For those following my IAM blogs this past year, you may have observed that by happenstance they have served as a logbook for some of the most important advancements that the NetIQ Access Management product line has ever seen. Just this past week, NetIQ Risk Service v2 was announced.
While the previous version of the Risk Service could be integrated with Micro Focus Interset, this new version offers true plug and play integration using specialized smart connectors. This integration helps organizations become cyber resilient by enabling them to intelligently adapt their security in the face of rising threats and malicious actors. This prebuilt integration is impressive for several reasons:
- They are built explicitly for identifying risky behavior common to accessing protected information, meaning that they baseline the behavior specifically relevant to accessing protected resources.
- The prebuilt connectors drive the baselining of the metrics that matter. Interset’s engine uses these predefined criteria to do the rest; meaning, you don’t have to configure any metrics that identify when risk needs to be managed. You simply point the Risk Service to the URL of your Interset instance along with the certificate information, and you’re done.
- The system providing the scores to the risk service is self-maintaining. Unlike most every solution on the market, keeping the most important metrics relevant is automatic. Interset’s AI engine automatically refines the data without any need for metric tune-up. Not only do smart connectors provide a turnkey solution, but the Interset service provides a maintenance-free environment. Knowing how easy it for IT teams to move from one focus area to the next, having a solution that keeps risk heuristics fresh and up to date on its own is invaluable.
A tale of two versions
Let’s take a moment to look at the delta between the two versions of the Risk Service that happened so far this year:
- January – Access Manager’s risk engine is broken out to become Risk Service v1 to serve the entire NetIQ platform. While the Risk Service is already integrated to support Advanced Authentication, Access Manager, and Identity Governance, more is on the way. Now that it’s designed to support the entire NetIQ platform, The Risk Service evolves to an initiation engine to adapt both authentication levels and authorization restrictions based on the risk at hand. Even in this initial release, customers have the option to use Micro Focus Interset with the Risk Service, but it requires an assessment process as well as manual integration and configuration.
- August – NetIQ Risk Service v2 is released that includes licenses for Interset smart connectors, not to be confused with the Interset service itself, built specifically for it. So, while the initial version made it possible for organizations to gain access to specialized heuristics and AI engine to feed risk ratings to the risk engine, the simplicity offered in this new release makes it obtainable with vastly reduced deployment costs and dramatically lower TCO. The Risk Service can also send alerts to NetIQ Identity Governance notifying administrators, IT or business, to verify that there is really a business need for the granted permissions.
It’s in this backdrop that we have a webinar on “Adding Intelligence to Adaptive Access,” featuring a principle analyst from Forrester, Andras Cser. Not only does Andras specialize in identity and access management, he also covers cloud security and enterprise fraud management. This multi-prong focus serves Andras well as he guides organizations on how to use risk intelligence to protect against nefarious access to sensitive resources. Andras will be leveraging this expertise in this webcast.
Following Andras, our senior product manager from the NetIQ Identity and Access Management product line, Gireesh Kumar, will explain how you can leverage these types of behavioral analytics to adapt access to your protected resources. Using Micro Focus Interset with the NetIQ portfolio, you will likely believe there is some unstated catch as to how simple and effective it is. Let me assure you, there isn’t.
Have technical questions about Access Manager? Visit the Access Manager User Discussion Forum. Keep up with the latest Tips & Info about Access Management. Do you have an Idea or Product Enhancement Request about Access Management? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Comment below.
Identity & Access Mgmt