Skip to content

Enforcing policy: Nevis and Identity Management

What is Identity Management?
Microsoft defines Identity and Access Management as combining processes, technologies and policies to manage digital identities and specify how they are used to access resources [1].

These technologies include:

  • Account Provisioning and Synchronization
  • Authentication and Single Sign-On (SSO)
  • Authorization Rights Management
  • Access Control Enforcement to Managed Platforms
  • Auditing

Identity management architectures from leading vendors all provide at least the first two or three. In general, however, the last two – enforcement and user activity logging – remain problematic. Web applications are easily integrated with SSO portals and toolkits, but often legacy applications cannot be. These continue to rely on passwords, which can be easily shared contrary to policy or otherwise misused.

How Nevis Integrates
Nevis plays a key role in the identity management ecosystem by providing transparent, centrally managed, in-network policy enforcement points that operate at line rate and also provide details of specific user activities. In particular, Nevis LANenforcers:

  • authenticate users against managed databases using standard protocols;
  • establish a set of effective access control rules based on roles and access circumstances;
  • enforce access control policies either at the clients or at the managed servers;
  • audit security-relevant events, including routine user connections as well as anomalies

Nevis integrates with leading identity management architectures as another provisioned authorization database. Nevis provides standards-based “connectors” between these platforms and its LANsight Security Management appliance, enabling access rights to be updated and synchronized automatically.

Benefits

Benefits to using Nevis LANenforcers to complement an identity management rollout include:

  • user-based, in-network, line rate access policy enforcement,
  • cloaking of servers and applications from unauthorized users, in many cases permitting access to authorized users without the need for an additional password login,
  • automatically synchronized access rights database,
  • detailed audit trails of user activities, including both successful and failed accesses, with real-time visualization of current activities

These benefits are highlighted in addition to the other Nevis LAN Security benefits, which also include pre-admission endpoint integrity and persistent post-connect threat detection.

Nevis Complements Identity and Access Management

Identity Management Nevis
Account management and provisioning Authentication using managed AAA server
Access rights management Access rights enforcement
Authentication and SSO Server and service cloaking
Account and policy store synchronization Connectors for updating access policies
Auditing of management changes Auditing and visualization of user activities
[1] Microsoft Solutions for Security, Identity and Access Management Series, Fundamental Concepts,
http://www.microsoft.com/technet/security/guidance/identitymanagement/idmanage

Nevis complements Identity and Access Management solutions by providing line rate, in-network policy enforcement points with access policies managed by the identity management system.