Aug 14, 2015
Identity Powered Security
Lars NikamoIdentity, Access and Security [email protected]
© 2014 NetIQ Corporation. All rights reserved.2
SECURITY FROM A MARKET POINT OF VIEW
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.3
The Analysts
IDCIDCCarla Arend, Program Director European Software Research, IDC
Gartner
© 2014 NetIQ Corporation. All rights reserved.4
Identity and Access
Management
Identity & Access Management Suites
Identity & Access Management Suites
ID Management
Access Management
NETIQ IDENTITY & ACCESSMANAGEMENT
© 2014 NetIQ Corporation. All rights reserved.5
IDENTITY POWERED SECURITY
© 2014 NetIQ Corporation. All rights reserved.6
WHAT’S NEW IN IDENTITY MANAGER 4.5
© 2014 NetIQ Corporation. All rights reserved.7
IDENTITY MANAGER 4.5
• Integrated installation of all enhancement packs (Gemstones) and integration modules–Updated install and simplified configuration– Interface updates to User App/RBPM (Gemstones: Aquamarine & Citrine)–Enhanced Resource Management (Gemstones: Jade & Garnet)
• Enhanced cross-product integration–SSPR (Self Service Password Reset) bundled with IDM–SSO compatible with NetIQ xAccess Products
• Technology updates–Latest eDirectory, iManager & Enhanced Designer, new features in IDM Engine–Replace JBoss Community Edition with Tomcat –Browser, Operating System, Application Server, and Database currency–Updated drivers to support latest connected systems & support for PCRS
SUMMARY OF WHAT’S NEW
INTEGRATED INSTALLATION OF ENHANCEMENT PACKS (GEMSTONES)
© 2014 NetIQ Corporation. All rights reserved.9
IDENTITY MANAGER HOME
Provides the ability to:• Find resources such as applications or information
• See what current access is granted
• Submit requests to access resources
• Review and approve requests • See current state of requests – where it’s at in the process
Designed to work on desktops and tablets
© 2014 NetIQ Corporation. All rights reserved.10
LANDING PAGE
© 2014 NetIQ Corporation. All rights reserved.11
HOME PROVISIONING DASHBOARD
© 2014 NetIQ Corporation. All rights reserved.12
ACCESS REQUEST APPROVALS
• iOS and Android App available via the AppStore / Google Play
• Search “NetIQ Identity Manager Approvals”
© 2014 NetIQ Corporation. All rights reserved.13
TASKS AND APPROVALS
Initial view of tasks
Pull down to searchor refresh task list
Task detail view
© 2014 NetIQ Corporation. All rights reserved.14
MULTI-SELECT APPROVALS
Multi-select for batchapproval
View previouslycompleted tasks
© 2014 NetIQ Corporation. All rights reserved.15
CATALOG ADMINISTRATOR
Provides the ability to:• Create and manage Roles & Resources including Grant and Revoke process
• Create new Resources either from an entitlement or without an entitlement
• Associate Resources to Roles within your Organization
• Manage Child roles• Create separation of duties constraints to manage potential conflicts between roles
© 2014 NetIQ Corporation. All rights reserved.16
CATALOG ADMINISTRATOR
© 2014 NetIQ Corporation. All rights reserved.17
CATALOG ADMINISTRATOR
© 2014 NetIQ Corporation. All rights reserved.18
PERMISSION COLLECTION & RECONCILIATION SERVICE
Provides the ability to:• replicate permission model from various connected systems
• on-board application permissions and assignments
• support the implementation of resource model for IDM drivers
• quicker application integration in a simplified approach
• maintain Comprehensive Permission Catalog
© 2014 NetIQ Corporation. All rights reserved.19
PERMISSION COLLECTION & RECONCILIATION SERVICE
© 2014 NetIQ Corporation. All rights reserved.20
ENHANCED CROSS-PRODUCT INTEGRATION
© 2014 NetIQ Corporation. All rights reserved.21
SELF SERVICE PASSWORD RESET
© 2014 NetIQ Corporation. All rights reserved.22
SELF SERVICE PASSWORD RESET
• Integrated into Identity Manager 4.5
• Includes Helpdesk interface• Integrates with Windows
© 2014 NetIQ Corporation. All rights reserved.23
SELF SERVICE PASSWORD RESET
© 2014 NetIQ Corporation. All rights reserved.24
SELF SERVICE PASSWORD RESET
© 2014 NetIQ Corporation. All rights reserved.25
SELF SERVICE PASSWORD RESET
© 2014 NetIQ Corporation. All rights reserved.26
ONE SSO PROVIDER
2
45
1
Browser
IDM Home Page
OSP
IDM Landing Page
Catalog Administrator
eDirectory / LDAP Server
MS Kerberos
Outbound SAML from NAM
3
© 2014 NetIQ Corporation. All rights reserved.27
TECHNOLOGY UPDATES
© 2014 NetIQ Corporation. All rights reserved.28
ENGINE UPDATES
• Out of band sync– Ability to sync events on a priority basis
• Re-locatable cache files– To leverage better IO and improve IDM performance
• Cache flush enhancement–Option to disable “flush to disk” for every write operation
• String based associations– To improve IDM sync performance
© 2014 NetIQ Corporation. All rights reserved.29
DRIVERS UPDATES
• Drivers updated to support latest versions of connected systems
• New Drivers included in the base ISO:–Office 365–Oracle EBS–NetIQ Privileged User Manager
© 2014 NetIQ Corporation. All rights reserved.30
DESIGNER UPDATE
• 64-bit Designer (improved performance)• Updated Eclipse framework in Designer• Startup/Shutdown Policy sets in Policy flow view• Package Deprecation capability• Support for eDirectory 64-bit Syntax• Improved job deployments
© 2014 NetIQ Corporation. All rights reserved.31
ADDITIONAL REPORTS
• Authentication attempts– By user, By Server
• Statistics–Object Provisioning–Database Statistics
• User Profile information• Managed System –Data Collection– Entitlement and Account Summary
• Password – Password Management– Password Resets– Self Password Changes–User Password changes
• Permission – Permission Requests– Separation of Duty Conflicts
© 2014 NetIQ Corporation. All rights reserved.32
PLATFORM UPDATES
• Reduction in 32-bit Operating Systems for server components• Removed support for Solaris for engine/UserApp• Supported Operating Systems:– SLES 11 SP3 (64-bit)–OES 11 SP2–RHEL 6.5 (64-bit)–Windows 2012 R2
• Windows 2008 R2 Remote Loader supported for 2008 AD• Java 7 based Runtime Environment for all components
© 2014 NetIQ Corporation. All rights reserved.33
PLATFORM UPDATES
• Supported Databases:–Microsoft SQL Server 2014–Oracle 12c– Postgre SQL 9.3
• Supported App Servers:– Apache Tomcat 7– IBM Websphere 8.5– Jboss Enterprise 5.2
• Supported Browsers: – Safari 7.0.1, Chrome 31, IE 11, Firefox 30 (all support RBPM too)
• Convenience installer will bundle tomcat and Postgre SQL
© 2014 NetIQ Corporation. All rights reserved.34
ACCESS REVIEW
© 2014 NetIQ Corporation. All rights reserved.35
ACCESS REVIEWS ARE ESSENTIAL
–Who Has Access to What? • User access recertifications in the Identity and Access Lifecycle
–What is complicating user access review today?• Mobile, cloud, social media• Shifting workforce trends • Manual processes don’t scale–Business lacks visibility and context –We’re only human, we make errors!
–What’s at stake?• Insider threat potential increases • Compliance violations and fines
Request and Approval
Request and Approval
ProvisionProvision
EnforceEnforce
AuditAudit
Review and Certify
Review and Certify
ReconcileReconcile
© 2014 NetIQ Corporation. All rights reserved.36
DRIVE COMPLIANCE
–Collect user access data across the enterprise to improve visibility for auditors–Improve accuracy by making it easier for line-of-business managers to make confident user entitlement decisions–Deliver closed-loop remediation (revocation/verification)–Comply with industry regulations• HIPAA, Sarbanes-Oxley, PCI DSS, GLBA, European Union Data Protection
89% of employees who leave a company retain access to
business or cloud applicationsIntermedia 2014 SMB Rogue Access Study http://ow.ly/Acatj
© 2014 NetIQ Corporation. All rights reserved.37
INCREASE EFFICIENCY
–Replace error-prone, manual or home-grown solutions–Intuitive, user-friendly review interface–Reviews can be focused where it matters most such as costs, risks, privileged users–Streamline processes to keep campaigns on schedule
© 2014 NetIQ Corporation. All rights reserved.38
NETIQ ACCESS REVIEW
Business-Friendly UI for Access Certification• Review Managed and Un-
Managed Applications• Conduct Periodic and Ad-hoc
Reviews• Conduct Supervisor Reviews• Conduct Application and
Permission Owner Reviews• Streamline Reviews based on
Risk• Fulfill Review Decisions
Automatically or Manually
© 2014 NetIQ Corporation. All rights reserved.39
PRIVILEGED ACCOUNT MANAGER
© 2014 NetIQ Corporation. All rights reserved.40
PRIVILEGED IDENTITIESIN YOUR BUSINESS
SaaSPaaSIaaS
Database Application Virtual server Physical server
Enterprise Datacenter
IT-Staff Developer
BusinessOutsourced/Hosted/Managed datacenter
Outsourced IT
Business
Network equip
© 2014 NetIQ Corporation. All rights reserved.41
SUPERUSER PRIVILEGE MANAGEMENT
•Login with the user account, control access rights with elevation or filtering
•Agentbased or “jump server”-based •Sessionmanagement and control of incoming traffic
•Granular monitoring and reporting
SUPM
© 2014 NetIQ Corporation. All rights reserved.42
SHARED ACCOUNT PASSWORD MANAGEMENT
•Password Vault for shared accounts•Different types of shared accounts: Applications, OS, DB, etc. (root, Administrator, SYS, ora_dba, sa)
•Supports check in and check out of passwords•Automated login and session initiation•Automated reset of shared password•Activity monitoring
SAPM
© 2014 NetIQ Corporation. All rights reserved.43
PRIVILEGED ACCOUNT MANAGERTHE FUTURE
Password Vault
SaaSPaaSIaaS
DB Application Virtual servers
Rules
Manager
Användare
Password checkout initiate session
Approval process
Logging and reporting
Directory
© 2014 NetIQ Corporation. All rights reserved.44
PRIVILEGED ACCOUNT MANAGER
Full integration with NetIQ Identity ManagerAutomated account and profile assignmentWorkflows for orders and approvals Reporting of who had access, who approved the access and when the resource was accessedPassword Management and synchronization of accounts between systems
WORKS WITH IDENTITY MANAGER
Worldwide Headquarters515 Post Oak Blvd.Suite 1200Houston, TX 77027 USA
+1 713 548 1700 (Worldwide)888 323 6768 (Toll-free)[email protected]
Join NetIQ’s Online
QMUNITY
community.netiq.com
© 2014 NetIQ Corporation. All rights reserved.46
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2014 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.