Identity & access management the focus of Dellโs new security approach
โWeโre bringing all these technologies together: privileged accounts now integrate with the firewall, and two-factor authentication integrates with SonicWall,โ said Evans. โWeโre starting to roll out these integration points.โ
An example of the sort of solutions the integration of Dellโs security portfolio can allow centres around the Dell Security Analytics Engine, which does risk scoring in real time when a user requests access to the corporate network. It notes if youโre logging in from a corporate or non-corporate network, whether youโre using a corporate-approved device, where youโre located, the time of day and more. A risk score is sent to Dell Cloud Access Manager, which can make a real-time authentication decision.
โSo if Iโm logging in Sunday from Las Vegas, it may decide that I have the right user name and password so weโll implement setup authentication and ask me for a one-time token,โ said Evans. โBut if Iโm logging in from 1:00 AM from North Korea, it may lock me out.โ
The solution uses Dell One Identity Cloud Access Manager, geo location information from SonicWall, Dell Defender for authentication, and a readily available blacklist โ Dell SecureWorks have that integrated. Lockout is a policy decision; administrators set the policies and what happens based on the risk score.
While security is often seen as a priority for the IT department and something to be tolerated by business users, Dell is pitching its I&AM portfolio as a tool for business enablement tool.
โWhen users are burdened with onerous security hurdles theyโll find a way around it. The ability for this technology to give IT the ability to turn the security knobs up and down in real time is the real benefit,โ said Evans. โIf a customer can just use their user name and password nine times out of 10, the one-time 10 they need to use a one-time token theyโll understand. I&AM is a discipline fueled not just by security, but business efficiency and productivity.โ
Dell sees a real greenfield opportunity around identity management said Timothy G. Brown, a Dell fellow and executive director for security in the Dell Software group. It took Dell by surprise, but he said the customer lists of the major players in the space, such as IBM, Oracle and CA, donโt extend much below the Fortune 1000. Brown said even many state governments donโt have identity management solutions in place.
โPrivilege management should reach the point of being good security hygiene. You should never give anyone access to your root or your Oracle admin. Itโs bad for them and bad for the company,โ said Brown โWeโre seeing a lot more instances of targeted phishing attacks against individuals with this access, and these are the worst attacks in terms of financial loss and damage to the company. And theyโre becoming more common.โ
Related Download
Sponsor: Fortinet
Securing your network and application infrastructure Part 3: Staying ahead of hackers
Network security challenges are evolving faster than ever as a result of new technologies and application complexity. In addition, many old issues continue to plague organizations, from simple password security to keeping software up-to-date.
Register Now