Course Search Results

Found 38 courses tagged with "Think 2019".

Overview
IBM Security Identity Governance and Intelligence, or simply IGI, is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers Line of Business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

This lab provides a real business user experience. You imitate a day in the life of a Line of Business manager, who uses IGI to manage accesses for his team members.

Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional Identity Governance environment, with many sample user records, roles, and risk definitions.

The Identity Governance and Intelligence user interface is divided into two areas. The Administration Console is reserved for administrators, while the Service Center is where the applications for business users are contained. In this lab we use the Service Center only.

Objectives

  • Overview of the Service Center
  • Working on pending requests
    • Submitting a request
    • Evaluating, approving or rejecting requests as a user manager
    • Verifying the new role
  • Requesting roles for team members
    • Requesting a role for a team member
    • Evaluating and approving requests
    • Verifying the new role
  • Certification campaigns
    • Evaluating running certification campaigns
    • Redirecting evaluation to another reviewer
    • Tracking progresses
    • Generating certification campaign reports

In this lab course, you learn how to import structured data directly in the i2 Enterprise Intelligence Analysis Information Store.

Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort. In this course, you clone a Guardium query. Then, you customize the fields and conditions of this query and generate a report from the new query.

The lab environment reflects Guardium 10.5.

Lou Fuka


IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

Federated Directory Server (FDS) is a premium feature of the IBM Security Directory Suite. FDS enables a collection of directories and other sources of data to be combined and treated as a single hierarchical directory. The FDS console is a ready-to-use application that implements this directory. The IBM Security Directory Suite Directory Server is the default core centralized or target repository for Federated Directory Server. In this lab, you perform an initial FDS setup, and configure the FDS to use an LDIF file as a source.

Learn how to prepare Microsoft Active Directory Federation Services (ADFS) to be used as the Identity provider for the  federated SAML authentication of devices and portal administrators in MaaS360.  You configure both ADFS  and MaaS360  to use Security Assertion Markup Language (SAML)  and then test portal administrator and device enrollments using this authentication.  Microsoft ADFS is used as the Identity Provider in this lab but any Identity Provider that supports SAML 2.0 can be used to achieve federated single-sign on in MaaS360.

This lab demonstrates how to enable social login to a web application using Google credentials. You set up OpenID Connect (OIDC) Federation for this integration because Google is fully compliant with OpenID Connect and has a metadata URI. You configure Google as an OIDC Provider and IBM Access Manager as a Relying party.
The integration scenario is demonstrated using the built-in live demo application in Access Manager.

Overview

Certification campaigns are a formal process that automates the periodic review of a relationship, and enables critical access decisions by nontechnical line-of-business managers.

Identity Governance and Intelligence (IGI) supports five different certification campaign types.
  • User assignment - review individual user entitlements
  • Organization unit assignment - assess where entitlements are visible
  • Risk violation mitigation - review unmitigated risk violations
  • Entitlement - examine the contents of each entitlement
  • Account - review account access for target applications under management

Objectives
  • Creating and running a user assignment certification campaign
    • Configuring a certification dataset
    • Creating the certification campaign
    • Starting a certification campaign
    • Running the certification campaign as a reviewer
    • Supervising a certification campaign
    • Handling exceptions in a certification campaign
  • Reviewing unmitigated risks with a certification campaign
    • Creating the certification campaign
    • Running the certification campaign
    • Understanding the effects of the unmitigated risks review

Pass-through authentication (PTA) is a feature of Directory Server, which delegates authentication of users to a different LDAP server.
In this exercise, you configure PTA so that when an authentication request is received for a user, the central Directory Server forwards that request to another Directory Server instance for validation.

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.

The lab environment reflects Guardium 10.5.

Franklin Almonte

Reports in IBM QRadar SIEM condense data to statistical views on your environment for various purposes, in particular to meet compliance requirements. In this lab, you run an a report from an existing template, then create a new report based on a saved search, and finally create a new report from a new search.

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte


Anomaly detection aims to alert to threats that are undocumented and therefore cannot be detected by methods that monitor for well defined indicators. Such threats can be detected by monitoring for an unusual volume of activities. With IBM® QRadar® SIEM, create anomaly detection rules to monitor for deviations from the baseline of expected activities.

In these exercises, you develop an anomaly detection rule of type Anomaly. It tests for the deviation of the number of events matching a grouped search from the weighted moving average. The rule fires in the exercise because the sample data spikes above the deviation percentage configured in the anomaly rule.

Device Support Modules (DSM) enable QRadar SIEM to normalize events from raw logs received from various source types. These events must be parsed, normalized, and correlated into offenses to alert you to suspicious activities. In these exercises, you use the DSM Editor to create a log source type for an unknown source of events. You also configure the new log source type to parse and normalize its properties and create unique identifiers and mappings so that QRadar SIEM can name, rate, and categorize the events from the unkown log source.

Guardium policies often have multiple rules. By default, after a rule is triggered, processing stops. If you do not want to stop processing after the first rule triggers, you must configure your policy to continue to the next rule. In this lab, you configure and test a policy to examine the continuation functionality.

The lab environment reflects Guardium 10.5.

Louis Fuka

This lab demonstrates how IBM BigFix ® App for QRadar®  enhances security intelligence of managed endpoints.  You learn how endpoint information, such as vulnerabilities, patching status, software installed, and file hashes, are provided to the Security Analyst using the QRadar SIEM console. This lab contains a video that provides an overview of BigFix App for QRadar,  an installation video, and a hands-on section that gives you practice with the app's functions.


Explain the value of IBM BigFix App for QRadar during investigation and remediation
Install the BigFix App for QRadar
Use the hands-on lab environment that has BigFix Platform and  BigFix App for QRadar installed to perform the following tasks:
Manage the distribution of patches and review vulnerability data on endpoints
Incorporate endpoint data gathered by BigFix Inventory using a default fixlet named Initiate Software Scan and a custom fixlet 
Leverage endpoint compliance status information
Use X-Force Threat Intelligence data to verify the reputation of file hashes on endpoints
Enable or disable antivirus on Windows endpoints

In this lab, you learn the fundamental administrative tasks to set up a MaaS360 portal account to manage organizations bring your own device (BYOD) and corporate owned mobile devices. The first portal account that you create is a service administrator account that has all the access required to configure MaaS360 for your organization. There are also exercises to enroll devices.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an Android device in MaaS360.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an iOS device in MaaS360.

The IBM i2 Enterprise Insight Analysis i2 Connect capability enables analysts to search for and retrieve data from external data sources that use the Opal quick search functionality, and then analyze the results on a chart in Analyst's Notebook Premium. To use i2 Connect, you must obtain or create a custom connector to the external data source that you want to search.

Overview
The Access Risk Controls module of IBM Identity Governance and Intelligence (IGI) enforces Segregation of Duties (also known as Separation of Duties, or SoD) checks, based on relationships established between the Business Activities layer (BA) and the Role-Based Access Controls model (RBAC).

Risk is often defined in terms of the likelihood of an event, and the cost, or impact, of the consequences if the event occurs. Segregation of Duties is the principle of organizing complex structures by dividing tasks and responsibilities between the members of an organization, to prevent any member from having complete control of any transaction from initialization to completion.

IGI defines a Segregation of Duties risk as a combination of conflicting Business Activities.

Objectives

  • Getting familiar with business activities and risks
    • Business activities, permissions, and risk relationships
    • Add new business activities
    • Map business activities to permissions
    • Map permissions to business activities
  • Define Segregation of Duties (SoD) risk and assign mitigation controls
    • Define a new Segregation of Duties risk
    • Assign a mitigation to a Segregation of Duty risk
  • Check for Segregation of Duty risk violations
    • User risk violation analysis
    • Assign a mitigation to a risk violation

THIS COURSE IS RETIRED!
Visit the following course for the updated version:  IGI Overview

Overview
IBM Security Identity Governance and Intelligence (IGI), is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business (LOB) managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

Objectives
This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface.

  • Tour of the Administration Console
  • Tour of the Service Center
  • Access Governance Core
  • Managing the exchange of data
    • Loading data by using the Bulk Data Load tools
    • Loading data by using the Enterprise Connectors
  • Role lifecycle management
    • Exploring roles
    • Exploring role mining
  • Access risk control modeling
  • Certification campaigns
  • Reporting
  • Automating tasks
  • Tour of the Virtual Appliance console

The MaaS360 Cloud Extender is a lightweight software module that you install in your environment. You use the Cloud Extender to integrate MaaS360 with your behind the firewall corporate resources. In this lab you set up the MaaS360 Cloud Extender to integrate with Active Directory (AD) using LDAP. You configure the User Authentication module to support self-service enrollment so that device users can enroll in MaaS360 using their corporate credentials. You configure the User Visibility module to import users and groups into Maas360 from AD. You can use these users and groups to assign policies and distribute corporate content. Taking advantage of an existing directory service eliminates the need for administrators to create local users and groups in Maas360. You also learn testing and troubleshooting techniques in this lab using the MaaS360 portal and mobile devices.

Attach scripts to custom rules to do specific actions in response to network events. Use the Custom Action window to manage custom action scripts. Use custom actions to select or define the value that is passed to the script and the resulting action.


License keys entitle you to use specific IBM QRadar products and control the event and flow capacity for your QRadar deployment. You can add licenses to your deployment to activate other QRadar products, such as QRadar Vulnerability Manager.

This self-paced course provides you the foundations of license management, their components, and explain how they are managed within QRadar.

Course Objectives

  • Define ways to upload and maintain license keys in the QRadar SIEM console.
  • Obtain hands-on experience with viewing license details, uploading a license key, allocating a license key to a host, deleting licenses, and exporting license information.

In this lab, you learn how to manage and secure Windows 10 devices using MaaS360 Unified Endpoint Management capabilities and MDM APIs.  MaaS360 provides Windows MDM policies that you can configure with common organization settings such as WiFi, VPN, and ActiveSync. You configure restrictions and advanced settings to limit apps and native functions. You blacklist and whitelist apps and limit app permissions for universal and desktop apps. You configure antivirus settings for Windows Defender and configure the Windows Updates schedule and actions. You also configure Windows Information Protection to enable Data Loss Prevention policies to protect data and whitelist and blacklist applications that access protected data. Windows 10 Enterprise also has the capability of setting a device to Kiosk mode which assigns one application to the device user. Kiosk mode is often used in retail. You configure and test kiosk mode in this lab.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing Android mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.

Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing iOS mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.

Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.
Course revision 2.0

In this Think 2019 session replay, Shane Weeden and Nick Lloyd discuss the future of strong authentication, including Risk-based, passwordless, and decentralized identity mechanisms.

This lab provides step-by-step instructions for configuring a basic identity federation deployment between IBM Access Manager and Salesforce.com using SAML 2.0.
In this lab, you first obtain a Salesforce Developer Edition instance and configure it for SAML Single Sign-On from IBM Access Manager. Access Manager acts as a SAML 2.0 Identity Provider (IdP) and Salesforce acts as a Service Provider (SP).

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

This lab demonstrates how to set up management authentication and authorization for IBM Access Manager. You learn how to configure external authentication and authorization using LDAP. You also verify that the different user groups can authenticate with Access Manager and then test the user’s authorizations.


Version: 1.1

IRLP Code: SEC9742

IBM Guardium provides powerful functions you can use to monitor and control database access. Guardium can terminate sessions performing suspicious database access commands and even quarantine suspicious users. In this lab, you explore the session termination and quarantine functionality.

The lab environment reflects Guardium 10.5.

IBM QRadar SIEM enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. QRadar SIEM connects the dots and provides you insight by performing the following tasks:

  • Alerts to suspected attacks and policy violations in the IT environment
  • Provides deep visibility into network, user, and application activity
  • Puts security-relevant data from various sources in context of each other
  • Provides reporting templates to meet operational and compliance requirements
  • Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use


Objective

The exercises in this lab provide a broad introduction into the features of QRadar SIEM. The exercises cover the following topics:

  • Navigating the web interface
  • Investigating a suspicious activity
  • Creating a report
  • Managing the network hierarchy

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.