GOT PRIVILEGE? - THE PRIVILEGED CHALLENGE Adam Bosnian EVP America s and Corporate Development

Transcription

1 GOT PRIVILEGE? - THE PRIVILEGED CHALLENGE Adam Bosnian EVP America s and Corporate Development Digital Government Institute Cyber Security Conference June 3, 2010, Washington, DC

2

3 The Privileged Challenge? 3

4 The Privileged Challenge! The Insider Threat Childs City of SF Aleynikov - Goldman Makwana Fannie Mae Kerviel - SocGen 4

5 The Insider Threat: Some Hard Truths No. 1 security concern of large organizations is THE INSIDER THREAT (IDC Analyst Group) 33% of the crimes committed using shared accounts (CERT) 29% could not identify the individuals responsible for committing the crime (CERT) 50% of those with privileged access were no longer supposed to have it (Carnegie Mellon, DOD) 92% of all the insiders attacked following a negative work-related event like termination, dispute, etc. (CERT)

6 Privileged Identity Privileged Management Identity Management 101 Scope Used by Used for Elevated Personal Personal accounts w/ elevated permissions jsmith_admin IT staff Privileged operations Access to sensitive information Shared Privileged Accounts Application Accounts (App2App) Administrator UNIX root Cisco Enable Oracle SYS Local Administrators ERP admin Hard coded/ embedded App IDs Service Accounts IT staff System admins Network admins DBAs Help desk, etc Developers Legacy application Highly Powerful Difficult to Control, Manage & Monitor Hard-Coded, Unchanged Pose Devastating Risk if Misused Applications Scripts Windows Services Scheduled Tasks Batch jobs, etc Developers Emergency Fire-call Disaster recovery Privileged operations Access to sensitive information Online database access Batch processing App-2-App communication

7 The Holistic Privilege The Holistic Challenge Privileged Challenge Accounts Data Privileged Operations Permissions Processes Keys/Passwords Users

8 Privileged Users Privileged and Privileged Users and Privileged Accounts Accounts Privileged Account Management requirements Manage the credentials of Privileged Accounts Manage access control for sharing Privileged Accounts Manage Application/Service Accounts Audit and monitoring - accountability around usage of Privileged Accounts Privileged User Management Requirements Segregate and restrict super-user usage to lowest needed privileges Allow native users to elevate to a super-user mode Provide granular access control at the command level Audit and track super-user session activity Really are Two Sides of the Same Coin! Need to be managed consistently and coherently across the enterprise

9 Privileged Identity Privileged Management Identity Management Drivers Drivers Current Security Questions on Privileged and Application Accounts: Can you prove that you are protecting access to key accounts? Who is acting as System Administrator for this activity? Can you prove that John Smith s access to the Firecall ID was properly approved? Can you show me what Jill Jones did within his session as root last week? Have you removed hard-coded passwords from your web applications? Are you changing the Service Account passwords inline with company policy? Can you prove that you are protecting access to credit card information internally? PCI, SOX, NERC, BASEL & HIPAA are all diving deeper into Privileged Accounts and Sessions

10 The Cyber-Ark View : It s No Longer Just About Who It s No Longer Just About Who? WHO? remains the #1 audit issue from new prospects BUT It is only part of the challenge being highlighted by auditors today Aggressive requirements outside just Who and Heart-beat users WHAT? are people doing quickly moving up the priority ladder Increasingly cited and raised by Security and Audit personnel And can you STOP them? Embedded Application Identity challenge increasingly highlighted PCI (6.3.6) driving much of the activity

11 . It s No Longer Just on Servers... Copiers/Scanners/MFPs Point of Sale (POS) devices Laptops/Desktops running applications Application Encryption Key management Telephony/VOIP Systems Systems running remote sites eg - Grid stations Non-privileged Shared Accounts Mobile Devices Mainframes

12 Privileged Identity Management Best Practices 1. Identify key systems, applications and databases & their underlying privileged accounts 6. Receive alerts on inconsistent policy behavior, retrieve audit reports & session recordings 2. Manage who should have access to privileged accounts, leveraging existing settings from corporate directory 5. Implement processes to automatically apply the enterprise PIM policies & automate IT processes 3. Define policies, & workflows for privileged access to key systems 4. Secure the passwords in the Vault and simulate privileged account management

13 Cyber-Ark Solutions PIM Suite V6

14 The Privileged Holistic Challenge Solved! Privileged Accounts Privileged Users Privileged Sessions Sensitive Applications Compliance With Confidence Eliminate Insider Threats Improve Workforce Productivity

15 Why Cyber-Ark? Why PIM Cyber-Ark Suite V6 PIM Suite V6! The only integrated Privileged Account and Privileged User solution! Full lifecycle management for all aspects of privileged account management Single policy defines: Privileged account management rules (EPV) Privileged session monitoring rules (PSM) Granular access control for super-users (OPM) Integrated Privileged Account access workflows: Getting the password via PVWA Transparently connecting via PSM Natively using via OPM Central audit and reporting Central place to view audit reports and regardless of access method Privileged Session Recordings Digital Vault Built-in SOD (IT admins cannot access logs, change access controls) Tamper proof storage for audit / recordings

16 Why Cyber-Ark? : Widest OOTB Target Support Why Cyber-Ark? Widest OOTB Target Support

17 Why Cyber-Ark? : Enterprise Ready Integration Why Cyber-Ark? Enterprise Ready Integration 17

18 Why Cyber-Ark? Cyber-Ark Broad Synergy Industry Ecosystem Partnerships 18

19 Why Cyber-Ark? Undisputed Market Leadership The company has gradually expanded from its initial start as an enterprise vault for file and sensitive content sharing to assume a commanding position in privileged identity management (PIM) - Steve Coplan, April 2010 Cyber-Ark has one of the largest customer bases of the vendors included in this Market Scope and, because of its focus on enterprise customers the largest market share by revenue by a wide margin. - Ant Allan/Perry Carpenter, June 2009 Cyber-Ark is perceived as a leader in the rapidly expanding market for Privileged Access Management solutions. - Martin Kuppinger, 2010 Cyber-ark is at the top of the PIM market, based on product maturity & the number of customer deployments - Mark Diodati,

20 Cyber-Ark Snapshot Established in 1999, HQ in Boston, US Offices Worldwide Cyber-Ark selected by 7 of the 10 largest banks in the world Cyber-Ark selected by 1 of every 3 Fortune 50 Companies Proven Enterprise Class Solutions Award-winning Patented Vaulting Technology Worldwide alliances with leading distributors Cyber-Ark is perceived as a leader in the rapidly expanding market for Privileged Access Management solutions. - Martin Kuppinger, Digital ID Analysis & Evaluation, 2010 Strategic Partnerships

21 Federal Partner DLT Solutions Cyber-Ark Federal Team Account Executive: Mid-Atlantic Tom Rines (781) Channel Management: East Michael Wrightson (609) DLT Team Product Specialist Manager Steve Roesch Account Executive John Sourk (703) Account Executive Jonathan Doveala (703) Account Executive Mahtab Emdadi (703) Account Executive Rory Cobb (703)

22

23 got get Cyber-Ark! solution s!

24 got solution s!