IBM Security Product Integration Reference

IBM Security Product Integration Reference
IBM offers a rich solution portfolio organized into a comprehensive security immune system
designed to help organizations protect their on-premise, cloud, and hybrid IT environments.
Our robust set of offerings can be delivered through our Security Transformation Services which
include the industry expertise and best practice methodologies needed to help organizations
transform their security program.
And all of the IBM Security offerings are backed by an extensive business partner ecosystem
which extends to industry-leading technologies, sales and service partners
IBM Security Immune System
We use an immune system as an analogy for how our IBM Security offerings work together, to
protect your IT infrastructure, much like our body’s immune system defends us from attacks on
our health.
As humans, we have finely tuned—and highly adaptive—immune systems ready to help us fight
off all kinds of attacks that would otherwise threaten to destroy us. Made up of cells, tissues and
organs that work together to defend us against attacks by “foreign” invaders, a healthy immune
system can distinguish between the body’s own cells and those that don’t belong. It’s an
intelligent, organized and efficient system that can instantly recognize an invader and take
action to either block its entry or destroy it.
As an immune system, IBM's security products are highly integrated – across IBM solutions and
with non-IBM solutions via standards adoption.
October 2018 -1-

Where integration standards exist, we follow them (and often make significant contributions to
those standards). Where they don't exist, we develop technologies to drive/enhance integration
and interoperability. Consider the examples of both types of integration in the table that follows.
Blue-highlighted text indicates areas where IBM is delivering integration or interoperability that is
unique in the industry.
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• QRadar supports a wide range of event • Device support modules (DSMs) have been written
collection standards - syslog, SNMP, OpSec, to allow the QRadar platform to accept, correlate,
SDEE, JDBC and others. analyze and derive meaning from event and audit
• QRadar is unique in terms of the depth to log information originating from a vast array of
which it can add to the collected security hardware and software sources, including both z
Security
intelligence and factor it into a more mainframe and distributed sources. For the latest
Intelligence,
accurate picture of attack status and what list of products supported by QRadar SIEM DSMs,
Incident
to do about it. It is expandable with event see the “IBM Security QRadar DSM Configuration
Response and
processor, flow processor, and combined Guide” on the “IBM Security QRadar SIEM Product
Intelligence
event and flow processor appliances. It can Documentation for 7.2.4” page – Log Sources Users
Analysis
directly collect NetFlow, J-Flow, sFlow and Guide
IPFIX data. • From the perspective of integration across IBM
• QRadar supports the IF-MAP standard for security products, QRadar DSMs are available for
publishing the information it generates. IBM Security Access Manager, IBM Security Identity
Governance and Intelligence, IBM Security AppScan
• QRadar Incident Forensics can pull in *.pcap
products, IBM Security zSecure suite, Guardium,
files, which are Ethernet packet sniffer files.
iSeries, AIX, IBM Security BigFix and WebSphere.
• QVM can accept vulnerability scanner QRadar can pull in asset information from network
results from competitive vulnerability scanners or CMDBs using AXIS format, a proprietary
scanners (e.g. Nessus, McAfee Vulnerability XML format for importing asset information. (Log
Scanner, nCircle, Rapid 7, NMAP, Saint, Enhanced Event Format (LEEF) is the log format
SecureScout, Beyond Security, Digital QRadar uses.)
Defense, eEye REM, FoundScan, IBM
AppScan (Enterprise), IBM Guardium, IBM
• Cisco’s Threat Grid App integrates with IBM QRadar,
enabling analysts to quickly identify, understand and
BigFix and Juniper NSM Profiler).
respond to system threats rapidly through the
QRadar dashboard. [Whitepaper]
• The IBM QRadar + Cisco Firepower App's integration
provides extended visibility and context across Cisco
alerts and log data derived from Firepower’s
firewalls, intrusion prevention and advanced
malware protection capabilities and flows it directly
into the QRadar security event dashboard. This
enables security analysts to drill down into the
detailed event data for faster, to more accurately
and quickly identify the top priorities for threat
investigation and response.
• In general, IBM Security App Exchange enables many
infrastructure solutions to integrate with QRadar,
promoting better, quicker and more comprehensive
coverage.
October 2018 -2-

IBM Security
• QRadar Vulnerability Manager can receive

vulnerability scanner vulnerabilities, for improved
QVM context and prioritization. Included in the
scanners that QVM can accept vulnerabilities from
are Guardium Database Vulnerability Analysis and
Security AppScan Enterprise.
Intelligence,
• Using the BigFix scanner module, QRadar can access
Incident
vulnerability data from IBM BigFix.
Response and
Intelligence • QRadar utilizes external QRadar QFlow Collectors for
Analysis layer 7 network analysis and content capture. It can
(continued) also use QRadar VFlow Collectors for layer 7 analysis
and content capture within VMware virtual
environments.
• QRadar Incident Forensics is tightly integrated with
IBM Security QRadar Network Insights for post-
incident investigations and threat hunting activities
• QRadar incorporates IBM’s X-Force and 3rd party
threat research data. IBM's X-Force Intelligence
Threat Feed is based on the real-time monitoring of
13 billion security events per day, on average, for
nearly 4,000 clients in more than 130 countries.
Through this feed, QRadar customers’ Security
Intelligence is tied into the latest insights offered by
this vast amount of ongoing analysis. This global
real-time threat information from X-Force Threat
research helps QRadar place activity in external
context and determine offense severity.
• QVM can filter vulnerabilities to show only those on
assets that have been communicating with poor
reputation IPs. QVM can also be configured to scan
assets (for example daily) that have been
communicating with IPs in the x-Force threat
intelligence feed.
• X-Force IP reputation data integrated in the QRadar
platform lets QRM simulate the spread of an exploit
from a machine communicating with a known
dangerous IP across other enterprise assets.
• Data from BigFix allows QVM to see what endpoint
vulnerabilities have been patched or are scheduled
to be patched on which endpoints and adjust
vulnerability severity accordingly.
• IBM MaaS360 sends mobile device compliance
information and security events to QRadar SIEM for
correlation and analysis
• AppScan Enterprise sends application vulnerabilities

to QVM for additional context and prioritization
October 2018 -3-

IBM Security
• A QRadar plug-in allows users to push SIEM data

directly to IBM i2 Analyst's Notebook for further
analysis.
October 2018 -4-

IBM Security
The list of platforms (browsers/operating TRUSTEER WEB FRAUD SOLUTIONS

systems) that Trusteer solutions support can • Security Access Manager can identify Trusteer
be found at: Mobile and Rapport headers, to prevent non-secure
http://www.trusteer.com/support/supported browsers from connecting, and to promote
-platforms download of Rapport to non-secure workstations.
Advanced Fraud • Trusteer Mobile and Rapport reduce the risk of
Protection malware collecting sensitive data, by providing
device details, which can be included in Security
Access Manager policies.
• There is automated Pinpoint snippet integration
using Security Access Manager. Thus, there is no
need to touch web applications to deploy Pinpoint.
• Security Access Manager can be used as a proxy for
Pinpoint, allowing quick integration, deployment and
time to value for Pinpoint.
• IBM MaaS360 utilizes Trusteer’s Cloud Service to
provide Malware, Jailbreak & Root Detection. This
capability results from integrating the Trusteer
Mobile SDK into the Maas360 container and the
Maas360 app wrapping SDK and enables MaaS360 to
be further "risk-aware" and able to use risk data to
enforce device usage and access policies.
• Trusteer Mobile SDK can be dragged/dropped into a
Worklight App to provide mobile device security
with no coding required.
Trusteer Fraud Prevention sends the latest attacks and
exploits observed across its vast network to X-Force
for inclusion in the X-Force threat feed.
October 2018 -5-

IBM Security
• The LDAP V3 standard is implemented in • With QRadar User Behavior Analytics’ integration
highly scalable, highly available IBM with ISAM and IGI, UBA detects risky user behavior
Security Directory Server product, which is with and ISAM and IGI can automatically suspend
delivered in many IBM security, risky users’ accounts while incident investigation
transactional, and other solutions today. progresses.
People (Identity
and Access • IBM Security Directory Server is The Open • Cloud Identity Connect offers customers significant
Governance) Group LDAP v2 certified, and its last efficiencies with no-touch IDaaS and EMM
Common Criteria certification was at an EAL integration. With Cloud Identity Connect, ISAM,
4 level. Cloud Identity Service and MaaS360, IBM is the only
• Access Manager can work with IBM Security single vendor that seamlessly integrates IDaaS, EMM
Directory Server or with many other, LDAP and on-premises IAM.
V3-compliant registries • Customers attempting to access an Access Manager
• Access Manager supports SSO and Web protected resource can be required to use a Trusteer
Access Management (WAM) to Web and Secure Browser for access.
application servers as well as Kerberos and • The Trusteer Mobile Browser can make Access
J2EE environments and can support a broad Manager aware of the status of the connecting
range of single sign-on methods. mobile device, preventing, for example, connections
• As of 1Q 2018, ISAM ESSO browser support from infected or jail-broken or unpatched phones.
includes Google Chrome, Microsoft Edge • Security Access Manager can identify Trusteer
and Next Firefox ESR Mobile and Rapport headers, to prevent non-secure
• ISAM ESSO supports a broad array of multi- browsers from connecting, and to promote
factor authentication devices, including: download of Rapport to non-secure workstations.
o Charismathics USB Key (smart card) • There is automated Pinpoint snippet integration
o HID Prox Cards using Security Access Manager. Thus, there is no
o HID iClass Cards need to touch web applications to deploy Pinpoint.
o Indala Cards • IBM Security Access Manager can leverage a number
o Mifare Cards of strong authentication solutions via App Exchange.
o RFIDeas’ iTag Solutions include Bioconnect biometrics, Veridium
o EM Cards biometrics, ImageWare Systems’ GoVerify
o XyLoc Cards biometrics, crossmatch DigitalPersona biometrics,
o RFIDeas pcProx-Sonar Yubico’s hardware-based token, and mobile multi-
o UPEK fingerprint readers factor authentication from DualAuth and buypass.
o DigitalPersona fingerprint readers
• IBM MaaS360 users can easily access enterprise
o Lenovo ThinkPad fingerprint readers
resources via Access Manager, with minimal
o Other BioAPI compliant readers,
authentication friction. MaaS360 utilizes existing
subject to test certification
Access Manager infrastructure (access to SaaS apps,
o Other BIO-key supported readers,
MaaS360-enablement enterprise mobile apps and
subject to test certification
enterprise web apps) while enabling access from
o VASCO OTP tokens
mobile devices.
o Authenex OTP (OATH) tokens
o Other OATH compliant tokens, • MaaS360 allows Access Manager to dynamically
subject to test certification assess risk associated with mobile app access using
o Cell phone authentication contextual information about the device (e.g.
o Smart cards compatible with management status, device ID, jail-broken status).
Gemalto, Charismatics and SafeSign This adaptive authentication provides graded trust
certified middleware to improve mobile security posture while providing
the least obtrusive end user experience.
• Access Manager's support for HTTP 1.1
essentially makes it interoperable with any • A primary strength of the Access Manager family of
products is its integration with a wealth of target
applications, directories and environments. The
October 2018 -6-

IBM Security
of today's browsers, whether on a impressive specifics behind this are covered in the
workstation, laptop, tablet or mobile phone IBM Security Integration Factory page.
• Access Manager supports Web Services • IBM’s Access Management Appliances (physical and
Description Language (WSDL) virtual) are threat aware, thanks to the Web
• Identity Governance and Intelligence application subset of X-Force’s Protocol Analysis
People (Identity supports Service Provisioning Markup Module (PAM) being implemented in the appliances.
and Access Language (SPML) and Directory Services X-Force feeds provide Access Manager customers
Governance) – Markup Language (DSML - a standard for with the latest protection against web application
expressing LDAP functions and retrieving attacks.
continued
data in XML.) • The IBM Identity Governance and Intelligence
• Access Manager supports SAML tokens and Lifecycle and Enterprise Editions integrates
protocol, OAuth Tokens, Open ID protocol seamlessly with an Access Manager’s set of group
and selected parts of the Cross-domain definitions and corresponding access rules. IGI can
Identity Management (SCIM) protocol. create/manage Access Manager’s groups.
• IBM Security Directory Server, IBM Security • The IBM Identity Governance and Intelligence
Directory Integrator and IBM Security Lifecycle and Enterprise Edition’s role-based
Identity Governance and Intelligence management that is in the IGI Lifecycle and
support Directory Services Markup Enterprise Editions can synchronize Access Manager
Language (DSML) passwords
• The IBM Identity Governance and Intelligence
Lifecycle and Enterprise Edition’s role-based
management that is in the IGI Lifecycle and
Enterprise Editions includes an Access Manager
adapter. Therefore, all the value accruing to the
automated lifecycle management of IGI’s workflow
and its reconciliation/ recertification capabilities
apply to Access Manager and its target applications.
• The Web SSO that Access Manager can include SSO
for IGI administrators into the IGI administrator GUI.
• IBM Security Access Manager for DataPower is an
integrated software module for IBM DataPower
Gateways that provides access management security
for web, mobile and cloud workloads. It enables a
single, converged gateway solution for securing an
organization's current and future business channel
needs.
• IBM WebSphere DataPower integrates with IBM
Security Access Manager’s (SAM’s) federation
capabilities by acting as an enforcement point for
SAM-managed OAuth tokens
• Access Manager supports .NET, ASP.NET, IIS,
SharePoint, Exchange and Office 365.
• IBM Security Directory Integrator's connectors form
the "fit and finish" glue code for countless identity
and access management implementations. Its
purpose is interoperability and it is used (among
many other examples) to build Identity Governance
and Intelligence adapters, to build identity
warehouses in Access Manager, and much more.
Through its flexibility, Directory Integrator allows
October 2018 -7-

IBM Security
IBM, customers and business partners to rapidly

address custom requirements that traditionally
would have to be delegated back to product
development for future prioritization and
development.
People (Identity
• IBM Security Identity Governance and Intelligence’s
and Access (IGI) includes functions formerly in IBM Security
Governance) – Identity Manager in its Lifecycle Edition and
Enterprise Edition.
continued
• IGI includes a module to deliver access risk control,
SOD, and compliance for SAP.
• IGI can also integrate with NetIQ Identity Manager
(NIM). So customers who currently have NetIQ have
a choice – if they want to keep NetIQ, they can add
SIG Access Governance capabilities on top of NIM in
matter of hours. If they want to transition to the
IBM integrated Identity Governance and
Management solution, they can add SIG capabilities
on top of NIM first, then decommission NIM,
bringing in IBM Security Identity Governance and
Intelligence.
• IBM Security Access Manager for ESSO virtual and
thin-client support: SAM ESSO supports Virtual
Desktop Infrastructure technologies like VMware
View, Citrix XenDesktop and the IBM Virtual Desktop
for Smart Business. SAM ESSO also supports
application virtualization technologies like Microsoft
App-V (formerly SoftGrid) and Citrix XenApps. The
ESSO Server is available as a virtual appliance that
can be deployed on a VMware ESX/ESXi hypervisor.
The software distribution of the server can also be
installed and managed on a virtual infrastructure.
Application and Desktop virtualization integration
with ESSO can be leveraged from a host of end
points including iPads, Android devices (which have
Citrix Receiver apps downloaded on them), Thin
Clients (Wyse, HP) with Windows 2009 embedded
operating systems as well as Zero Clients.
• SAM ESSO mobile support: ESSO's Web Workplace
provides SSO to web applications accessed over
devices like iPads, Android, etc. ESSO also provides
SSO to virtualized applications accessed via
technologies like Citrix XenApps. Additionally, for
scenarios involving virtualized desktops accessed
over mobile devices like iPads and Android as is
common in healthcare and financial services, ESSO
supports Citrix XenDesktop, VMware View and IBM
Virtual Desktop for Smart Business.
• IBM IGI provisions accounts to RACF. zSecure
creates and manages entitlements within RACF.
October 2018 -8-

IBM Security
• Secret Server can integrate with any web ticketing

system. This allows clients to tie specific Secret views
to an item in existing ticketing systems.
• Identity Governance and Intelligence (IGI) – Secret
Server grants access permissions in accordance with
your IGI access policy
• QRadar SIEM – Secret Server sends privileged access
People (Identity events to QRadar, to prioritize riskiest incidents
and Access • User Behavior Analytics - Identify anomalies related
Governance) – to privileged access
continued
• Secret Server can manage privileged accounts on
IBM Z Systems and on IBM System i.
• For System z integration, for example, Secret Server
can integrate with TSO commands and RACF, a
standard z/OS security application for managing
accounts and access. With Secret Server you can
manage privileged accounts, rotate passwords,
control access and review audit reports, and monitor
password integrity. In addition to the ability to
rotate your passwords with Secret Server, you can
also set up launchers into your IBM Mainframes.
Coupled with a department security policy that all
privileged account access to mainframes be stored in
Secret Server, you can have a completely auditable
history of every access into your mainframe. Manage
all your mainframe connection requirements
alongside every other server and endpoint on your
network to always ensure the right people have the
right access at the right time.
October 2018 -9-

IBM Security
• Guardium supports these protocols and • Guardium's database activity monitoring and audit
interfaces: LDAP, Radius, Kerberos, MS-AD, capabilities work with a wide range of target
CEF, CVE, CCE, CPE, OVAL, XCCDF, CVSS, platforms including databases (IBM DB2, IBM
Syslog, SNMP, LEEF, AXIS, SCAP, STIG, CIS Informix, IBM IMS, Sybase ASE, Sybase IQ, MS SQL
Benchmark, FTP, SCP, SMTP, RSA tokens, Server, PostgreSQL, Sun MySQL and Sun MySQL
Data Security
CSV, PDF, XML, XACML, SQL, HTTP, Hive, Cluster), data warehouses (Teradata and IBM
Hbase, HDFS, MapReduce and others. Netezza, Exadata), Bid Data-Hadoop (IBM
• IBM made considerable contributions to the BigInsights, Cloudera, Hadoop, Hortonworks,
Key Management Interoperability Protocol Cassandra, SAP HANA, MongoDB, Greenplum,
(KMIP) standard and its IBM Security Key CouchDB, NoSQL), file systems (IBM VSAM,
Lifecycle Manager product follows the Microsoft SharePoint, FTP, Windows File Share
standard, which greatly expands the (WFS)) and applications (HTTP, IBM WebSphere
number of encryption devices for which it Application Server, IBM Cognos, Oracle eBusiness
can provide encryption key lifecycle Suite, SAP, Oracle PeopleSoft and Siebel)
management. • Guardium interoperates with the following, for ease
• IBM Security Key Lifecycle Manager also of IT administration: Remedy, PeopleSoft, IBM Tivoli
follows: Netcool, HP Openview, IBM Tivoli Request Manager,
o Java security standards, to enable it to BMC Remedy, HP Peregrine, McAfee EPO, IBM Tivoli
share keystore with other Java Provisioning Manager, RPM, IBM Tivoli Storage
components Manager, IBM Netezza, EMC Centera, Nitro, Nagios
o Common Cryptographic Architecture and F5 load balancer.
(CCA), for support of encryption keys on • Guardium interoperates with the following for
z/mainframe machines SIEM/audit/compliance purposes: IBM QRadar SIEM,
o T10 security protocol for proper IBM QRadar Log Manager, IBM Security Information
integration with SCSI devices and Event Manager, HP ArcSight, EMC RSA enVision,
o NIST SP800 – 131a – “Recommendation F5 BIG-IP Application Security Manager, McAfee
for Transitioning the Use of EPO, EMC RSA SecurID, Radius, Kerberos, MS Active
Cryptographic Algorithms and Key Directory, LDAP, IBM Security Directory Server and
Length” IBM BigFix.
• IBM Security Key Lifecycle Manager works • Guardium provides vulnerability assessment
with Hardware Security Modules (HSMs) information of database servers to BigFix to help
that support FIPS and Common Criteria BigFix understand the database risk in the scope of
standards. Examples are: other endpoints.
o SafeNet Luna SA 5.0 and SA 4.5 • zSecure Audit integration enhances Guardium
o nCipher nShield Connect 1500 Vulnerability Assessment for DB2 on System z, to
o IBM 4765 PCIe Cryptographic include assessment of RACF privileges
Coprocessor (AIX only)
o IBM 4758 PCIe Cryptographic • IBM Security Key Lifecycle Manager for z/OS
Coprocessor keystores work in conjunction with Integrated
Cryptographic Services Facility (ICSF) on the
mainframe to provide the highly-secure protection
of the mainframe cryptographic hardware. With
SKLM, customers can use a RACF keyring for the
master keystore.
October 2018 -10-

IBM Security
• AppScan Source (static testing) supports • AppScan Standard includes a .NET SDK, a command-
Java, JSP, C, C++, Classic ASP (VB6), COBOL, line interface (for integration with build and
.NET, PHP, HTML, Perl, ColdFusion, Client- automation systems), an extension framework, for
Side JavaScript, Server-Side JavaScript, augmenting and adapting AppScan to meet
VBScript, PL/SQL and T-SQL, Android (Java), customer-specific needs and a Python-script-based
Application
Security IOS/Objective C. platform for extending penetration testing.
• AppScan Dynamic testing products • AppScan Enterprise includes a REST API
(AppScan Standard and AppScan Enterprise) • AppScan Source includes a Java reporting API,
can test web applications and web services command line interface, as well as Ant/Maven/Make
- either REST or SOAP written in any build integrations
language because they are not language
• AppScan also integrates with:
dependent.
o IBM's QRadar, making AppScan reports available
• The AppScan family has the largest list of to QRadar, improving QRadar’s asset database
supported languages for the apps it can with additional, useful vulnerability information.
scan for vulnerabilities: o Defect tracking systems such as IBM's Rational
o Java o Go Team Concert, Microsoft Team Foundation
o .NET o Scala Server, etc.
o JavaScript o Clojure • AppScan integrates with Eclipse and IBM Worklight
o PHP o Groovy mobile application development platform
o Node.JS o Android
o C/C++ o Perl
• AppScan Enterprise sends application vulnerabilities
o Ruby to QVM for additional context and prioritization
o Pascal
o Objective-C • Application Security on Cloud integrates with IBM
UrbanCode, a tool for automating application
In addition, IBM Security Mobile Analyzer deployments through our customers’ environments.
(part of IBM Application Security on Cloud)
can analyze SWIFT applications; and
AppScan Dynamic testing products
(AppScan Standard and AppScan Enterprise)
can test Python dynamic analysis.
• Open Source Analyzer has the broadest,
most up-to-date set of identified Open
Source vulnerabilities from public and
proprietary sources
• Open Source Analyzer supports multiple
sources of remediation advice, including
from IBM X-Force
October 2018 -11-

IBM Security
• IBM BigFix supports the widest range of • Cisco’s Threat Grid App integrates with IBM QRadar,
endpoint platforms (Windows, Mac, UNIX, enabling analysts to quickly identify, understand and
Linux and VMware) and a wide range of 3rd respond to system threats rapidly through the
party application patches (Adobe, Mozilla, QRadar dashboard. [Whitepaper]
Infrastructure
Java, . . .) • The IBM QRadar + Cisco Firepower App's integration
(Network, provides extended visibility and context across Cisco
Endpoint and alerts and log data derived from Firepower’s
Mainframe) firewalls, intrusion prevention and advanced
malware protection capabilities and flows it directly
into the QRadar security event dashboard. This
enables security analysts to drill down into the
detailed event data for faster, to more accurately
and quickly identify the top priorities for threat
investigation and response.
• The Resilient integration for QRadar is available on
the IBM Security App Exchange. Integrating IBM
QRadar into the Resilient Incident Response
Platform (IRP) allows clients to manually or
automatically escalate QRadar offenses into Resilient
incidents and enrich Resilient artifacts with data
from QRadar.
• In general, IBM Security App Exchange enables many
infrastructure solutions to integrate with QRadar,
promoting better, quicker and more comprehensive
coverage.
• BigFix integrates with Resilient Incident Response
Platform and with QRadar. For example, with BigFix,
customers can:
o Search for an indication of compromise (IOC) from
Resilient across their endpoints.
o Ask BigFix for all known info about a specific
endpoint
o Initiate remediation action from Resilient for all
BigFix-known endpoints
And QRadar integration examples include:
o BigFix Server Events and Detect Alerts are
incorporated into the QRadar Console and
correlated with other QRadar events for more
effective security analytics
o QVM/QRM feeds prioritized vulnerabilities to
BigFix Compliance for rapid remediation and
status updated in QRadar to form close-looped
vulnerability management
o BigFix App for QRadar enables SOC Analysts and
Managers to access deep, real-time endpoint data
(patch/vulnerability status, AV deployment, attack
alert, etc.) from familiar QRadar Console screens
• BigFix offers many methods for integration into, and
out of the solution. BigFix features extensive
integration and automation capabilities using the
October 2018 -12-

IBM Security
Relevance scripting capabilities supported by the

BigFix agent across all supported operating systems.
With Relevance, nearly any automation or endpoint
integration is achievable using this well documented,
and easily readable scripting language. In addition,
Infrastructure BigFix provides APIs for command and control,
(Network, automation as well as data retrieval. Web services
Endpoint and APIs are provided for data integration as well. These
Mainframe) - same methods are utilized internally to integrate
continued with IBM offering such as Tivoli Application
Discovery for Distributed, Tivoli Asset Manager,
QRadar and other solutions.
• IBM BigFix centrally deploys and updates a vast array
of software products, including many of the IBM
Security products, and it sends alerts if there are
installation issues. There are significant cost and
thoroughness benefits that accrue from BigFix’s
software distribution and management.
• MaaS360 utilizes Trusteer’s Cloud Service to provide
Malware, Jailbreak & Root Detection. This capability
results from integrating the Trusteer Mobile SDK into
the Maas360 container and the Maas360 app
wrapping SDK and enables MaaS360 to be further
"risk-aware" and able to use risk data to enforce
device usage and access policies.
• MaaS360 sends device attributes information from
MaaS360-registered devices to Access Manager for
use in access policy.
• IBM MaaS360 leverages customers’ existing
investments in enterprise infrastructure, such as
Microsoft Exchange, ActiveSync, Lotus Notes
Traveler and Active Directory, to extend their
capabilities to a mobile environment. MaaS360
integrates seamlessly by providing robust APIs and
other integration options.
• IBM Security zSecure Audit, zSecure Alert and
zSecure Adapters for QRadar SIEM collect and
format information from over 40 different IBM
System z SMF record types, and add enriched
descriptive audit information about the user and the
resource to help build essential audit reports.
zSecure Audit and zSecure Adapters for QRadar SIEM
provide security event information in batch mode.
zSecure Alert provides security event information in
near real time.
• zSecure Audit integration enhances Guardium
Vulnerability Assessment for DB2 on System z, to
include assessment of RACF privileges
October 2018 -13-

IBM Security
• QRadar accepts feeds from zSecure, Guardium (bi-

directional), and AppScan to provide enterprise
security intelligence
• zSecure Audit analyzes the protection of DB2 objects
Infrastructure by RACF and internal security and makes these
(Network, available to Guardium Vulnerability Assessment
Endpoint and (VA). Guardium VA includes entitlement reports and
Mainframe) - delivers over 200 vulnerability tests.
continued • AppScan and Guardium VA complement each other
to provided layered protection of a customer’s
crown jewels.
• Security Identity Governance and Intelligence can
provision users in RACF providing added value to
zSecure Admin management of RACF databases
• zSecure Audit or Admin can extract identities &
access from RACF for analysis by Security Identity
Governance & Intelligence
• zSecure (various) is aware of the new fields in RACF
introduced with Multi-Factor Authentication for
z/OS solution thus providing more comprehensive
reporting.
• i2 Enterprise Insight Analysis integrates with third-

party software, and features open-source data
connectors to leverage existing data and systems,
collect new data and securely share your intelligence
Intelligence • Outputs from QRadar SIEM can be imported into i2
Analysis (i2) Enterprise Insight Analysis (EIA) (and visualized in
the related desktop client Analyst's Notebook
• Broad support for IPv6, SSL/TLS, X.509v3

certificates
Overall • IBM Security products strongly support the
NIST framework [White paper here]
• IBM Security solutions align with HIPAA
healthcare mandates [White paper here]
October 2018 -14-

IBM Security Product Integration Reference

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IBM Security Product Integration Reference

Uploaded by

Copyright:

Available Formats

IBM Security Product Integration Reference

IBM Security Immune System

October 2018 -1-

October 2018 -2-

• QRadar Vulnerability Manager can receive

• AppScan Enterprise sends application vulnerabilities

October 2018 -3-

• A QRadar plug-in allows users to push SIEM data

October 2018 -4-

The list of platforms (browsers/operating TRUSTEER WEB FRAUD SOLUTIONS

October 2018 -5-

October 2018 -6-

October 2018 -7-

IBM, customers and business partners to rapidly

October 2018 -8-

• Secret Server can integrate with any web ticketing

October 2018 -9-

October 2018 -10-

October 2018 -11-

October 2018 -12-

Relevance scripting capabilities supported by the

October 2018 -13-

• QRadar accepts feeds from zSecure, Guardium (bi-

• i2 Enterprise Insight Analysis integrates with third-

• Broad support for IPv6, SSL/TLS, X.509v3

October 2018 -14-

You might also like