Identity and Security Intelligence

Security is now as much a question of visibility as it is of controls. Enterprises need to be able to see what’s happening throughout their physical and virtual environments, including both in house and in the cloud. This session discusses the role of identity management in security intelligence, including the kinds of information that enterprises need to collect, the kind of analysis that needs to be performed and the ways that the resulting security intelligence can be applied in making effective security decisions.

• Most things we look at in IAM systems like Identity Provisioning are focused on creating logs and historical reports, but not on analyzing real-time activities
• Most things we do for example in SIEM (Security Information and Event Management) or (even worse) at the firewall level (despite some advances in “next generation firewalls”
• Integrating IAM with DLP, SIEM, Firewalls thus is a must – security intelligence without taking identity into account is security stupidity
• When moving forward with new concepts like claims-based authentication and the underlying authorization another aspects comes into play – how do you monitor and analyze what is happening here? Things become even more complex and providing Governance and Intelligence here from the very beginning appears to be important
• In addition there will be some discussion about how to deal with “dynamic authorization management” environments from that perspective – when looking at XACML or claims-based concepts, we don’t rely on static access control lists but on policies and decisions made based on attributes/claims provided at real-time, which is a new aspect. That is probably a little outside of the key topic, nevertheless it makes sense
• Besides this there is the notion of Access Intelligence now which some vendors interpret just as using Business Intelligence technologies on identity-related log data (beyond reports) while other include real-time information from DLP or SIEM or whatever. You might discuss whether there is a need for that; whether this is really new (I’d say it is something which is just part of Access Governance); and what it should cover

Presentation deck

Identity and Security Intelligence

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.