12 Endpoint Security and Compliance Management Design Guide Using IBM Tivoli Endpoint Manager
adversely affect system components and the people and business processes
that they support. The need to identify and protect the infrastructure against
emerging threats dramatically increased with the rise in organized and financially
motivated network infiltrations. Although no technology is perfect, the focus and
intensity of security, monitoring, and management can be affected by the type of
network, server, and endpoints deployed in the IT infrastructure and how those
components are built, integrated, tested, and maintained.
Endpoints need to be kept secure to effectively manage risk. In far-reaching
environments, the number of endpoints is growing at unprecedented rates.
These endpoints are commonly used on unsecured networks as they cross
physical boundaries from the workplace to the home.
Figure 1-2 shows a summary and additional topics to be addressed within the
Network, Server, and Endpoint domain.
Figure 1-2 The Network, Server, and Endpoint domain of the IBM Security Framework
1.3 IBM Security Blueprint
The IBM Security Framework divides the area of business-oriented IT security
into five domains. The next step is to break down these domains into further
detail to work toward a common set of core security capabilities needed to help
Chapter 1. Business context for endpoint security and compliance management 13
your organization securely achieve its business goals. These core security
capabilities are called the
IBM Security Blueprint.
The IBM Security Blueprint uses a product-independent and
solution-independent approach to categorize and define security capabilities and
services that are required to answer the business concerns in the IBM Security
The IBM Security Blueprint was created after researching many client-related
scenarios, focusing on how to build IT solutions. The intention of the blueprint is
to support and assist in designing and deploying security solutions in your
Building a specific solution requires a specific architecture, design, and
implementation. The IBM Security Blueprint can help you evaluate these areas,
but does not replace them. Using the IBM Security Blueprint in this way can
provide a solid approach to considering the security capabilities in a particular
architecture or solution.
IBM uses a high-level, service-oriented blueprint, which is based on the IBM
service-oriented architecture (SOA) approach. Services use and refine other
services, for example, policy and access control components affect almost every
other infrastructure component. To better position and understand the IBM
Security Blueprint, see Figure 1-3.
Figure 1-3 IBM Security Blueprint positioning
14 Endpoint Security and Compliance Management Design Guide Using IBM Tivoli Endpoint Manager
The left portion of Figure 1-3 on page 13 represents the IBM Security
Framework, which describes and defines the security domains from a business
perspective. It was covered in 1.2, “Introducing the IBM Security Framework” on
The middle portion in Figure 1-3 on page 13 represents the IBM Security
Blueprint, which describes the IT security management and IT security
infrastructure capabilities needed in an organization. As discussed earlier, the
IBM Security Blueprint is product and vendor independent.
The right portion of Figure 1-3 on page 13 represents the solution architecture
views, which describe specific deployment guidance particular to an IT
environment. Solution architecture views provide details about specific products,
solutions, and their interactions.
Figure 1-4 on page 15 highlights the components and subcomponents of the IBM
Security Blueprint that must be examined for every solution in the Network,
Server, and Endpoint security domain. In addition to the Foundational Security
Management Services, you can use the IBM Security Blueprint to determine the
Security Services and Infrastructure components by reviewing the component
catalogs for these Foundational Security Management Services. Each of these
components can then be assessed by determining whether each infrastructure
component is required to make a Foundational Security Management service
functional so that it can address the issues or provide a value associated with the
particular business security domain, in this case, Network, Server, and Endpoint.
Chapter 1. Business context for endpoint security and compliance management 15
Figure 1-4 IBM Security Blueprint components for the Network, Server, and Endpoint solution pattern
We can see in Figure 1-4 that almost all infrastructure components can be
required for a Network, Server, and Endpoint security solution apart from Storage
Security, Application Security, and Physical Security. The reason why those
components are not included is that they are mostly covered by other domains of
the IBM Security Framework.
If you want to learn more about the Foundational Security Management and the
Security Services and Infrastructure subcomponents, see Introducing the IBM
Security Framework and IBM Security Blueprint to Realize Business-Driven
In the next section, we examine the endpoint security and compliance