With Great Power comes Great Responsibility: Managing Privileged Users

Transcription

1 With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer

2 Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence Segregation of Duties How can this be implemented? The Vormetric Platform Questions?

3 What is a Privileged User? Privileged users are; Privileged user accounts designed to perform system wide operations Commonly referred to as System Administrator or root. 3 Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

4 Why do root privileges matter? Analysis of breaches 100% of breaches involve stolen credentials 94% of records are stolen from servers 66% of data stolen is at rest Impact (PSN CoCo)..Privileged accounts should only be used for activity that requires that level of privilege. Many attacks enable an attacker to run code in the context of the currently logged in user. If that user account is privileged, the impact is higher. An attacker, having gained a foothold within a network, will seek out privileged accounts. If these accounts are poorly controlled, the attackers task becomes easier..

5 How does a privileged user have visibility into sensitive data? Take Ownership SU The root user can simply change the Access Control List (ACL) The root user can switch user to become the account that has access to the sensitive data SUDO The user can switch to the root account to perform the actions mentioned above Mount the disk From another location

6 Different methods of control Monitoring OS level monitoring, keystroke logging etc. Privileged Account Management The ability to checkout the root account with a single use password Policy Based Evaluation Tools that allow a user to elevate to a privileged user on a per command basis None of these controls stop the privileged user just how a person becomes the privileged user

7 What do Vormetric Provide? Access Policies and Privileged User Control Fine-grained control to determine who can access specific data in order to block privileged users such as root as well as Advanced Persistent Threats (APTs). Encryption and Key Management Lock down data using strong industry approved coupled with a security appliance for key and policy management Security Intelligence Compliance reports and continuous monitoring provide visibility and sophisticated analytics on access to sensitive data 7 Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

8 How does this help control Privileged access? Stop System Administrators from seeing file content Content is encrypted Lock down access to a specific process Only an approved binary running as a specific user can access sensitive data We look at the full user chain If root uses SU to switch accounts, Vormetric will deny access, even if the account that they switched to is normally granted access in the policy We overlay Access Control Lists (ACL) We can deny roots request to change permissions

9 Security Intelligence Log all access to information (permitted/denied) See when accounts are trying to side step the access policy

10 Segregation of Duties and Data Enterprise Administrator Official Domain Administrator Secret Domain Administrator Key Custodian Policy Manager Host Admin Audit Role Key Custodian Policy Manager Host Admin Audit Role Top Secret Domain Administrator Key Custodian Policy Manager Host Admin Audit Role Domains can be location, business unit, customer, department Separation of roles for key management, security controls, encryption and audit

11 What is the benefit? Reduce the number of people and processes accessing your data only those who need to know Fewer people and processes mean less risk Eliminate the inherent powers of privileged users Allows these users to do their jobs without the need to know and without any impact to their user experience Sysadmins do not need to know Lower risk of leaked data By removing commonly used methods to steal or leak data Audit & Report on all access to sensitive data Malicious users make more noise protective & detective control

12 Questions? Darren Harmer Systems Engineer

13 The Vormetric Data Firewall Policy-based security controls around the data itself Using Firewall like rules Criteria & Effect, to control access to your data Enforcement across physical, virtual and cloud environments Access Policies and Privileged User Control Block privileged users like root from viewing data and thwart APTs Fine-grained control to determine who can view specific data Encryption and Key Management Lock down data using strong, highly performing, industry approved algorithms Simple to use, centralized and hardened key management appliance Security Intelligence Log all access and attempted access to what matters the data Provide real-time auditing on who is accessing protected data where and when Automation Automatic installation and initial configuration of Vormetric Data Firewall Dynamically adjust policy based on real-time threats and anomalies Multi-Tenancy Secure data in commingled, multi-tenant environments Enable end customers to control keys and policies specific to their own data Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

14 Admin Dirk Snowman imitated user steve attempted a read this file and was denied access because he violated this policy