NetIQ identity powered security

Identity Powered Security

Lars NikamoIdentity, Access and Security [email protected]

© 2014 NetIQ Corporation. All rights reserved.2

SECURITY FROM A MARKET POINT OF VIEW

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.3

The Analysts

IDCIDCCarla Arend, Program Director European Software Research, IDC

Gartner


Identity and Access

Management

Identity & Access Management Suites

Identity & Access Management Suites

ID Management

Access Management

NETIQ IDENTITY & ACCESSMANAGEMENT


IDENTITY POWERED SECURITY


WHAT’S NEW IN IDENTITY MANAGER 4.5


IDENTITY MANAGER 4.5

• Integrated installation of all enhancement packs (Gemstones) and integration modules–Updated install and simplified configuration– Interface updates to User App/RBPM (Gemstones: Aquamarine & Citrine)–Enhanced Resource Management (Gemstones: Jade & Garnet)

• Enhanced cross-product integration–SSPR (Self Service Password Reset) bundled with IDM–SSO compatible with NetIQ xAccess Products

• Technology updates–Latest eDirectory, iManager & Enhanced Designer, new features in IDM Engine–Replace JBoss Community Edition with Tomcat –Browser, Operating System, Application Server, and Database currency–Updated drivers to support latest connected systems & support for PCRS

SUMMARY OF WHAT’S NEW

INTEGRATED INSTALLATION OF ENHANCEMENT PACKS (GEMSTONES)


IDENTITY MANAGER HOME

Provides the ability to:• Find resources such as applications or information

• See what current access is granted

• Submit requests to access resources

• Review and approve requests • See current state of requests – where it’s at in the process

Designed to work on desktops and tablets


LANDING PAGE


HOME PROVISIONING DASHBOARD


ACCESS REQUEST APPROVALS

• iOS and Android App available via the AppStore / Google Play

• Search “NetIQ Identity Manager Approvals”


TASKS AND APPROVALS

Initial view of tasks

Pull down to searchor refresh task list

Task detail view


MULTI-SELECT APPROVALS

Multi-select for batchapproval

View previouslycompleted tasks


CATALOG ADMINISTRATOR

Provides the ability to:• Create and manage Roles & Resources including Grant and Revoke process

• Create new Resources either from an entitlement or without an entitlement

• Associate Resources to Roles within your Organization

• Manage Child roles• Create separation of duties constraints to manage potential conflicts between roles






PERMISSION COLLECTION & RECONCILIATION SERVICE

Provides the ability to:• replicate permission model from various connected systems

• on-board application permissions and assignments

• support the implementation of resource model for IDM drivers

• quicker application integration in a simplified approach

• maintain Comprehensive Permission Catalog


PERMISSION COLLECTION & RECONCILIATION SERVICE


ENHANCED CROSS-PRODUCT INTEGRATION


SELF SERVICE PASSWORD RESET



• Integrated into Identity Manager 4.5

• Includes Helpdesk interface• Integrates with Windows








ONE SSO PROVIDER

2

45

1

Browser

IDM Home Page

OSP

IDM Landing Page

Catalog Administrator

eDirectory / LDAP Server

MS Kerberos

Outbound SAML from NAM

3


TECHNOLOGY UPDATES


ENGINE UPDATES

• Out of band sync– Ability to sync events on a priority basis

• Re-locatable cache files– To leverage better IO and improve IDM performance

• Cache flush enhancement–Option to disable “flush to disk” for every write operation

• String based associations– To improve IDM sync performance


DRIVERS UPDATES

• Drivers updated to support latest versions of connected systems

• New Drivers included in the base ISO:–Office 365–Oracle EBS–NetIQ Privileged User Manager


DESIGNER UPDATE

• 64-bit Designer (improved performance)• Updated Eclipse framework in Designer• Startup/Shutdown Policy sets in Policy flow view• Package Deprecation capability• Support for eDirectory 64-bit Syntax• Improved job deployments


ADDITIONAL REPORTS

• Authentication attempts– By user, By Server

• Statistics–Object Provisioning–Database Statistics

• User Profile information• Managed System –Data Collection– Entitlement and Account Summary

• Password – Password Management– Password Resets– Self Password Changes–User Password changes

• Permission – Permission Requests– Separation of Duty Conflicts


PLATFORM UPDATES

• Reduction in 32-bit Operating Systems for server components• Removed support for Solaris for engine/UserApp• Supported Operating Systems:– SLES 11 SP3 (64-bit)–OES 11 SP2–RHEL 6.5 (64-bit)–Windows 2012 R2

• Windows 2008 R2 Remote Loader supported for 2008 AD• Java 7 based Runtime Environment for all components


PLATFORM UPDATES

• Supported Databases:–Microsoft SQL Server 2014–Oracle 12c– Postgre SQL 9.3

• Supported App Servers:– Apache Tomcat 7– IBM Websphere 8.5– Jboss Enterprise 5.2

• Supported Browsers: – Safari 7.0.1, Chrome 31, IE 11, Firefox 30 (all support RBPM too)

• Convenience installer will bundle tomcat and Postgre SQL


ACCESS REVIEW


ACCESS REVIEWS ARE ESSENTIAL

–Who Has Access to What? • User access recertifications in the Identity and Access Lifecycle

–What is complicating user access review today?• Mobile, cloud, social media• Shifting workforce trends • Manual processes don’t scale–Business lacks visibility and context –We’re only human, we make errors!

–What’s at stake?• Insider threat potential increases • Compliance violations and fines

Request and Approval

Request and Approval

ProvisionProvision

EnforceEnforce

AuditAudit

Review and Certify

Review and Certify

ReconcileReconcile


DRIVE COMPLIANCE

–Collect user access data across the enterprise to improve visibility for auditors–Improve accuracy by making it easier for line-of-business managers to make confident user entitlement decisions–Deliver closed-loop remediation (revocation/verification)–Comply with industry regulations• HIPAA, Sarbanes-Oxley, PCI DSS, GLBA, European Union Data Protection

89% of employees who leave a company retain access to

business or cloud applicationsIntermedia 2014 SMB Rogue Access Study http://ow.ly/Acatj


INCREASE EFFICIENCY

–Replace error-prone, manual or home-grown solutions–Intuitive, user-friendly review interface–Reviews can be focused where it matters most such as costs, risks, privileged users–Streamline processes to keep campaigns on schedule


NETIQ ACCESS REVIEW

Business-Friendly UI for Access Certification• Review Managed and Un-

Managed Applications• Conduct Periodic and Ad-hoc

Reviews• Conduct Supervisor Reviews• Conduct Application and

Permission Owner Reviews• Streamline Reviews based on

Risk• Fulfill Review Decisions

Automatically or Manually


PRIVILEGED ACCOUNT MANAGER


PRIVILEGED IDENTITIESIN YOUR BUSINESS

SaaSPaaSIaaS

Database Application Virtual server Physical server

Enterprise Datacenter

IT-Staff Developer

BusinessOutsourced/Hosted/Managed datacenter

Outsourced IT

Business

Network equip


SUPERUSER PRIVILEGE MANAGEMENT

•Login with the user account, control access rights with elevation or filtering

•Agentbased or “jump server”-based •Sessionmanagement and control of incoming traffic

•Granular monitoring and reporting

SUPM


SHARED ACCOUNT PASSWORD MANAGEMENT

•Password Vault for shared accounts•Different types of shared accounts: Applications, OS, DB, etc. (root, Administrator, SYS, ora_dba, sa)

•Supports check in and check out of passwords•Automated login and session initiation•Automated reset of shared password•Activity monitoring

SAPM


PRIVILEGED ACCOUNT MANAGERTHE FUTURE

Password Vault

SaaSPaaSIaaS

DB Application Virtual servers

Rules

Manager

Användare

Password checkout initiate session

Approval process

Logging and reporting

Directory


PRIVILEGED ACCOUNT MANAGER

Full integration with NetIQ Identity ManagerAutomated account and profile assignmentWorkflows for orders and approvals Reporting of who had access, who approved the access and when the resource was accessedPassword Management and synchronization of accounts between systems

WORKS WITH IDENTITY MANAGER

Worldwide Headquarters515 Post Oak Blvd.Suite 1200Houston, TX 77027 USA

+1 713 548 1700 (Worldwide)888 323 6768 (Toll-free)[email protected]

Join NetIQ’s Online

QMUNITY

community.netiq.com

mailto:[email protected]

http://www.netiq.com/

http://www.community.netiq.com/


This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2014 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.

NetIQ identity powered security

Technology

netiq corporation

identity manager home

current access

roles resources

new resources

access request approvals

catalog administrator

new features