© 2017 Security Current

Nikolay Chernavsky

Senior Vice President and Chief

Information Security Officer in the

Financial Sector

© 2017 Security Current

NIKOLAY CHERNAVSKY

Nikolay Chernavsky is an experienced information

security practitioner (CISO) in the financial sector,

responsible for developing cybersecurity strategies to

improve the information security posture of his

organization. Namely, he incorporates various threat

intelligence components to create risk-based, adaptive

information security controls in order to prevent and

proactively respond to cybersecurity threats.

Nikolay is the chairman of the FS-ISAC Mortgage Risk

Council and a governing body co-chair for Southern

California Evanta’s by CISO for CISO.

© 2017 Security Current

VERIZON:

Privilege misuse is one of 9

major incident classification

patterns

• 62% of all breaches featured

hacking, and of those, 81%

leveraged stolen and/or weak

passwords – giving the attacker the

same privileges as a trusted insider

© 2017 Security Current

In the wrong hands, your privileged accounts represent a major threat to your enterprise. A malicious actor can:

• Breach your data

• Commit unauthorized transactions

• Hide activity by deleting audit trails

• Cause Denial of Service attacks

0 5 10 15 20 25 30

Physical Theft and Loss

Point of Sale

Cyber-Espionage

Crimeware

Web App Attacks

Miscellaneous Errors

Everything Else

Privilege Misuse

Breaches

© 2017 Security Current

Financial and espionage are the two top motives accounting for 93% of breaches.

DBIR 2016 Report

© 2017 Security Current

Unix, and in particular

Linux, are very prominent

in financial systems

• The world’s leading stock

exchanges and financial

institutions started converting to

Linux a decade ago for the

additional security, stability and

flexibility the platform provides.

The largest exchange, the New York Stock Exchange

(NYSE) Euronext, is run on a Linux system that can

generate 1,500,000 quotes and process 250,000

orders every second, offering acknowledgments of

each transaction within two milliseconds.

© 2017 Security Current

The Challenges

• If it’s a privileged identity, systems can easily be compromised

SHARED IDENTITIES

• Processes need access to root level access to the system. Often passwords to these accounts are known to many people.

SERVICE ACCOUNTS BELONG TO

PROCESSES, NOT PEOPLE

• In order to maintain traceability each account must belong to a unique user.

REGULATORY REQUIREMENTS

DICTATE THE USE OF UNIQUE IDENTITIES

• Unix/Linux built-in tools are insufficient

THE SECURITY TOOLS MARKET IS FOCUSED

ON WINDOWS

© 2017 Security Current

PRIVILEGED ACCESS MANAGEMENT BOLSTERS SECURITY ESPECIALLY IN UNIX/LINUX SYSTEMS

• Segregation of accounts: one user per identity

• Assignment of least privileges provides a barrier

• Privilege escalation only through appropriate authorization

• Documented audit trail

• Discovery of accounts and access privileges

• Centralized management, policy and reporting

• The best password is the one that no one knows

© 2017 Security Current

WHERE TO START

• Understand the data you are trying to protect and what systems it resides on

• Segment your critical systems housing sensitive data

• Research the tools particular to your flavor(s) of Unix/Linux

• Select a few tools and do PoCs

• Strengthen controls with multi-factor authentication or adaptive authentication

© 2017 Security Current

WHERE THE PAM MARKET IS HEADEDWhat CISOs can expect to see in the privileged access market in

the near future

• More transparency into privileged access activities

• Tighter controls around privileged accounts

• Limited, time based privileged accounts

PowerBroker for

Unix and Linux

Comprehensive Unix & Linux Privilege

and Session Management to Protect

Your Most Critical Systems

Helicopter View – BeyondTrust Solutions

PowerBroker Auditor:

Audit for Active Directory

Audit for File Server

Audit for MS Exchange

PowerBroker Identity Services:

Single Sign On (AD Bridge)

Policy Mgmt for Unix/Linux/Mac via AD

Privilege Management:

PowerBroker for Windows & Mac

PowerBroker for Sudo

PowerBroker for Unix & Linux

Password Safe:

Password Management

Session Management

SSH Key Management

Application Management

Vulnerability Management:

Vulnerability Management

Patch Mgmt for Adobe, Java, etc

Analytic Reporting

PowerBroker for Unix & Linux:

• Eliminates the sharing of privileged credentials and delegate

permissions without exposing credentials

• Tracks, logs and audits activities performed on Unix and

Linux systems for compliance

• System level control provides powerful file and folder

controls, not just command line analysis

• Extends beyond Unix and Linux platforms, helping to reduce

risk across the enterprise

How does it work?

Advanced Control and Audit

PowerBroker for Unix & Linux controls access to files at the system

level, not at the command level. This provides advanced capabilities

such as:

❖ Auditing activities inside scripts

❖ Controlling file and folder

access, even for root

❖ Block malicious and

tampered binaries

9.4 Advanced Control and Audit Output:

Detailed Forensics and Reporting:

• Searchable Index

• Scheduled Reports

• Custom Reporting

• Single Events Window

Product Demonstration

Quick Poll + Q&A

Thank you for attending!