ObjectSecurity - The Security Policy Automation Company

OpenPMF 2.0 Model Driven Security Management

Products

OpenPMF™ - Making Application Security Manageable Through Automation

OpenPMF automates the process of turning human-manageable security requirements into the matching technical security policy implementation and accreditation/compliance evidence. OpenPMF is key to reducing cost, improving security & accreditation/compliance, and supporting security for today's agile, interconnected applications (e.g. SOA/cloud). OpenPMF™ includes a model-driven policy authoring tool, a model-driven rule generation tool, an authorization policy server, and policy decision/enforcement points.
Why you need security policy automation: Most organizations today need to reduce cost and improve IT security & compliance at the same time, which is practically impossible without increased security automation Manually translating security policy & compliance requirements into effective technical implementation is difficult, expensive, and error-prone - esp. for interconnected,agile applications (e.g. SOA & cloud): 1. Where does the policy come from? 2. Who can write the matching technical policy rules? 3. Who can maintain them despite dynamic changes? 4. Who can verify correctness & compliance OpenPMF automates security policy management: With OpenPMF, you can automate managing application security policies for access control & auditing: automate the process of turning human-understandable security & compliance requirements into the matching numerous and ever-changing technical security policy rules and configurations. In addition, proactively enforce ("whitelisting"), and continuously monitor security the application layer. OpenPMF involves five steps: Configure 1. Configure intuitive business security requirements Security professionals can configure and audit generic application security requirements in OpenPMF, including access and monitoring policies. No need to be an application specialist Generate 2. Generate matching technical security policies automatically Application developers can implement application specific technical application security at the click of a button. OpenPMF automatically analyzes your software as it is being written or updated, and generates fine-grained access and audit policies. No need to be a security specialist. Enforce 3. Enforce technical security policies transparently At runtime, OpenPMF's local protection agents underneath all applications automatically intercept and check all application communications before they are forwarded to the application. Audit 4. Audit technical security policies transparently At runtime, OpenPMF also automatically monitors and collects information about security incidents for auditing purposes. The collected information can be configured through fine-grained audit policies. Update 5. Update technical security policies automatically OpenPMF agile policy automation uniquely makes policy management and implementation manageable for today’s rapidly evolving interconnected applications (e.g. agile SOA with BPM, agile Cloud infrastructures).
OpenPMF is critical for enterprise security: OpenPMF ("Open Policy Management Framework") makes application security manageable through automation. Its security automation forms a critical part of any authorization management, entitlement management and identity & access management (IAM) strategy. OpenPMF also enables a secure application development lifecycle at development time right from the beginning – dealing with policy abstraction, externalization, authoring, automation, enforcement, audit monitoring & reporting, and verification.
OpenPMF automation is unique in the market: Unlike any other application security policy management product in the market, OpenPMF offers unique automatic policy generation (whitelists) and update from intuitive business security requirements - including least privilege and workflow policies, which protect from insider attacks. OpenPMF automates policy management even for agile SOA & Cloud application platforms. OpenPMF automates security using unique award-winning and patent-pending model-driven security, advocated by ObjectSecurity's thought-leading founders since 2000 Definition: Model-driven security Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations. Model-driven security policy automation uniquely bridges the semantic disconnect between human-understandable generic policy requirements and technical enforcement rules (e.g. XACML) - the resulting complexity reduction goes far beyond other approaches, such as visual or linguistic representations of the many detailed, complex, technical access rules!

OpenPMF has many benefits: OpenPMF helps develop, operate and maintain secure applications. It makes application security proactive, manageable, intuitive, cheaper, and less risky: 1. Save time and money 1. Save time and money - Security professionals focus on security - Application professionals focus on the application - Automatically generate & update application security policies 2. Adopt security easily & flexibly 2. Adopt security easily & flexibly - Development tool integration out of the box (Eclipse & Intalio) - Multiple licensing alternatives and gradual adoption options - No security expertise required 3. Align business, security, compliance, developers 3. Align business & security - Allows business-centric security & compliance requirements to be captured in "domain specific languages" - Compliance with requirements can be demonstrated with confidence - Removes technology and security silos, and reuses legacy - Security & development separated, but linked via policy - Comprehensive, fine-grained security auditing & reporting capabilities (white-listing prevents false-positives/negatives) 4. Improve proactive security & agility 4. Improve proactive security & agility - Security is enforced using whitelisting and blocking on the application layer - Technical policies are updated at the click of a button whenever SOA/cloud application & interactions change - Monitoring is continuous and based on whitelisting (no false-negatives/positives) 5. Adopt across many new & legacy technologies 5. Many technology integrations pre-built, others developed as needed for your deployment: XACML export (OpenPMF automation for other authorization tools) - IDE (Eclipse IDE & modeling framework) - BPM SOA orchestration (Intalio BPMS) - Cloud PaaS mashup (Intalio Cloud) - Web app servers (Weblogic, Glassfish, Axis2) - Data Distribution Service (RTI DDS) - CORBA (Qedo CCM, MICO C++, JacORB Java) - Message broker & MOM (ActiveMQ, XMLBlaster) - Firewall (IIOP ObjectWall ('network PEP')) - IDS (Promia Raven) - Public Key Infrastructure (PKI) (X.509) - Privilege Management (PMI) (OMG ATLAS) - Directory Services (LDAP) - Databases (Secerno, PostgreSQL (under dev.) - CLICK FOR DETAILS 6. Proven technology since 2000 6. OpenPMF is proven technology: OpenPMF is proven, award-winning, patent-pending, and standards-based (inc. BPMN, XACML, Syslog, X.509, ECORE/MOF), with deployments including US Navy & Air Force, EU training systems for air traffic control & crisis management. ObjectSecurity is a the leading company in the application authorization automation market since 2000, founded by renown thought-leaders. Watch OpenPMF in action as part of a U.S. Navy demo deliverable: *(watch on YouTube instead )*
MORE INFORMATION	CONTACT SALES