Upload
raleigh-issa
View
164
Download
0
Embed Size (px)
DESCRIPTION
How to manage the security of privileged accounts.
Citation preview
1
Managing Privileged Account
Security
Chris Maroun
Regional Sales Engineering Manager – East Coast
2
Privileged Accounts Exist In Every Piece of
IT Technology
3
PRIVILEGE
Shared Admin Accounts
Application to Application
AccountsCloud
Accounts
4
Privileged Accounts are Targeted in All
Advanced Attacks
Mandiant, M-Trends and APT1 Report
“…100% of breaches
involved stolen
credentials.”
“APT intruders…prefer to
leverage privileged accounts
where possible, such as Domain
Administrators, service accounts
with Domain privileges, local
Administrator accounts, and
privileged user accounts.”
5
The Facts Speak for Themselves: You Will Be
Breached
There is no such thing as perfect security.
Attackers get smarter and change tactics all of the time.
Companies who have made responsible and sustained investments in IT continue to be compromised.
100% 94% 416 100%
Of victims have up-to-date
antivirus software
Of breaches are reported by third
parties
Median number of days advanced attackers are on the network before
being detected
Of breaches involved stolen
credentials
Mandiant, 2013
6
Systems Integration
Partners
Temporary Staff
Cloud Service
Providers
Off ShoreDevelopers
ContractorsInternal
Users
7
Systems Integration
Partners
External Attacker
Cloud Services
Off ShoreDevelopers
ContractorsInternal
UsersYou Need to Know!
Which One is the
Attacker?
Which One is
Authorized?
8
Four Critical Steps to Stopping Advanced Threats
Protect and manage privileged account credentials
Control, isolate and monitor privileged access and activity on servers and databases
Use real-time privileged account analytics to
detect and respond to in-progress attacks
Discover all of your privileged accounts
9
Privileged Account Security –
Now a Critical Security Layer
10
CyberArk’s Privileged Account Security Solution
Privileged
Threat
Analytics
Master Policy
Secure Digital Vault™
Enterprise
Password
Vault®
Privileged
Session
Manager®
Application
Identity
Manager™
On-Demand
Privileges
Manager™
Management Portal/Web Access
PROTECT DETECT RESPOND
11
Virtual
Servers
Unix/Linux
Servers
iSeries
MainframesWindows
Servers
zSeries
MainframeDatabases Applications
Network
Devices
Security
Appliances
Websites
& Web Apps
Unix AdminsWindows Admins DBAs VM Admins External
Vendors
Business
Applications
Auditor/
Security & Risk
I need the password to map a
drive
I need my service provider to connect remotely with root
I just need root to patch a database
I have this script that needs to run
as root every night
What are your root entitlements, who used it, when did
they use it and why?
Enterprise Account Usage today
What are your root entitlements, whoused it, when did
they use it and why?
12
Virtual
Servers
Unix/Linux
Servers
iSeries
MainframesWindows
Servers
zSeries
MainframeDatabases Applications
Network
Devices
Security
Appliances
Websites
& Web Apps
Unix AdminsWindows Admins DBAs VM Admins External
Vendors
Business
Applications
Auditor/
Security & Risk
I need the password to map a
drive
I need my service provider to connect remotely with root
I have this script that needs to run
as root every night
Great! Your access is approved and is
now controlled and monitored
I just need root to patch a database
EPV
Workflow
PSM
Workflow
AIM
Workflow
Monitoring &
Reporting Workflow
OPM
Workflow
Control the Access
13
How do we get there?
14
Map and Measure Privileged Account Risks with
CyberArk DNA™
Simple, three-step process Executive dashboard of results
15
CyberArk DNA Pass-the-Hash Vulnerability Map
16
System User Pass
Unix root
Oracle SYS
Windows Administrator
z/OS DB2ADMIN
Cisco enable
Vault
Enterprise IT Environment
Central Policy Manager
1. Master/exception policy definition
Security/
Risk Management
Enterprise Password Vault Infrastructure
EPV
Policy
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
Policy
17
Master Policy: “Native” language, simplified
management
Basic Policy rules-grouped by topic
Managing Exceptions andSeparating Basic and Advanced settings(including dependencies)
In-Line HelpFor quick answers
18
System User Pass
Unix root
Oracle SYS
Windows Administrator
z/OS DB2ADMIN
Cisco enable
Vault
Enterprise IT Environment
1. Master/exception policy definition
2. Initial load & resetAutomatic Detection, Bulk upload, Manual
Enterprise Password Vault Overview
EPV
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
tops3cr3t
lm7yT5wX5$aq+pTojsd$5fhy7qeF$1gviNa9%
Policy
Central Policy Manager
19
What happens next?
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Integration with SIEM and PTA
34
Security Dashboards
35
Privileged Threat Analytics
36
Access to Privileged Accounts During Irregular Hours
December 28th, 2012
February 13th, 2013
37
Privileged Threat Analytics
38
Privileged Threat Incident Details
39
Managing Privileged Account
Security
Chris Maroun
Regional Sales Engineering Manager – East Coast
Thank you!