Leveraging Identity as a Key Pillar of Zero Trust
IBM Security
June 2020
2
A new approach is needed that puts identity at the center of the security program
Continuously Authenticate
Authenticate every action
Enforce informedpolicies to
protect data
Beyondcorp(Google)
CARTA(Gartner)
Zero Trust(Forrester)
Proven Security models in the industry
IBM Security / © 2020 IBM Corporation
IBM Security / © 2019 IBM Corporation / IBM Confidential - Shared Under NDA
Risk Scoring forAdaptive Access
DeviceStrong global deviceID
AccountUser account attributes
BehaviorUser patterns
and journey analysis
EnvironmentUser network environment
ActivityUser’s current activity
DigitalIdentity Trust
Adaptive Access Use Case
Adaptive Access combines the ease and flexibility of IDaaS with the power of Fraud Prevention
• A Risk Level is assigned for every Authentication attempt
• Simple Policy Engine assigns an action to each Risk Level for connected applications and services
• Every Auth Attempt triggers an action based on Risk Level – approve, step-up challenge, deny
• Users notified when their account triggers a risk-based challenge
• Reporting shows impact of Adaptive Access on user experience
5
Meet our user, Francine
IBM Security / © 2020 IBM Corporation
6IBM Security / © 2020 IBM Corporation
Standard Login
8
Login while Travelling
IBM Security / © 2020 IBM Corporation 9
Insider Threat
IBM Security / © 2020 IBM Corporation 10
Malicious Login
IBM Security / © 2020 IBM Corporation
Access granted – no passwordMedium Risk: Password requiredHigh Risk: Multifactor RequiredVery High Risk: Access Denied
IBM Security Verify : Smart Identity for the Hybrid Multicloud World
7
Modular identity platform that runs anywhere, and adaptively governs and connects all users, APIs, and devices to any application or service running inside or outside of the enterprise
IBM Security / © 2020 IBM Corporation
IdentityAnalytics
AdaptiveAccess
Decentralized Identity
Intelligent Governance
Proactive Threat Mitigation
People
Monitor | Detect | Orchestrate
Provision | Certify | Analyze
APIs & ThingsContinuous Access Control
Authenticate | Authorize | Connect
Analyze and improve
IBM Security / © 2019 IBM Corporation
Define context Verify and enforce Resolve incidents
Roadmap to Zero Trust
Discovery & ClassificationEncryption
User
Data
Application
Device
Network
Identity GovernanceLPA, SOD
Audit of all apps
Mobile Device ManagementNetwork Asset VisibilityMicrosegmentation
Data Activity MonitoringData Loss Prevention
Manage Access with MFA, SSO, PAM, RBA
Conditional AccessContainer ManagementPolicy EnforcementMobile Threat ManagementNetwork Monitoring
Dynamic Blocking of Access to Apps & Data
Quarantine User IDsRemove Access
RemediationEncryption at endpointsBlock network traffic and access
Getting started
9
1. Learn about Adaptive Accesshttps://adaptiveaccessguide.mybluemix.net/
2. Get help on your Zero Trust journey with IBM Zero Trust Offerings & Acceleration Serviceshttps://www.ibm.com/security/zero-trust
3. Try out IBM Security Verify with Adaptive Access for no charge, for up to 5 applications, free for an unlimited timehttps://www.ibm.com/account/reg/us-en/signup?formid=urx-30041