© 2003 IBM Corporation Confidentiality/date line: 13pt Arial Regular, white Maximum length: 1 line Information separated by vertical strokes, with two.

© 2003 IBM CorporationTivoli Security

Tivoli Access Manager for Operating Systems (AMOS)

<Business Partner> Sales Presentation

IBM Software Group

IBM Software Group | Tivoli software

Access Manager for Operating Systems customer presentation © 2003 IBM Corporation

Agenda

• Tivoli security

• Customer pains and fixes

• Product overview

• Competitive positioning



IBM Tivoli Software Portfolio

Performance & Availability

Configuration & Operations

Storage Management

SecurityManagement

Storage Management

Performance & Availability

Configuration& Operations

BusinessImpact

Management

Core Services

Security Management• Reduce overhead

• Improve efficiency

• Increase productivity



Customers Plagued by Multiple Security Challenges

Provisioning Users • “45% of accounts are invalid”

Managing Access Control

• # 1 security threat results from inadequate controls on employees

Protecting Privacy • “No systemic method of complying with customers’ privacy concerns”

• “Large amounts of redundant, inaccurate, data clogs infrastructure”

Synchronizing Information



Security Remains Key Priority in 2003Emerging recognition that OS is linchpin to bulletproof security

0

10

20

30

40

50

60

70

Business Priorities for 2003

ReducingOperational Costs

ImprovingCustomer Service

Build / MaintainSecurity & PrivacyPolicies

ImprovingProductivity

OptimizingBusinessProcesses

Top Priorities for Business

0

10

20

30

40

50

60

IT Budget Priorities for 2003

Security

OS

Disaster Recovery

Database Mgmt

EAI

Storage Mgmt

Enterprise Apps

Top Priorities for IT

Source: VARBusiness, April 28, 2003



Customer Pains…and Fixes



Internal Threats are the Greatest Threats…

Wed • May 14,2003 Current temp: 75 • Weather • Traffic ajc.com

AccessAtlanta

ajc services Archives Today's paper Obituaries Advertising Tickets Subscribe Teacher aids Customer service

May 14, 2003

HACKER MAY SIT IN NEXT CUBICLE by BILL HUSTED

The computer hacker wasn't a devious competitor or some brainy teenager sitting at his home PC.

Instead, it was a Coca-Cola employee who slipped into the company's computer system without authorization and downloaded salary information and Social Security numbers of about 450 co-workers.

A recent computer scare at the world's largest soft-drink maker worried it enough to send an e-mail advising employees to check bank accounts and credit card balances…

Computer break-ins by insiders often do more damage than…remote hackers. "They know what to take; they know what is important." Gray said.

“The hacker who just stole your records is just as likely to be an insider as an outsider…

“There's the notoriety, bad press and Wall Street doesn't like it,’

“Some computer systems simply allow users too much freedom to roam.”

Case Study



Identity Theft ring stole $2.7M

• Employees received $60 per report

• 30,000 reports were stolen over three years

• Identity Theft costs US $5B and is growing at over 100% annually

“A lot of companies have gone to a lot of effort to protect themselves from being hacked, but it’s a lot harder to stop a rogue employee.”

—James Vaules,

National Fraud Center

E-MAIL NEWSLETTERS | ARCHIVES

SEARCH: New s

Search Options

News Home Page Nation World Metro Business Portfolio Market News Economy Policy - Product Safety - Communications - Disaster Aid - Energy Trade - Highway Safety - Labor - Securities Company Research Mutual Funds Personal Finance I ndustries Columnists Special Reports Live Online Business Index Technology Sports Style Education Travel Health Real Estate Home & Garden Food Opinion Weather Weekly Sections News Digest Classifieds Print Edition Archives

Quick Quotes Look Up Tables | Portfolio | Index

Identity Theft More Often an Inside Job Old Precautions Less Likely to Avert Costly Crime, Experts Say

_ _ _ _ _Related FTC Articles_ _ _ _ _ • FTC Sues Weight-Loss Firm Over Ads (Associated Press, Dec 6, 2002) • FTC Finds Diet Ads Hard to Swallow (The Washington Post, Dec 6, 2002) • Canada Telemarketers to Refund $1M to U.S. (Associated Press, Dec 5, 2002) • More FTC News

_ _ _ _ _About the FTC_ _ _ _ _ • Mission • Who's in Charge?

__ Regulatory News By Agency __

Select an Agency

By Brooke A. Masters and Caroline E. Mayer Washington Post Staff Writers Tuesday, December 3, 2002; Page A01

You can take all the steps you want to protect yourself against identity theft: Guard your wallet, shred your personal financial papers before throwing them in the trash, monitor your credit reports.

But no matter how careful you are, you may not be able to avoid having your identity assumed by someone who wants to go on a buying spree, using your credit card, bank account, Social Security number or other personal data.

That's because the nature of identity theft has changed and the threat today is more likely than ever to come from insiders -- employees with access to large financial databases who can loot personal accounts -- than from a thief stealing a wallet or pilfering your mail. Banks, companies that take credit cards and credit-rating bureaus themselves don't do enough to protect consumers, critics say.

"You can spend a lot of time and money trying to protect yourself," obtaining copies of your credit reports every three to six months, buying a credit-monitoring service to alert you when someone is making inquiries about your account or even buying identity-theft insurance, said Robert Gellman, a D.C. privacy consultant. "You can do as much as you can do, but it won't stop you from being a victim. There's nothing I'm aware of that will guarantee you not become a victim."

That fact was underscored last week when federal prosecutors announced that they had arrested and charged three people in connection with a scheme to steal the personal financial information of 30,000 Americans by downloading data from a computer and selling it to scam artists. The prosecutors said it was the largest case of identity fraud ever detected.

And Identity Theft is Powerful Incentive Case Study



Security Threats and SpendingS/390AS/400

UNIXNT

Core Network

SecurityManagement

CertificateAuthority

Firewall

Customers

Mission-Critical Servers

SuppliersDistributors

Perimeter Network

Access Network

Mobile Employees

Business Partners

PC Security

ActiveContent

VPN Single Sign-on

BackupRestore

Intrusion Detection

SecurityAuditing

E-MailFiltering

Web Servers

Proxy-ServerWorkload

Management

Internet Access

PC Anti-Virus

MerchantServer

The majority of abuse comes from within

Core 25%

Perimeter 31%

Access Network 44%

% of

Security Events

% of

Security Spend55%

45%



Customer Scenario—Fortune 300 BankRapid deployment. Passed audit.

Need • Responding to failed security audit

• Needed to audit and control access by individual, function and resource

• Needed to securely scale to over 200 UNIX servers

• Push out policy changes to hundreds of servers from a central console

Solution • IBM Tivoli Access Manager for Operating Systems

• IBM Tivoli Identity Manager

Result • Phase I

—Over 170 UNIX servers secured in 8 weeks

—Customer verified that control, audit and scalability requirements had been met

• Phase II

—Audit of password history and user self-care

—Provisioning through Identity Manager



Customer Scenario—Large TelecommHighly customized security policy

Need • Enforce compliance to security standards on mid-range UNIX servers

• Meet external audit commitments

• Provide a resilient and effective security infrastructure that centrally administers, enforces and audits security policy

Solution • IBM Tivoli Access Manager for Operating Systems, v3.7

• IBM Tivoli Access Manager for Operating Systems, v3.8

Result • Deployed to over 75 HP and Sun servers• Audit trail for access to critical OS resources• Complete enforcement and easy management of Root access controls• Phase II

—Rollout to 200 additional servers



IBM TivoliAccess Manager for Operating Systems



What is Access Manager for Operating Systems?

AMOS is a “firewall” for applications and the operating system • A highly secure authorization engine

• Addresses the #1 security threat

• Provides mainframe-class security

It secures a wide variety of platforms • UNIX—AIX, Solaris, HP-UX• Linux—SuSE, Red Hat• Hardware—x-, i-, p-, and zSeries; Sun; HP

Recent enhancements have made AMOS• Light weight and standalone • Easier to configure• More powerful



Value Proposition

IBM Tivoli Access Manager for Operating Systems secures operating systems and applications against the #1 threat afflicting enterprises today: information theft by internal users.

Relying on an award-winning architecture and the industry’s leading access control engine, IBM Tivoli Access Manager for Operating Systems restricts access to files, resources and systems on a need-to-know basis. Both external hackers and internal users are prevented from accessing the sensitive information of customers, employees and business partners.

IBM Tivoli Access Manager for Operating Systems’ mainframe-class security permits administrators to efficiently demonstrate compliance with the increasing demands of auditors and regulators. This frees time for administrators to focus on the demands of the marketplace, and assures everyone that confidential and private information will remain confidential and private.



Do You Need AMOS?

Do you run business critical applications?

Do you operate in a security sensitive industry?

Do you have extensive partner networks or e-business applications?

Are you being audited by corporate, partner, or government auditors?

How many UNIX boxes do you have?

• How many different types of UNIX?

Do you have one security policy, or multiple policies?

• Is it easily enforceable and manageable across your system?

How many people officially have the ‘Root’ password?

• How many people have it ‘unofficially’ ?

Can users delete files or audit logs?

• How do you audit ‘root’ access?

Typical Customer

Typical Pains



AMOS Addresses Several Customer Concerns

“Delegation of Root access is ‘necessary evil’”

“My UNIX systems always fail security audits”

“Managing one security policy across multiple systems is just too difficult”

“There’s no RACF for zLinux”

Secures application environment

Protects data

Meets auditing requirements

Reduces administration costs

Runs on zLinux

Customer Concerns AMOS Value



AMOS Relies on Simple Architecture

Access ManagerManagement ServerCentralized server containing

• Policy database• User IDs

Security Agent• Intercepts system call• Make access decision• Writes audit record

SSL connection

Security Agent

Management Server maintains policy

Security Agent enforces policy



real_open()

pdos_open()real_open

AMOS Kernel

Interceptor

open

setuid

brk

pdos_open

pdos_setuid

real_brk

Intervention Point

UNIX Kernel

General Scenario: Joe Administrator

joe UID 1032

root UID 0

Action In UNIX

Joe logs in

•Access = R, W

•Resource = /etc/passwd

•joe UID 1032

•Writes to audit log

In AMOS

•joe UID 1032

•joe UID 1032•Writes to audit log

su to root

vi/etc/passwd INTERCEPTED!!!

• Tracks original login ID• Audits at all times• Applies control to each action



AMOS Security Policy is Robust

Compulsory Control

Omnipresent Operation

Customizable Policy

Persistent Auditing

AMOS

Threat Environment



Competitive Positioning



Speed and Performance is a Key Differentiator

Source: IBM internal performance benchmarking

Access Control Decision Making Performance—on Solaris

7

9

103

201

0 100 200 300

1

4

Pro

cess

ors

Test Runs per Hour

Slow Performance

• Slows down applications

• Prevents auditing

• Requires shut down during system back up

AMOS leads the UNIX/Linux market in scalability

AMOS is the market’s only multi-threaded solution

IBMLeading Competitor

KEY22X

15X



Competitive Comparisons

Products which modify the OS are of limited use

• Positioned as a super secure server products

– Tend to focus on niche segments

• More complex to implement – significant level of kernel modification

• Impacts standard applications

Products which rely on single-threaded, decentralized architectures perform poorly

• Performance impact to the OS stated as averaging 5-10%

– AMOS is significantly better– Prevents auditing

• Decentralized policy management increases administrative overhead



Summary of Competitive Differences

Key Criteria Customer Impact

Ease-of-use • Fast Start Policy Modules are best-practice, pre-defined policies• “Inheritance” is the ability to set policy globally, locally and specifically

as necessary• Both of these allow customers to implement and deploy policy quickly

and accurately while maintaining high performance

Non-intrusive design • AMOS is not a customized kernel—its an interception layer• Allows applications to run smoothly and confidently• Minimal impact to mission critical applications

Multi-thread design • Greatly improves performance• Ensures around-the-clock security• Allows extensive auditing• Doesn’t impact applications

Reduced Administration & Centralized Control

• Policy management and enforcement is #1 method of ensuring security• Ensures security policy is always enforced—everywhere• Reduces administrative burden

Integration • Tivoli offers market-leading suite of security software• Identity Manager, Access Management for e-business and Privacy

Manager are powerful and highly economic complements• Administrative, training and user costs are substantially reduced



Where to Find More Information

Tivoli Web site – security pagehttp://www-3.ibm.com/software/tivoli/products/access-mgr-operating-sys/

Tivoli Knowledge Centerhttp://www3.ibm.com/software/tivoli/partners/public.jsp?

tab=comarket&content=index&rightnav=security

PartnerWorld for Softwarehttp://www-100.ibm.com/partnerworld/software/pwswzone.nsf/web/ASOA-5JMLJB?

opendocument&s=3&cat=mr&subcat=marketingmaterials

© 2003 IBM Corporation Confidentiality/date line: 13pt Arial Regular, white Maximum length: 1 line Information separated by vertical strokes, with two.

Documents

pt arial regular

pt arial bold

white maximum length

white ibm logo

maximum text length

white optional slide

ibm corporation ibm

line information