Professional Documents
Culture Documents
IBM offers a rich solution portfolio organized into a comprehensive security immune system
designed to help organizations protect their on-premise, cloud, and hybrid IT environments.
Our robust set of offerings can be delivered through our Security Transformation Services which
include the industry expertise and best practice methodologies needed to help organizations
transform their security program.
And all of the IBM Security offerings are backed by an extensive business partner ecosystem
which extends to industry-leading technologies, sales and service partners
We use an immune system as an analogy for how our IBM Security offerings work together, to
protect your IT infrastructure, much like our body’s immune system defends us from attacks on
our health.
As humans, we have finely tuned—and highly adaptive—immune systems ready to help us fight
off all kinds of attacks that would otherwise threaten to destroy us. Made up of cells, tissues and
organs that work together to defend us against attacks by “foreign” invaders, a healthy immune
system can distinguish between the body’s own cells and those that don’t belong. It’s an
intelligent, organized and efficient system that can instantly recognize an invader and take
action to either block its entry or destroy it.
As an immune system, IBM's security products are highly integrated – across IBM solutions and
with non-IBM solutions via standards adoption.
Blue-highlighted text indicates areas where IBM is delivering integration or interoperability that is
unique in the industry.
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• QRadar supports a wide range of event • Device support modules (DSMs) have been written
collection standards - syslog, SNMP, OpSec, to allow the QRadar platform to accept, correlate,
SDEE, JDBC and others. analyze and derive meaning from event and audit
• QRadar is unique in terms of the depth to log information originating from a vast array of
which it can add to the collected security hardware and software sources, including both z
Security
intelligence and factor it into a more mainframe and distributed sources. For the latest
Intelligence,
accurate picture of attack status and what list of products supported by QRadar SIEM DSMs,
Incident
to do about it. It is expandable with event see the “IBM Security QRadar DSM Configuration
Response and
processor, flow processor, and combined Guide” on the “IBM Security QRadar SIEM Product
Intelligence
event and flow processor appliances. It can Documentation for 7.2.4” page – Log Sources Users
Analysis
directly collect NetFlow, J-Flow, sFlow and Guide
IPFIX data. • From the perspective of integration across IBM
• QRadar supports the IF-MAP standard for security products, QRadar DSMs are available for
publishing the information it generates. IBM Security Access Manager, IBM Security Identity
Governance and Intelligence, IBM Security AppScan
• QRadar Incident Forensics can pull in *.pcap
products, IBM Security zSecure suite, Guardium,
files, which are Ethernet packet sniffer files.
iSeries, AIX, IBM Security BigFix and WebSphere.
• QVM can accept vulnerability scanner QRadar can pull in asset information from network
results from competitive vulnerability scanners or CMDBs using AXIS format, a proprietary
scanners (e.g. Nessus, McAfee Vulnerability XML format for importing asset information. (Log
Scanner, nCircle, Rapid 7, NMAP, Saint, Enhanced Event Format (LEEF) is the log format
SecureScout, Beyond Security, Digital QRadar uses.)
Defense, eEye REM, FoundScan, IBM
AppScan (Enterprise), IBM Guardium, IBM
• Cisco’s Threat Grid App integrates with IBM QRadar,
enabling analysts to quickly identify, understand and
BigFix and Juniper NSM Profiler).
respond to system threats rapidly through the
QRadar dashboard. [Whitepaper]
• The IBM QRadar + Cisco Firepower App's integration
provides extended visibility and context across Cisco
alerts and log data derived from Firepower’s
firewalls, intrusion prevention and advanced
malware protection capabilities and flows it directly
into the QRadar security event dashboard. This
enables security analysts to drill down into the
detailed event data for faster, to more accurately
and quickly identify the top priorities for threat
investigation and response.
• In general, IBM Security App Exchange enables many
infrastructure solutions to integrate with QRadar,
promoting better, quicker and more comprehensive
coverage.
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• The LDAP V3 standard is implemented in • With QRadar User Behavior Analytics’ integration
highly scalable, highly available IBM with ISAM and IGI, UBA detects risky user behavior
Security Directory Server product, which is with and ISAM and IGI can automatically suspend
delivered in many IBM security, risky users’ accounts while incident investigation
transactional, and other solutions today. progresses.
People (Identity
and Access • IBM Security Directory Server is The Open • Cloud Identity Connect offers customers significant
Governance) Group LDAP v2 certified, and its last efficiencies with no-touch IDaaS and EMM
Common Criteria certification was at an EAL integration. With Cloud Identity Connect, ISAM,
4 level. Cloud Identity Service and MaaS360, IBM is the only
• Access Manager can work with IBM Security single vendor that seamlessly integrates IDaaS, EMM
Directory Server or with many other, LDAP and on-premises IAM.
V3-compliant registries • Customers attempting to access an Access Manager
• Access Manager supports SSO and Web protected resource can be required to use a Trusteer
Access Management (WAM) to Web and Secure Browser for access.
application servers as well as Kerberos and • The Trusteer Mobile Browser can make Access
J2EE environments and can support a broad Manager aware of the status of the connecting
range of single sign-on methods. mobile device, preventing, for example, connections
• As of 1Q 2018, ISAM ESSO browser support from infected or jail-broken or unpatched phones.
includes Google Chrome, Microsoft Edge • Security Access Manager can identify Trusteer
and Next Firefox ESR Mobile and Rapport headers, to prevent non-secure
• ISAM ESSO supports a broad array of multi- browsers from connecting, and to promote
factor authentication devices, including: download of Rapport to non-secure workstations.
o Charismathics USB Key (smart card) • There is automated Pinpoint snippet integration
o HID Prox Cards using Security Access Manager. Thus, there is no
o HID iClass Cards need to touch web applications to deploy Pinpoint.
o Indala Cards • IBM Security Access Manager can leverage a number
o Mifare Cards of strong authentication solutions via App Exchange.
o RFIDeas’ iTag Solutions include Bioconnect biometrics, Veridium
o EM Cards biometrics, ImageWare Systems’ GoVerify
o XyLoc Cards biometrics, crossmatch DigitalPersona biometrics,
o RFIDeas pcProx-Sonar Yubico’s hardware-based token, and mobile multi-
o UPEK fingerprint readers factor authentication from DualAuth and buypass.
o DigitalPersona fingerprint readers
• IBM MaaS360 users can easily access enterprise
o Lenovo ThinkPad fingerprint readers
resources via Access Manager, with minimal
o Other BioAPI compliant readers,
authentication friction. MaaS360 utilizes existing
subject to test certification
Access Manager infrastructure (access to SaaS apps,
o Other BIO-key supported readers,
MaaS360-enablement enterprise mobile apps and
subject to test certification
enterprise web apps) while enabling access from
o VASCO OTP tokens
mobile devices.
o Authenex OTP (OATH) tokens
o Other OATH compliant tokens, • MaaS360 allows Access Manager to dynamically
subject to test certification assess risk associated with mobile app access using
o Cell phone authentication contextual information about the device (e.g.
o Smart cards compatible with management status, device ID, jail-broken status).
Gemalto, Charismatics and SafeSign This adaptive authentication provides graded trust
certified middleware to improve mobile security posture while providing
the least obtrusive end user experience.
• Access Manager's support for HTTP 1.1
essentially makes it interoperable with any • A primary strength of the Access Manager family of
products is its integration with a wealth of target
applications, directories and environments. The
of today's browsers, whether on a impressive specifics behind this are covered in the
workstation, laptop, tablet or mobile phone IBM Security Integration Factory page.
• Access Manager supports Web Services • IBM’s Access Management Appliances (physical and
Description Language (WSDL) virtual) are threat aware, thanks to the Web
• Identity Governance and Intelligence application subset of X-Force’s Protocol Analysis
People (Identity supports Service Provisioning Markup Module (PAM) being implemented in the appliances.
and Access Language (SPML) and Directory Services X-Force feeds provide Access Manager customers
Governance) – Markup Language (DSML - a standard for with the latest protection against web application
expressing LDAP functions and retrieving attacks.
continued
data in XML.) • The IBM Identity Governance and Intelligence
• Access Manager supports SAML tokens and Lifecycle and Enterprise Editions integrates
protocol, OAuth Tokens, Open ID protocol seamlessly with an Access Manager’s set of group
and selected parts of the Cross-domain definitions and corresponding access rules. IGI can
Identity Management (SCIM) protocol. create/manage Access Manager’s groups.
• IBM Security Directory Server, IBM Security • The IBM Identity Governance and Intelligence
Directory Integrator and IBM Security Lifecycle and Enterprise Edition’s role-based
Identity Governance and Intelligence management that is in the IGI Lifecycle and
support Directory Services Markup Enterprise Editions can synchronize Access Manager
Language (DSML) passwords
• The IBM Identity Governance and Intelligence
Lifecycle and Enterprise Edition’s role-based
management that is in the IGI Lifecycle and
Enterprise Editions includes an Access Manager
adapter. Therefore, all the value accruing to the
automated lifecycle management of IGI’s workflow
and its reconciliation/ recertification capabilities
apply to Access Manager and its target applications.
• The Web SSO that Access Manager can include SSO
for IGI administrators into the IGI administrator GUI.
• IBM Security Access Manager for DataPower is an
integrated software module for IBM DataPower
Gateways that provides access management security
for web, mobile and cloud workloads. It enables a
single, converged gateway solution for securing an
organization's current and future business channel
needs.
• IBM WebSphere DataPower integrates with IBM
Security Access Manager’s (SAM’s) federation
capabilities by acting as an enforcement point for
SAM-managed OAuth tokens
• Access Manager supports .NET, ASP.NET, IIS,
SharePoint, Exchange and Office 365.
• IBM Security Directory Integrator's connectors form
the "fit and finish" glue code for countless identity
and access management implementations. Its
purpose is interoperability and it is used (among
many other examples) to build Identity Governance
and Intelligence adapters, to build identity
warehouses in Access Manager, and much more.
Through its flexibility, Directory Integrator allows
People (Identity
• IBM Security Identity Governance and Intelligence’s
and Access (IGI) includes functions formerly in IBM Security
Governance) – Identity Manager in its Lifecycle Edition and
Enterprise Edition.
continued
• IGI includes a module to deliver access risk control,
SOD, and compliance for SAP.
• IGI can also integrate with NetIQ Identity Manager
(NIM). So customers who currently have NetIQ have
a choice – if they want to keep NetIQ, they can add
SIG Access Governance capabilities on top of NIM in
matter of hours. If they want to transition to the
IBM integrated Identity Governance and
Management solution, they can add SIG capabilities
on top of NIM first, then decommission NIM,
bringing in IBM Security Identity Governance and
Intelligence.
• IBM Security Access Manager for ESSO virtual and
thin-client support: SAM ESSO supports Virtual
Desktop Infrastructure technologies like VMware
View, Citrix XenDesktop and the IBM Virtual Desktop
for Smart Business. SAM ESSO also supports
application virtualization technologies like Microsoft
App-V (formerly SoftGrid) and Citrix XenApps. The
ESSO Server is available as a virtual appliance that
can be deployed on a VMware ESX/ESXi hypervisor.
The software distribution of the server can also be
installed and managed on a virtual infrastructure.
Application and Desktop virtualization integration
with ESSO can be leveraged from a host of end
points including iPads, Android devices (which have
Citrix Receiver apps downloaded on them), Thin
Clients (Wyse, HP) with Windows 2009 embedded
operating systems as well as Zero Clients.
• SAM ESSO mobile support: ESSO's Web Workplace
provides SSO to web applications accessed over
devices like iPads, Android, etc. ESSO also provides
SSO to virtualized applications accessed via
technologies like Citrix XenApps. Additionally, for
scenarios involving virtualized desktops accessed
over mobile devices like iPads and Android as is
common in healthcare and financial services, ESSO
supports Citrix XenDesktop, VMware View and IBM
Virtual Desktop for Smart Business.
• IBM IGI provisions accounts to RACF. zSecure
creates and manages entitlements within RACF.
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• Guardium supports these protocols and • Guardium's database activity monitoring and audit
interfaces: LDAP, Radius, Kerberos, MS-AD, capabilities work with a wide range of target
CEF, CVE, CCE, CPE, OVAL, XCCDF, CVSS, platforms including databases (IBM DB2, IBM
Syslog, SNMP, LEEF, AXIS, SCAP, STIG, CIS Informix, IBM IMS, Sybase ASE, Sybase IQ, MS SQL
Benchmark, FTP, SCP, SMTP, RSA tokens, Server, PostgreSQL, Sun MySQL and Sun MySQL
Data Security
CSV, PDF, XML, XACML, SQL, HTTP, Hive, Cluster), data warehouses (Teradata and IBM
Hbase, HDFS, MapReduce and others. Netezza, Exadata), Bid Data-Hadoop (IBM
• IBM made considerable contributions to the BigInsights, Cloudera, Hadoop, Hortonworks,
Key Management Interoperability Protocol Cassandra, SAP HANA, MongoDB, Greenplum,
(KMIP) standard and its IBM Security Key CouchDB, NoSQL), file systems (IBM VSAM,
Lifecycle Manager product follows the Microsoft SharePoint, FTP, Windows File Share
standard, which greatly expands the (WFS)) and applications (HTTP, IBM WebSphere
number of encryption devices for which it Application Server, IBM Cognos, Oracle eBusiness
can provide encryption key lifecycle Suite, SAP, Oracle PeopleSoft and Siebel)
management. • Guardium interoperates with the following, for ease
• IBM Security Key Lifecycle Manager also of IT administration: Remedy, PeopleSoft, IBM Tivoli
follows: Netcool, HP Openview, IBM Tivoli Request Manager,
o Java security standards, to enable it to BMC Remedy, HP Peregrine, McAfee EPO, IBM Tivoli
share keystore with other Java Provisioning Manager, RPM, IBM Tivoli Storage
components Manager, IBM Netezza, EMC Centera, Nitro, Nagios
o Common Cryptographic Architecture and F5 load balancer.
(CCA), for support of encryption keys on • Guardium interoperates with the following for
z/mainframe machines SIEM/audit/compliance purposes: IBM QRadar SIEM,
o T10 security protocol for proper IBM QRadar Log Manager, IBM Security Information
integration with SCSI devices and Event Manager, HP ArcSight, EMC RSA enVision,
o NIST SP800 – 131a – “Recommendation F5 BIG-IP Application Security Manager, McAfee
for Transitioning the Use of EPO, EMC RSA SecurID, Radius, Kerberos, MS Active
Cryptographic Algorithms and Key Directory, LDAP, IBM Security Directory Server and
Length” IBM BigFix.
• IBM Security Key Lifecycle Manager works • Guardium provides vulnerability assessment
with Hardware Security Modules (HSMs) information of database servers to BigFix to help
that support FIPS and Common Criteria BigFix understand the database risk in the scope of
standards. Examples are: other endpoints.
o SafeNet Luna SA 5.0 and SA 4.5 • zSecure Audit integration enhances Guardium
o nCipher nShield Connect 1500 Vulnerability Assessment for DB2 on System z, to
o IBM 4765 PCIe Cryptographic include assessment of RACF privileges
Coprocessor (AIX only)
o IBM 4758 PCIe Cryptographic • IBM Security Key Lifecycle Manager for z/OS
Coprocessor keystores work in conjunction with Integrated
Cryptographic Services Facility (ICSF) on the
mainframe to provide the highly-secure protection
of the mainframe cryptographic hardware. With
SKLM, customers can use a RACF keyring for the
master keystore.
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• AppScan Source (static testing) supports • AppScan Standard includes a .NET SDK, a command-
Java, JSP, C, C++, Classic ASP (VB6), COBOL, line interface (for integration with build and
.NET, PHP, HTML, Perl, ColdFusion, Client- automation systems), an extension framework, for
Side JavaScript, Server-Side JavaScript, augmenting and adapting AppScan to meet
VBScript, PL/SQL and T-SQL, Android (Java), customer-specific needs and a Python-script-based
Application
Security IOS/Objective C. platform for extending penetration testing.
• AppScan Dynamic testing products • AppScan Enterprise includes a REST API
(AppScan Standard and AppScan Enterprise) • AppScan Source includes a Java reporting API,
can test web applications and web services command line interface, as well as Ant/Maven/Make
- either REST or SOAP written in any build integrations
language because they are not language
• AppScan also integrates with:
dependent.
o IBM's QRadar, making AppScan reports available
• The AppScan family has the largest list of to QRadar, improving QRadar’s asset database
supported languages for the apps it can with additional, useful vulnerability information.
scan for vulnerabilities: o Defect tracking systems such as IBM's Rational
o Java o Go Team Concert, Microsoft Team Foundation
o .NET o Scala Server, etc.
o JavaScript o Clojure • AppScan integrates with Eclipse and IBM Worklight
o PHP o Groovy mobile application development platform
o Node.JS o Android
o C/C++ o Perl
• AppScan Enterprise sends application vulnerabilities
o Ruby to QVM for additional context and prioritization
o Pascal
o Objective-C • Application Security on Cloud integrates with IBM
UrbanCode, a tool for automating application
In addition, IBM Security Mobile Analyzer deployments through our customers’ environments.
(part of IBM Application Security on Cloud)
can analyze SWIFT applications; and
AppScan Dynamic testing products
(AppScan Standard and AppScan Enterprise)
can test Python dynamic analysis.
• Open Source Analyzer has the broadest,
most up-to-date set of identified Open
Source vulnerabilities from public and
proprietary sources
• Open Source Analyzer supports multiple
sources of remediation advice, including
from IBM X-Force
IBM Security
Framework Standards-Based Proprietary
Segment Integration Examples Integration Examples
• IBM BigFix supports the widest range of • Cisco’s Threat Grid App integrates with IBM QRadar,
endpoint platforms (Windows, Mac, UNIX, enabling analysts to quickly identify, understand and
Linux and VMware) and a wide range of 3rd respond to system threats rapidly through the
party application patches (Adobe, Mozilla, QRadar dashboard. [Whitepaper]
Infrastructure
Java, . . .) • The IBM QRadar + Cisco Firepower App's integration
(Network, provides extended visibility and context across Cisco
Endpoint and alerts and log data derived from Firepower’s
Mainframe) firewalls, intrusion prevention and advanced
malware protection capabilities and flows it directly
into the QRadar security event dashboard. This
enables security analysts to drill down into the
detailed event data for faster, to more accurately
and quickly identify the top priorities for threat
investigation and response.
• The Resilient integration for QRadar is available on
the IBM Security App Exchange. Integrating IBM
QRadar into the Resilient Incident Response
Platform (IRP) allows clients to manually or
automatically escalate QRadar offenses into Resilient
incidents and enrich Resilient artifacts with data
from QRadar.
• In general, IBM Security App Exchange enables many
infrastructure solutions to integrate with QRadar,
promoting better, quicker and more comprehensive
coverage.
• BigFix integrates with Resilient Incident Response
Platform and with QRadar. For example, with BigFix,
customers can:
o Search for an indication of compromise (IOC) from
Resilient across their endpoints.
o Ask BigFix for all known info about a specific
endpoint
o Initiate remediation action from Resilient for all
BigFix-known endpoints
And QRadar integration examples include:
o BigFix Server Events and Detect Alerts are
incorporated into the QRadar Console and
correlated with other QRadar events for more
effective security analytics
o QVM/QRM feeds prioritized vulnerabilities to
BigFix Compliance for rapid remediation and
status updated in QRadar to form close-looped
vulnerability management
o BigFix App for QRadar enables SOC Analysts and
Managers to access deep, real-time endpoint data
(patch/vulnerability status, AV deployment, attack
alert, etc.) from familiar QRadar Console screens
• BigFix offers many methods for integration into, and
out of the solution. BigFix features extensive
integration and automation capabilities using the