Security management solutionsBuyer’s guide: purchasing criteria

Help optimize your IT infrastructure by selecting the right security management solution.

22

With greater visibility across your infrastructure, you can:

• Proactively correct vulnerabilities before breaches occur.

• Initiate IT cost-reduction directives that include consolidating

and streamlining IT systems.

• Achieve ongoing policy compliance requirements.

• Automate processes to help reduce or avoid manpower

expenditures on routine but important security operations.

Centralization also facilitates decentralized administration —

giving the right amount of responsibility to the right indivi-

duals and groups, wherever they are. When you extend

security management with a federated identity management

solution, you can even delegate administration of security

between your company and its business partners. As a

result, you help simplify — and minimize the cost of —

administering identities for third-party users.

The right security management solution can help you do

more than effectively manage user accounts and security

risks. Your security infrastructure can become a true business

enabler — providing the flexibility and integration required to

quickly adapt to changing market requirements and secure

new on demand business initiatives and services.

Getting started

Choosing to implement a security management solution

is one thing; figuring out how to get started toward the

solution that’s right for your organization is another. It can be

intimidating to identify what kind of software you initially

need to invest in, let alone to choose the best vendor in the

area you select — a vendor that can support you throughout

the process of implementing your total solution.

Organizations of all sizes, across all industries often must

accommodate a growing number of users and devices

that require access to resources inside and outside the IT

organization. At the same time, the need to address evolving

audit requirements demands more responsiveness and

control than ever before.

These challenges require a robust security management

solution that is designed to work across platforms and

applications, and flex and scale with the rapidly changing

demands on security. A solution that can help you establish

centralized, automated policies and processes to help

minimize security risks. A solution that can free IT staff from

firefighting and time-consuming routine security tasks to

focus on critical business initiatives and better integration of

your existing systems.

Beyond demonstrating business policy compliance and

helping ensure timely access to business assets, an effective

security infrastructure can help you transform your enterprise

into an On Demand Business: an enterprise whose business

processes — integrated end-to-end across the company and

with key partners, suppliers and customers — can respond

with speed to any customer demand, market opportunity or

external threat.

Centralized security management allows you to address

many aspects of the ongoing effort to help control user

activities, minimize vulnerabilities and consistently execute

your security policies across the breadth of your organization.

3

If you identify the security concern that most affects your

business priorities, then you can focus on the kind of

solution that directly addresses that concern. Later, as needed,

you can expand into the other security areas that support

your business goals.

This document outlines the most common challenges that lead

companies to invest in security management, then indicates

which components directly address each challenge.

The overall goal: manage security and compliance cost-effectively

Competing in today’s world often requires an increased

interconnectedness — opening your enterprise, along

with its processes and applications, to a growing number

of employees, customers and business partners. This

interconnectedness can raise new challenges for your IT

staff — managing all these users and their access efficiently

and effectively. You should also take into account the

security of the devices that enter your network and access

your systems and applications, including traditional Web

browsers, mobile phones, handhelds and other devices.

Managing these risks is only part of the security management

task these days. Because recent worldwide political events,

external attacks, corporate financial crises and identity theft

have given security management more focus, there is a

growing requirement to enforce and demonstrate compliance

with enterprise or governmental security mandates. Many

organizations must improve their accountability and trans-

parency to adhere with regulations such as Sarbanes-Oxley

(SOX), the Health Insurance Portability and Accountability

Act (HIPAA), Basel II and many others — at a national or

international level. Companies can fail audits if they are

unable to demonstrate effective application of processes

and procedures used to grant access rights to users.

Too often, companies address these challenges with time-

consuming, inefficient processes that are prone to error

and very costly. They manage user accounts, access

controls and a wide variety of user devices in a piecemeal

fashion that requires substantial staff time. When responding

to audits, they retrieve critical information manually — from

spreadsheets and other documents. Instead, companies

need a security management solution that helps them

automate common security processes and consistently

administer corporate security policies.

To begin with security management, address your most

pressing challenges

Security management solutions should enable you to

adopt a cross-enterprise view to help you overcome your

security challenges and make the most of your business

opportunities. Today security management is not a single

integrated process — it is a set of loosely coupled activities

spanning multiple processes.

With extensive research and experience working with clients

of many sizes and in many different industries, IBM has

found that increasingly clients are now prioritizing security

management processes such as identity and access

44

management, vulnerability management and IT compliance

management. Any of these challenges — or a combination of

them — can be a place where your company can concentrate

its initial investment in security management.

• Identity and access management: Provision and manage user

accounts and access to resources, facilitate collaboration and

control the disclosure of information.

• Vulnerability management: Identify and address system

vulnerabilities through patching and other measures.

• IT compliance management: Establish, monitor and enforce

your corporate IT policies.

Security management encompasses all of these areas —

with each segment reinforcing the others. For example,

when you establish and enforce company-wide security

policies, you’ll be able to assess risks more easily. When

you establish user accounts according to a policy, you

can measure against that policy to be sure all accounts

and their access rights are valid. You can constantly monitor

against that policy to help ensure there are no orphan

accounts that can be used for attacks against your operation,

and that you have recorded when and to whom information

was disclosed. The more authoritative your data stores are,

the more confidence you can have that your security policy

will be administered correctly.

To identify a starting point for your organization, it helps to

see what each category encompasses. This buyer’s guide

provides checklists for each of these three starting points that

you can use when evaluating vendors and their products.

As you look for the solution that best addresses the challenge

you’ve prioritized, keep in mind the importance of a provider

who will be able to support the full breadth of your security

management solution.

Manage and provision both user accounts and access to resources

and information

From directory stores to single sign-on capabilities, identity

and access management is a critical component of your

security management solution. To help you pinpoint your

immediate needs, this table provides a closer look at

common requirements that lead companies to identity and

access management solutions and the appropriate areas of

identity and access management that help address these

requirements. Subsequently, this buyer’s guide includes

checklists for the various components of identity and

access management.

Deploy a user management and provisioning solution to

help establish cost-effective and consistent security

Your IT staff may spend an inordinate amount of time granting

and limiting user rights on a case-by-case basis. It can also

be costly and time-consuming to gather the information

you require to comply with security audits. These tasks

can drain IT resources away from projects that deliver greater

business value.

Automated workflows can reduce the cost of having IT staff

perform a repetitive task and help you administer security

in a uniform manner. A centralized user provisioning and

management solution can provide visibility across your

enterprise into exactly who has what rights. This visibility

enables you to track everyone who has access to your

systems and to align the degree of access you grant with

your business priorities and needs. User provi sioning and

management solutions should also enable you to maintain

accurate records of access rights changes for auditing

purposes — and thus help reduce the cost in terms of staff

time and money needed to comply with audit requirements.

5

You should make sure that the user management and

provisioning solution you select:

• Manages distributed sets of users and includes the ability to

assign users to one or more roles.

• Enforces security policies proactively — automates based on roles

and rules.

• Provides the ability to simulate policy change, so that you can

see the impact a new security policy may have on your users.

• Routes access requests through authorization processes and

escalates to alternate approvers if prompt action is not taken.

• Interfaces with applications, operating systems and resources

across your organization and those you might introduce in the

future — securely and efficiently.

• Provides significant standard reports to help respond to

compliance needs.

• Provides Web self-care interfaces to perform password and

personal information changes.

• Includes the necessary software components, including

necessary databases, LDAP servers, and Web and application

servers.

• Provides value beyond basic password management and scales

as your organization changes.

Help reduce the cost of establishing an authoritative

store of information

The cost and complexity of identity administration in today’s

environment are greatly tied to the process of creating and

managing user accounts. Whether you’re looking to grow

organically or through mergers and acquisitions, access

to new customers and markets — as well as a broader

range of products and services — is a strategic priority for

many initiatives.

If your company needs to: Start with:

Help reduce security administration

and support costs

User management and

provisioning

Keep track of all the users that

access systems

User management and

provisioning, access control

Manage identity information that is

spread out across multiple stores

Establishing an

authoritative store of

information

Deliver common services for your

service-oriented architecture

Federated identity

management

Implement single sign-on and unified

user experience

Access control, federated

identity management

Help reduce the cost of developing

adequate security for industry-leading

and internally built applications

Access control, federated

identity management

Help shore up security for deploying

portals and Web services

Access control, user

management and

provisioning, federated

identity management

To administer security consistently across your organization,

you should have some way to synchronize user information

in a highly efficient fashion. If an employee changes his or

her name, both the human resources database and all the

databases that deliver information about your company

to your customers should reflect the change. When a

prospective client or business partner becomes an active

client, changing the status in one information store should

initiate the same change in all other stores.

The solution lies in managing identities and controlling

access to resources. Identity management is a way to

address two key questions: who are you and what can

you access? An identity integration solution synchronizes

data across your organization. It helps you maximize the

66

accuracy of the data you maintain and reduce the costs

associated with manually updating that data. With a superior

identity integration solution, you can establish rules that

identify which groups and individuals have the authority to

change which data fields. The solution then pushes changes

made by those with authority out to all the other databases

where the same data is stored and utilized.

To find a superior identity integration solution, you should

look for one that:

• Deploys a distributed architecture that allows local groups

to manage the data they know best with the tools that make

them most productive.

• Supplies connectors to and integrates seamlessly with a

wide variety of repositories and technologies and enables

integration with new and existing enterprise Web services.

• Responds to predefined events, enabling automated, real-time

updates to your identity stores.

• Deploys rapidly and extends with minimum dependencies on

centralized data stores.

• Provides a centralized metaview with whatever directory or

database best meets your needs — without being locked into a

vendor’s proprietary data store.

• Enables you to deploy your solution as a metadirectory

(synchronizing data) or virtual directory (federating data

without overwriting) and easily migrate between the two

implementations with just one toolkit and one skill set

to manage.

• Deploys on any operating system platform to maximize

flexibility.

• Leverages reusable connectors and components.

• Integrates a wide variety of data types, including passwords.

Implement a high-performance 24x7 directory infrastructure

for global enterprise applications

To enable security management solutions, your infrastructure

typically needs to drive identity data to an increasing number

of directory-enabled applications. The situation is analogous

to critical highway infrastructure. The more comprehensive

and reliable the road network, the more value can be

derived from all the cars that use it. Similarly, the more

comprehensive and reliable your identity data infrastructure,

the more value you can derive from all the security

management and enterprise applications that use that data.

An on demand business requires a robust data engine that

can support large groups — up to hundreds of millions of

entries — and continue to demonstrate superior performance

even as the directory grows. A data engine that is:

• Open — your data engine should run on all major platforms.

To truly be a software platform for your entire enterprise, the

directory must offer dynamic, extensible support for the many

applications on which your enterprise depends.

• Reliable — to support global applications, companies like yours

increasingly need to create a 24x7 directory infrastructure.

Advanced replication capabilities — including a multimaster

capability — help provide high availability and rapid delivery

of frequently accessed content to anywhere in the world.

• Scalable — because your directories grow and consolidate,

you require a trusted relational database — not merely a

proprietary data store.

7

Federated identity management extends a company’s

security reach beyond the enterprise and into the ecosystem

to help simplify, secure and strengthen the administration of

users, Web services and data shared by business partners.

For example, consider a customer who logs on to the

brokerage site of a full-service financial services company

using one identity and password. If he decides to log on to

the credit card partner of his financial services provider, he

typically uses a different identity and password. In effect, the

companies are managing twice the infrastructure at twice

the cost.

The federated model enables not just users but also Web

services (or applications) to be integrated across company

or trust boundaries. This type of service integration is referred

to as service-oriented architecture (SOA). For example,

a jewelry supplier could use Web services to check real-

time inventory levels at a key retailer to ensure just-in-time

inventory levels.

The federated identity management solution you choose should:

• Deliver secure Web services, and thus aid the business in

leveraging a SOA that expands business for a relatively

minor investment.

• Enable single sign-on across an entire business ecosystem.

• Help minimize operational costs through user self-care.

• Help minimize identity infrastructure investment and

operational costs by eliminating redundant processes and

user accounts.

• Leverage an efficient, economic solution for integrating

application platforms such as IBM WebSphere® software,

Microsoft .NET and SAP.

To locate a directory infrastructure solution that meets these

three standards, you should seek one that:

• Is Certified LDAP, Version 3 Compliant by the Open Group.

• Supports leading platforms, including Microsoft® Windows®,

Linux®, IBM AIX®, Sun Solaris and HP-UX.

• Enables you to achieve the 24x7 availability required for

global enterprise applications through advanced replication

and multimastering capabilities — including support for dozens

of master copies of the directory and the ability to replicate

different directory subtrees against different masters.

• Has been widely deployed in a broad range of customer

applications around the world.

• Relies on a highly trusted relational database — rather than

a proprietary data store — for excellent scalability, reliability

and performance.

Deploy a federated identity management solution that can

simplify identity and access administration

Companies often need to share information, data and Web

services with business partners. You can help lower costs,

enhance productivity and optimize efficiency by improving

integration and communication with suppliers, business

partners and customers. Federated identity management

provides this link. Federation is the sharing of data and

Web services with business partners and customers.

Federated identity management enables businesses to

deliver more functional and cost-effective solutions. The

federated business model for identity management enables

companies to federate data to clients, trading partners and

customers whom would normally not have access. By doing

so, companies can minimize infrastructure investment and

operational costs. Instead of each company having to build

and operate its own expensive identity infrastructure, it can

spread the costs over the entire ecosystem.

8

• Help maximize compliance with business policies.

• Help ensure rapid deployment and easy integration by

supporting a wide number of standards, including Security

Assertion Markup Language (SAML), Liberty Alliance

and Web Services Federation Language (WS-Federation),

WS-Security and WS-Trust.

Select an access control solution that helps minimize your

vulnerability and can improve ease of use

Developing the security layer of an application often

accounts for as much as 30 percent of application cost

and time. By eliminating the need for application architects

to develop the security layer, access control solutions help

your IT staff deliver better applications faster and cheaper.

Access control solutions also enable you to improve the

usability and security of your customer-facing and partner-

facing applications. Capabilities such as single sign-on and

user self-service help increase employee productivity and

enhance the customer and partner experience. By providing

single sign-on — for your business partners, your suppliers

and your employees — access control solutions can minimize

a number of password-related problems:

• Multiple-password confusion

• Security exposure that can occur with writing down passwords

• IT staff time and resources spent administering passwords

and unlocking accounts

• Downtime that end users experience when locked out

of accounts

The access control solution you choose should:

• Perform and scale well in difficult, high-traffic conditions.

• Provide self-service interfaces for password resets, password

synchronization and user account updates, to reduce help-desk

costs and improve user satisfaction.

• Support multiple authentication methods and access devices

(desktops, PDAs, mobile phones and more) so that you can

work with as many different protocols as your users rely on

to access your system.

• Integrate easily and widely with identity servers, applications,

middleware, operating systems and platforms.

• Rely on open and de facto standards, including Java 2

Platform, Enterprise Edition (J2EE™), .NET and Web services,

to help maximize interoperability both now and in the future.

• Deploy policy-based security infrastructure to ease adminis-

tration and align security with your business rules and

business goals.

• Include single sign-on — with your existing desktop

infrastructure, other security environments and leading

online business applications.

Identify an access control solution for UNIX- and Linux-

specific security challenges

Access control for UNIX® and Linux environments is

particularly challenging. The top security threat that these

environments face is misbehavior by internal users and

employees. The key to fixing this issue is to more closely

control super-user (root) accounts. Super-user accounts

are particularly vulnerable to abuse because traditionally

there are no controls on the access rights of these accounts

and no way to audit the actions taken by people using

these accounts.

9

An access control solution for your UNIX and Linux systems

enables you to secure the applications, files and data on

these operating platforms and the platforms themselves. It

applies the same business policies you use to control access

throughout the enterprise to your UNIX and Linux resources

and creates a sophisticated audit trail for tracking users and

administrators.

To find a superior access control solution for your UNIX and

Linux environments, look for one that:

• Combines full-fledged intrusion prevention — host-based

firewall, application and platform protection, user tracking

and controls — with robust auditing and compliance checking.

• Includes best-practice (yet customizable) policies that enable

enterprises to quickly ramp up to effective security.

• Centrally manages access and audits across large numbers of

UNIX and Linux servers.

• Provides extensive auditing and detailed reports you can give

to regulators, external and corporate auditors.

• Delivers mainframe-class security and auditing in a

lightweight, easy-to-use product.

• Integrates GUI and policy database across security

applications for UNIX and Linux systems, Web applications

and IBM WebSphere MQ installations.

• Imposes negligible overhead (less than 1 percent), main-

tains security during system backup and provides a highly

scalable system.

Choose an access control solution that enhances the security

of your IBM WebSphere Business Integration environment

Companies that use WebSphere MQ to process personally

identifiable information and other types of sensitive data often

seek to protect message data end to end. Additionally, as

they use WebSphere MQ to tie together strings of applica-

tions, companies need a way to centrally manage both data

protection and access control policies.

An enhanced security solution for WebSphere MQ

enables these companies to demonstrate the integrity

and confidentiality of messages not just while in transit

from system to system, but also while under the control of

WebSphere MQ itself. Moreover, this enhanced security

solution applies business policy to ensure the desired

level of confidentiality and integrity for each transaction.

When analyzing enhanced security solutions for your

WebSphere MQ environment, make sure you select a

solution that:

• Helps strengthen security for high-value WebSphere MQ

transactions, without the need to modify or recompile

WebSphere MQ applications.

• Maintains strict data integrity and confidentiality, using

message-level audit capabilities to demonstrate compliance

with the defined security policy.

• Helps reduce administration costs through centralized

administration of access control and data-protection policies

across mainframe and distributed servers.

• Provides enterprise-wide management of security policies

for WebSphere MQ, including message integrity and

confidentiality, security audit posture and queue access-control

permissions from a Web-based administration tool.

• Is compatible with the other members of the IBM WebSphere

Business Integration family of products, including IBM

WebSphere MQ Workflow and IBM WebSphere Business

Integration Message and Event Brokers.

Assess and minimize system vulnerabilities across and beyond

your enterprise

Security breaches and cyberattacks within enterprises

have skyrocketed in recent years, causing significant IT

infrastructure damage and a significant loss of productivity.

Both intentional and unintentional employee and organiza-

tional behavior often cause the exposure and risk.

10

The need to keep systems safe has never been more neces-

sary, but the validation process is often time-consuming,

costly and inconsistent. At the same time, security adminis-

trators must be able to monitor whether users are current

with available patches and fixes — and prove to auditors that

security breaches are detected and managed.

A vulnerability management solution can help you centrally

assess security exposures and better understand the root

causes of these problems. With this increased insight,

you can proactively act to correct vulnerabilities before

breaches occur. If a security incident does occur, you can

automatically respond to it, which can help you minimize the

threat of widespread damage.

The vulnerability management solution you select should:

• Quickly confirm that all of your IT resources are configured

correctly relative to corporate policies.

• Automate scans of servers and desktop systems to help reduce

the cost and time associated with manual security checks.

• Prioritize the risks you want to mitigate against by leveraging

data about vulnerabilities in — and threats to — your various

types of assets.

• Monitor your systems for compliance, vulnerabilities and

threats — and use that information to refine your desired-state

security configurations, adjust the priority of the risks you

guard against and optimize best practices for responding

to problems.

• Centrally detect and assess attacks, threats and exposures in

real time by correlating security information and risk alerts

from firewalls, routers, networks, host- and application-

based intrusion detection systems, desktops and vulnerability

scanning tools.

Establish and enforce corporate security policies

Today’s organizations must be able to show auditors that

only valid users have access to protected applications

and servers — and that your policies are universally enforced.

To meet these requirements, organizations should employ

proactive security policies to protect data integrity and make

compliance management a pervasive and integrated part

of day-to-day business management. The policies should

seamlessly integrate with other business processes to

maintain consistent applications.

Far from being a burden, establishing an effective compliance

policy can help provide greater visibility across your current

infrastructure and business capabilities. As a result, you can

develop an infrastructure that addresses both compliance

and business initiatives — enabling you to respond swiftly to

market changes and regulatory mandates alike.

Look for an IT compliance management solution that enables

you to:

• Track everyone who has access to your systems.

• Properly align the access you grant with your business

priorities and needs.

• Provide a comprehensive, centralized control to enable

consistent execution of your security policies across the

breadth of your organization and across multiple applications,

heterogeneous IT resources and users.

• Apply common rules to control the release of data, including a

single, centralized log of all data disclosure activity.

• Maintain accurate records of access rights changes for audit

enforcement.

• Determine at a glance whether systems comply and instantly

inform those not in compliance.

11

Superior integration enables IBM security software to support your

long-term security strategy

When you begin to evaluate vendors for whichever security

management starting point you prioritize, you’ll find that IBM

offers not only a best-of-breed solution in that area, but also

unsurpassed breadth and integration across its security

solutions. When you’re ready to expand into other areas

of security management, IBM can support your long-term

security goals.

IBM’s leadership in integration is manifested in the way that

its solutions work together seamlessly and are built from

reusable components. When you deploy a new solution that

shares underlying functionality with your already-installed

solution, you don’t need to run two instances of the same

component.

Identity and access management

IBM software for user management and provisioning includes

the following offerings:

• IBM Tivoli® Identity Manager provides a security-rich,

automated and policy-based solution that helps effectively

manage user accounts and passwords from creation to

termination across heterogeneous environments. Tivoli Identity

Manager helps you increase user and IT efficiency, lower costs

and address audit needs.

• IBM Tivoli Directory Integrator provides real-time

synchronization among heterogeneous identity data sources,

allows you to establish an authoritative, up-to-date identity

data infrastructure and helps you make the most of your

existing investment in directory products.

• IBM Tivoli Directory Server provides a powerful LDAP

identity infrastructure that is the foundation for deploying

comprehensive identity management applications and

advanced software architectures.

You can also use IBM software to help you implement

federated identity management:

• IBM Tivoli Federated Identity Manager extends security man-

agement to both the identity provider and the service provider

infrastructure, enabling you to exchange user identification

and attributed information with trusted entities that share an

open standards–based authentication framework.

To help with access control, IBM Tivoli Access Manager

software provides consistent identity-driven control from a

single administration console, enabling single-policy access

management across a broad range of resources. The Tivoli

Access Manager family includes:

• IBM Tivoli Access Manager for e-business, which provides

end-to-end security for e-business, including single sign-on,

URL and application-level authorization, distributed Web-

based administration and policy-driven security.

• IBM Tivoli Access Manager for Operating Systems, which

protects individual application and operating system resources

by establishing rules that fine-tune access for all UNIX and

Linux accounts, including super-user and root accounts.

• IBM Tivoli Access Manager for Business Integration, which

enhances the native security services of WebSphere MQ to

provide end-to-end integrity and privacy of message data, and

centralized management of both data protection and access

control policy.

IBM offers powerful solutions across the security management cycle.

© Copyright IBM Corporation 2005

IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A.

Produced in the United States of America 07-05 All Rights Reserved

AIX, IBM, the IBM logo, the On Demand Business logo, Tivoli and WebSphere are trademarks of International Business Machines Corporation in the United States, other countries or both.

Linux is a trademark of Linus Torvalds in the United States, other countries or both.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries or both.

Other company, product and service names may be trademarks or service marks of others.

Customers are responsible for ensuring their own compliance with various laws such as the Sarbanes-Oxley Act. It is the customer’s sole responsibility to obtain the advice of competent legal counsel as to the identification and interpretation of any and all relevant laws that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal, accounting or auditing advice or represent or warrant that its products or services will ensure that customer is in compliance with any law.

G507-1117-00

Vulnerability management

For a vulnerability management solution, IBM offers:

• IBM Tivoli Security Compliance Manager, which can help you detect security risks

quickly and deal with them proactively. Tivoli Security Compliance Manager scans

servers and workstations to verify whether security controls are in place.

• IBM Tivoli Risk Manager, which can help you centrally assess and monitor

vulnerabilities and threats, to efficiently respond to security events.

IT compliance management

For IT compliance management, IBM offers:

• IBM Tivoli Identity Manager, which provides a security-rich, automated and

policy-based solution that helps effectively manage user accounts and passwords

from creation to termination across heterogeneous environments. Tivoli Identity

Manager helps you increase user and IT efficiency, lower costs, and address

compliance and audit needs.

• IBM Tivoli Federated Identity Manager, which extends security management to

both the identity provider and the service provider infrastructure, enabling you to

exchange user identification and attributed information with trusted entities that

share an open standards–based authentication framework.

• IBM Tivoli Access Manager family, which provides consistent identity-driven

control from a single administration console, enabling single-policy access

management across a broad range of resources. The Tivoli Access Manager family

includes IBM Tivoli Access Manager for e-business, IBM Tivoli Access Manager for

Operating Systems and IBM Tivoli Access Manager for Business Integration.

• IBM Tivoli Security Compliance Manager, which scans servers and workstations to

verify whether IT security controls are in place and that the systems comply with

your security policy.

For more information

To learn more about which security management solution is the right

starting place for your company and to discuss the benefits of IBM security

management software for your organization, contact your IBM representative or

IBM Business Partner, or visit ibm.com/tivoli/solutions/security