Yves Van Tongerloo // Sales Manager Belgium|Netherlands|Luxembourgyves.van.tongerloo@balabit.com

15 years in network security

Global leader in privileged user monitoring and log management

+30% annual growth in the last 5 years

1 million (!) installations worldwide

Half of Fortune50 among clients

Headcount: 170 60% developers and system engineers

Global partner network 100 partners in 40+ countries

THE SYSLOG-NG COMPANY

Partnerships & Certifications

ISO 9001:2009 certified company

Awarded to Deloitte Technology Fast 50 CE List (2009-2013)

Appliance performance validated by West Coast Labs (leading test facility, US)

SCB in TOP25 Must Have Software Applications by Computer Technology Review

Citrix Ready PLUS Partner

VMware Technology Alliance Partner

Microsoft Communication Protocol Program (MCPP) Partner

Lieberman Technology Integration Partner

Thycotic Technology Alliance Partner

TELCO / IT

REFERENCES ///

FINANCE

6

OTHER INDUSTRIES

New Trends - New Human Threats

„50% of enterprises use hybrid cloud by 2017”

„87% of connected devices sales by 2017 will be

tablets and smartphones”

„1 in 5 enterprises have experienced an APT attack”

Privileged User Fraud

88% of all internal misuses are caused by privilege abuse

71% of all internal misuses are made via LAN access (21% via remote access)

Use of stolen credentials was the top threat action in 2013

Only 1% of security incidents are discovered through log reviews*

* Source: Verizon 2014 Data Breach Investigations Report

SHELL CONTROLBOX

9

CONTROLMONITORINGPREVENTION

9

TRANSPARENTPROXY SOLUTION

USESTANDARD TOOLS

10

IT Staff

Outsourcing partners

Managers

SSH

RDP, VNC

Firewall,Network devices,

Databases,Web/file servers,

Citrix serverVDI users

HTTP, Telnet

SSH

RDP, VNC

Citrix

HTTP, Telnet

Citrix

IT Staff

Outsourcing partners

Managers

SSH

RDP, VNC

Firewall,Network devices,

Databases,Web/file servers,

Citrix serverVDI users

HTTP, Telnet

NO AGENTS

11

SSH

RDP, VNC

Citrix

HTTP, Telnet

Citrix

TRANSPARENTPROXY SOLUTION

TRANSPARENTPROXY SOLUTION

TAMPER-PROOFEVIDENCE

12

IT Staff

Outsourcing partners

Managers

SSH

RDP, VNC

Firewall,Network devices,

Databases,Web/file servers,

Citrix serverVDI users

HTTP, Telnet

SSH

RDP, VNC

Citrix

HTTP, Telnet

Citrix

GRANULAR CONTROL

ENHANCEDAUDIT

EASY DEPLOYMENT

MULTI PROTOCOL

TRANSPARENT

INDEPENDENT

PROXY GATEWAY

4 EYES

AUTOLOGON

CHANNEL CONTROL

FILE TRANSFER

ANALYZEREAL TIME

BLOCKING &

ALERTING

MALICIOUS

ACTIONS

MOVIE-LIKE PLAYBACK

FULL-TEXT SEARCH

PCAP EXPORT

FILE RETRIEVAL

KEY // BENEFITS

13

Our Key Customers Say

Purchasing Drivers

Compliance International standards

Local legislation

Company policy

Security Monitor IT staff

Control outsource & cloud admins

Audit terminal services users

Operational Efficiency Fast Troubleshooting &

Forensics

Quick audits

Telenor Group Challenge: Control third-party providers’ (encrypted) access to critical network zones

Solution: Monitoring encrypted (SSH) administrative sessions by SCB

Benefit: transparent audit of a key admin protocol that otherwise is inaccessible to audit.

Central Bank of Hungary Challenge: Enhancing the protection of the mission-critical currency-system

Solution: SCB to audit IT operators working in VMware View (thin-client) environment

Benefit: Increased accountability of the banking IT staff

Ankara University, Turkey Challenge: Prevent another data loss on externally managed servers Solution: SCB to control and monitor remote desktop (RDP) and SSH connections of

externally supported servers Benefit: Mitigated risk of data loss in IT outsourcing processes

Use Cases – Securityhttps://www.balabit.com/company/references

Leading bank, Germany Challenge: The bank’s ATM network broke down due to a wrong command

executed by a remote ATM admin

Solution: Record all actions of ATM admins by SCB

Benefit: By searching & replaying the relevant working session, the bank identified and solved the problem in hours.

Major mobile provider, Russia Challenge: The provider’s mobile network partially stopped after a junior operator

misconfigured a critical network router

Solution: Record all actions of network operators by SCB

Benefit: By replaying the relevant session, the provider identified the problem and restored the network rapidly.

Use Cases – Operational Efficiencyhttps://www.balabit.com/company/references

Use Cases – Compliancehttps://www.balabit.com/company/references

Fiducia IT AG – financial IT services provider, Germany

Challenge: Audit administrative access to private banking information to comply with BaFin requirements

Solution: SCB monitors all internal & external administrative access to data center (8,000 UNIX/ Linux servers)

Benefits: Smoothly passing supervisory audits

SIA SSB Group - financial provider, Italy

Challenge: Audit access of 200 administrators’ to credit card data for PCI DSS compliance Solution: SCB controls and monitors the administrators’ sessions to sensitive servers Benefit: Full compliance with PCI DSS w/o business disruption

Major telecommunication provider, Taiwan

Challenge: Audit remote accesses to the 3G network infrastructure for ISO 27011 compliance Solution: SCB monitors remote access of internal and external network operators Benefit: Full compliance with ISO 27011 and with company access policies.

CONTROL4-EYES

///

15

Authorizer Auditor

Real-T

ime

FollowAuthorization

SHAREDACCOUNTS

///External IMAD / LDAP …

WHO?

16

Serve

r

auth

entic

ation

Gat

eway

auth

entic

atio

n

Client

Server side

auto-logon

Hiding the

password

Server

Retrieve credentialsfor the host-user pair

Credential Store(local or remote)

Audited connection paused untilgateway authentication is successful

Gateway authentication on SCB

Authentication onthe server using

data from theCredential Store

REAL-TIMEANALYSIS

///>1234 5678 9123 4567

>scp financial.db

Command detection

Screen-content detection

>cat cred

Window-title detection

17

Never reaches

other side

LICENSE // APPLIANCET1 T4 T10 VM

Single QuadCore CPU Single QuadCore CPU Dual 6-Core CPU n/a

8 GB 8 GB 32 GB n/a

1 TBSoftware RAID

4 TBHardware RAID

10 TBHardware RAID

n/a

Redundant PSU Redundant PSUSpare disk n/a

HA HA HA NO

10 -> 500Protected Hosts

10 -> 5000Protected Hosts

100 -> UnlimitedProtected Hosts

10 -> UnlimitedProtected Hosts

19

Benefits for the IT

Turnkey appliance for privileged user monitoring Centralized authentication & access control Faster and higher quality security audits Lower troubleshooting and forensics costs Fast deployment, low OPEX Easy scalability and HA option Direct 7/24 vendor support (option)

Benefits for the Business

Greater chance of passing supervisory audits Closer employee & partner control – verified SLAs Improved accountability of staff Reduced number of human errors Strong evidence in legal proceedings Enhanced security against human threats

Thank you for your attention!

Yves Van Tongerloo // Sales Manager Belgium|Netherlands|Luxembourgyves.van.tongerloo@balabit.com