atos cybersecurity
TRANSCRIPT
© Atos
Atos CybersecurityDirX Kundenveranstaltung
18. November 2021
Ralf Knöringer Manager Competence Center IAM
Atos Big Data & Cybersecurity DeutschlandDirX Kundenveranstaltung 2021 – Agenda
Zeit Inhalte Referenten
10:00-12:00 Teil 1 – Produktneuheiten & Live-Demo
10:00-10:15 Willkommen und Neues von Atos Cybersecurity Ralf Knöringer, Leiter Competence Center DirX
10:15-11:00 DirX Roadmap - Highlights Gary Weissenbacher, Leiter Produktmanagement
11:00-11:45 Live Demo – Neue RESTful API, Business User GUI, Governance& Compliance mit DirX Audit
Vahid Asadi, Senior Solution Manager
11:45-12:00 Q&A und Zusammenfassung Teil 1 Alle
13:30-15:00 Teil 2 – Best Practice Sharing/Kundenberichte
13:30-14:00 Kundenprojektbericht: Access Management mit IDV ZH Broker beim Kanton Zürich (Identity Federation im Public Sektor)
Leo Stucky, Amt für Informatik des Kanton Zürich
14:00-14:45 Best Practice - IAM Konzerndienste bei AtosLive Demo – Integration Cloud-Services
Marcus Diemer,IAM Application Owner, Atos Global IT
14:45-15:00 Q&A und Ende der Veranstaltung Ralf Knöringer
© Atos - For internal use
Identity and Access Management
DirX Roadmap & News
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Content overview
Atos in a NutshellNews in CyberSecurity
Atos DirX IAM Portfolio
DirX Roadmap
Analysts View
01.
02.
03.
04.
4
Atos in a NutshellNews in CyberSecurity
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use 6
#1 in managed security services Europe and#3 worldwide
In a Nutshell
105,000 business technologistsin 71 countries worldwide
€11.2 bn revenue and €1 bn operating margin
Global leader in cloud anddigital workplace
Worldwide IT Partner of the Olympic and Paralympic Games
c.€235 m R&Dper annum
85,000 new digital certifications
14.9 tCO2/m€ revenue industry best-in-class
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use 7
A recognized Industry Leader
#1 in managed security services in Europe and #3 worldwide
Best-in-class computing power
Global leader in private cloud
Global leader in cloud and digital workplace
Pioneer in edge server technology
Leader in accessibility solutions
Pioneering quantum technology with the Atos Quantum Learning machine
Global market leader in Enterprise Single Sign On
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
BDS - Big Data & Cyber Security
Big Data & Cybersecurity (BDS) division is responsible for the product and security services offering of Atos. Its mission is to answer enterprise, public sector and defense customer needs for turning data into a business differentiating advantage and secure their information assets.
BDS is the Atos Powerhouse for Cybersecurity and High Performance Computing
#1 European and #4 worldwide player in Big Data & HPC
#1 European and #3 worldwide provider in Cybersecurity
900 M Euros – 5,200 experts
8
The Atos IAM Portfolio is a key building block of the BDS Cybersecurity Strategy. With DirX BDS provides leading IAM technology made in Germany to customers worldwide.
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use 9
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
BDS Big Data & Cyber SecurityRecent Acquisitions - Atos invests in technology and capabilities for Cybersecurity
10
Cryptovision designs, develops and implements cryptography software, security solutions and hardware products. Its unique solutions are made in Germany, certified by the Federal Office for Information Security (BSI) and accredited by the NATO.
SEC Consult is a leader in providing cybersecurity consulting, penetration testing, red teaming and technical assessment services in DACH, APAC regions (Singapore, Thailand, Malaysia) and North America (over 200 highly skilled specialists)
GreenShield VS E2EE e-mail and file
Scinterface Smartcard middleware supporting 2FA, Login, VPN, SSO, PIN Cache
Already tested and operational with DirX
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Teaser – Proposal for additional Webinars Learning more about the DirX cybersecurity ecosystem
IAM and PAM (Privileged Access Management)• Warum ? Unterbinden von Lateral Movement, da Ransomeware-Angriffe meistens damit starten
• Was liefert Atos ? Die Verbindung von IAM und PAM schützt Zugriffsrechte auf die Kernressourcen des Unternehmens
• Ecosystem ? DirX, Wallix, CyberArc,
IAM, PKI und Verschlüsselung• Warum ? End-to-end Security und 2FA in Verbindung mit sicherem Identitätsmanagement
• Was liefert Atos ? Smart Card, Tokens, PKI Produkte, Trust Center im Zusammenspiel mit DirX IAM
• Ecosystem? Atos Trust Center, IDnomic PKI, Cryptovision Security, Card OS , DirX Access
11
Integrated IAM• Warum ? IAM als integrierter Dienst in allen Web Services
• Was liefert Atos ? Einführung in die effiziente Nutzung der DirX Services mit RESTful APIs und Federation (SAML, OpenID)
DirX Portfolio
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
DirX DirectoryHigh-end LDAP / X.500 Directory Server and LDAP ProxyIn-memory database, LDAP Proxy, support of dynamic groups, very large CRL’s, enhanced security for IoT
DirX AccessIdentity Federation, Access Management, and SSO for the Connected WorldMulti-tenant, cloud-ready, risk-based authentication, FIDO, SAML 2.0, authorization XACML 3.0, OAuth, RESTful interfaces
DirX AuditAnalytics and Intelligence for Identity and Access ManagementMulti-tenant, cloud-ready, risk-based, historical identity data, context-based analysis and correlation of events, customizable reporting
DirX IdentityUser and Access Management aligned with Business ProcessesMulti-tenant, cloud-ready, risk-based identity and access governance, RESTful interfaces, BUI, SCIM
DirX State of the Art: integrated Product Suite for Identity and Access Management under one Brand
13
DirX
DirX Roadmap
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Identity Management and GovernanceDirX Identity
• Comprehensive identity management and risk-aware governance for heterogeneous environments
• Creation and consolidation of unique digital identities from HCM and other sources
• Centralized and automated role- and rule-based user management
• Delegated administration and self-service
• Access certification campaigns
• Provisioning of accounts and group/role memberships in IT systems and applications (incl. Cloud)
• Audit and reporting of user access rights on enterprise level
• Integrated role management based on RBAC with context-based assignments, SoD, and risk-awareness
• Process-oriented with integrated workflow
• Comprehensive integration with SAP
• Rich set of connectors incl. cloud interfaces and RESTful interfaces
• Scalability, reliability and high availability
Key StrengthsDescription
15
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Identity Governance and AdministrationDirX Identity V8.9
16
July 2019
V8.9 – Advanced Service and Cloud• Extension of Business User
Interface• Actor / Approver / Delegation
• Extended RESTful interfaces:• Provisioning of additional
cloud services / SCIM
• Extended Salesforce connector
• Tec Update (Java 11, Tomcat, Win 2019, Web Center)
V8.9 SP2: February 2021
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Identity Governance and AdministrationDirX Identity Roadmap
17
2022Q4 2021
V9.0 – Comprehensive RESTful Interfaces• Fully configurable Business
User Interface and RESTful services
• Extended cloud integration• Generic SCIM connector
• SAP Cloud Platform (SCP)
• Optimized maintenance
• Support automated certificate management
V8.10 – Additional Cloud Services• Extension of RESTful interfaces
and Business User Interface• User Management
• Certification Campaigns
• New RACF Connector
• Simplifying deployment, configurability, operability
• Tec Update
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Federation, SSO, and Access ManagementDirX Access
• Identity federation with cloud services, business partners, and social platforms based on SAML 2.0, OAuth 2.0, OpenID Connect and Microsoft ADFS
• Centralized, risk-based authentication, Web single sign-on, and session management
• Multiple authorization models based on XACML 3.0 (e.g. RBAC and ABAC) to support powerful and complex authorization
• Support of FIDO-based authentication methods
• RESTful client services and detailed audit trails for user access to resources
• Adaptive and context-based risk assessment of access requests
• Supports a large variety of authentication methods
• Support of a broad range of authorization models
• Based on standard XML and Web services technologies ( OpenID Connect, SAML, UMA, FIDO, XACML, WS-*…)
• Platform-independent, multi-tenant, cloud-ready, and service-oriented
Key StrengthsDescription
18
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Federation, SSO, and Access ManagementDirX Access V9.0
19
July 2021
V9.0 – Evolving Security
▪ Improving security and scalability
▪ Extended Authorization Service Layer
▪ Focus on Authentication & Identity Federation features
▪ Simplified architecture
▪ Extended RESTful Interfaces for admin functionality
▪ Tec Update: TLS 1.3; Linux update
V9.0 SP1: October 2021
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Federation, SSO, and Access ManagementDirX Access Roadmap
20
2023Q4 2022
V9.1 – Evolving Security• Resilience against security attacks
• Extended Microsoft Azure integration
• Simplifying deployment, configurability, operability
• Extended RESTful Interfaces for admin functionality and new management console
• Tec Update
V9.2 – Enhanced Serviceability• Improving security and
scalability
• Extended Authorization Service Layer
• Zero trust ready
• Support automated certificate management
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Analytics and IntelligenceDirX Audit
21
• Collection of IAM audit logs from different sources and transformation into a common format
• Secure storage of audit logs in one (or more) central databases (multi-tenant) incl. historical identity data
• Filtering, analysis, and correlation of audit data
• Dashboard with KPIs, statistics, and metrics
• Continuous risk assessment of identities
• Controlled access to audit logs
• Extended audit reports based on templates
• Customizable, incl. additional audit sources
• Continuous insight into IAM activities, incl. reviewing identities in the past and point-in-time comparisons
• Allows for classifying and analyzing the risks of identities’ access rights
• Consolidation and correlation of identity audit logs
• Open and flexible architecture and platform-independent
Key StrengthsDescription
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Analytics and IntelligenceDirX Audit V7.1
22
July 2020
V7.1 – Advanced Reporting• Additional Reports: configurable
business reports with MS Excel output (70+ templates)
• Database performance and resilience
• Tec Update: Windows Server 2019, Java 11, Tomcat 9, database support SQL Server 2019, Oracle 18c and 19c
V7.1 SP1 August 2021
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Analytics and IntelligenceDirX Audit Roadmap
23
2023Q2 2022
V9.1 – Prescriptive Analytics• Automated policy / control scans -
alarming
• Violation notifications with configurable thresholds (changes / errors per time interval and high risk users)
• Support automated certificate management
V9.0 –Advanced Service Management• Additional business report
• Simplifying deployment, configurability, operability
• Automatic monitoring of database KPI’s
• Tec Update; new database and LINUX versions
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Directory ServerDirX Directory
• LDAP / X.500 directory server with Standard-based distribution incl. integrated LDAP Proxy
• High availability through floating master
• Rich security features, X.509/PKI support, and comprehensive and flexible password policies
• Powerful LDIF import and export incl. high-performance offline loader
• Change logs and event triggering
• Scriptable and graphical administration
• Auditing, monitoring, and SNMP traps and Integration with Nagios monitoring
• Fully integrated backup and restore
• Excellent robustness, scalability, and high availability
• Outstanding read and write performance with 100+ million entries in one single server
• Support of very large groups (incl. nested and dynamic groups)
• Integrated LDAP Proxy
• Comprehensive auditing and monitoring
• No downtime for administration and backup
Key StrengthsDescription
24
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Directory ServerDirX Directory V8.9
25
August 2020
V8.9 – Advanced Service Management• LDAP Proxy extended search
result rewrite rules
• New LDAP controls
• Optimized operation and runtime with extended runtime checks for DSA and DBAM cache repair
• Tec Update: SLES 15, RHEL 8, OpenSSL 1.1.1 / TLS 1.3
ID
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
Directory ServerDirX Directory Roadmap
26
2022Q4 2021
V9.0 – Advanced Proxy• Additional LDAP Proxy features
• Multiple sources
• Optimized operation support
• Additional LDAP controls
• Enhanced Linux security
• Additional documentation
• Tec Update
V9.1 – Advanced Service Management• Simplifying deployment,
configurability, operability
• Advanced monitoring / diagnostic
• Identity Provider (IdP) Bundle
• RESTful interfaces
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
DirX RoadmapOutlook 2023
DirX Audit 7.1 SP1
• Service Management
DirX Identity 8.10
• BUI / RESTful
DirX Access 9.0
• Adaptive Security
DirX Directory 9.0
• Advanced Proxy
2021
CloudManageability
DirX Audit 9.0
• Advanced Performance
DirX Identity 9.0
• Accessibility / SCIM
DirX Access 9.1
• BUI / Azure Integration
DirX Directory 9.1
• RESTful
2022
Service Provider Serviceability
DirX Audit 9.1
• Prescriptive Analytics
DirX Identity 9.1
• RESTful / SCIM / Cloud
DirX Access 9.2
• Zero Trust Architecture
DirX Directory 9.2
Zero Trust / RESTful
2023
Zero TrustReady
27
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
End of Software MaintenancePlanned
28
Product
Version
Date of
General Availability
End of
Software Maintenance
DirX Audit V7.0 June 2018 June 30th, 2022
DirX Audit V7.1 July 2020 July 31st, 2023
DirX Identity V8.7 December 2017 March 31st, 2022
DirX Identity V8.9 July 2019 December 31st, 2023
DirX Access V8.7 December 2017 December 31st, 2021
DirX Access V8.9 June 2019 December 31st, 2022
DirX Access V8.10 December 2019 June 30th, 2023
DirX Access V9.0 July 2021 July 31st, 2024
DirX Directory V8.7 December 2018 June 30th, 2022
DirX Directory V8.9 August 2020 August 31st, 2023
Analysts View
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
DirX Identity and Access ManagementClients (Overview)
30
En
terp
rise
Pu
blic S
ecto
r
Schweizer Bahn
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
DirX @ AtosFour Major Services based on Standard DirX Products
Atos Name
Description User Community Use Case Service Delivery
WAC Web Access Control, Federation, Security, and Audit
All Atos Employees and Partner
Access Management & Federation; IdP
Global Delivery Center Poland
DAS2 Corporate Directory, Identity Management, Password Reset, and Provisioning
All Atos Employees and Partner
Corporate Directory & IdM
Global Delivery Center Poland
ASN-IAM Privilege User Management, Access Control and certification for Admins
All Atos Admins and Client Admins
Privilege UserManagement (PUM)
Global Delivery Center Poland
MCaaS Atos Voice Service; Management of unified communication based on OSILA
All Atos Employees Subscriber Management
IDM Germany
31
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
What Analysts say about DirX
“DirX Identity is a mature offering for IGA, delivering both leading-edge Identity Provisioning capabilities and a strong Access Governance feature set and ... added a modern user
interface”
“Atos DirX Directory counts amongst the leading-edge directory services in the market. It is a very mature product, benefiting from continuous enhancements and innovations”
“DirX Access counts amongst the most feature-rich solutions on the market with a specific strength to support for specific capabilities such as session state sharing and Dynamic
Authorization Management”
“DirX Audit is a very powerful solution that complements DirX Identity and DirX Access. DirX Audit goes well-beyond what is found in many other Access Intelligence solutions”
32
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
EXECUTIVE VIEW Atos DirX Access
Atos DirX Access is a mature solution for Access Management, covering the full range of targets from legacy web applications to modern SaaS services. It comes with comprehensive support for modern standards, including FIDO 2.0. A specific strength is the support for specific capabilities such as session state sharing across servers, Dynamic Authorization Management, or integrated User Behavior Analytics. Atos DirX Access counts amongst the most feature-rich solutions on the market.
Atos DirX Accesshttps://www.kuppingercole.com/report/ev80167
33
| 18.11.2021 | Gary Weissenbacher | © Atos - For internal use
DirX Identity and Access ManagementKey Strengths
Atos is a major player in the identity and access management market and offers standard-based leading-edge technology for scalability, reliability, and high availability
Atos has a long track record of successful customer solutions implementation and is a reliable and globally acting partner for international enterprises and organizations
The DirX products help customers to ensure regulatory compliance, support business agility, and provide a proven return on investment
34
Atos, the Atos logo, Atos | Syntel are registered trademarks of the Atos group. October 2021. © 2021 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/ or distributed nor quoted without prior written approval from Atos.
© Atos - For internal use
Thank you!