March 13, 2015 By Satyakam Jyotiprakash 2 min read

Intelligence means having a wealth of knowledge and deep analytical skills to make the right decisions. With security being organizations’ top concern, it is vital to make those right decisions while providing user access. After all, user access is still the weakest link in security. At the same time, today’s IT environments are becoming more and more complex from the adoption of the cloud, mobile and social. These trends are further exposing organizations’ employees, partners and customers to cybercrime. Therefore, each firm’s access management solution must be powered by intelligence to prevent any illegitimate access.

Backed by Intelligence

Web applications are often the most vulnerable part of an IT environment, and yet they have to be given direct paths to the Internet. Therefore, these vulnerabilities can be exploited quite easily. An access management solution typically sits between Web application servers and the Internet to inspect HTTP traffic and user sessions to block attempted exploits. Only when the access management solution is backed by a world-class intelligence system does it prove to be powerful enough to block most attack vectors.

For example, IBM Security Access Manager™ leverages intelligence provided by the X-Force Protocol Analysis Module™ to provide continually updated Web content protection. The system has been proven to be 100 percent effective in blocking the top 10 inline-preventable attack vectors, as defined by the Open Web Application Security Project.

Intelligence on Top

Furthermore, security intelligence is required alongside the access management solution so organizations can identify anomalies in real time and take proactive measures to reduce their risk. In order for them to gain deep insights into how users access information hosted on-premises or in the cloud, the access management solution must integrate with a security information and event management solution, such as the QRadar Security Intelligence Platform™. This helps the organization generate comprehensive reports that demonstrate a strong compliance posture while staying a step ahead of the latest Web-based threats for years to come.

Access Management for Today’s Multiperimeter World

A powerful access management solution built for today’s multiperimeter world must pursue threat intelligence research to provide advanced threat protection and integrate with a security intelligence platform if it is to gain insight into user behavior. At the same time, today’s access management solutions must secure user access to mobile and Web applications, improve identity assurance with flexible authentication schemes and enforce context-aware authorization.

Organizations need their access management solution to be comprehensive as well as easy to deploy and manage while it lowers the total cost of ownership and improves time to value. IBM Security Access Manager is a unique, appliance-based access management solution that addresses these requirements. It also protects organizations from high-risk mobile devices by integrating with IBM Trusteer Mobile SDK™ and manages advanced fraud and malware with ease by integrating with IBM Trusteer Pinpoint™.

Several global leaders in identity and access management (IAM) security will showcase their latest solutions at the Gartner Identity and Access Management Summit, which is scheduled from March 16 to March 17 in London. This event will take a business-centric approach to IAM, with an agenda that covers how to enhance business outcomes with IAM solutions while addressing the strategic trends that will drive IAM requirements over the next several years.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today