Contact Us
IBM Security Verify

IBM Security Verify

IBM Security Verify offers comprehensive IAM features for enterprises.

Basic Information

  • Model: IBM Security Verify is a comprehensive Identity and Access Management (IAM) solution, encompassing various offerings such as IBM Security Verify Access, IBM Verify Identity Access, IBM Security Verify Governance, and IBM Security Verify Directory.
  • Version: Key components like IBM Security Verify Access are currently at version 10.0.9, and IBM Verify Identity Access is at version 11.0.1.0.
  • Release Date: IBM Security Verify Access v10.0.9 was released on January 31, 2025. IBM Verify Identity Access v11.0.0 was generally available in December 2024.
  • Minimum Requirements:
    • IBM Security Verify Access (Virtual Appliance/Container): Minimum 4 GB virtual memory and 100 GB virtual disk space.
    • IBM Security Verify Directory (Server): At least 512 MB RAM per directory server instance (recommended 1 GB for general use), 256 MB for each database instance, and 1 GB for Web Administration Tool with IBM WebSphere Application Server.
    • IBM Security Verify Directory (Client): Minimum 128 MB RAM (256 MB or more recommended).
  • Supported Operating Systems: Broad support for various operating systems through container and appliance deployments, including Windows, Unix/Linux, macOS, iOS, Android, and Z (mainframe) for client access. Specific components like IBM Security Verify Directory support various server operating systems.
  • Latest Stable Version: IBM Security Verify Access 10.0.9.0-IF3 and IBM Verify Identity Access 11.0.1.0-IF1 are the latest patched versions addressing recent vulnerabilities.
  • End of Support Date: The IBM Security Verify Access Gen2 Hardware Appliance (Model 5122-81T) has an End of Support date of September 30, 2025. IBM Security Directory Server v6.4 and IBM Security Directory Suite v8.0.1 have announced future end of support dates. SaaS offerings typically receive continuous updates.
  • End of Life Date: Not explicitly stated for the overall IBM Security Verify platform, but specific hardware appliances and older software versions have defined lifecycle dates.
  • License Type: International Program License Agreement (IPLA).
  • Deployment Model: Cloud-delivered (SaaS, Dedicated Cloud), Hybrid, and On-premises (Appliance, Virtual Appliance, Container).

Technical Requirements

IBM Security Verify's technical requirements vary based on the specific component and deployment model:

  • RAM:
    • IBM Security Verify Access (Virtual Appliance/Container): Minimum 4 GB virtual memory.
    • IBM Security Verify Directory (Server): At least 512 MB per instance, with 1 GB recommended for general use and Web Administration Tool.
    • IBM Security Verify Directory (Client): Minimum 128 MB, 256 MB or more recommended.
  • Processor: Requirements are dependent on the underlying infrastructure for virtual appliances and containers; specific CPU models are not typically prescribed for software.
  • Storage:
    • IBM Security Verify Access (Virtual Appliance/Container): Minimum 100 GB virtual disk space.
    • IBM Security Verify Directory: At least 256 MB for each database instance.
  • Display: Standard display for administrative interfaces; not a primary technical constraint for the core service.
  • Ports: Appliance deployments typically require specific ports for management and service operation.
  • Operating System: For on-premises deployments, various Linux distributions, Windows Server, and IBM AIX are supported for underlying infrastructure. Client access is supported across major desktop and mobile OS.

Analysis of Technical Requirements

The technical requirements for IBM Security Verify are flexible, reflecting its diverse deployment options. For cloud-based SaaS, IBM manages infrastructure, abstracting most hardware requirements from the user. On-premises deployments, whether as virtual appliances, containers, or dedicated hardware, require standard enterprise-grade resources. The memory and storage specifications are typical for robust identity management solutions, designed to handle significant user loads and data. The platform's ability to integrate with existing directories and infrastructure suggests a pragmatic approach to system resource utilization, allowing organizations to leverage current investments.

Support & Compatibility

  • Latest Version: IBM Security Verify Access 10.0.9.0-IF3 and IBM Verify Identity Access 11.0.1.0-IF1.
  • OS Support: Comprehensive, supporting client access from Mac, iOS, Android, Windows, and Linux. Server-side components are compatible with various enterprise operating systems.
  • End of Support Date: Specific hardware appliances (e.g., IBM Security Verify Access Gen2 Hardware Appliance) have an End of Support date of September 30, 2025. IBM Security Directory Server v6.4 and IBM Security Directory Suite v8.0.1 have announced future end of support dates. SaaS offerings are continuously updated.
  • Localization: The platform supports localization, with documentation and interfaces available in multiple languages.
  • Available Drivers: While traditional "drivers" are not applicable for a software platform of this nature, IBM Security Verify offers thousands of pre-built connectors and API integration capabilities for cloud and in-house applications.

Analysis of Overall Support & Compatibility Status

IBM Security Verify demonstrates strong support and compatibility, crucial for an enterprise IAM solution. Its ability to operate across hybrid cloud environments, including on-premises and various cloud providers (e.g., AWS Marketplace), ensures broad applicability. The continuous updates for SaaS offerings and regular fix packs for on-premises components highlight IBM's commitment to maintaining the platform. The extensive connector library and API-first strategy facilitate integration with a wide array of applications and existing IT infrastructure, reducing compatibility challenges. While specific end-of-support dates exist for older hardware and related directory products, the core Verify platform, especially its SaaS components, benefits from ongoing development and support.

Security Status

  • Security Features: Single Sign-On (SSO), Multi-Factor Authentication (MFA) including passwordless, biometrics, SMS, email, and TOTP, adaptive access with AI-powered risk analysis, identity governance and lifecycle management, Privileged Access Management (PAM), consent management, identity analytics, and API authorization.
  • Known Vulnerabilities:
    • CVE-2025-36356: Critical (CVSS 9.3) privilege escalation to root for locally authenticated users in IBM Security Verify Access (v10.0.0.0 – 10.0.9.0-IF2) and IBM Verify Identity Access (v11.0.0.0 – 11.0.1.0). Fixes available in 10.0.9.0-IF3 and 11.0.1.0-IF1.
    • CVE-2025-36355: High (CVSS 8.5) malicious script execution for locally authenticated users in IBM Security Verify Access (v10.0.0.0 – 10.0.9.0) and IBM Verify Identity Access (v11.0.0.0 – 11.0.1.0). Fixes available in 10.0.9.0-IF3 and 11.0.1.0-IF1.
    • CVE-2025-36354: Medium (CVSS 7.3) arbitrary command execution for unauthenticated users due to improper input validation in IBM Security Verify Access. Fixes available in 10.0.9.0-IF3 and 11.0.1.0-IF1.
    • CVE-2024-49803: Critical (CVSS 9.8) remote authenticated arbitrary command execution in IBM Security Verify Access Appliance (v10.0.0 – 10.0.8 IF1).
    • CVE-2024-49805, CVE-2024-49806: Critical (CVSS 9.4) hard-coded credentials in IBM Security Verify Access Appliance (v10.0.0 – 10.0.8 IF1).
    • CVE-2024-49804: High (CVSS 7.8) local privilege escalation for non-administrative users in IBM Security Verify Access Appliance (v10.0.0 – 10.0.8 IF1).
    • Older versions of IBM Security Verify Access (prior to 10.0.8) were affected by numerous vulnerabilities, including RCEs, authentication bypasses, and local privilege escalations, which have since been patched.
  • Blacklist Status: No general blacklist status is reported for the IBM Security Verify platform itself.
  • Certifications: Complies with HIPAA, PCI DSS Level 1, SOC 2, ISO 27001, and has full FedRAMP authorization.
  • Encryption Support: Supports data encryption for sensitive information and incorporates encryption measures for digital credentials.
  • Authentication Methods: Single Sign-On (SSO), Multi-Factor Authentication (MFA) including email, SMS, time-based one-time passwords (TOTP), push-based mobile biometrics, passwordless authentication, and adaptive authentication based on risk.
  • General Recommendations: IBM strongly advises applying patches immediately to mitigate identified vulnerabilities.

Analysis of Overall Security Rating

IBM Security Verify maintains a strong overall security posture, offering a comprehensive suite of features designed to protect identities and access across diverse environments. The platform's robust authentication mechanisms, including advanced MFA and adaptive access, significantly reduce the risk of unauthorized access. Its compliance with major industry standards and certifications (HIPAA, PCI DSS, SOC 2, FedRAMP, ISO 27001) underscores its commitment to security and regulatory adherence. While recent critical vulnerabilities have been identified in specific components like IBM Security Verify Access, IBM has promptly released patches, demonstrating active vulnerability management. Organizations must ensure timely application of these updates to maintain the highest level of security. The platform's integration with threat detection and identity analytics further enhances its ability to proactively identify and respond to security threats.

Performance & Benchmarks

  • Benchmark Scores: Specific, publicly available benchmark scores for the overall IBM Security Verify platform are not readily available.
  • Real-World Performance Metrics: Production instances of IBM Security Verify (SaaS) can handle a maximum aggregated transaction rate of 400 events per second. This rate aggregates all scenarios supported by the platform, not individual user authentications.
  • Power Consumption: Not explicitly detailed for the software asset. Power consumption is dependent on the underlying hardware infrastructure for on-premises deployments or managed by IBM for cloud services.
  • Carbon Footprint: Not explicitly detailed for the software asset. Carbon footprint is dependent on the underlying infrastructure.
  • Comparison with Similar Assets: IBM Security Verify is noted for its ability to function as both an IAM and CIAM solution, a differentiator from many competitors. It is designed for complex on-site and multi-cloud systems, catering to large enterprises.

Analysis of Overall Performance Status

IBM Security Verify is engineered for high performance and scalability, essential for enterprise-level identity and access management. The reported transaction rate of 400 events per second for production instances indicates its capacity to handle significant loads, suitable for large organizations with millions of users. The architecture supports scalability through replication of services (authentication, authorization, security policies, data encryption, auditing), front-end and back-end replicated servers, and load balancing. This design allows for optimized performance by offloading services and scaling deployments without increasing management processor usage. While specific benchmark scores are not published, its use by IBM itself for over 25 million internal and external users across 5,000 applications demonstrates its proven capability to perform at scale in real-world, demanding environments.

User Reviews & Feedback

User reviews for IBM Security Verify generally highlight its robust capabilities and enterprise-grade features, while also pointing out areas for improvement.

  • Overall Ratings:
    • G2: Approximately 4.3 out of 5 stars from over 100 reviews for general and CIAM services.
    • Gartner Peer Insights: 4.5 out of 5 stars for User Authentication (from 13 ratings) and a large number of 4 and 5-star reviews for the wider Access Management market. IBM Security Verify Privilege Vault has an overall rating of 4.7 out of 5 stars (from 7 reviews).
    • TrustRadius: 8.1 out of 10 based on 92 reviews.
  • Strengths:
    • Robust Security Features: Users consistently praise its strong security capabilities, including multi-factor authentication (MFA), Single Sign-On (SSO), and adaptive access.
    • Scalability and Comprehensiveness: Valued as a complete platform for managing both employee (Workforce IAM) and customer (CIAM) identities, capable of scaling for large organizations.
    • Hybrid Deployment Flexibility: Appreciated for its ability to connect and deploy across hybrid systems, including on-premises and cloud environments.
    • Automation and Compliance: Features like automated provisioning, deprovisioning, and audit reporting are seen as beneficial for compliance and reducing administrative burden.
    • Integration: Good integration with existing IAM tools and other IBM security products.
  • Weaknesses:
    • Complex Setup and Implementation: A common criticism is the difficulty and time-consuming nature of initial setup and deployment, especially for organizations without extensive IAM expertise.
    • Steep Learning Curve: Users report a significant learning curve due to complex configuration and dense documentation.
    • User Interface: Some users find the user interface to be old or complex.
    • Mobile App Performance: Occasional reports of mobile app performance problems and usability questions.
    • Pricing Model: The pricing model can be hard to predict or perceived as expensive, particularly for smaller organizations.
  • Recommended Use Cases: IBM Security Verify is highly recommended for large enterprises and organizations with complex hybrid IT environments that require a comprehensive, scalable, and secure solution for both workforce and customer identity and access management. It is particularly suited for those needing advanced authentication, governance, and compliance capabilities.

Summary

IBM Security Verify stands as a robust and comprehensive Identity and Access Management (IAM) solution, designed to address the complex security needs of modern enterprises operating in hybrid cloud environments. Its primary strength lies in its extensive feature set, offering Single Sign-On (SSO), Multi-Factor Authentication (MFA) with advanced options like passwordless and biometrics, AI-powered adaptive access, identity governance, lifecycle management, and Privileged Access Management (PAM). This broad functionality, coupled with its ability to manage both workforce and customer identities, positions it as a versatile platform for organizations seeking to consolidate their IAM strategies. The platform demonstrates strong scalability, capable of handling high transaction volumes and supporting millions of users, as evidenced by its internal use at IBM. Furthermore, its adherence to stringent security certifications like HIPAA, PCI DSS, SOC 2, ISO 27001, and FedRAMP underscores its commitment to security and compliance.

However, the asset is not without its challenges. User feedback frequently points to a complex initial setup and a steep learning curve, suggesting that successful deployment and ongoing management often require significant in-house IAM expertise or external support. Some users also note that the user interface can be perceived as dated or complex, and there have been reports of mobile app performance issues. The pricing model, while usage-based, can be unpredictable for some organizations. Recent critical vulnerabilities in specific components, though promptly patched by IBM, highlight the continuous need for vigilant patch management.

In assessment, IBM Security Verify is an excellent choice for large organizations that require a highly secure, scalable, and feature-rich IAM and CIAM solution, especially those with complex hybrid IT infrastructures. Its comprehensive capabilities for authentication, authorization, and governance provide a strong foundation for a zero-trust security posture. Organizations considering this asset should be prepared to invest in the necessary expertise for implementation and ongoing administration to fully leverage its powerful features and ensure optimal security. Regular application of updates and patches is crucial to mitigate evolving threats.

Information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.

Simplify your IT ecosystem with InvGate Asset Management

30-day free trial - No credit card needed

Get started

Clear pricing

No surprises, no hidden fees — just clear, upfront pricing that fits your needs.

View Pricing

Easy migration

Our team ensures your transition to InvGate is fast, smooth, and hassle-free.

View Customer Experience