Date post: | 27-Jun-2018 |
Category: |
Documents |
Upload: | trinhnguyet |
View: | 215 times |
Download: | 0 times |
1
Security for the Heart of the Enterprise
Bogdan Tobol
Regional Sales Executive South - Eastern Europe
2
Privileged Accounts are Targeted in All
Advanced Attacks
Mandiant, M-Trends and APT1 Report
“…100% of breaches
involved stolen
credentials.”
“APT intruders…prefer to
leverage privileged accounts
where possible, such as Domain
Administrators, service accounts
with Domain privileges, local
Administrator accounts, and
privileged user accounts.”
3
Privileged Credentials are Everywhere
WiFi Routers, Smart TVs
Privileged Accounts
Routers, Firewalls, Hypervisors,
Databases, Applications
Routers, Firewalls, Servers,
Databases, Applications
Laptops, Tablets,
Smartphones
Power Plants,
Factory Floors
5
Power Plants,
Factory Floors
WiFi Routers, Smart TVs
Hijacked Credentials Put the Attacker in Control
Firew
all
Routers, Servers,
Databases, Applications
Compromised Privileged Accounts
Laptops, Tablets,
Smartphones
Enable attackers to:
• Bypass security controls & monitoring
• Access all of the data on the device
• Disrupt normal operation of the device
• Cause physical damage
Routers, Firewalls, Hypervisors,
Databases, Applications
6
Privileged Accounts are Targeted in All
Advanced Attacks
Avivah Litan, Vice President and Distinguished Analyst at Gartner, 2012
“Anything that involves serious intellectual property
will be contained in highly secure systems and privileged accounts
are the only way hackers can get in.”
8
CyberArk Delivers a New Critical Security Layer
PERIMETER SECURITY
PRIVILEGED ACCOUNT SECURITY
SECURITY CONTROLS INSIDE THE NETWORK
MONITORING
9
What is a Privileged Account?
Privileged
Accounts System
Administrators
Applications Select Business
Users
Social
Networking
Account
Managers
3rd Party & Service Providers
• Privileged accounts exist in every PC, database,
application, industrial controller, and more
• Typically a ~3X ratio of privileged accounts to employees
10
Solving The Privileged Account Security Problem
▪ Control & Accountability for
Privileged Users
▪ Monitor & Record Privileged
Activity
▪ Compliance Reporting
▪ Remote User Access Control
Audit &
Compliance
▪ Advanced, External Threats
▪ Insider Threats
▪ Securing Application Credentials
▪ Securing Shared Admin Accounts Threats
11
CyberArk’s Privileged Account Security Solution
REAL-TIME
THREAT
DETECTION
Privileged Threat Analytics
PROACTIVE
CONTROLS
Privileged
Threat
Analytics
Enterprise
Password
Vault®
Privileged
Session
Manager®
Application
Identity
Manager™
Viewfinity SSH Key
Manager
On-Demand
Privileges
Manager™
SHARED
TECHNOLOGY
PLATFORM
Web Management Interface
Master Policy
Secure Digital Vault™
Discovery Engine
PROTECT DETECT RESPOND
12
Network
Devices
Servers Mainframes
Databases Applications
Security
Appliances
Websites/
Web Apps Cloud
Infrastructure
Enterprise Password Vault
Enterprise Password Vault Enterprise Resources
Secure Storage
Password Rotation
*****
End Users
CyberArk Web Portal
13
Servers Mainframes
Databases Applications
Cloud
Infrastructure
SSH Key Manager
SSH Key Manager Unix/Linux Resources End Users
CyberArk Web Portal
Secure Storage
Key Rotation and
Distribution
Pub. Priv.
14
Network
Devices
Servers Mainframes
Databases Applications
Security
Appliances
Websites/
Web Apps Cloud
Infrastructure
Privileged Session Manager Layered with Enterprise Password Vault
Privileged Session Manager Enterprise Resources End Users
CyberArk Web Portal
Privileged Session
Manager
*Layered with Enterprise Password Vault
15
Network
Devices
Servers Mainframes
Databases Applications
Security
Appliances
Websites/
Web Apps Cloud
Infrastructure
Secure Storage
Password and SSH Key Rotation
*****
Type System
Accounts
Receivable
CRM
Human
Resources
Online
Booking
System
Application Identity Manager
Application Identity Manager Enterprise Resources Applications
WebSphere
WebLogic
IIS / .NET
Legacy / Homegrown
UserName = “app”
Password = “y7qeF$1”
Host = “10.10.3.56”
ConnectDatabase(Host, UserName, Password) UserName = GetUserName()
Password = GetPassword()
Host = GetHost()
ConnectDatabase(Host, UserName, Password)
16
Unix Linux
Target Resources
Windows
Server Windows
PC OS
On-Demand Privileges Manager
On-Demand Privileges Manager End Users
3. Validate policy
4. One-time access granted
User Privileges:
• Standard privileges
• Permitted elevated privileges
• Blocked privileges
1. Elevated privilege request sent
2. Authenticate user
17
Privileged Threat Analytics
Normal
Abnormal
ALERT:
SIEM & CyberArk
Behavioral Analysis
SIEM Solutions
Login Data
Target System
Data
GOALS:
• Find the signal in the
noise.
• Enable the SOC to
instantly locate the
most serious alerts.
Behavioral Analysis: Self-learning statistical
model based on a combination of patent-pending
algorithms, login data, and target system data
gathered from inbound SIEM integrations.
18
Anti Virus &
Content Filtering
Securing Access Into the ICS/OT Network
DMZ
Corporate
Network
DMZ firewall
ICS firewall
ICS
Network
UNIX
Servers Databases SCADA
Devices
Routers
& Switches
Windows
Servers
Third party
vendor
VPN
Web
Portal
Vault
Supervisor
PSM
Password Session
Recording
19
Discovery and Audit: Free Assessment Tool
DNA enables organizations to:
• Discover all their privileged accounts and SSH keys
• Understand the current state of their environment
• Use this actionable data to set a plan to reduce risk and become compliant
20
Comprehensive Controls on Privileged Activity
Protect privileged
passwords and SSH
keys
Lock Down
Credentials
Prevent malware
attacks and control
privileged access
Isolate & Control
Sessions
Implement continuous
monitoring across all
privileged accounts
Continuously
Monitor
Enterprise Password Vault SSH Key Manager
Application Identity Manager
Privileged Session Manager On-Demand Privileges Unix
Viewfinity Privileged Threat Analytics
21
CyberArk Overview
Approach privileged accounts as a security challenge
• Designed and built from the ground up for security
Trusted experts in privileged account security
• 2,500+ privileged account security customers
• More than 40% of Fortune 100
Twelve years of innovation in privileged
account controls, monitoring and
analytics
• First with vault, first with monitoring, first with analytics
• Over 100 software engineers, multiple patents
Only comprehensive privileged account
security solution
• One solution, focused exclusively on privileged accounts
• Enterprise-proven
1 2 3 4 5
30% GROWTH
40% GROWTH
56% GROWTH
56% GROWTH
22
IDC Names CyberArk the PAM Market Leader
“CyberArk is the PAM
pure-play “big gorilla”
with the most revenue
and largest customer base.”
SOURCE: "IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment”, by Pete Lindstrom , December 2014, IDC Document #253303