IBM Security Access Manager is a modular, integrated access management appliance that helps secure access to web, mobile, and cloud workloads. The integrated appliance form factor allows for easier and more flexible deployment and maintenance. It is offered both as a physical appliance and as a virtual appliance image that runs on a number of popular hypervisors.
According to the Open Web Application Security Project (OWASP) top 10 list of web vulnerabilities, external hackers use SQL injections, broken authentication, and cross-site scripting (XSS) as common methods to gain unauthorized access into the web applications. By utilizing research from the IBM X-Force threat research team, Access Manager delivers the ability to help block OWASP top 10 web vulnerabilities before they reach the targeted application.
According to the IBM X-Force Security and Risk trend report, attackers use phishing attacks and social engineering to compromise end-user access to gain unauthorized access into corporate applications. Identity fraud and Bring Your Own Device (BYOD) are growing concerns for enterprises, as they expand their web application reach into mobile, business partner, and social collaborations.
In the face of these challenges, it is important to bring increased intelligence to authentication and authorization. The Advanced Access Control Module allows Access Manager to use detailed contextual information (for example, geographic location, device fingerprint, browser type, application data, and so forth) about the user making the access request when making access decisions