Product: Tivoli Security ManagementManufacturer: IBMURL: www.ibm.com/software/tivoli/solutions/security

"Open source software is now the major source of elevated security vulnerabilities for IT buyers. The poster child for security glitches is no longer Microsoft; this label now belongs to open source and Linux software suppliers."

--Nov. 12, 2002, by Jim Hurley and Eric Hemmendinger, The Aberdeen Group

The IBM Tivoli security management solution for Linux provides enhanced security of the Linux and UNIX environments helping to stop Root security breaches, enabling companies to centrally manage and consistently enforce security policies and secures Web applications running on a variety of platforms including Linux and UNIX systems. It also helps protect the organization from both internal and external security incidents and offers exceptional scalability up to tens of millions of web users and for large complex multi-processor systems.

Two recently enhanced Tivoli product solutions provide robust security for Linux and UNIX environments:

IBM Tivoli Access Manager for Operating Systems provides mainframe-style security for Linux and UNIX systems. Because it is the only product of its kind with a multi-threaded design, this product is able to deliver outstanding throughput. It provides protection and auditing options that apply across users of the system--including Root, the most difficult to secure Linux/UNIX user group. It can help you reduce risk, make users more accountable, reduce administrative overhead and centralize security policy.

IBM Tivoli Access Manager for e-business uses Linux and other platforms as the basis for a security proxy for Web and other applications. By providing authentication and authorization options for Web servers, IBM Tivoli Access Manager for e-business provides Web single sign-on, rapid deployment of secure applications and centralized administration of access policies. IBM Tivoli Access Manager is a leader in extranet access management, according to Gartner. It has been recognized in the leaders quadrant of Gartner's Extranet Access Management 2H02 Magic Quadrant.

IBM provides a highly integrated security management solution to help companies quickly realize ROI by bringing users, systems and applications online fast--automating user management, access rights, and privacy preferences. It helps companies actively monitor, correlate and quickly respond to IT security threats across the e-business infrastructure, spanning operating systems to web servers, web applications and customer applications.

The IBM Tivoli security management solution provides exceptional value through interoperability with provisioning, privacy, identity and security event management capabilities. This standards-based scalable solution provides out-of-the-box interoperability with over 60 applications and products including Siebel, mySAP.com, Plumtree, Epicentric, WebSphere, BEA and many others.

"A lot of companies have gone to a lot of effort to protect themselves from being hacked, but it's a lot harder to stop a rogue employee. We have the technology, but we're not using it."

--James Vaules, head of the National Fraud Center, as quoted in The Washington Post, Dec. 3, 2002

IBM Tivoli Access Manager for Operating Systems provides a centrally administered solution to help prevent unauthorized access to Linux and UNIX systems. It promotes consistent security policy enforcement across multiple Linux and UNIX platforms, while allowing auditing of security-related events

IBM Tivoli Access Manager for Operating Systems helps protect against internal threats by creating an operating system "firewall." It hooks a security layer onto the Linux and UNIX kernels. This security layer intercepts calls to the operating systems and applies a security policy specified by the organization. The security administrator may create these policies, or the organization may elect to use Tivoli's Fast Start Policy Modules, which are pre-defined security policies. These pre-defined policies can help accelerate return on investment by making it easy to apply security policies for specific areas of the business. Examples of specific business areas include but are not limited to: enhancing Web security, and providing additional controls for CRM or ERP solutions.

IBM Tivoli Access Manager for Operating Systems allows administrators to set and enforce security policies that apply to users--including Root, the most difficult to secure user group. This capability is also utilized to support autonomic functionality such as self-protection and self-configuration. There are three types of security policies: Password Policy, Login Policy and Resource Policy. IBM Tivoli Access Manager for Operating Systems empowers security administrators to finely control all three. Administrators can, for example, determine which users can switch to other IDs; set access and use rights on files and applications (including kill rights); limit login ability by time of day or terminal type; and enforce robust password strength rules.

Equally important to safeguarding resources is auditing access to resources. IBM Tivoli Access Manager for Operating Systems can provide a centralized report on security events, allowing administrators to review which users accessed what resources how and when. IBM Tivoli Access Manager for Operating Systems utilizes a multithreaded design with advanced caching that adds significant authorization control while avoiding noticeable overhead. It typically imposes less than 1% overhead on the system.

In today's complex and heterogeneous organization, an effective security solution must be able to secure and run on a wide variety of platforms. IBM Tivoli Access Manager for Operating Systems can make the differences between IBM AIX, Sun Solaris, Hewlett-Packard HP-UX and Linux transparent to administrators and help create consistent enforcement of security policies across platform boundaries.

IBM Tivoli Access Manager for Operating Systems can help reduce administration costs through Web-based delegated administration. This capability can be used to delegate selected management capabilities to authorized partners or business units. It also does not require a change to administrative practices. Protections apply whether accesses are made through command shells or through applications.

"IBM's software already gives companies more control over their security policies across a broad range of platforms, and our clients will benefit from being able to extend those same security policies across their Linux environment."

--Frank Schreiber, Managing Director, GlobalVision

IBM Tivoli Access Manager for e-business provides award winning, autonomic, policy-based fine-grained Web access control for Linux. It has been recognized in the leaders quadrant of Gartner's Extranet Access Management 2H02 Magic Quadrant. It helps address the challenges of e-business security and enable new and rapidly scaling e-business initiatives to reach new markets and customers quickly.

IBM Tivoli Access Manager for e-business delivers record shattering authentication and authorization performance that scales to support millions of users. This conclusion is based on tests Mindcraft did on Sun Enterprise servers using their AuthMark Benchmark Extranet Scenario. IBM Tivoli Access Manager for e-business was 52% faster than any other product, and 67% faster than was ever measured on a Sun server.

IBM Tivoli Access Manager for e-business helps reduce complexity and management costs by supporting access control across a wide range of Web and application resources. This assists companies by helping reduce deployment time and cost for e-business applications. Writing security controls into applications typically accounts for about 30% of development time and cost. Using IBM Tivoli Access Manager for e-business can eliminate this, while providing a solution that scales to millions of users.

IBM Tivoli Access Manager for e-business controls both wired and wireless access to applications and data, and provides Web Single Sign-On (SSO) for all authorized users. IBM Tivoli Access Manager for e-business interoperates with e-business applications to deliver a secure personalized e-business experience for authorized users. IBM Tivoli Access Manager provides security for key CRM, ERP and SCM e-business solutions, as well as enhancements for securing J2EE-conforming applications running on or . IBM Tivoli Access Manager for e-business provides partners, customers, suppliers and employees with secure access to business-critical applications and data for highly available, scalable transactions.

IBM Tivoli Access Manager for e-business helps companies achieve superior return on investment, improve customer relationships and increase productivity by:

"Extranet Access Management 2H02 Magic Quadrant Report," January 8, 2003, Research Note by John Pescatore and Ray Wagner.