What is Identity Management?
Microsoft defines Identity and Access Management as combining processes, technologies and policies to manage digital identities and specify how they are used to access resources [1].
These technologies include:
- Account Provisioning and Synchronization
- Authentication and Single Sign-On (SSO)
- Authorization Rights Management
- Access Control Enforcement to Managed Platforms
- Auditing
Identity management architectures from leading vendors all provide at least the first two or three. In general, however, the last two – enforcement and user activity logging – remain problematic. Web applications are easily integrated with SSO portals and toolkits, but often legacy applications cannot be. These continue to rely on passwords, which can be easily shared contrary to policy or otherwise misused.
How Nevis Integrates
Nevis plays a key role in the identity management ecosystem by providing transparent, centrally managed, in-network policy enforcement points that operate at line rate and also provide details of specific user activities. In particular, Nevis LANenforcers:
- authenticate users against managed databases using standard protocols;
- establish a set of effective access control rules based on roles and access circumstances;
- enforce access control policies either at the clients or at the managed servers;
- audit security-relevant events, including routine user connections as well as anomalies
Nevis integrates with leading identity management architectures as another provisioned authorization database. Nevis provides standards-based “connectors” between these platforms and its LANsight Security Management appliance, enabling access rights to be updated and synchronized automatically.
Benefits
Benefits to using Nevis LANenforcers to complement an identity management rollout include:
- user-based, in-network, line rate access policy enforcement,
- cloaking of servers and applications from unauthorized users, in many cases permitting access to authorized users without the need for an additional password login,
- automatically synchronized access rights database,
- detailed audit trails of user activities, including both successful and failed accesses, with real-time visualization of current activities
These benefits are highlighted in addition to the other Nevis LAN Security benefits, which also include pre-admission endpoint integrity and persistent post-connect threat detection.
Nevis Complements Identity and Access Management
Identity Management | Nevis |
Account management and provisioning | Authentication using managed AAA server |
Access rights management | Access rights enforcement |
Authentication and SSO | Server and service cloaking |
Account and policy store synchronization | Connectors for updating access policies |
Auditing of management changes | Auditing and visualization of user activities |
http://www.microsoft.com/technet/security/guidance/identitymanagement/idmanage
Nevis complements Identity and Access Management solutions by providing line rate, in-network policy enforcement points with access policies managed by the identity management system.