IBM Software
IBM Security Access
Highlights
●● ● ●
Help secure web applications with single
sign-on access, strong authentication and
session management
●● ● ●
Protect user access and applications
from web threats with integrated
IBM® X-Force® threat intelligence
Leverage out-of-the-box integration with
●● ● ●
IBM Security QRadar® solutions to gain
actionable insights to help reduce risk
and demonstrate compliance
●● ● ●
Simplify setup and maintenance with local
management graphical user interface
(GUI) and automated service updates
Reduce costs and time to value with an
●● ● ●
all-in-one appliance that allows flexible
deployment of web and mobile capabili-
ties, across a variety of application
environments
Data Sheet
Manager for Web
Help prevent insider threats and identity fraud
Providing secure access to sensitive data, applications and infrastructure
is more complex than ever. While today’s IT environments are evolving
to support mobile, cloud and social interactions, cybercriminals are also
getting more sophisticated in their attack methods. To effectively cope
with relentless web-based security attacks and demonstrate compliance
with security regulations, organizations need a flexible web-access
management solution with built-in protection and monitoring for
external threats.
IBM Security Access Manager for Web is an appliance-based security
solution that provides both access control and protection from web-based
threats, including the top 10 web application risks identified by the Open
Web Application Security Project (OWASP). The appliance combines
the capabilities of a reverse proxy server, single sign-on server, web appli-
cation firewall, centralized policy server, load balancer and distributed
session caching—packaged in one solution that helps secure web access
to applications, while also protecting them from the latest threats. Highly
scalable and configurable, the appliance is designed to help organizations
reduce the costs and complexities of multi-channel access management.
IBM Security Access Manager for Web delivers industry-leading web
access management and continuous web application protection—powered
by X-Force research and development. It also helps organizations obtain
security intelligence and demonstrate compliance with the latest security
regulations by integrating out-of-the-box with IBM QRadar Security
Intelligence Platform.
IBM Software Data Sheet

IBM Security Access Manager for Web is a module within the Adapt to changing security needs
IBM Security Access Manager appliance, which can also include IBM Security Access Manager for Web is highly scalable and
IBM Security Access Manager for Mobile. This means organi- configurable to support a wide variety of application environ-
zations can easily leverage both web and mobile access manage- ments. The appliance enables customers, business partners,
ment capabilities within the same appliance by simply adding employees, suppliers and distributors to access cloud, mobile
on the additional features as needed. In addition, organizations and enterprise portal resources in a trusted manner.
can choose from both physical and virtual appliance form
factors. This easy-to-deploy-and-manage solution is designed Smooth integration with IBM Security Access Manager for
to help reduce total cost of ownership (TCO) and deliver a Mobile further improves identity assurance with built-in and
faster time to value. flexible authentication schemes. IBM Security Access Manager
for Mobile helps enforce context-aware authorization with
Protect applications from advanced device fingerprinting, geographic-location awareness and
security threats IP reputation scoring in the mobile environment.
IBM Security Access Manager for Web includes a reverse
HTTP proxy (WebSEAL) that is deployed between users and
application servers, with its own built-in policy server and
Lightweight Directory Access Protocol (LDAP) registry. The
WebSEAL proxy provides centralized authentication and user
session management, web single sign-on and coarse-grained
authorization. Requests passing through WebSEAL are evalu-
ated by an authorization service to determine whether the user
is authorized to access the requested resource.

Web application protection capabilities derived from the

IBM X-Force-powered Protocol Analysis Module are also built
in to protect web-based traffic with the same level of protection
as web application firewalls. All HTTP traffic can be scanned
and any detected threats can be blocked, preventing them from
accessing the application servers. This feature delivers preemp-
tive protection against a host of web application vulnerabilities
such as cross-site scripting, SQL injection and more. The
X-Force research and development team, which designed the
IBM Protocol Analysis Module, provides dynamic content
updates that provide ahead-of-the-threat protection.
IBM Security Access Manager for Web
Reduce IT costs and complexities
Organizations can use IBM Security Access Manager for Web
to implement security policies across a wide range of web and
application resources. This can help eliminate the complexities
of managing separate point solutions, reduce IT costs by sim-
plifying administration, and free up IT staff to work on other
strategic initiatives.

2
IBM Software Data Sheet

IBM Security Access Manager for Web provides: ●● ●

The option to capture key log files and the traces needed to
resolve support issues
●● ●
Out-of-the-box, policy-based security for business ●● ●
The ability to consolidate existing point solutions onto a
applications—such as customer relationship management single platform (such as HTTP reverse proxy servers and
and enterprise resource planning—and for employee portals web application firewalls)
●● ●
Integrated support for IBM Tivoli® Federated Identity
Manager for federated user access in cloud environments, Monitor the environment with a
risk-based access in mobile environments and secure session web-based dashboard
management To help improve IT efficiency, IBM Security Access Manager
●● ●
Support for strong authentication implemented one time, for Web provides a web-based graphical management interface
rather than on a time-consuming, error-prone, application- for configuring the appliance and HTTP reverse proxy. The
by-application basis web interface also features a dashboard that enables IT adminis-
●● ●
Scalability, high availability and performance to support trators to view the overall health of the appliance, including
millions of users in a single deployment details on performance, workloads and response times.
●● ●
Flexible, web-based management interfaces and multi-level
delegation capabilities for business units and affiliates
●● ●
A registry that scales to a billion users, as well as support for
other major registries that can be part of a given customer’s
standard

Deploy advanced security with ease

IBM Security Access Manager for Web delivers rock-solid,
always-on security in an appliance form factor that is easy to
deploy, configure and maintain. This means IT organizations
can achieve a fast time to value and a higher return on their
technology investments. The appliance helps streamline config-
uration, simplify monitoring and reduce lifecycle management
costs with:

●● ●
Preinstalled firmware that includes the operating system and
prerequisite software for simplified management of the
system
●● ●
Support for automated service updates and threat definitions
●● ●
A snapshot capability that captures the current configuration
and supports backing up of images
A web-based interface shows administrators the overall health of the
●● ●
Support for firmware rollbacks that enable rapid restoration appliance.
of the previous configuration

3
IBM Software
Use load balancing to improve
availability
Devices placed in the flow of network traffic must be extremely
reliable. IBM Security Access Manager for Web enables
IT organizations to improve reliability and availability with
front-end and back-end load balancing. Combining front-end
load balancing with WebSEAL functionality and a web applica-
tion firewall provides access control and protection against web-
based attacks. Network traffic can be monitored and efficiently
rerouted across multiple appliances to help ensure high perfor-
mance. In addition, the appliance can maintain “stickiness” with
the back-end application servers based on a user’s session.
Demonstrate continuous compliance
IBM Security Access Manager for Web integrates smoothly
with QRadar Security Intelligence Platform. As a result,
organizations can get actionable insights to help reduce risk,
streamline access management and demonstrate security
compliance—while staying a step ahead of the latest external
web threats for years to come.
IBM Security Access Manager for Web also gives organizations
another way to demonstrate compliance with security regula-
tions, industry standards and corporate policies. Regulations
such as Sarbanes-Oxley, Payment Card Industry Data Security
Standard (PCI DSS) and Health Insurance Portability and
Accountability Act (HIPAA) require specific security policies
to be in place, and proof of continuous compliance is necessary
to pass audits. IBM can help improve an organization’s audit
readiness with the added security of a web application firewall,
which is built into IBM Security Access Manager for Web.
4
Data Sheet
Why IBM?
IBM Security solutions are trusted by organizations worldwide
for identity and access management. The proven technologies
enable organizations to protect their most business-critical
resources from the latest security threats.
Going beyond simple user access and authentication,
IBM Security Access Manager for Web integrates with other
IBM Security solutions to provide next-generation web security
management for the extended IT environment. For example,
using Tivoli Federated Identity Manager, organizations can
reduce security risks with federated single sign-on access across
multiple applications, context-based access controls that enable
device attributes, and user access attributes to be considered in
access policies. In addition, IBM Security Policy Manager can
help centralize security policy management and enable fine-
grained data access control for applications, databases, portals
and services.
As new threats emerge, IBM can help organizations build on
their core security infrastructure with a full portfolio of prod-
ucts, services and business partner solutions. IBM empowers
organizations to reduce their security vulnerabilities and focus
on the success of their strategic initiatives.
IBM Software Data Sheet

IBM Security Access Manager for Web at a glance

Physical characteristics of ●●
1U form factor
hardware appliance ●●
H x W x D: 44.2 mm x 430.2 mm x 533.7 mm (1.74 in. x 17 in. x 21 in.)
●●
Management interface: 10/100/1000
●●
Application interface: 10/100/1000 (IPv6 supported)
●●
Supported physical media types: RJ-45
●●
Redundant power supplies
●●
Solid-state storage
●●
100 – 240 V, full range

Machine specifications for ●●

Intel Core i7-2600 processor
hardware appliance ●●
32 GB memory
●●
800 GB solid-state drive
●●
6 network ports*
Platform support for virtual VMware ESX environment
appliance:
Supported web browsers ●●
Google Chrome
●●
Microsoft Internet Explorer
●●
Mozilla Firefox
Performance data† ●●
Throughput: Up to 1.2 Gbps or 25,000 requests per second
●●
Latency: Down to 0.8 ms
●●
Large-packet throughput: Up to 1.2 Gbps
●●
Small-packet throughput: Up to 25,000 requests per second
●●
Authentication throughput: Up to 1,500 logins per second
●●
Concurrent connections: Up to 30,000

For more information
To learn more about IBM Security Access Manager for Web,
please contact your IBM representative or IBM Business
Partner, or visit: ibm.com/security
About IBM Security solutions
IBM Security offers one of the most advanced and integrated
portfolios of enterprise security products and services. The
portfolio, supported by world-renowned IBM X-Force
research and development, provides security intelligence to
help organizations holistically protect their people, infrastruc-
tures, data and applications, offering solutions for identity and
access management, database security, application development,
risk management, endpoint management, network security
and more. These solutions enable organizations to effectively
manage risk and implement integrated security for mobile,
cloud, social media and other enterprise business architectures.
IBM operates one of the world’s broadest security research,
development and delivery organizations, monitors 15 billion
security events per day in more than 130 countries, and holds
more than 3,000 security patents.
Additionally, IBM Global Financing can help you acquire the
software capabilities that your business needs in the most
cost-effective and strategic way possible. We’ll partner with
credit-qualified clients to customize a financing solution to
suit your business and development goals, enable effective
cash management, and improve your total cost of ownership.
Fund your critical IT investment and propel your business
forward with IBM Global Financing. For more information,
visit: ibm.com/financing

* Two of these ports are dedicated to appliance management.

† Performance data quoted for IBM Security Access Manager for Web
is based on testing with HTTP and HTTPS traffic that is intended
to be ref lective of typical live traffic. Environmental factors such as
protocol mix and average packet size will vary in each network, and
measured performance results will vary accordingly. IBM Security
Access Manager for Web throughput was determined by pushing
traffic through the appliance and measuring how much throughput
was achieved with zero packet loss and low response times. For
benchmark testing, IBM Security Access Manager for Web
appliances were configured with worker-threads = 300 and
maximum-cached-persistent-connections = 300; large-file throughput
was measured with multiple clients requesting 50 Kb pages over
HTTP using two network interfaces through a TCP junction to
two application servers via two network interfaces; small-file throughput
was measured with multiple clients requesting 500 byte pages over
HTTP through a TCP junction; authentication throughput was
measured with multiple clients authenticating over HTTPS as
one of 100,000 different users, requesting a 100 byte page and
disconnecting; latency was measured by capturing network traffic using
iptrace on an IBM AIX® system that acted as both client and junctioned
application server; concurrent connections were measured with multiple
clients requesting pages from a server that responded after 10 seconds.

Please Recycle

WGD03018-USEN-01