Upload
plesk
View
294
Download
1
Embed Size (px)
Citation preview
ACTIVE AUTHENTICATION FOR INFRASTRUCTURE
HELLO!I am Anirban Banerjee.I am the Founder and CEO of Onion ID. https://calendly.com/anirban/enterprise-demo/
THE STATUS QUO
CHALLENGES AND THREATS
GOING FORWARD
THE STATUS QUO
4
IT INFRASTRUCTURE
TODAY
LaptopsIn house servers
Cloud serversMobile devices
ContainersNetwork equipment
WHO IS ACCESSING
DevopsIT
DevelopersShadow ITBloggersMarketing
Automated SoftwareDeploy and Build softwareVendors and 3rd parties
THE STATUS QUO
Usernames/passwords
SSH Keys
▹ Helps login automatically
IP filters
▹ Only talk to certain computers
VPNs
▹ Some Security
▹ Encrypted traffic
CHALLENGES AND THREATS
CHALLENGES
▸ IT Outsourcing
CHALLENGES
▸ Inflexible – Multiple dev teams▹ Geographically distributed▹ Shadow IT
▸ High Velocity Changes – IaaS/Paas via APIs
▹ AWS, Rackspace, Docker▹ All types of web apps
▸ Employee churn
▸ Compliance and Audits
▸ Attack surface has changed▸ Horizontal attacker movement▸ Vertical privilege escalation
THE THREAT LANDSCAPE
Horizontal and Vertical Attacker Movement
GOING FORWARD
ACTIVE AUTHENTICATIO
N CAN HELP
▸ Concept of least privilege
▸ Risk score everything▸ Every command is
analyzed▸ Learn, Match, Act,
Update
WHAT TO LOOK FOR
AND WHAT TO DO
Usually never runs visudo /etc/shadow – high risk
COMMANDS BEING RUN
Where are you connecting from, time, # of connections
CONNECTION STATISTICS
Risk score every command: White, Grey, Black
EVERY COMMAND IS ANALYZED
Invisible 2FA for Grey, Physical 2FA for Black
TAKE ACTION
Apache Spark, Pykit Sci, SSH proxiesTOOLS
COMPLIANCE
▸ PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II
▸ Legal consequences▸ Provide proof of controls▸ Keep the board informed▸ Use tools for reporting, automate
BEST PRACTICES
▸ SSH Key rotations▸ Device fingerprinting▸ Credential rotations
for VPN▸ MAC address pinning▸ Review logs regularly▸ Audit user accounts
CONTINUOUS IMPROVEMEN
T
Your system needs to keep “learning”
Think about rule based approach, don’t obsess
Follow good login hygiene
Use DNS instead of nailed IPs
Audit shadow IT accounts
Connect with us
18 ▸ calendly.com/anirban/enterprise-demo/
▸ Free Trial on OnionID.com▸ [email protected]▸ 1-888-315-4745▸ Twitter - @onion_id▸ Connect with us on FB or Linkedin
▸ We will be posting these slides
▸ Feedback is very welcome
https://calendly.com/anirban/enterprise-demo/
THANK YOU!Any questions?You can find more about us at:Onion ID – Privilege Management in 60 Secondswww.onionid.com , [email protected]: +1-888 315 4745