Path Maker Security Presentation

FastPath to Success!

Identity and IT Security ManagementProducts and Sales Plays

April 2010

Keith Squires, President/CEODavid Wagner, VP Sales

http://www.hallmark.com/webapp/wcs/stores/servlet/home%7C10001%7C10051%7C-1

© 2008 PathMaker Group

AGENDA

• Introduction to the new and improved PathMaker Group

• Identity and Access Management (IAM) Overview

• IT Security/Compliance Overview

• Product Reviews

• Planning and Implementation Approach

• FastPath offerings for quick sales

• Q&A

Confidentiality Notice: This document contain confidential information intended only for parties directly involved in the proposed solution. If you are not an intended recipient of this material, be advised that any reading, dissemination, forwarding, printing, copying or other use of this message or its attachments is strictly prohibited. If you have received this material in error, please notify PathMaker Group immediately and destroy this material immediately.


Introduction

Who is PathMaker Group? Specialized IAM, IT Security/Compliance Systems Integrator

Over 20 years delivering IT projects– All consultants have more than 15 years IT experience– Successful track record with long, complex engagements

Solid relationships with IAM/Security Vendors– IBM Business Partner since 2003– Experience with numerous industry leading

products

Active involvement in INFOSEC/Compliance community– Advisor for PCI/DSS Council – CISSP-certified consultants compliant with CBK & GAISP– Members of ISSA & ISC2

Strong project management expertise– PMP-certified consultants compliant with PMBOK


Why PathMaker Group?

20+ years delivering enterprise IT projects

Seven years in IAM industry working with all major vendors (IBM, CA, Oracle, Novell, RSA, Passlogix)

Known for fixing “broken” implementations

Business model is client driven not vendor driven

History of trusted advisor status with clients

Headquartered regionally (DFW Area)

Introduction


New Personnel and Capabilities

Ed Higgins-VP Security Services, formerly of ACS (built the practice and worked within Fortune 500) certified, CISSP, CGEIT, CISA, CISM, CHS-III, CHFI, QSA, PI

David Wagner-VP Sales, ITIL WW Director Tivoli, WW Director LogLogic, Tivoli Security Specialist, VP sales 5 times, etc.

PathMaker Group – Specialized IT Security Business Partner offering multiple solutions with a quick and easy sales cycle that lead to larger sales.

Expanded Role as Trusted Advisors for overall IT Security strategy

Security Assessments (HealthCheck), Penetration Tests, Requirements Assessments, Incident Response and Forensic Collections and Analysis

PCI, HIPAA, GLBA, SOX, NERC CIP assessments and remediation assistance

Packaged solutions for Log Management, Identity and Access, Vulnerability Management, Threat Management, and more

Managed Security Solutions (ISS and more)

Introduction


What Drives Identity and Access Management?

IAM, Security/Compliance Overview


Managing Silos of Security

HRSystems

BusinessApplications

FinancialSystems

WebPortals

WindowsNetwork

Multiple Login Events / Forgotten Passwords

Manage Identities and Privileges








HRSystems


FinancialSystems

WebPortals

WindowsNetwork

One Login Event – One Password






Enterprise, Web or Federated Single Sign-On

Self-service reset for forgotten password




HRSystems


FinancialSystems

WebPortals

WindowsNetwork

One Login Event – One Password

Centralized Management of Identities, Event Auditing and Reporting

Enterprise, Web, or Federated Single Sign-On

User Provisioning

Self-service reset for forgotten password



What Drives IT Security/Compliance?



IT Security/Compliance “Before, During and After the BOOM!”

• Specialized Consulting: • PCI QSA• HIPAA, SOX, GLBA • NERC CIP, FERC

• Policy and Procedures Analysis• Security Assessment

• Identity Mgmt Assessment• Vulnerability Assessment• Application Assessment• Site Assessment• PCI Compliance• Advanced Penetration Tests

• Compliance Managed SaaS• Log & Threat Mgmt• Vulnerability Mgmt• PCI Compliance Mgmt

Pro

active

Incid

ent R

espo

nse

• On-Site Response• Situation Management• Stabilization and Containment• Root Cause Determination• Process Improvement• Evidence Handling• Liaison to Federal Authorities• Independent Expert Witness

Reactive

• On-site & Remote Acquisition• Sparse Acquisition Methods• Remote Acquisition• Enterprise Forensics• Fraud Investigation• Forensic Analysis• Binary/Malware Analysis• Electronic Data Discovery• Virus and Malware Remediation• Expert Witness Testimony

Security Services Incident Response Forensic Services



Product Orientation and Positioning

Product Overviews


IBM Security Solutions Analysts Market Position

Marketshare: Identity and Access Management

Marketshare: Web Access Management, Worldwide, ( FIM, TAM )

ISS Managed Security Services and Vulnerability Assessment

Ranked #1

Identity Management ( TIM , TAM, FIM, TDI, TDS)

Ranked #1

#1

#1

#1

#1 Ranked #1

Ranked #1

Marketshare: Application Vulnerability Assessment (Rational AppScan) Ranked #1#1

Marketshare : Application Security Vulnerability Scanning,

( Rational AppScan )Ranked #1#1

Intrusion Prevention System Ranked #1#1

LeaderMQ: User Provisioning ( TIM )

LeaderWave: ISS Managed Security Services

LeaderWave: User Account Provisioning and Enterprise Security Information Management

Leader

LeaderMQ: ISS Network Security, Firewalls and Managed Services

MQ: Web Access Management Leader

Product Overviews


IBM Received Highest Rating by Forrester for Enterprise Single Sign-On

The Forrester Wave™: Identity And Access Management is copyrighted by Forrester and is reused with permission. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. The complete report is available from Forrester at www.forrester.com

The Forrester Wave™: Identity And Access Management, Q4 2009 by Andras Cser, November 3, 2009

The Forrester Wave™: Identity And Access Management, Q4 2009

report rated IBM Enterprise Single Sign-On with the highest possible

score, and ahead of all other competitors

Product Overviews


IBM Single Sign-On Solution Overview

EnterpriseSSO

EnterpriseSSO

People & IdentityPeople & Identity

Application SecurityApplication Security

FederatedSSO

FederatedSSO

Web SSOWeb SSO

Tivoli Access Manager for

Enterprise SSO

Tivoli Access Manager for eBusiness

Tivoli Federated Identity Manager

Audit & ComplianceAudit & Compliance

Internal Internal/External

External

SSO Overview


ESSO1. Removing sign-on event

when non-web platform types are required

2. Back-end integration too costly or too complex

3. Usually for employees vs. external partners/customers

Typical Use Cases for Access Management

SSO Overview

TAM e-Bus1. Removing sign-on event for

web-only applications

2. Authorization model needed in addition to SSO

3. Policy engine that can be leveraged by all types of back-end apps

TFIM1. Employee SSO to Business

Partner/Company Apps

2. Customer SSO to Business Partner/Company Apps

3. Business Partner SSO to Business Partner/Company Apps

4. SOA/Web Services Security

5. Federated Provisioning


TAM E-SSO provides: Enterprise SSO Two-Factor Authentication Access and Security Workflow

Automation Fast user switching User Access Tracking & Audit Centralized Identity & Policy

Managementwith no change to the infrastructure

TAM E-SSO v8 Solution Overview

TAM E-SSO enables visibility into user activity, control over access to business assets, and automation of the sign-on process in order to drive value for our

clients.

17

SSO Overview


ProfileGeneration

CentralizedAdmin

Support & Self-Service

AuditReporting

DirectoryDB Mgmt

SOAP API

Encentuate Platform

Context Management

UserProvisioning

EnterpriseSSO

SessionManagement

Audit &Compliance

Agents

a b ca b c

Sign on/off

Automation

Directory ServicesIMS Server

AccessAgent

TIM

2nd Factor

Auth.

XyLoc BadgesUser

CCOW Applications

EncentuateIntegrated Management System Server

End userDesktop

Agents

a b ca b c

Sign on/off

Automation


AccessAgent

TIM

2nd Factor

Auth.

XyLoc BadgesUser

CCOW Applications

EncentuateAccessAgent

End userWeb

Agents

a b ca b c

Sign on/off

Automation


AccessAgent

TIM

2nd Factor

Auth.

XyLoc BadgesUser

CCOW Applications


End userCitrix – Terminal Services Desktop

Agents

a b ca b c

Sign on/off

Automation


AccessAgent

TIM

2nd Factor

Auth.

XyLoc BadgesUser

CCOW Applications


StrongAuthentication

WorkflowAutomation

18

IBM Tivoli Access Manager for Enterprise SSO

Key Features

Product Overviews

Encentuate ESSO helps:

Simplify the end user experience and improve time-to-information by eliminating the need to recall multiple user names and passwords

Facilitate compliance reporting by tracking and collating user access

Enhance security by minimizing poor end user password behavior and seamlessly integrating strong authentication form factors

Reduce Help Desk costs by lowering the number of password reset calls


IBM TAM ESSO Architecture

Database Cluster

Directory ServerApplications

`

Remote User withoutAccessAgent

Remote User withAccessAgent

`

DesktopsShared

Workstations

Terminal Services

Citrix Server

Web Server

Provisioning ServerEncentuate IMS Server Farm

Product Architecture

© 2008 PathMaker Group20

IBM Tivoli Access Manager (TAM) for e-business

Product Overviews

Centralized Authentication & Authorization – for Web-based applications

Single Sign-On– for Web-based applications

Rapid & Scalable Deployment– build Web apps quickly with standards-based support for J2EE

Design Flexibility- supports proxy or direct plug-in configuration- rule or role-based access control- support for leading user registries- Advanced APIs for further customization

Common Criteria certified

Key Features


IBM Tivoli Federated Identity Manager (FIM) family

Product Overviews

Most complete federated SSO in the industry

Supports latest federated SSO protocols in the “Hub” including:– Liberty ID-FF 1.x, SAML 1.0, 1.1, 2.0 & WS-Federation

Provisioning for user lifecycle management– Define, modify and remove user/group definitions- z/OS support including RACF Pass Ticket access to CICS and IMS transactions

Web Services & SOA Security Management- supports complex identity mapping & mediation

Provides Security as Services

Key Features


How Federation Works

WebPortal

Federated Web Application

Authentication Identity Mapping

Product Overviews


IBM TAM/TFIM Architecture



Application Security – Service Oriented Architecture

Goals In an SOA environment, provide secure access

and federate identity across these services

Externalize core security services from the application

Ensure security administrators make changes NOT developers.

Ensure changes to security are auditable

IBM solutions Tivoli Federated Identity Manager

WebSphere Enterprise Service Bus ( ESB)

WebSphere Message Broker

WebSphere DataPower

Identity & Access

IBMCICS

Application

Identity & Access

SAPApplication

Identity & Access

MicrosoftApplication

Identity & Access

IBMWebSphere

App Svr.Application

Identity & Access

BEAWebLogicApplication

Identity & Access

OtherApplication

Identity & Access

OracleApplications

Identity & Access

Identity & Access

Identity & Access

Identity & Access

IBMCICS

Application

Identity & Access

Identity & Access

IBMCICS

Application

Identity & Access

SAPApplication

Identity & Access

SAPApplication

Identity & Access


Identity & Access


Identity & Access

IBMWebSphere

App Svr.Application

Identity & Access

Identity & Access

IBMWebSphere

App Svr.Application

Identity & Access


Identity & Access


Identity & Access

OtherApplication

Identity & Access

OtherApplication

Identity & Access

OracleApplications

Identity & Access

Identity & Access

Identity & Access

Identity & Access

Identity & Access

OracleApplications

Identity & Access

Identity & Access

Identity & Access

Identity & Access

Identity & Access

Identity & Access

Requesting Application

Providing Services

IBM TivoliIBM TivoliFederated Identity ManagerFederated Identity Manager

IBM Enterprise Service BusIBM Enterprise Service Bus

Product Overviews


IBM Tivoli Identity Manager (TIM)

Product Overviews

Reduces helpdesk load by using Web self service and password reset interfaces

Cuts elapsed turn-on time and automates routine administrative tasks

Assists in addressing compliance issues

Automates business processes related to user identity lifecycle management

Centralized control and local autonomy

Enhances integration via extensive APIs

Choose to manage target systems with agents or agentless

Over 900 customers so far…

Key Features


IBM ITIM Architecture

Primary App ServerPrimary Adapter

Server

Backup DB Server

Backup Adapter Server

Primary LDAP Server

Secondary LDAP Server

Primary DB Server

Secondary App Server

AIXSolarisLinux

HP-UXLDAP, etc.

DB2OracleSQL,etc.

Managed Resources

IBM Tivoli Identity Manager Application Server Cluster

Directory Server

IBM Tivoli Identity Manager Database Servers

IBM Tivoli Identity Manager Adapter Servers

Load Balancer

IBM HTTP ServerWebsphere App ServerWebsphere MQITIM Application

IBM HTTP ServerWebsphere App ServerWebsphere MQITIM Application

DB2OracleMicrosoft

Windows Server Windows Server

IBMSun

IBMSun

Itim.client.com

HTTPS

HTTPSJDBC(Oracle)

LDAP

JDB

C

Adapter Calls

Adapter Calls

via HTTPS

Nat

ive

Pro

toco

l

LDAP

Remote AdaptersIBM Tivoli Directory Integrator

`

DBReplication

WebSphere load balancing

LDAP Replication(Master – Master)

.CSV, DB, DSML, Web Service, etc.

DB2OracleMicrosoft

Remote AdaptersIBM Tivoli Directory Integrator

Local Adapters

Ada

pter

Cal

ls

RACFSAPPeopleSoft, etc.

ADLotus Notes, etc.

HR/Contractor

Feed

HR DB

AdministratorsEnd Users

SSH (UNIX)

JDBC (DB)

LDAP, etc.

Managed Resources

SSHJDBC

LDAP, etc.

Agentless

HR Server

Windows/UNIX/Linux/z-OS Server





IBM Tivoli Security Information and Event Mgmt (TSIEM)

Enables log collection and monitoring

Provides Privileged User Monitoring and Audit (PUMA)

Provides “out-of-the-box” Compliance Reporting Modules

Supports virtually any platform, db or application

Required by almost every regulation/auditor

Product Overviews


IBM zSecure Products

Mainframe RACF administration, log collection and audit tools

Includes several components - zAdmin, zAudit, zAlert, Command Verifier, zVisual, CICS Toolkit

Only has one competitive product

Installs in hours

Free POC – Try then buy

Product Overviews


IBM Security Virtual Server Protection for VMware

Offers integrated threat protection for VMware vSphere™ Provides protection for every layer of the virtual

infrastructure Includes host, network, hypervisor, virtual machine (VM)

and traffic between VMs Helps to accelerate and simplify your Payment Card

Industry Data Security Standard (PCI DSS) audit IPS, Rootkit Detection/Quarantine, Audit (who did what) Auto discovery of entire VMware infrastructure

Product Overviews


Planning and Implementation

Implementation


Organizational IAM Maturity Curve

Directory Services

Identity Integration

Web Access Mgmt /SSO/StrongAuthN

Security Monitoring/Compliance

Mgmt

Centralized Provisioning

Automated Provisioning/Physical Security Integration

Password Management

Federated SSO

Time

IdM

Cap

abili

ty

LOW MATURITY

MEDIUM MATURITY

HIGH MATURITY

Implementation Approaches

Role Mgmt/NAC

Automated Policy Framework


Sample Roadmap Phases

Base Functions• SSO profiles, Windows Reset, AD password sync

• Integrate key apps with base roles

• Advanced manual application requests using custom forms

• Advanced HR integration/ automation with attribute sync

• Departmental/Market rules and notifications

• Attestation for manual applications

• Automated business rule workflows/notifications

• Provide reporting package to support critical audit requirements

Extended Functions • SSO Provisioning Manager for deploying preconfigured profiles

• Integrate all key “out of the box” platforms with base roles

• Advanced roles for key applications

• Integrate additional packaged applications

• External user provisioning

• Fine-grained web authorization using access mgmt, web services

Advanced Functions • Integrate applications requiring custom connectors

• Deploy federated identity manager for vendors, partners, customers

• Integrate provisioning/ deprovisioning of physical security for badge system/building access

• Role life-cycle management

• Privileged user monitoring

Phase 1

Phase 2

Phase 3

Implementation


How Do You Sell This Stuff?

Selling


Find the Pain! We are the trusted advisor…

Almost every client (small to large) needs one or more of the following:

Security assessment (or HealthCheck)

Annual Pen test (penetration testing helps keep the bad guys out)

Compliance help (PCI, SOX, HIPAA, GLBA, NERC)

Incident Response / Forensic Collection and Analysis

These are MUST haves NOT nice to haves

Executive office will mandate a security assessment after a security breach (malware, insider abuse, fraud, etc)

Pen tests are required by Payment Card Industry (PCI)

Audit findings require compliance remediation (hard to comply without automation tools)

Selling


What Questions to Ask / Keys to Finding the Pain

“What keeps you up at night with regard to security or compliance?”

“What issues are you struggling with regarding security and/or compliance?”

“Have you had to respond to audit findings?”

“Has your company had a recent security breach or malware issue, loss of customer data, sensitive data disclosure incident?”

“Has your company had an insider abuse issue or expressed concerns with how to monitor privileged users, system administrators or database administrators?”

“Are you required to do an annual pen test?

“Which compliance regulations impact your organization?”– PCI – companies using credit card data

– SOX – financial reporting protection for any public company

– GLBA – financial institution regulations

– HIPAA – healthcare industry, concerning patient data and electronic health records

– NERC/FERC - any energy/utility or company with critical infrastructure assets

Selling


Who to approach

Chief Information Officer (CIO)

Chief Information Security Officer (CISO)

Chief Compliance Officer (CCO)

IT Security Director/Manager

IT Director

IT Security Staff

Network Operations Manager

Internal Audit

Selling


Fast, affordable services solutions . . .

Security Assessment -- Three days approx $6,000

Pen Testing – One day $2,500

Compliance Assessments – A few days to a few weeks $6,000+

These small, affordable engagements almost always lead to remediation solutions which require hardware/software purchases

and services engagements from IBM/PMG.

Selling


Security Assessments

Security Posture Assessments with Actionable Remediation Recommendations

Management Interviews and Questionnaire

Diagram and Documentation Review

Technical Assessment

Architecture Reviews Security Policy Reviews Network Scans System Scans Wireless Scans Penetration Tests

Executive Findings Review

Actionable Recommendations

Solution Architecture and Implementations

Findings Prioritized by Risk, Mapped to Best-Practices

Selling


FastPath to Compliance

Key points

• Low-cost barrier to entry• Fast setup• Fast results• Produces GREAT ROI

• Leads to BIGGER Sales!

Selling


That Lead to Fast, Affordable Software Solutions . . .

Log Management (SaaS) – $1,500 - $5,000+ monthly lease

Log Management (Buy) – $10,000 - $150,000+

Threat Management (SaaS) – $1,500 - $5,000+ monthly lease

Threat Management (Buy) – $30,000 - $150,000+

Enterprise Single Sign-on (ESSO) - $70k for 1000 users

Selling


That Lead to the Bigger Deals!

Identity and Access Management

Software - $300k+

Hardware - $100k+

Services - $300k+

Typical deal size $500k to $1M+

Selling


FastPath to TSIEM (Out-of-Box Reporting, Regulatory Compliance)

Selling


FastPath to ESSO (Turn-key Single Sign-on for Three Applications)

Selling


FastPath to ITIM (Identity Management Rapid Deployment )

Selling


Let’s Get Moving . . .

Free iPad for first five transactions (Min $5k)

Next Steps


Getting Started

Call or email Dan Smith

[email protected]

Office 817-704-3644 x 104

Cell 214-236-2374

Next Steps

Documents

Path Maker Security Presentation