Upload
yves-van-tongerloo
View
112
Download
0
Embed Size (px)
Citation preview
Yves Van Tongerloo // Sales Manager Belgium|Netherlands|[email protected]
15 years in network security
Global leader in privileged user monitoring and log management
+30% annual growth in the last 5 years
1 million (!) installations worldwide
Half of Fortune50 among clients
Headcount: 170 60% developers and system engineers
Global partner network 100 partners in 40+ countries
THE SYSLOG-NG COMPANY
Partnerships & Certifications
ISO 9001:2009 certified company
Awarded to Deloitte Technology Fast 50 CE List (2009-2013)
Appliance performance validated by West Coast Labs (leading test facility, US)
SCB in TOP25 Must Have Software Applications by Computer Technology Review
Citrix Ready PLUS Partner
VMware Technology Alliance Partner
Microsoft Communication Protocol Program (MCPP) Partner
Lieberman Technology Integration Partner
Thycotic Technology Alliance Partner
TELCO / IT
REFERENCES ///
FINANCE
6
OTHER INDUSTRIES
New Trends - New Human Threats
„50% of enterprises use hybrid cloud by 2017”
„87% of connected devices sales by 2017 will be
tablets and smartphones”
„1 in 5 enterprises have experienced an APT attack”
Privileged User Fraud
88% of all internal misuses are caused by privilege abuse
71% of all internal misuses are made via LAN access (21% via remote access)
Use of stolen credentials was the top threat action in 2013
Only 1% of security incidents are discovered through log reviews*
* Source: Verizon 2014 Data Breach Investigations Report
SHELL CONTROLBOX
9
CONTROLMONITORINGPREVENTION
9
TRANSPARENTPROXY SOLUTION
USESTANDARD TOOLS
10
IT Staff
Outsourcing partners
Managers
SSH
RDP, VNC
Firewall,Network devices,
Databases,Web/file servers,
Citrix serverVDI users
HTTP, Telnet
SSH
RDP, VNC
Citrix
HTTP, Telnet
Citrix
IT Staff
Outsourcing partners
Managers
SSH
RDP, VNC
Firewall,Network devices,
Databases,Web/file servers,
Citrix serverVDI users
HTTP, Telnet
NO AGENTS
11
SSH
RDP, VNC
Citrix
HTTP, Telnet
Citrix
TRANSPARENTPROXY SOLUTION
TRANSPARENTPROXY SOLUTION
TAMPER-PROOFEVIDENCE
12
IT Staff
Outsourcing partners
Managers
SSH
RDP, VNC
Firewall,Network devices,
Databases,Web/file servers,
Citrix serverVDI users
HTTP, Telnet
SSH
RDP, VNC
Citrix
HTTP, Telnet
Citrix
GRANULAR CONTROL
ENHANCEDAUDIT
EASY DEPLOYMENT
MULTI PROTOCOL
TRANSPARENT
INDEPENDENT
PROXY GATEWAY
4 EYES
AUTOLOGON
CHANNEL CONTROL
FILE TRANSFER
ANALYZEREAL TIME
BLOCKING &
ALERTING
MALICIOUS
ACTIONS
MOVIE-LIKE PLAYBACK
FULL-TEXT SEARCH
PCAP EXPORT
FILE RETRIEVAL
KEY // BENEFITS
13
Our Key Customers Say
Purchasing Drivers
Compliance International standards
Local legislation
Company policy
Security Monitor IT staff
Control outsource & cloud admins
Audit terminal services users
Operational Efficiency Fast Troubleshooting &
Forensics
Quick audits
Telenor Group Challenge: Control third-party providers’ (encrypted) access to critical network zones
Solution: Monitoring encrypted (SSH) administrative sessions by SCB
Benefit: transparent audit of a key admin protocol that otherwise is inaccessible to audit.
Central Bank of Hungary Challenge: Enhancing the protection of the mission-critical currency-system
Solution: SCB to audit IT operators working in VMware View (thin-client) environment
Benefit: Increased accountability of the banking IT staff
Ankara University, Turkey Challenge: Prevent another data loss on externally managed servers Solution: SCB to control and monitor remote desktop (RDP) and SSH connections of
externally supported servers Benefit: Mitigated risk of data loss in IT outsourcing processes
Use Cases – Securityhttps://www.balabit.com/company/references
Leading bank, Germany Challenge: The bank’s ATM network broke down due to a wrong command
executed by a remote ATM admin
Solution: Record all actions of ATM admins by SCB
Benefit: By searching & replaying the relevant working session, the bank identified and solved the problem in hours.
Major mobile provider, Russia Challenge: The provider’s mobile network partially stopped after a junior operator
misconfigured a critical network router
Solution: Record all actions of network operators by SCB
Benefit: By replaying the relevant session, the provider identified the problem and restored the network rapidly.
Use Cases – Operational Efficiencyhttps://www.balabit.com/company/references
Use Cases – Compliancehttps://www.balabit.com/company/references
Fiducia IT AG – financial IT services provider, Germany
Challenge: Audit administrative access to private banking information to comply with BaFin requirements
Solution: SCB monitors all internal & external administrative access to data center (8,000 UNIX/ Linux servers)
Benefits: Smoothly passing supervisory audits
SIA SSB Group - financial provider, Italy
Challenge: Audit access of 200 administrators’ to credit card data for PCI DSS compliance Solution: SCB controls and monitors the administrators’ sessions to sensitive servers Benefit: Full compliance with PCI DSS w/o business disruption
Major telecommunication provider, Taiwan
Challenge: Audit remote accesses to the 3G network infrastructure for ISO 27011 compliance Solution: SCB monitors remote access of internal and external network operators Benefit: Full compliance with ISO 27011 and with company access policies.
CONTROL4-EYES
///
15
Authorizer Auditor
Real-T
ime
FollowAuthorization
SHAREDACCOUNTS
///External IMAD / LDAP …
WHO?
16
Serve
r
auth
entic
ation
Gat
eway
auth
entic
atio
n
Client
Server side
auto-logon
Hiding the
password
Server
Retrieve credentialsfor the host-user pair
Credential Store(local or remote)
Audited connection paused untilgateway authentication is successful
Gateway authentication on SCB
Authentication onthe server using
data from theCredential Store
REAL-TIMEANALYSIS
///>1234 5678 9123 4567
>scp financial.db
Command detection
Screen-content detection
>cat cred
Window-title detection
17
Never reaches
other side
LICENSE // APPLIANCET1 T4 T10 VM
Single QuadCore CPU Single QuadCore CPU Dual 6-Core CPU n/a
8 GB 8 GB 32 GB n/a
1 TBSoftware RAID
4 TBHardware RAID
10 TBHardware RAID
n/a
Redundant PSU Redundant PSUSpare disk n/a
HA HA HA NO
10 -> 500Protected Hosts
10 -> 5000Protected Hosts
100 -> UnlimitedProtected Hosts
10 -> UnlimitedProtected Hosts
19
Benefits for the IT
Turnkey appliance for privileged user monitoring Centralized authentication & access control Faster and higher quality security audits Lower troubleshooting and forensics costs Fast deployment, low OPEX Easy scalability and HA option Direct 7/24 vendor support (option)
Benefits for the Business
Greater chance of passing supervisory audits Closer employee & partner control – verified SLAs Improved accountability of staff Reduced number of human errors Strong evidence in legal proceedings Enhanced security against human threats
Thank you for your attention!
Yves Van Tongerloo // Sales Manager Belgium|Netherlands|[email protected]