Tivoli Security Readiness Assessment

Tivoli Security, Risk and Compliance Management

IBM Tivoli Identity Manager Enterprise Edition

This user provisioning and role management software is a secure, automated and policy-based solution for managing user roles, identities and access rights that span heterogeneous IT resources and delivers IAM governance.

  • Reduce overhead costs by automatically managing roles, accounts, and access rights throughout the user life cycle
  • Correct and remove noncompliant access rights through periodic recertification workflows or automatically via role-based access control policies
  • Manage and prevent business process conflicts through separation of duty policies
  • Centralize user access rights control while maintaining local autonomy via self-service features that also reduce help-desk load
  • Accelerate on boarding of new applications and users via pre-configured policies and templates
  • Be audit-ready and compliant with regulations by quickly producing detailed reports


IBM Tivoli Federated Identity Manager

IBM Tivoli® Federated Identity Management (FIM) provides a simple, loosely-coupled model for managing identity and access to resources that span companies or security domains. Rather than replicate identity and security administration at both companies, Tivoli Federated Identity Manager provides a simple model for managing identities and providing them with access to information and services in a trusted fashion. For companies deploying Service Oriented Architecture (SOA) and Web Services, FIM provides policy-based integrated security management for federated Web services. The foundation of FIM is trust, integrity, and privacy of data.

  • Improve user experience and reduce user administration costs by using Federated Single Sign On with customer, partner, agent and/or provider organizations
  • Minimize application impact, through drop-in federation capability
  • Allow collaboration with a wide variety of partner organizations, through concurrent support for all leading Federated Single Sign-On protocols
  • Integrate audit data collection and reporting.
  • Manage identity flow across services and deliver policy-based integrated security management
  • Align with open standards and specifications including Liberty, SAML, WS-Federation, WS-Security and WS-Trust
  • Simplify integration between companies and their partners' Web sites, including simplified session management
  • Improve business compliance by helping to reduce security exposure
  • Expand business reach of service providers creating revenue generating opportunities
  • Simplify administration of security in cross-enterprise business processes by delivering "security as services"
  • Deliver policy based integrated security management for SOA Web Services


Tivoli Federated Identity Manager Business Gateway

Secure and Economical Business Integration

IBM Tivoli® Federated Identity Manager Business Gateway is the ideal entry point for establishing federated Web SSO capabilities. Built especially for small-to-midsize organizations, this powerful collaboration software uses open standards to bring together customers, partners and suppliers—with a single, easy-to-deploy solution that provides a smooth migration pathway to an enterprise-level solution.

Implementing a federated SSO solution not only helps improve the user experience—by providing a single password for logon to multiple business partners—but it also enables you to more effectively manage identities across your infrastructure while preserving the confidentiality of user data.

  • Enables companies to simplify identity management and the ability for identity-based business processes to collaborate securely and seamlessly within a service-oriented architecture
  • Best-of-breed integrated solution from a proven vendor
  • The proven experience of IBM Services for Tivoli Federated Identity Manager and Tivoli identity management solutions
  • Low total cost of ownership
  • IT manageability
  • Lower user administration and provisioning costs related to identity management
  • Simplified integration between companies and their partners’ Web sites
  • Improved business compliance through reduced security exposure
  • Improved end-user experience through federated single-sign-on and single sign-off
  • Expanded business reach of service providers creating revenue-generating opportunities
  • Simplified administration


IBM Tivoli Access Manager for e-Business

Tivoli® Access Manager for e-business is a versatile solution for authentication and authorization problems. Primarily focused on Web applications, Access Manager implementations vary from simple Single Sign-on (SSO) to more complex security infrastructure deployments.

  • Implement centralized user authentication and authorization management for online portal and business initiatives
  • Deliver consistent Web single sign-on (SSO) to users across heterogeneous Web applications and services, including IBM WebSphere®, Microsoft®, SAP and many other application environments
  • Manage and enforce policy-based access control and Web security to your enterprise-wide applications, with the ability to scale to tens of millions of users
  • Expand federated access control to on- and off-premise applications, SaaS and cloud-based services and B2C user self care with the modular upgrade to IBM Tivoli Federated Identity Manager
  • Enhance integration with IBM WebSphere DataPower SOA Appliances for seamless SSO and user session management in Web 2.0 and Web services environments
  • Implement centralized Web SSO and access control for Java™ and .NET environments including Microsoft SharePoint and Exchange servers
  • Provide advanced security capabilities to address key Web vulnerabilities and support flexible strong and risk-based authentication  


Tivoli® Access Manager for Enterprise Single Sign-On can help organizations reduce costs, strengthen security, improve productivity and address compliance requirements.

  • Reduce password-related help-desk costs by lowering the number of password reset calls
  • Strengthen security and meet regulations through stronger passwords and an open authentication device interface with a wide choice of strong authentication factors supported out of the box
  • Facilitate compliance with privacy and security regulations by leveraging centralized auditing and reporting capabilities
  • Improve productivity and simplify the end-user experience by automating sign-on and using a single password to access all applications
  • Enable comprehensive session management of kiosk or shared workstations to improve security and user productivit
  • Enhance security by reducing poor end-user password behavior
  • Extend IBM Tivoli® Access Manager for e-business’s fine-grained authorization and entitlements for Web applications, by fully addressing single sign-on across all types of applications


Fortify security and audit UNIX and Linux systems

IBM Tivoli® Access Manager for Operating Systems software audits and fortifies security for UNIX®, Linux® and virtualized environments. It provides consistent security across the organization, fine-grained authorization, compliance reporting and access control for privileged and super users.

  • Defend against a top security threat: accidental, malicious and fraudulent behavior by internal users and employees
  • Help achieve the safety of fine-grained authorization for UNIX® and Linux® systems, for both administrators and users
  • Secure operating system-level virtualized environments, and audit and control privileged user access to virtualized environments
  • Streamline management of heterogeneous UNIX and Linux systems with integrated, delegated administration
  • Use extensible, configurable auditing capabilities to document compliance with regulations, corporate policy and other security mandates
  • Leverage best-practice security policy templates to help minimize implementation effort and time
  • Take advantage of mainframe-class security and auditing in a lightweight, easy-to-use product


IBM Tivoli Directory Server (LDAP)

IBM® Tivoli® Directory Server software provides a reliable platform for your enterprise security initiatives.This enterprise identity management software from Tivoli uses Lightweight Directory Access Protocol to provide a trusted identity data infrastructure for authentication.

  • Provides identity management for companies that want to deploy a robust and scalable identity infrastructure
  • Uses LDAP identity infrastructure software and meets LDAP v3 industry compliance standards
  • Enhances proxy server capabilities with flow control for managing requests and paging search results for single and multiple partitions and a smart fail-back mechanism to restore servers safely
  • Maintains high availability with master/subordinate and peer-to-peer replication capabilities and scheduled online or offline backup and remote restore
  • Supports virtual list views so that you can scroll forward or backward through entries in a large sorted data set and can record deleted entries
  • Evaluated under the Common Criteria (PDF, 371KB) at Evaluated Assurance Level 4, augmented by ALC_FLR.1 for Microsoft Windows Server 2003 R2 Enterprise Edition, IBM AIX 6.1, Sun Solaris 10 (SPARC), HP-UX 11i v3 (Itanium), Red Hat Advanced Server 5.1, SuSE Linux Enterprise Server 10 SP1
  • Supports leading platforms, including IBM AIX®, i5/OS®, z/OS®, Sun Solaris, Microsoft® Windows® Server, HP-UX, and SUSE and Red Hat Linux distributions


IBM Tivoli Directory Integrator

Synchronize data across multiple repositories

IBM Tivoli Directory Integrator helps organizations build an authoritative data infrastructure, enabling consistent data across multiple identity or generic data resources.

  • Transforms, moves and synchronizes generic and identity data residing in heterogeneous directories, databases, files, collaborative systems and applications, with real-time automated updates to the authoritative data source
  • Helps enhance the security, accuracy and integrity of generic and user identity data, while facilitating data migration, transformation to other file formats, and synchronization between two or more systems
  • Enhancements include a simplified interface to develop point-to-point integration; ability to visually step through data processed by an AssemblyLine; providing Tivoli Directory Integrator as a service using the Representational State Transfer interface
  • Provides an intuitive graphical user interface for development, deployment and maintenance of synchronization rules, as well as a scalable, Web-based operations monitoring administrative console
  • Provides an open synchronization architecture that supports multivendor IT infrastructures with ease of use, ease of deployment, and rapid time to value, while flexibly scaling from small to very large deployments
  • Helps accelerate deployment of IBM Tivoli® security management software such as IBM Tivoli Identity Manager, IBM Tivoli Access Manager and IBM Tivoli Federated Identity Manager, and other IBM infrastructure software, including IBM Tivoli Change and Configuration Management Database (CCMDB), IBM Tivoli Service Request Manager, IBM WebSphere®, IBM Lotus® Domino® and IBM Lotus Connections middleware
  • Supports a broad set of platforms, including IBM AIX®, IBM System z™, Microsoft® Windows®, UNIX® and Linux® environmentsOperating systems supported: AIX, HP-UX, i family, z/OS


Tivoli Security Information and Event Manager

Tivoli® Security Information and Event Manager manages logs and monitors privileged users for insider threat, audit and compliance initiatives.

  • Tivoli® Security Information and Event Manager protects intellectual property and privacy against insider threat and helps control the cost of demonstrating compliance
  • Facilitate compliance efforts with centralized dashboard and advanced reporting capabilities
  • Monitor and audit privileged user activities with easy-to-understand reports
  • Efficiently collect, store, investigate and retrieve native logs
  • Jump-start compliance reporting with regulation-specific Compliance Management Modules
  • Understand and alert on insider threat using near real time analytics