SlideShare a Scribd company logo

Path Maker Security Presentation

Download as PPT, PDF
D
danhsmith

The document provides an overview and agenda for a sales presentation on PathMaker Group's identity and access management (IAM) and IT security/compliance products and solutions. It introduces PathMaker Group and their expertise in IAM, security services, and compliance. It then reviews drivers for IAM and IT security, gives overviews of IBM security solutions in which PathMaker is specialized, and describes PathMaker's product orientation and positioning.

1 of 46
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
FastPath to Success! Identity and IT Security Management Products and Sales Plays April 2010 Keith Squires, President/CEO David Wagner, VP Sales                                          
AGENDA Introduction to the new and improved PathMaker Group Identity and Access Management (IAM) Overview IT Security/Compliance Overview Product Reviews Planning and Implementation Approach FastPath offerings for quick sales Q&A Confidentiality Notice: This document contain confidential information intended only for parties directly involved in the proposed solution.  If you are not an intended recipient of this material, be advised that any reading, dissemination, forwarding, printing, copying or other use of this message or its attachments is strictly prohibited.  If you have received this material in error, please notify PathMaker Group immediately and destroy this material immediately.
Who is PathMaker Group? Specialized IAM, IT Security/Compliance Systems Integrator Over 20 years delivering IT projects All consultants have more than 15 years IT experience Successful track record with long, complex engagements Solid relationships with IAM/Security Vendors IBM Business Partner since 2003 Experience with numerous industry leading products Active involvement in INFOSEC/Compliance community Advisor for PCI/DSS Council CISSP-certified consultants compliant with CBK & GAISP Members of ISSA & ISC2 Strong project management expertise PMP-certified consultants compliant with PMBOK Introduction
20+ years delivering enterprise IT projects Seven years in IAM industry working with all major vendors (IBM, CA, Oracle, Novell, RSA, Passlogix) Known for fixing “broken” implementations Business model is client driven not vendor driven History of trusted advisor status with clients Headquartered regionally (DFW Area) Why PathMaker Group? Introduction
New Personnel and Capabilities Ed Higgins-VP Security Services, formerly of ACS (built the practice and worked within Fortune 500) certified, CISSP, CGEIT, CISA, CISM, CHS-III, CHFI, QSA, PI David Wagner-VP Sales, ITIL WW Director Tivoli, WW Director LogLogic, Tivoli Security Specialist, VP sales 5 times, etc. PathMaker Group – Specialized IT Security Business Partner offering multiple solutions with a quick and easy sales cycle that lead to larger sales. Expanded Role as Trusted Advisors for overall IT Security strategy Security Assessments (HealthCheck), Penetration Tests, Requirements Assessments, Incident Response and Forensic Collections and Analysis PCI, HIPAA, GLBA, SOX, NERC CIP assessments and remediation assistance Packaged solutions for Log Management, Identity and Access, Vulnerability Management, Threat Management, and more Managed Security Solutions (ISS and more) Introduction
What Drives Identity and Access Management? IAM, Security/Compliance Overview
Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network Multiple Login Events / Forgotten Passwords IAM, Security/Compliance Overview Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges
Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network One Login Event – One Password Enterprise, Web or Federated Single Sign-On Self-service reset for forgotten password IAM, Security/Compliance Overview Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges
Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network One Login Event – One Password Centralized Management of Identities, Event Auditing and Reporting Enterprise, Web, or Federated Single Sign-On User Provisioning Self-service reset for forgotten password IAM, Security/Compliance Overview
What Drives IT Security/Compliance? IAM, Security/Compliance Overview
IT Security/Compliance “Before, During and After the BOOM!” Specialized Consulting: PCI QSA HIPAA, SOX, GLBA NERC CIP, FERC Policy and Procedures Analysis Security Assessment Identity Mgmt Assessment Vulnerability Assessment Application Assessment Site Assessment PCI Compliance Advanced Penetration Tests Compliance Managed SaaS Log & Threat Mgmt Vulnerability Mgmt PCI Compliance Mgmt Proactive Incident Response On-Site Response Situation Management Stabilization and Containment Root Cause Determination Process Improvement Evidence Handling Liaison to Federal Authorities Independent Expert Witness Reactive On-site & Remote Acquisition Sparse Acquisition Methods Remote Acquisition Enterprise Forensics Fraud Investigation Forensic Analysis Binary/Malware Analysis Electronic Data Discovery Virus and Malware Remediation Expert Witness Testimony Security Services Incident Response Forensic Services IAM, Security/Compliance Overview
Product Orientation and Positioning Product Overviews
IBM Security Solutions Analysts Market Position Marketshare: Identity and Access Management ISS Managed Security Services and Vulnerability Assessment Ranked #1 Identity Management ( TIM , TAM, FIM, TDI, TDS) Ranked #1 #1 #1 #1 #1 Ranked #1 Ranked #1 Marketshare: Application Vulnerability Assessment (Rational AppScan) Ranked #1 #1 Ranked #1 #1 Intrusion Prevention System Ranked #1 #1 Product Overviews Marketshare : Web Access Management, Worldwide, ( FIM, TAM ) Marketshare : Application Security Vulnerability Scanning, ( Rational AppScan ) Leader MQ: User Provisioning ( TIM ) Leader Wave: ISS Managed Security Services Leader Wave: User Account Provisioning and Enterprise Security Information Management Leader Leader MQ: ISS Network Security, Firewalls and Managed Services MQ: Web Access Management Leader
IBM Received Highest Rating by Forrester for Enterprise Single Sign-On The Forrester Wave™: Identity And Access Management is copyrighted by Forrester and is reused with permission. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. The complete report is available from Forrester at www.forrester.com The Forrester Wave™: Identity And Access Management, Q4 2009 by Andras Cser, November 3, 2009 The Forrester Wave™: Identity And Access Management, Q4 2009 report rated IBM Enterprise Single Sign-On with the highest possible score, and ahead of all other competitors Product Overviews
IBM Single Sign-On Solution Overview Enterprise SSO People & Identity Application Security Federated SSO Web SSO Audit & Compliance Internal Internal/ External External SSO Overview Tivoli Access Manager for Enterprise SSO Tivoli Access Manager for eBusiness Tivoli Federated Identity Manager
ESSO Removing sign-on event when non-web platform types are required Back-end integration too costly or too complex Usually for employees vs. external partners/customers Typical Use Cases for Access Management SSO Overview TAM e-Bus Removing sign-on event for web-only applications Authorization model needed in addition to SSO Policy engine that can be leveraged by all types of back-end apps TFIM Employee SSO to Business Partner/Company Apps Customer SSO to Business Partner/Company Apps Business Partner SSO to Business Partner/Company Apps SOA/Web Services Security Federated Provisioning
TAM E-SSO v8 Solution Overview TAM E-SSO provides: Enterprise SSO Two-Factor Authentication Access and Security Workflow Automation Fast user switching User Access Tracking & Audit Centralized Identity & Policy Management with no change to the infrastructure TAM E-SSO enables visibility into user activity, control over access to business assets, and automation of the sign-on process in order to drive value for our clients. SSO Overview
IBM Tivoli Access Manager for Enterprise SSO Key Features Product Overviews Encentuate ESSO helps: Simplify the end user experience and improve time-to-information by eliminating the need to recall multiple user names and passwords Facilitate compliance reporting by tracking and collating user access Enhance security by minimizing poor end user password behavior and seamlessly integrating strong authentication form factors Reduce Help Desk costs by lowering the number of password reset calls Profile Generation Centralized Admin Support & Self-Service Audit Reporting Directory DB Mgmt SOAP API Encentuate Platform Context Management User Provisioning Enterprise SSO Session Management Audit & Compliance Encentuate Integrated Management System Server End user Desktop Encentuate AccessAgent End user Web Encentuate AccessAgent End user Citrix – Terminal Services Desktop Encentuate AccessAgent Strong Authentication Workflow Automation
IBM TAM ESSO Architecture Product Architecture
IBM Tivoli Access Manager (TAM) for e-business Product Overviews Centralized Authentication & Authorization – for Web-based applications Single Sign-On – for Web-based applications Rapid & Scalable Deployment – build Web apps quickly with standards-based support for J2EE Design Flexibility - supports proxy or direct plug-in configuration - rule or role-based access control - support for leading user registries - Advanced APIs for further customization Common Criteria certified Key Features
IBM Tivoli Federated Identity Manager (FIM) family Product Overviews Most complete federated SSO in the industry Supports latest federated SSO protocols in the “Hub” including: – Liberty ID-FF 1.x, SAML 1.0, 1.1, 2.0 & WS-Federation Provisioning for user lifecycle management – Define, modify and remove user/group definitions - z/OS support including RACF Pass Ticket access to CICS and IMS transactions Web Services & SOA Security Management - supports complex identity mapping & mediation Provides Security as Services Key Features
How Federation Works Web Portal Federated Web Application Authentication Identity Mapping Product Overviews
IBM TAM/TFIM Architecture Product Architecture
Application Security – Service Oriented Architecture Goals In an SOA environment, provide secure access and federate identity across these services Externalize core security services from the application Ensure security administrators make changes NOT developers. Ensure changes to security are auditable IBM solutions Tivoli Federated Identity Manager WebSphere Enterprise Service Bus ( ESB) WebSphere Message Broker WebSphere DataPower Product Overviews
IBM Tivoli Identity Manager (TIM) Product Overviews Reduces helpdesk load by using Web self service and password reset interfaces Cuts elapsed turn-on time and automates routine administrative tasks Assists in addressing compliance issues Automates business processes related to user identity lifecycle management Centralized control and local autonomy Enhances integration via extensive APIs Choose to manage target systems with agents or agentless Over 900 customers so far… Key Features
IBM ITIM Architecture Product Architecture
IBM Tivoli Security Information and Event Mgmt (TSIEM) Enables log collection and monitoring Provides Privileged User Monitoring and Audit (PUMA) Provides “out-of-the-box” Compliance Reporting Modules Supports virtually any platform, db or application Required by almost every regulation/auditor Product Overviews
IBM zSecure Products Mainframe RACF administration, log collection and audit tools Includes several components - zAdmin, zAudit, zAlert, Command Verifier, zVisual, CICS Toolkit Only has one competitive product Installs in hours Free POC – Try then buy Product Overviews
IBM Security Virtual Server Protection for VMware Offers integrated threat protection for VMware vSphere™ Provides protection for every layer of the virtual infrastructure Includes host, network, hypervisor, virtual machine (VM) and traffic between VMs Helps to accelerate and simplify your Payment Card Industry Data Security Standard (PCI DSS) audit IPS, Rootkit Detection/Quarantine, Audit (who did what) Auto discovery of entire VMware infrastructure Product Overviews
Planning and Implementation Implementation
Organizational IAM Maturity Curve Directory Services Identity Integration Web Access Mgmt / SSO/ Strong AuthN Security Monitoring/ Compliance Mgmt Centralized Provisioning Automated Provisioning/ Physical Security Integration Password Management Federated SSO Time IdM Capability LOW MATURITY MEDIUM MATURITY HIGH MATURITY Implementation Approaches Role Mgmt/ NAC Automated Policy Framework
Sample Roadmap Phases Base Functions SSO profiles, Windows Reset, AD password sync Integrate key apps with base roles Advanced manual application requests using custom forms Advanced HR integration/ automation with attribute sync Departmental/Market rules and notifications Attestation for manual applications Automated business rule workflows/notifications Provide reporting package to support critical audit requirements Extended Functions SSO Provisioning Manager for deploying preconfigured profiles Integrate all key “out of the box” platforms with base roles Advanced roles for key applications Integrate additional packaged applications External user provisioning Fine-grained web authorization using access mgmt, web services Advanced Functions Integrate applications requiring custom connectors Deploy federated identity manager for vendors, partners, customers Integrate provisioning/ deprovisioning of physical security for badge system/building access Role life-cycle management Privileged user monitoring Phase 1 Phase 2 Phase 3 Implementation
How Do You Sell This Stuff? Selling
Find the Pain! We are the trusted advisor… Almost every client (small to large) needs one or more of the following: Security assessment (or HealthCheck) Annual Pen test (penetration testing helps keep the bad guys out) Compliance help (PCI, SOX, HIPAA, GLBA, NERC) Incident Response / Forensic Collection and Analysis These are MUST haves NOT nice to haves Executive office will mandate a security assessment after a security breach (malware, insider abuse, fraud, etc) Pen tests are required by Payment Card Industry (PCI) Audit findings require compliance remediation (hard to comply without automation tools) Selling
What Questions to Ask / Keys to Finding the Pain “ What keeps you up at night with regard to security or compliance?” “ What issues are you struggling with regarding security and/or compliance?” “ Have you had to respond to audit findings?” “ Has your company had a recent security breach or malware issue, loss of customer data, sensitive data disclosure incident?” “ Has your company had an insider abuse issue or expressed concerns with how to monitor privileged users, system administrators or database administrators?” “ Are you required to do an annual pen test? “ Which compliance regulations impact your organization?” PCI – companies using credit card data SOX – financial reporting protection for any public company GLBA – financial institution regulations HIPAA – healthcare industry, concerning patient data and electronic health records NERC/FERC - any energy/utility or company with critical infrastructure assets Selling
Who to approach Chief Information Officer (CIO) Chief Information Security Officer (CISO) Chief Compliance Officer (CCO) IT Security Director/Manager IT Director IT Security Staff Network Operations Manager Internal Audit Selling
Fast, affordable services solutions . . . Security Assessment -- Three days approx $6,000 Pen Testing – One day $2,500 Compliance Assessments – A few days to a few weeks $6,000+ These small, affordable engagements almost always lead to remediation solutions which require hardware/software purchases and services engagements from IBM/PMG. Selling
Security Assessments Security Posture Assessments with Actionable Remediation Recommendations Management Interviews and Questionnaire Diagram and Documentation Review Technical Assessment Architecture Reviews Security Policy Reviews Network Scans System Scans Wireless Scans Penetration Tests Executive Findings Review Actionable Recommendations Solution Architecture and Implementations Findings Prioritized by Risk, Mapped to Best-Practices Selling
FastPath to Compliance Key points Low-cost barrier to entry Fast setup Fast results Produces GREAT ROI Leads to BIGGER Sales! Selling
That Lead to Fast, Affordable Software Solutions . . . Log Management (SaaS) – $1,500 - $5,000+ monthly lease Log Management (Buy) – $10,000 - $150,000+ Threat Management (SaaS) – $1,500 - $5,000+ monthly lease Threat Management (Buy) – $30,000 - $150,000+ Enterprise Single Sign-on (ESSO) - $70k for 1000 users Selling
That Lead to the Bigger Deals! Identity and Access Management Software - $300k+ Hardware - $100k+ Services - $300k+ Typical deal size $500k to $1M+ Selling
FastPath to TSIEM (Out-of-Box Reporting, Regulatory Compliance) Selling
FastPath to ESSO (Turn-key Single Sign-on for Three Applications) Selling
FastPath to ITIM (Identity Management Rapid Deployment ) Selling
Let’s Get Moving . . . Free iPad for first five transactions (Min $5k) Next Steps
Getting Started Call or email Dan Smith [email_address] Office 817-704-3644 x 104 Cell 214-236-2374 Next Steps

More Related Content

PDF
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
PDF
IBM - IAM Security and Trends
IBM Sverige
 
PDF
IBM Security Identity and Access Management - Portfolio
IBM Sverige
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PPTX
Privileged Access Management (PAM)
danb02
 
PDF
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
PPTX
5 reasons your iam solution will fail
IBM Security
 
PDF
SAP Identity Management Overview
SAP Technology
 
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
IBM - IAM Security and Trends
IBM Sverige
 
IBM Security Identity and Access Management - Portfolio
IBM Sverige
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Privileged Access Management (PAM)
danb02
 
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
5 reasons your iam solution will fail
IBM Security
 
SAP Identity Management Overview
SAP Technology
 

What's hot (20)

PPTX
Identity and Access Management (IAM)
Identacor
 
PPT
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
PDF
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
 
PDF
Identity Governance: Not Just For Compliance
IBM Security
 
PPTX
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
PPTX
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
IBM Sverige
 
PDF
Privileged Access Manager Product Q&A
Hitachi ID Systems, Inc.
 
PPTX
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
IBM Security
 
PDF
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Systems, Inc.
 
PPTX
Identity & access management
Vandana Verma
 
PDF
Identity and Access Management 101
Jerod Brennen
 
PPTX
Tuebora Self Driven IAM
Iranna Hurakadli
 
PPTX
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
PPTX
Cyber ark training
Global Online Trainings
 
PPT
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
IBM Security
 
PPTX
Intel IT's Identity and Access Management Journey
Intel IT Center
 
PDF
Digital documents & e-discovery
Prof. Jacques Folon (Ph.D)
 
PDF
Iraje brochure v17 master
Mechsoft Technologies LLC
 
PDF
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
PPT
Soa security2
wardell henley
 
Identity and Access Management (IAM)
Identacor
 
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
 
Identity Governance: Not Just For Compliance
IBM Security
 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
CrossIdeas Roadshow IAM Governance IBM Marco Venuti
IBM Sverige
 
Privileged Access Manager Product Q&A
Hitachi ID Systems, Inc.
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
IBM Security
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Systems, Inc.
 
Identity & access management
Vandana Verma
 
Identity and Access Management 101
Jerod Brennen
 
Tuebora Self Driven IAM
Iranna Hurakadli
 
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
Cyber ark training
Global Online Trainings
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
IBM Security
 
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Digital documents & e-discovery
Prof. Jacques Folon (Ph.D)
 
Iraje brochure v17 master
Mechsoft Technologies LLC
 
Platform approach-series-building a-roadmap-finalv1
OracleIDM
 
Soa security2
wardell henley
 
Ad

Viewers also liked (10)

PPTX
CANCER PREVENTION
jasonryan31
 
PPTX
Media Evaluation
Deanna Rapley
 
PPTX
Unit 1: Dimensions of Wellness
jasonryan31
 
PDF
2 2004 ley
Raul Gallego
 
PPTX
Fitness myths
jasonryan31
 
PPTX
20% OFF
Warm Essentials Candle Co.
 
PPTX
Salmon
jasonryan31
 
PPT
E rate and technology plan
tlr0012
 
PPTX
What is Industrial Design and Dieter Rams : Ten Principles for Good Design
Giray BATITÜRK
 
PPT
Coastal plains
tlr0012
 
CANCER PREVENTION
jasonryan31
 
Media Evaluation
Deanna Rapley
 
Unit 1: Dimensions of Wellness
jasonryan31
 
2 2004 ley
Raul Gallego
 
Fitness myths
jasonryan31
 
20% OFF
Warm Essentials Candle Co.
 
Salmon
jasonryan31
 
E rate and technology plan
tlr0012
 
What is Industrial Design and Dieter Rams : Ten Principles for Good Design
Giray BATITÜRK
 
Coastal plains
tlr0012
 
Ad

Similar to Path Maker Security Presentation (20)

PPT
Ibm_2-4-5 nov 2010
Agora Group
 
PPT
Ibm security overview 2012 jan-18 sellers deck
Arrow ECS UK
 
PDF
Secure Identity: The Future is Now
Lane Billings
 
PDF
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
IBM Sverige
 
PDF
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
PDF
IBM Maas360 with Watson
BuyOnCloud Software Service (P) Ltd.
 
PDF
IBM MaaS360 with watson
Prime Infoserv
 
PDF
Rochester Security Event
calebbarlow
 
PDF
IBM Security Software Solutions
Thierry Matusiak
 
PPTX
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
PDF
IBM Security Identity & Access Manager
IBM Sverige
 
PPTX
Fusion Applications Bare Metal Provisioning - Lessons Learned
Andrejs Karpovs
 
PDF
Single Sign-On: Our Path to Password Elimination
Symantec
 
PDF
A Study in Borderless Over Perimeter
ForgeRock
 
PPTX
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
PPTX
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
IBM Sverige
 
PDF
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
PPT
Cyber Security in Energy & Utilities Industry
Prolifics
 
PPT
Iam suite introduction
wardell henley
 
PDF
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security
 
Ibm_2-4-5 nov 2010
Agora Group
 
Ibm security overview 2012 jan-18 sellers deck
Arrow ECS UK
 
Secure Identity: The Future is Now
Lane Billings
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
IBM Sverige
 
Sso security&business tool_2018_issa_infosecsummit_grant_reveal_final
Grant Reveal
 
IBM Maas360 with Watson
BuyOnCloud Software Service (P) Ltd.
 
IBM MaaS360 with watson
Prime Infoserv
 
Rochester Security Event
calebbarlow
 
IBM Security Software Solutions
Thierry Matusiak
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
IBM Security
 
IBM Security Identity & Access Manager
IBM Sverige
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Andrejs Karpovs
 
Single Sign-On: Our Path to Password Elimination
Symantec
 
A Study in Borderless Over Perimeter
ForgeRock
 
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
IBM Sverige
 
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
Cyber Security in Energy & Utilities Industry
Prolifics
 
Iam suite introduction
wardell henley
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
IBM Security
 

Path Maker Security Presentation

  • 1. FastPath to Success! Identity and IT Security Management Products and Sales Plays April 2010 Keith Squires, President/CEO David Wagner, VP Sales                                          
  • 2. AGENDA Introduction to the new and improved PathMaker Group Identity and Access Management (IAM) Overview IT Security/Compliance Overview Product Reviews Planning and Implementation Approach FastPath offerings for quick sales Q&A Confidentiality Notice: This document contain confidential information intended only for parties directly involved in the proposed solution.  If you are not an intended recipient of this material, be advised that any reading, dissemination, forwarding, printing, copying or other use of this message or its attachments is strictly prohibited.  If you have received this material in error, please notify PathMaker Group immediately and destroy this material immediately.
  • 3. Who is PathMaker Group? Specialized IAM, IT Security/Compliance Systems Integrator Over 20 years delivering IT projects All consultants have more than 15 years IT experience Successful track record with long, complex engagements Solid relationships with IAM/Security Vendors IBM Business Partner since 2003 Experience with numerous industry leading products Active involvement in INFOSEC/Compliance community Advisor for PCI/DSS Council CISSP-certified consultants compliant with CBK & GAISP Members of ISSA & ISC2 Strong project management expertise PMP-certified consultants compliant with PMBOK Introduction
  • 4. 20+ years delivering enterprise IT projects Seven years in IAM industry working with all major vendors (IBM, CA, Oracle, Novell, RSA, Passlogix) Known for fixing “broken” implementations Business model is client driven not vendor driven History of trusted advisor status with clients Headquartered regionally (DFW Area) Why PathMaker Group? Introduction
  • 5. New Personnel and Capabilities Ed Higgins-VP Security Services, formerly of ACS (built the practice and worked within Fortune 500) certified, CISSP, CGEIT, CISA, CISM, CHS-III, CHFI, QSA, PI David Wagner-VP Sales, ITIL WW Director Tivoli, WW Director LogLogic, Tivoli Security Specialist, VP sales 5 times, etc. PathMaker Group – Specialized IT Security Business Partner offering multiple solutions with a quick and easy sales cycle that lead to larger sales. Expanded Role as Trusted Advisors for overall IT Security strategy Security Assessments (HealthCheck), Penetration Tests, Requirements Assessments, Incident Response and Forensic Collections and Analysis PCI, HIPAA, GLBA, SOX, NERC CIP assessments and remediation assistance Packaged solutions for Log Management, Identity and Access, Vulnerability Management, Threat Management, and more Managed Security Solutions (ISS and more) Introduction
  • 6. What Drives Identity and Access Management? IAM, Security/Compliance Overview
  • 7. Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network Multiple Login Events / Forgotten Passwords IAM, Security/Compliance Overview Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges
  • 8. Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network One Login Event – One Password Enterprise, Web or Federated Single Sign-On Self-service reset for forgotten password IAM, Security/Compliance Overview Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges Manage Identities and Privileges
  • 9. Managing Silos of Security HR Systems Business Applications Financial Systems Web Portals Windows Network One Login Event – One Password Centralized Management of Identities, Event Auditing and Reporting Enterprise, Web, or Federated Single Sign-On User Provisioning Self-service reset for forgotten password IAM, Security/Compliance Overview
  • 10. What Drives IT Security/Compliance? IAM, Security/Compliance Overview
  • 11. IT Security/Compliance “Before, During and After the BOOM!” Specialized Consulting: PCI QSA HIPAA, SOX, GLBA NERC CIP, FERC Policy and Procedures Analysis Security Assessment Identity Mgmt Assessment Vulnerability Assessment Application Assessment Site Assessment PCI Compliance Advanced Penetration Tests Compliance Managed SaaS Log & Threat Mgmt Vulnerability Mgmt PCI Compliance Mgmt Proactive Incident Response On-Site Response Situation Management Stabilization and Containment Root Cause Determination Process Improvement Evidence Handling Liaison to Federal Authorities Independent Expert Witness Reactive On-site & Remote Acquisition Sparse Acquisition Methods Remote Acquisition Enterprise Forensics Fraud Investigation Forensic Analysis Binary/Malware Analysis Electronic Data Discovery Virus and Malware Remediation Expert Witness Testimony Security Services Incident Response Forensic Services IAM, Security/Compliance Overview
  • 12. Product Orientation and Positioning Product Overviews
  • 13. IBM Security Solutions Analysts Market Position Marketshare: Identity and Access Management ISS Managed Security Services and Vulnerability Assessment Ranked #1 Identity Management ( TIM , TAM, FIM, TDI, TDS) Ranked #1 #1 #1 #1 #1 Ranked #1 Ranked #1 Marketshare: Application Vulnerability Assessment (Rational AppScan) Ranked #1 #1 Ranked #1 #1 Intrusion Prevention System Ranked #1 #1 Product Overviews Marketshare : Web Access Management, Worldwide, ( FIM, TAM ) Marketshare : Application Security Vulnerability Scanning, ( Rational AppScan ) Leader MQ: User Provisioning ( TIM ) Leader Wave: ISS Managed Security Services Leader Wave: User Account Provisioning and Enterprise Security Information Management Leader Leader MQ: ISS Network Security, Firewalls and Managed Services MQ: Web Access Management Leader
  • 14. IBM Received Highest Rating by Forrester for Enterprise Single Sign-On The Forrester Wave™: Identity And Access Management is copyrighted by Forrester and is reused with permission. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. The complete report is available from Forrester at www.forrester.com The Forrester Wave™: Identity And Access Management, Q4 2009 by Andras Cser, November 3, 2009 The Forrester Wave™: Identity And Access Management, Q4 2009 report rated IBM Enterprise Single Sign-On with the highest possible score, and ahead of all other competitors Product Overviews
  • 15. IBM Single Sign-On Solution Overview Enterprise SSO People & Identity Application Security Federated SSO Web SSO Audit & Compliance Internal Internal/ External External SSO Overview Tivoli Access Manager for Enterprise SSO Tivoli Access Manager for eBusiness Tivoli Federated Identity Manager
  • 16. ESSO Removing sign-on event when non-web platform types are required Back-end integration too costly or too complex Usually for employees vs. external partners/customers Typical Use Cases for Access Management SSO Overview TAM e-Bus Removing sign-on event for web-only applications Authorization model needed in addition to SSO Policy engine that can be leveraged by all types of back-end apps TFIM Employee SSO to Business Partner/Company Apps Customer SSO to Business Partner/Company Apps Business Partner SSO to Business Partner/Company Apps SOA/Web Services Security Federated Provisioning
  • 17. TAM E-SSO v8 Solution Overview TAM E-SSO provides: Enterprise SSO Two-Factor Authentication Access and Security Workflow Automation Fast user switching User Access Tracking & Audit Centralized Identity & Policy Management with no change to the infrastructure TAM E-SSO enables visibility into user activity, control over access to business assets, and automation of the sign-on process in order to drive value for our clients. SSO Overview
  • 18. IBM Tivoli Access Manager for Enterprise SSO Key Features Product Overviews Encentuate ESSO helps: Simplify the end user experience and improve time-to-information by eliminating the need to recall multiple user names and passwords Facilitate compliance reporting by tracking and collating user access Enhance security by minimizing poor end user password behavior and seamlessly integrating strong authentication form factors Reduce Help Desk costs by lowering the number of password reset calls Profile Generation Centralized Admin Support & Self-Service Audit Reporting Directory DB Mgmt SOAP API Encentuate Platform Context Management User Provisioning Enterprise SSO Session Management Audit & Compliance Encentuate Integrated Management System Server End user Desktop Encentuate AccessAgent End user Web Encentuate AccessAgent End user Citrix – Terminal Services Desktop Encentuate AccessAgent Strong Authentication Workflow Automation
  • 19. IBM TAM ESSO Architecture Product Architecture
  • 20. IBM Tivoli Access Manager (TAM) for e-business Product Overviews Centralized Authentication & Authorization – for Web-based applications Single Sign-On – for Web-based applications Rapid & Scalable Deployment – build Web apps quickly with standards-based support for J2EE Design Flexibility - supports proxy or direct plug-in configuration - rule or role-based access control - support for leading user registries - Advanced APIs for further customization Common Criteria certified Key Features
  • 21. IBM Tivoli Federated Identity Manager (FIM) family Product Overviews Most complete federated SSO in the industry Supports latest federated SSO protocols in the “Hub” including: – Liberty ID-FF 1.x, SAML 1.0, 1.1, 2.0 & WS-Federation Provisioning for user lifecycle management – Define, modify and remove user/group definitions - z/OS support including RACF Pass Ticket access to CICS and IMS transactions Web Services & SOA Security Management - supports complex identity mapping & mediation Provides Security as Services Key Features
  • 22. How Federation Works Web Portal Federated Web Application Authentication Identity Mapping Product Overviews
  • 23. IBM TAM/TFIM Architecture Product Architecture
  • 24. Application Security – Service Oriented Architecture Goals In an SOA environment, provide secure access and federate identity across these services Externalize core security services from the application Ensure security administrators make changes NOT developers. Ensure changes to security are auditable IBM solutions Tivoli Federated Identity Manager WebSphere Enterprise Service Bus ( ESB) WebSphere Message Broker WebSphere DataPower Product Overviews
  • 25. IBM Tivoli Identity Manager (TIM) Product Overviews Reduces helpdesk load by using Web self service and password reset interfaces Cuts elapsed turn-on time and automates routine administrative tasks Assists in addressing compliance issues Automates business processes related to user identity lifecycle management Centralized control and local autonomy Enhances integration via extensive APIs Choose to manage target systems with agents or agentless Over 900 customers so far… Key Features
  • 26. IBM ITIM Architecture Product Architecture
  • 27. IBM Tivoli Security Information and Event Mgmt (TSIEM) Enables log collection and monitoring Provides Privileged User Monitoring and Audit (PUMA) Provides “out-of-the-box” Compliance Reporting Modules Supports virtually any platform, db or application Required by almost every regulation/auditor Product Overviews
  • 28. IBM zSecure Products Mainframe RACF administration, log collection and audit tools Includes several components - zAdmin, zAudit, zAlert, Command Verifier, zVisual, CICS Toolkit Only has one competitive product Installs in hours Free POC – Try then buy Product Overviews
  • 29. IBM Security Virtual Server Protection for VMware Offers integrated threat protection for VMware vSphere™ Provides protection for every layer of the virtual infrastructure Includes host, network, hypervisor, virtual machine (VM) and traffic between VMs Helps to accelerate and simplify your Payment Card Industry Data Security Standard (PCI DSS) audit IPS, Rootkit Detection/Quarantine, Audit (who did what) Auto discovery of entire VMware infrastructure Product Overviews
  • 30. Planning and Implementation Implementation
  • 31. Organizational IAM Maturity Curve Directory Services Identity Integration Web Access Mgmt / SSO/ Strong AuthN Security Monitoring/ Compliance Mgmt Centralized Provisioning Automated Provisioning/ Physical Security Integration Password Management Federated SSO Time IdM Capability LOW MATURITY MEDIUM MATURITY HIGH MATURITY Implementation Approaches Role Mgmt/ NAC Automated Policy Framework
  • 32. Sample Roadmap Phases Base Functions SSO profiles, Windows Reset, AD password sync Integrate key apps with base roles Advanced manual application requests using custom forms Advanced HR integration/ automation with attribute sync Departmental/Market rules and notifications Attestation for manual applications Automated business rule workflows/notifications Provide reporting package to support critical audit requirements Extended Functions SSO Provisioning Manager for deploying preconfigured profiles Integrate all key “out of the box” platforms with base roles Advanced roles for key applications Integrate additional packaged applications External user provisioning Fine-grained web authorization using access mgmt, web services Advanced Functions Integrate applications requiring custom connectors Deploy federated identity manager for vendors, partners, customers Integrate provisioning/ deprovisioning of physical security for badge system/building access Role life-cycle management Privileged user monitoring Phase 1 Phase 2 Phase 3 Implementation
  • 33. How Do You Sell This Stuff? Selling
  • 34. Find the Pain! We are the trusted advisor… Almost every client (small to large) needs one or more of the following: Security assessment (or HealthCheck) Annual Pen test (penetration testing helps keep the bad guys out) Compliance help (PCI, SOX, HIPAA, GLBA, NERC) Incident Response / Forensic Collection and Analysis These are MUST haves NOT nice to haves Executive office will mandate a security assessment after a security breach (malware, insider abuse, fraud, etc) Pen tests are required by Payment Card Industry (PCI) Audit findings require compliance remediation (hard to comply without automation tools) Selling
  • 35. What Questions to Ask / Keys to Finding the Pain “ What keeps you up at night with regard to security or compliance?” “ What issues are you struggling with regarding security and/or compliance?” “ Have you had to respond to audit findings?” “ Has your company had a recent security breach or malware issue, loss of customer data, sensitive data disclosure incident?” “ Has your company had an insider abuse issue or expressed concerns with how to monitor privileged users, system administrators or database administrators?” “ Are you required to do an annual pen test? “ Which compliance regulations impact your organization?” PCI – companies using credit card data SOX – financial reporting protection for any public company GLBA – financial institution regulations HIPAA – healthcare industry, concerning patient data and electronic health records NERC/FERC - any energy/utility or company with critical infrastructure assets Selling
  • 36. Who to approach Chief Information Officer (CIO) Chief Information Security Officer (CISO) Chief Compliance Officer (CCO) IT Security Director/Manager IT Director IT Security Staff Network Operations Manager Internal Audit Selling
  • 37. Fast, affordable services solutions . . . Security Assessment -- Three days approx $6,000 Pen Testing – One day $2,500 Compliance Assessments – A few days to a few weeks $6,000+ These small, affordable engagements almost always lead to remediation solutions which require hardware/software purchases and services engagements from IBM/PMG. Selling
  • 38. Security Assessments Security Posture Assessments with Actionable Remediation Recommendations Management Interviews and Questionnaire Diagram and Documentation Review Technical Assessment Architecture Reviews Security Policy Reviews Network Scans System Scans Wireless Scans Penetration Tests Executive Findings Review Actionable Recommendations Solution Architecture and Implementations Findings Prioritized by Risk, Mapped to Best-Practices Selling
  • 39. FastPath to Compliance Key points Low-cost barrier to entry Fast setup Fast results Produces GREAT ROI Leads to BIGGER Sales! Selling
  • 40. That Lead to Fast, Affordable Software Solutions . . . Log Management (SaaS) – $1,500 - $5,000+ monthly lease Log Management (Buy) – $10,000 - $150,000+ Threat Management (SaaS) – $1,500 - $5,000+ monthly lease Threat Management (Buy) – $30,000 - $150,000+ Enterprise Single Sign-on (ESSO) - $70k for 1000 users Selling
  • 41. That Lead to the Bigger Deals! Identity and Access Management Software - $300k+ Hardware - $100k+ Services - $300k+ Typical deal size $500k to $1M+ Selling
  • 42. FastPath to TSIEM (Out-of-Box Reporting, Regulatory Compliance) Selling
  • 43. FastPath to ESSO (Turn-key Single Sign-on for Three Applications) Selling
  • 44. FastPath to ITIM (Identity Management Rapid Deployment ) Selling
  • 45. Let’s Get Moving . . . Free iPad for first five transactions (Min $5k) Next Steps
  • 46. Getting Started Call or email Dan Smith [email_address] Office 817-704-3644 x 104 Cell 214-236-2374 Next Steps

Editor's Notes

  • #12: We leverage security expertise, investigative know-how and forensic evidence competency to efficiently handle root-cause and handle sensitive evidence. We’ve bridged the gap that typically exists between Executive, Legal, and Technical representation for the organization. We employ proven process for Incident Containment, Situation Management, Evidence Acquisition, Independence, Root Cause Analysis, Prevention of Recurrence. We’ve developed a reliable set of AGILE rules for handling of Incidents.
  • #18: TAM E-SSO offers the support variety and flexibility that is needed in an Enterprise SSO tool, to securely facilitate logon, password change, and logoff to all Enterprise applications. First, we support fingerprint biometrics from Upek and Digital Persona as well as smart cards in USB token form factor. Second, it allows the user to connect from a different set of client devices, including web server, remote desktops, desktops, terminal workstations, and pervasive devices. The user wallet, which contains all the credentials for the user, is managed and distributed by the central IMS server. This wallet can be used in a direct connection to the IMS server, or in disconnected mode. The TAM E-SSO agent that sits on the client workstation retrieves the user wallet and uses it to automatically log the user to each application requested. TAM E-SSO uses profiles on the client to identify how to interact with each particular application. There is support for hundreds of application profiles out of the box. Besides facilitating the SSO function, TAM E-SSO also ensures that all activity is tracked for auditing and compliance purposes.
  • #19: IBM Tivoli Access Manager for e-business IBM Tivoli Access Manager for e-business is an award winning , policy-based access control solution for e-business and enterprise applications that is in the leader quadrant of Gartner's Magic Quadrant. Tivoli Access Manager for e-business can help you manage growth and complexity, control escalating management costs and address the difficulties of implementing security policies across a wide range of Web and application resources. A new version of TAM is also expected in mid-2005. With this new release, there will be: Improved session management Virtual hosting support (single WebSEAL supports multiple domains) URL transparency Export/import ACLs for ease of deployment New audit infrastructure Platform support: AIX 5.1, 5.2, 5.3, Solaris 8 and 9, Windows 2000 Adv. Ed. & 2003 Standard Svr. And Enterprise Svr., HP-UX 11.0 and 11i, SLES 8 for S/390 and zSeries, SLES 8 for IA 32 (Intel), RedHat Enterprise Linux Adv. Svr. 3.0, United Linux 1.0, SP2
  • #21: IBM Tivoli Access Manager for e-business IBM Tivoli Access Manager for e-business is an award winning , policy-based access control solution for e-business and enterprise applications that is in the leader quadrant of Gartner's Magic Quadrant. Tivoli Access Manager for e-business can help you manage growth and complexity, control escalating management costs and address the difficulties of implementing security policies across a wide range of Web and application resources. A new version of TAM is also expected in mid-2005. With this new release, there will be: Improved session management Virtual hosting support (single WebSEAL supports multiple domains) URL transparency Export/import ACLs for ease of deployment New audit infrastructure Platform support: AIX 5.1, 5.2, 5.3, Solaris 8 and 9, Windows 2000 Adv. Ed. & 2003 Standard Svr. And Enterprise Svr., HP-UX 11.0 and 11i, SLES 8 for S/390 and zSeries, SLES 8 for IA 32 (Intel), RedHat Enterprise Linux Adv. Svr. 3.0, United Linux 1.0, SP2
  • #22: With IBM Tivoli Federated Identity Manager, you will have the most complete federated SSO in the industry. Tivoli Federated Identity Manager handles all the configuration information for a federation, including the partner relationships, identity mapping, identity token management etc. This product: Supports the latest federated SSO protocols including: SAML 2.0 Liberty ID-FF 1.2 (Compliant) Adds provisioning for user lifecycle management Web Services Security Management where one organization can cause a user-related administrative operation to happen on another organizations' systems through the "service" interface.
  • #25: Secure access to Services Federate identities across Services “ Identity-Aware” ESB Manage compliance for Services Diving into more detail at a specific Dev team area, this is just an example of course. But you can imagine that there are various developers all contributing different components to the applications. At specific intervals there are typically BUILD processes happening – for regression testing and such. What we’re proposing is that a Dev Lead be responsible for performing Scans at the BUILD level. This of course can be altered – each Developer can also perform scanning of their individual pieces. But this graphic illustrates that a scan should take place iteratively at the build level. Build/QA - Provides Developers and Testers with expertise on detection and remediation ability Security - Enables Chief Security Officers to drive remediation back into development Production - Ensures vulnerabilities are addressed before applications are put into production
  • #26: Agents also can be developed and deployed for TopSecret and ACF2 via services engagement. =========== Now let me tell you about the products we have just discussed. IBM Tivoli Identity Manager provides a secure, automated and policy-based user management solution that helps address these key business issues across both legacy and e-business environments. Intuitive Web administrative and self-service interfaces integrate with existing business processes to help simplify and automate managing and provisioning users. It incorporates a workflow engine and leverages identity data for activities such as audit and reporting. IBM Tivoli Identity Manager Version 4.6 will be available this summer. With this new release, we: Extend market leading product capabilities Policy automation Lifecycle management - Phase II Improved standard reports Auto account adoption Increase ease of deployment Improved policy enforcement support Support moving changes between environments Locale specific Challenge/Response Agent extensibility Enhance compliance and audit infrastructure Analysis and correction of noncompliant accounts Additional standard reports Greater audit detail and SSL security Platform support: AIX 5.1, 5.2, 5.3, Solaris 8 and 9, Windows 2000 Adv Svr., Windows 2003 Ent. Svr., HP-UX 11i, RedHat Linux Adv. Svr. (Intel) 2.1, 3.0