Privileged Administra0on Best Prac0ces :: September 1, 2015

Transcription

1 Privileged Administra0on Best Prac0ces :: September 1, 2015

2 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program Understanding the Landscape Scoping Ques0onnaire 3) Market Trends PxM Overview Vendor Space 4) Best Prac0ces 5) Cri0cal Success Factors Page: 2

3 Definition of need Current problem: Insider threat 55% of incidents was privilege abuse which is the defining characteris0c of the internal actor breach. We see individuals abusing the access they have been entrusted with by their organiza0on in virtually every industry. Verizon Globally 89% of respondents felt that their organiza0on was now more at risk from an insider a_ack; 34% felt very or extremely vulnerable. Vormetric Found half (52%) of employees see no security risk to their employer in sharing work logins. Insider Threat Persona Study Page: 3

4 Definition of need 2015 Vormetric Insider Threat Report When asked about who posed the biggest internal threat to corporate data, a massive 55% of respondents said privileged users, nine percentage points behind on 46% were contractors and service providers, and then business partners at 43%. Vormetric Page: 4

5 Definition of need 2015 Vormetric Insider Threat Report Databases, file servers, and the cloud hold the vast bulk of sensi0ve data assets, but for many (38%) mobile is perceived as a high- risk area of concern. Vormetric Page: 5

6 Definition of need Compliance to Regulations, Standards, Frameworks FFIEC, SOX, HIPAA Authoriza0on for privileged access should be 0ghtly controlled. PCI DSS Standards: Remove development, test and custom applica0on accounts, user IDs, and passwords before applica0ons become ac0ve or are released to customers Establish a process for linking all access to system components to each individual user especially access done with administra0ve privileges Implement automated audit trails for all system components for reconstruc0ng these events all ac0ons taken by any individual with root or administra0ve privileges COBIT 5 Framework General IT Controls for privileged accounts which include provisioning, de- provisioning and access review Page: 6

7 Capabilities Overview What exactly is a Privileged Account? Root, superuser, administrator, system, or service accounts, emergency account, or plain user accounts with excessive privilege. These accounts may be anonymous, shared, hard- coded and seldom changed, a challenge to track or audit. What are risk surrounding Privileged Accounts? Privileged accounts allow unrestricted access with li_le or no tracking; may violate principle of least privilege, and can place business cri0cal systems at risk if lej un- managed What is Privileged Account Management? They are tools and techniques for gaining control over the use of privileged accounts. Tools and techniques include password check- out mechanism, command filtering, and session monitoring What is PxM? Privileged Account Management Privileged Access Management Privileged Iden0ty Management Privileged User Management Page: 7

8 Privileged Account Management Iden0ty and Access Management Lifecycle SAPM SUPM PSM AAPM Shared Account Password Management Super User Privilege Management Privileged Session Management Applica0on to Applica0on Password Management DATA ANALYTICS Page: 8

9 SAPM: Shared Account Password Management Solu0ons that fall into this category will provide an encrypted and hardened password safe or vault for storing creden0als, keys and other secret informa0on. SAPM products will control access to shared accounts, allowing authorized users to access them. Ideally, these users will not see the actual passwords. Page: 9

10 SUPM: Super User Password Management SUPM tools work by allowing certain commands to be run under elevated privileges, or by restric0ng commands that can be executed. A common example - the "sudo" command on many UNIX and Linux systems, or the "run as" command for Microsoj Windows. These commands allow a user to run a command under the privilege level of another user (typically of an administrator or superuser). Vendor implementa0on control versus complexity Kernel based Host based Gateway based Page: 10

11 PSM: Privilege Session Management Session establishment and session recording Start recording beginning- to- end of session or when the user starts execu0ng privileged commands. Real- 0me visibility and aler0ng Session recording and live monitoring of privileged sessions. Managers or administrators can intervene or even terminate the session if necessary. Page: 11

12 AAPM: Applica0on to Applica0on Password Management AAPM tools are add- ons to SAPM tools, and are used to eliminate hard- coded passwords or creden0als stored in configura0on files. Creden0als are pulled from the vault using a proprietary interface provided by the PxM vendor. These interfaces are usually in the form of APIs, sojware developer kits (SDKs) and command line interfaces (CLIs), and require applica0ons or scripts to be modified. Page: 12

13 Preparing your PxM Program Understanding the Landscape SaaS PaaS IaaS Page: 13

14 Market Trends Emerging COTS Market ~ 20 vendors Niche players - Best- of- breed - full suite Capabili0es are rapidly expanding Variances in TCO and technical extensibility Requires focused analysis Define Use Cases 1 st Vendor Selec0on 2nd Page: 14

15 COTS Solu0on Scorecard Functional,Capabilities Technical,Capabilities Usability Business,Performance Top,5,Vendor, Solutions SAPM SUPM PSM AAPM Integration API, Extensibility Scalability,&, Performance Administration Market, Position Sustainability CA CyberArk Dell NetIQ ManageEngine Top$5$$Solu)ons$per$Weighted$Scores$ SAPM" " Sustainability" 80" SUPM" " CA" Market" 40" PSM" CyberArk" Posi4on" " " Dell" Administra4on" AAPM" 40 NetIQ" Scalability"&" Performance" API" Extensibility" Integra4on" ManageEngine" Tailor criteria to meet your unique needs Apply weight to designate priority Emerging space; vendors are rapidly expanding/strengthening their capabili0es Page: 15

16 Cri0cal Success Factors 1) Solicit adequate representa0on across Compliance, IT, Opera0ons, Security 2) Understand linkage to upstream/downstream IDLM and SIEM processes and solu0ons 3) Ar0culate desired PxM outcomes 4) Perform solu0on evalua0on/rfp ajer defining Use Case Scenarios 5) Promote project objec0ves: Effec0ve communica0on is key 6) Rou0nely align PxM milestones within context of Informa0on Security and IAM Program Roadmaps 7) Involve Admins early Bo5om Line: Evolving PxM in context of broader Informa>on Security program will yield sustainable control objec>ves Page: 16

17 Best Prac0ces Founda0onal 1. Ensure exis0ng access privileges are properly aligned with current job roles 2. Enforce principle of least privilege fine- grained access 3. Ensure the segrega0on of du0es 4. Do not share user creden0als 5. Know why the privileged account exists. 6. Know who is accountable for its existence. 7. Document who approved it and why. 8. Periodic review of the privileged accounts 9. Do not reuse sojware accounts 10. Eliminate hard coded passwords Page: 17

18 Best Prac0ces PxM Technology 1. Discovery and profiling for PxM accounts prior to building the architecture ~ categorize 2. The PxM system a. Protect the keys to the creden0al vault b. Must be configured for high availability and failover (loca0on, access, etc.) c. Ensure no single point of failure 3. Premise of PxM password management a. Password change process should be protected against race condi0ons b. Time limit access - can be configured to change every 24 hours c. Should not be changed when in use by users or programs 4. Make use of session monitoring with full playback 5. Integrate with repor0ng and analy0cs to gain greater insights Page: 18

19 Resources CW_GlobalReport_2015_Insider_threat_Vormetric_Single_Pages_ pdf Privileged_Identity_Management.pdf Page: 19

20 About Clango Consul1ng organiza1on specializing in Iden1ty and Access Governance Services IAM Ra0onaliza0on Strategy & Planning Solu0on Evalua0on Architecture Integra0on Func0onal Enhancements Profile years of IAM specializa0on - Vendor- Neutral Analysis - Proven Methodologies - - Enabled 100 s of IAM deployments interna0onally Technology specific deep exper0se in partner products Capability Exper0se Access Governance Role Lifecycle Management Cer0fica0ons Iden0ty Lifecycle Management User & Account Provisioning Authen0ca0on Services Federa0on/SSO/TFA Adap0ve Authen0ca0on Privileged Access Administra0on Technology enhancements Iden0ty Func0onal Enhancements Solu0on Coverage RSA NetIQ Oracle ForgeRock CyberArk Page: 20

21 Commercial 7701 France Avenue, Suite 400 Edina, MN Federal 2107 Wilson Blvd, Suite 100 Arlington, VA 22201