1 Introduction
KuppingerCole analysts have, for some time now, been cognizant of the limitations in the pro-active capabilities of Security Information and Event Management (SIEM) solutions. While expectations for SIEM to deliver have been high, research from real world implementations has shown that these solutions are not as effective as had been hoped. This is largely due to the difficulties in calibrating the overwhelming quantity of log and event information collected by SIEM systems in order to separate innocuous events from others that correspond to serious security incidents and merit a rapid response. This difficulty has made SIEM tools more useful for auditing and compliance requirements than as a reliable tool for responding in real time to serious attacks.
In response to these challenges with SIEM, an evolution of its defensive benefits was termed Real-Time Security Intelligence (RTSI), which, like SIEM tools, also relies on the collection, aggregation and correlation of activity information from key systems within an organisation. Yet unlike SIEM, which typically relied on manual calibration and classification of anomalous activity, RTSI makes use of the latest advances in analytics from the big data and business intelligence fields and is thereby able to use sophisticated algorithms and shared intelligence to perform continuous self-calibration. Modern RTSI solutions should not only be able to detect serious threats, but should also be capable of automatic mitigation responses to perceived threats.
While ideally no system within an organisation should be considered exempt from security monitoring and anomalous activity detection, the key importance of protecting privileged system access cannot be overstated. Instead of taking an all-or-nothing approach, risk mitigation should start with those accounts, systems or entitlements that have the potential to cause the greatest detrimental impact to an organisation should they be compromised. In most cases these high-risk privileges, which grant unfettered access to information systems, are known as administrator or root access credentials. It is here that risk mitigation should begin.
Far from being a niche market anymore, Privilege Management (PxM) is more and more becoming a mandatory component of any enterprise security infrastructure. Many vendors now offer integrated solutions for automating the discovery of privileged accounts, storing and managing privileged account credentials in a secured vault, and monitoring privileged access to servers, databases and network devices. Some vendors go further and implement real-time analytics to detect and/or prevent malicious activities. For a detailed overview of the leading PxM vendors, please refer to the KuppingerCole Leadership Compass on Privilege Management.
IBM is one of the leading companies in IT. Founded in 1911 it currently employs approximately 435,000 people and with reported revenues in excess of USD 100 Billion it is the second largest US based firm in terms of employees according to Fortune 2012.
IBM entered the field of IAM in 2002 with the acquisition of Access360 and has since then, through products like Tivoli Identity Manager, Tivoli Access Manager and Tivoli Federated Identity Manager, been a major player in the field of IAM. IBM is starting to show noticeable innovation in this field.
IBM Security Privileged Identity Manager, although a relatively new product for IBM, launched in 2012, is derived from mature IBM IAM technologies (IBM Security Identity Manager and IBM Security Access Manager for Enterprise Single Sign-on) on and other add-on modules, as well as integration with IBM Security’s threat intelligence and discovery capabilities and IBM Guardium for extended database security capabilities.