSeamless expansionLogs stored onceTotal visibility
QRadar: Automation Drives Simplicityand Cost Effectiveness Auto-discovery of log sourcesAuto-discovery of applicationsAuto-discovery of assetsAuto-grouping of assetsCentralized log managementAutomated configuration auditsEfficient, Immediate, Custom“Where it would take 10 days on our oldsystem to build and test rules, it takesus just 10 minutes in QRadar.” Auto-tuningAuto-detect threatsThousands of pre-defined rulesEasy-to-use event filteringAdvanced security analytics Thousands ofpredefined reportsAsset-based prioritizationAuto-update of threatsAuto-responseDirected remediationAutomation Drives Operations Efficiency“We were pleased with QRadar being extremelyautomated, equipped with compliance-driven reporttemplates that were very useful out of the box, whichspared us the manpower andresources of having to developthem ourselves.”
QRadar: The Only Intelligent, Integrated, AutomatedSecurity Intelligence Platform in the Industry Proactive threat managementMassive data reductionRapid, complete impact analysisEliminates silosHighly scalableFlexible, future-proof"We evaluated numerous vendors, including all listedin Gartner's SIEM Magic Quadrant, and Q1 Labscame out on top. Their first-class product supportmodel, superior functionality, andextremely accessible user interfacebeat the competition” Operational efficiencySimple deploymentRapid time to value“In my 30 years of working with networkvendors, Q1 Labs' service is unmatched.”Ron Porritt,Information security engineerGordon Food Service
Product Tour: Integrated Console Single browser-based UI Role-based access toinformation & functions Customizable dashboards(work spaces) per user Real-time & historicalvisibility and reporting Advanced data mining and drill down Easy to use rules engine with out-of-the-box security intelligence
Product Tour: Data Reduction & PrioritizationPrevious 24hr period ofnetwork and securityactivity (2.7M logs)QRadar correlation &analysis of data createsoffenses (129)Offenses are a completehistory of a threat orviolation with full contextabout accompanyingnetwork, asset and useridentity informationOffenses are furtherprioritized by businessimpact
Product Tour: Intelligent Offense ScoringQRadar judges “magnitude” of offenses: Credibility:A false positive or true positive? Severity:Alarm level contrastedwith target vulnerability Relevance:Priority according to asset ornetwork valuePriorities can change overtime based on situationalawareness
Product Tour: Offense ManagementClear, concise and comprehensive delivery of relevant information:What wastheattack?Was itsuccessful?Who wasresponsible?Where do Ifind them?How manytargetsinvolved?Are any ofthemvulnerable?Where is alltheevidence?How valuableare the targetsto thebusiness?
Product Tour: Out-of-the-Box Rules & SearchesDefault log queries/views1000’s of real-time correlationrules and analysis tests100’s of out-of-the-box searchesand views of network activity andlog data Provides quick access to criticalinformationCustom log fields Provides flexibility to extract logdata for searching, reporting anddashboards. Product ships withdozens of pre-defined fields forcommon devices.
Product Tour: Flows for Network Intelligence Detection of day-zero attacks that have no signature Policy monitoring and rogue server detection Visibility into all attacker communication Passive flow monitoring builds asset profiles & auto-classifies hosts Network visibility and problem solving (not just security related)
Product Tour: Flows for Application Visibility Flow collection from native infrastructure Layer 7 data collection and analysis Full pivoting, drill down and data mining on flow sources foradvanced detection and forensic examination Visibility and alerting according to rule/policy, threshold, behavior oranomaly conditions across network and log activity
Product Tour: Compliance Rules and Reports Out-of-the-box templates forspecific regulations and bestpractices: COBIT, SOX, GLBA, NERC,FISMA, PCI, HIPAA, UK GCSx Easily modified to include newdefinitions Extensible to include newregulations and best practices Can leverage existingcorrelation rules
Driver for QRadar Risk Manager (QRM):Two-Phased Compliance and Security TimelineCompliance and Security Management re-ExploitConfiguration AssessmentCompliance AssessmentVulnerability AssessmentRisk AssessmentReaction/RemediationPost-ExploitLog ManagementSIEMBehavior AnalysisRemediation
QRadar Risk ManagerSolution At-A-GlanceQRadar Risk Manager moves organizations beyond traditionally reactive securitymanagement by delivering:Multi-vendor network configurationmonitoring & auditAutomated compliance andpolicy verificationRequirementConfigurationAudit NetworkActivity VulnerabilityManagement RiskManagement Predictive threat modeling& simulation
Analyst View
QRadar SIEM Market Success “Leader” in Gartner SIEM Magic Quadrant Ranked #1 product for Compliance needs by Gartner Only SIEM product that incorporates network behavioranomaly detection (NBAD) Industry awards include: Global Excellence in Surveillance Award from InfoSecurityProducts Guide “Hot Pick” by Information Security magazine GovernmentVAR 5-Star Award
Total Security Intelligence forAny Organization
Security Intelligence for the n
Use CasesQRadar SIEM excels at the most challenging use cases:Complex threat detectionMalicious activity identificationUser activity monitoringCompliance monitoringFraud detection and data loss preventionNetwork and asset discovery
Q&A50
Thank YouISTUTI
5 TAM E-SSO provides: Enterprise SSO Two-Factor Authentication Access and Security Workflow Automation Fast user switching User Access Tracking & Audit Centralized Identity & Policy Management with no change to the infrastructure TAM E-SSO v8 Solution Overview TAM E-SSO enables visibility into user activity, control over access to business
Productivity ahf Applet Headline Factory document Productivity as Applix spreadsheet file . aep ArcExplorer project file Productivity mxd ArcGIS map document file Productivity alg ARCSOLO activity log Productivity avl ArcView File Productivity dbg ArcView File Productivity apr ArcView File . Productivity phb ClustaW tree file Productivity .
Firms that focus on improving advisor productivity while managing the current business challenges will be well positioned to succeed in the future. 2.2.Reasons for Low Advisor Productivity Low advisor productivity results from non-integrated processes and technology tools silos, and is pervasive in the global wealth management industry.
bootstrapped Malmquist productivity indexes between 1993 and 2012 are constructed. Analysis of productivity change by decomposing the Total Factor Productivity Index into Efficiency Change and Technical Change is performed showing respectively whether productivity gains derive mainly from improvements in efficiency or are mostly the result
ISE 468 ETM 568 Dr. Burtner SlideOzcan Chapter 9 Productivity Lecture 2 3 Productivity Definitions and Measurements 1 (Review) Productivity is one measure of the effective use of resources within an organization, industry, or nation. The classical productivity definition measures outputs relative to the inputs needed to produce them.
Nov 11, 2010 · User Story 1 User Story 2 User Story 4 User Story 5 User Story 5 (Cont.) User Story 3 User Story 6 User Story 7 rint 1 User Story 8 2 User Story 1 User Story 2 User Story 4 . Process Template Light on security artifacts/documentati on. OWASP Making SDL-Agile Manageable Toolin
huge dilemma for CISOs: how far do they go to protect their organizations against such losses? The cost of security breaches and lost productivity is rising The consequences are significant: global losses from security breaches, including lost productivity, are forecast to double from 3 trillion per year in 2015 to 6
AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20
Take-off Tests Answer key 2 Answer key 1 Fill in the gaps 1 open 6 switch 2 turn 7 clean 3 pull 8 remove 4 start 9 rotate 5 press 10 hold 2 Complete the sentences 1 must 2 must not 3 must 4 cannot/must 5 must not 6 must not 7 must not 8 can 9 must 3 Make full sentences 1 Electric tools are heavier than air tools. 2 Air tools are easier to handle than electric tools. 3 Air tools are cheaper .
