IBM Security QRadar

 View Only

Identity-driven Security with IBM Cloud Identity + IBM QRadar

By Korinne Alpers posted Tue June 02, 2020 04:13 PM


Against the backdrop of the current, unprecedented environment, businesses are forced to rapidly adapt and adjust to a new normal. We see more and more teams moving to a work from home model. Over the span of 2 weeks, we have witnessed cases where clients have moved more than 97% of their workforce out of the traditional office environment. With a decentralized workforce, organizations cannot simply rely on traditional network perimeter security measures. They need ways to securely access applications and data - both on-prem and in the cloud.

The work from home model amplifies, and in some cases, introduces new risks to an organization including:


  • Teams accessing corporate cloud resources using unsecured personal devices.
  • Teams accessing SaaS apps or other cloud services unknown to or unsanctioned by the organization.
  • Teams spinning up new cloud services.


To be fair, many of these problems are not new. Most businesses are aware that these risks accompany the adoption of a hybrid cloud architecture. But, with the recent crisis, businesses are required to make immediate and, in many cases, unplanned security decisions. By using an identity-driven (or identity-based) security approach, businesses can protect their organization data, users, applications, and devices.  


What is identity-driven security?


Put simply, identity-driven security is the approach of controlling access to services and applications based on authenticated identity. At the heart of this approach is Identity and access management (IAM). IAM is designed to ensure that users can access only what they are permitted to, and only on known devices. However, deploying effective IAM across an organization should never come with a trade off against usability and simplicity. This is where IBM Cloud Identity fits in.


What is IBM Cloud Identity?


IBM Cloud Identity is an Identity-as-a-Service (IDaaS) solution that provides secure identity management with Single Sign-on (SSO), context-aware Multi-factor Authentication (MFA), user lifecycle management, and a full set of risk analytics.


What is an IDaaS, and why does IBM Cloud Identity stand out?


IDaaS refers to a cloud-based solution that provides IAM in order to help control user access to resources from a hosted environment. There are many advantages to using an IDaaS solution, but the core benefit is rapid time to value. Businesses can minimize overhead and reduce deployment complexity with an IDaaS, allowing teams to quickly deploy IT resources with secure management services in place.  


IBM Cloud Identity bridges traditional on-prem IAM to the cloud, meeting businesses where they are in adopting cloud services, and provides organizations with the ability to extend existing infrastructure via a simple interface, in order to allow businesses to deploy IAM at scale.




What’s possible with IBM Cloud Identity?


Single Sign-on (SSO)


This service provides a unified application launchpad and set of SSO capabilities, from any device, to any application. These include:


  • Employee-facing launchpads to access any application
  • A cloud directory for organizations that don’t already have a user directory
  • The ability to sync on-premises directories like Microsoft AD for use with cloud applications
  • Support for multiple federation standards, including SAML, OAuth and OpenID Connect
  • Ability to extend SSO to UEM with IBM Security MaaS360 integration


Multi-factor Authentication (MFA)


Via IBM Cloud Identity, users can protect web, cloud, mobile, VPNs, and operating systems with flexible MFA. These capabilities include:


  • A simple UI for defining and modifying access controls
  • One-time passcodes delivered via email, SMS, or mobile push notification
  • Biometric authentication, including fingerprint, face, voice, and user presentation.
  • Second-factor authentication for VPNs
  • SDKs to integrate mobile apps with the broader access security platform
  • Risk-based user authorization and authentication policies



User lifecycle management


With this service, administrators can request, approve, provision, and recertify user access to applications. This allows organization to:


  • Streamline and accelerate joiner-mover-leaver provisioning processes
  • Deliver self-service options to end users so that they can request access to applications, as well as reset and manage their passwords.


Adaptive access


This service also provides the ability to assess the full context of a user’s attributes and enforce MFA when elevated risks are identified, including:


  • Easily granting access to low-risk users, and block or challenge access in higher-risk conditions with contextual authentication
  • Policy editing capabitlies to apply AI-informed access policies to prompt for MFA based on behavioral biometrics, device fingerprint, geolocation, and more.



IBM Cloud Identity + IBM QRadar


Cloud IAM capabilities can be further enhanced and extended by integrating with a SIEM. By integrating IBM Cloud Identity with IBM QRadar, security teams can gain rapid visibility and take immediate actions against threats.


QRadar’s integration with IBM Cloud Identity is possible through the available QRadar Cloud Identity DSM. With the Cloud Identity DSM, security teams can easily monitor authentication events, SSO events, and management events and place them in the context of their larger threat monitoring program.


I could easily list out the numerous value-points associated with QRadar’s integration with Cloud Identity, but a recent customer example perhaps works best. One of our customers, a large automotive company, uses Cloud Identity for their 22 million car owners. Every day, they have customers accessing their accounts, making payments, making profile modifications, and logging in from various parts of the world and it is critical that all events are monitored and tracked in order to defend against malicious activity. By using QRadar and IBM Cloud Identity together, they are able to pull in all event data and empower their Security Operations Center (SOC) to instantly diagnose any issues that may occur, and take action on them. Together, these solutions help protect their users and the corporate assets, whether they are accessed from with the traditional security perimeter or from connected and geographically-dispersed, home offices.


To learn more about IBM Cloud Identity and IBM QRadar, check out the resources below.




IBM Cloud Identity



IBM QRadar + IBM Cloud Identity