Privileged Activity Monitoring

Size: px
Start display at page:

Download "Privileged Activity Monitoring"

Transcription

1 GUARDING YOUR BUSINESS The Essential Guide to Privileged Activity Monitoring Introduction to Privileged Access Challenges and Privileged Activity Monitoring as a Solution

2 Content Content...2 About this Guide...2 Who are the Privileged Users?...3 Key Security Risks related to Privileged Users...4 Business Challenges...5 Control Internal IT Staff...5 Control Third-party Providers...5 Comply with Regulations...6 Improve Troubleshooting & Forensics...6 Most Affected Sectors...7 Telecommunications...7 Cloud- and Managed Service Providers...8 Finance...9 Government...10 Other Industries...10 The Solution Privileged Activity Monitoring...11 Different Vendors Different Approaches...12 Monitoring and replaying user sessions...13 Best Practices...14 Summary...15 Learn More...16 BalaBit Shell Control Box - A Leading PAM Tool...16 About BalaBit...16 About this Guide One of the greatest challenges of IT is to prevent privileged users from doing things in systems which are not allowed. While the activity of a web-site visitor is well-limited, the same is not true for an employee and certainly not for a system administrator of the company. The freedom of users grows with their access level - the higher rights they have in IT systems, the more risk they carry for the company. Privileged Activity Monitoring (PAM) tools control and monitor the access of privileged users to critical IT assets. This guide provides an easily understandable overview about PAM. It defines the key capabilities of PAM solutions and its benefits for you and your customers. It also examines the key privileged user-related challenges which various industries face. Last but not least, you will learn best practices in order to mitigate the risks related to privileged users, and how to successfully utilize a PAM solution. Regulatory compliance, IT outsourcing as well as advanced cyber-attacks force companies to increase supervision of their privileged users. Implementing a solution to mitigate the risks of privileged activities is one of the toughest jobs for IT leaders today. We believe that this guide is a valuable tool to help IT and security managers to overcome these challenges. 2

3 Who are the Privileged Users? A privileged user refers to any type of user or account that holds special or extra permissions within the enterprise systems. Wikipedia Bank of New York reported that a sub-contractor computer technician has stolen over $1 million by using identity theft of employee data - New York Times A network administrator has allegedly locked up a multimillion-dollar computer system for the city of San Francisco that handles sensitive data, and he is refusing to give police the password. The administrator made changes to the city s Fiber WAN (wide area network), allegedly rendering it inaccessible to other administrators. He also set up devices to gain unauthorized access to the system - PC World An inexperienced operative erased a massive swathe of information during a routine software upgrade for the Royal Bank of Scotland and its subsidiaries... The worker was understood to have been part of a team recruited in Hyderabad after the bank laid off more than 20,000 UK staff and outsourced work abroad Mail Online Nowadays, the news is full of similar cyber-attacks conducted by privileged users or users getting access to privileged accounts. But who are privileged users actually? At first thought, you may think the answer is simple: IT administrators. Actually, privileged users cover not just administrators, but a much wider group of identities within an enterprise. According to the definition of Wikipedia a privileged user refers to any type of user or account that holds special or extra permissions within the enterprise systems. Privileged users can be categorized into the following types: 1 2 Users Accessing Shared Administrative Accounts shared administrative accounts exist in virtually every device or software application. Some examples are the Administrator user on Microsoft Windows, the root user on UNIX/Linux, or the SYS account on Oracle. These accounts hold superuser privileges and are often shared among IT staff, for example among system administrators or network admins. Users Accessing Privileged Personal Accounts privileged personal accounts are powerful accounts that are used by business users and IT personnel. These accounts have a high level of privilege and their use (or misuse) can significantly affect the organization s business. Some examples are the CFO s user, or the Database Administrator (DBA) users. Users accessing these accounts are typically business or IT managers. How privileged users typically work? System administrators and other privileged users have a remote connection to servers via their own desktops. By means of the communication standards (protocols) used, they see the same screen as if they were actually sitting in front of the monitor connected to the server, whereas the accessed computer may as well be in another part of the world. Nowadays large datacenters are distributed in different regions of the world. Large companies have fewer datacenter locations and the various business departments (IT, HR, customer service, sales, finance, etc.) often operate in another country. Therefore remote IT resource access is the de-facto standard. 3 4 Users Accessing Emergency Accounts (also called fire-call IDs or break-glass users) emergency accounts are special generic accounts used when elevated privileges are required to fix urgent problems, such as in cases of business continuity or disaster recovery. Access to these accounts frequently requires managerial approval. Users accessing these accounts are typically administrators, help-desk people, or IT operators. Users Accessing Sensitive Business Systems At companies, there are several special employees who can access and manage sensitive data stored in key applications, such as the SAP or the financial system. Some examples are the accountants, the HR managers, or the customer service employees. As you can see, beyond IT administrators there are several other users in the IT environment which have highlevel privileges. To increase the problem, often several employees share the access to these high-level accounts making it difficult to track actually who was using the account at the time when an incident happened... 3

4 Key Security Risks related to Privileged Users 78% of large organizations were attacked by an unauthorized outsider in the UK, in Information Security Breaches Survey 2013 Business users accessing sensitive data Privileged users are a potential security risk in many situations. At most companies, users at different organizational levels have the possibility to directly access and manipulate the most sensitive information, such as CRM data, personnel records or credit card numbers. These users can vary from legal department employees, through HR managers to accountants and customer service people. Through data loss or leakage incidents, these business users can cause great damage to the reputation of your company. Cyber threats: privileged accounts under attack Privileged accounts have emerged as the primary target for cyber criminals and have been exploited to perpetrate some of the most devastating cyber-attacks and data breaches in recent years. Today, these cyber-attacks are so customized and sophisticated, that they can easily bypass the traditional protection lines. APT (Advanced Persistent Threat) intruders prefer to leverage privileged accounts where possible, such as Domain Administrators, local Administrator accounts, service accounts, or privileged user accounts. For example, online attackers have recently penetrated the U.S. Department of Energy (DOE) network and obtained copies of personally identifiable information pertaining to several hundred of the agency s employees and contractors. Superusers accessing everything Beyond privileged business users, there are several superusers, such as administrators, IT contractors or C-level managers, who practically have unrestricted and uncontrolled access to the information assets of your company. While most employees are trustworthy, there are always employees who abuse the trust placed in them, and superusers are no exception. These users can intentionally - or accidentally - perform harmful actions in your IT systems that can cause great damage to your business. The above news about a sub-contractor technician who has stolen $1 million from the Bank of New York is just one from the many examples. Insufficient monitoring of user actions In many cases business applications such as legacy systems or custom developed applications are not capable of sufficient logging. Although, log management and SIEM tools are good at presenting event data, but they have also limitations such as: Hundreds of critical security event types (e.g. configuration of firewall rules) are not logged at all. Those events that are logged typically do not show what was really done. Many times, the logs only show obscure technical details about security events. Consequently, traditional logging has limitations in tracing what your users do in the applications; moreover, a skilled administrator (or attacker) can manipulate the logs to cover his tracks. As the monitored user can compromise the logs, this information source is inadequate for reliable monitoring of privileged users. Figure 1: The key security challenge related to privileged users 4

5 Business Challenges Control Internal IT Staff 74% of the IT staff have already misused the company s IT system, and could have lost their job, if a video recording would have proven their wrongdoing. BalaBit IT Professionals Survey, 2011 System administrators are the most powerful users in an IT environment. Although these users typically sit at the bottom of the organizational hierarchy, they have very high or even unrestricted access rights to operating systems, databases and applications. Having superuser privileges on servers, administrators have the possibility to directly access and manipulate your company s sensitive information, such as financial and client data, or HR records. In contrast, their accountability is low, as they have several opportunities to mask their activities. Typical security risks with IT admins include: Sharing administrative passwords - in many cases IT personnel access the same privileged account and all of them knows the password, which cannot be treated as secure. The Password 2011 Survey of Lieberman Software Corporation revealed that 42% of IT staff shares passwords to access systems or applications in their organizations. This risk greatly increases when an administrator leaves the organization or changes role, and the shared passwords are not changed. Bypassing company policies - BalaBit surveyed 200 IT professionals which revealed that nearly half of them have made exception rules in the firewall to bypass the IT policy. Control Third-party Providers Do you have a private address, like Gmail or Yahoo? How do you know that the administrators of the provider do not read or tamper your mails? In a global environment, IT responsibilities are inevitably connected to outsourced departments, hosting or cloud providers. These third parties are essential to business and IT operations. Among others, they may operate your network infrastructure, maintain your web site, provide or CRM services (salesforce.com), or host your ERP application. Using such services also means that your organization is willing to trust the administrators of this external company with all its data (for example, private and business s, customer information, and so on), or even with the operation of business-critical systems. Typical methods for providing third party access include VPN or jump hosts. These solutions provide firewall rules, but they lack granular access control options. In addition, controlling the activity of external administrators with traditional methods (for example, with internal policies) is quite difficult. Giving responsibility to an IT service provider is always a security risk. You may control the partnership with your vendor with a contract, but monitoring their employees is hardly manageable with a standard Service Level Agreement (SLA). Actually, companies do not have a reliable and easy-to-use solution for validating SLAs and verifying billable activities. Measuring Key Performance Indicators (KPI) such as response times or restricting external administrator access is also a challenging exercise. That is the reason why it is essential to monitor thirdparty access - to know what outsourcing partners do when they connect to your systems. Leaking data - 29% of respondents surveyed by BalaBit have taken home company data and 25% have looked into confidential files (for example, list of salaries). Hiding traces - 15% have already deleted or modified system log files (in order to hide or destroy evidence). External developers, including independent software vendors (ISVs), contractors, or application management providers are a specific group of third-party providers. They require connection to corporate network, can remotely manage business-critical applications and as privileged users they have the possibility to access your sensitive financial databases or customer records. Consequently, giving responsibility to a third-party developer is also a security risk. Top 6 list of most popular naugthy acts committed by admins Source: BalaBit IT Professionals Survey, 2011 DOWNLOADING ILLEGAL CONTENT 54% BREAKING FIREWALL RULES 48% DATA THEFT 29% ACCESSING SENSITIVE DATA 25% READING OTHERS MAILS 16% DESTROYING EVIDENCE 15% 5

6 Business Challenges Comply with Regulations Regulatory compliance is concerned with laws that a business must obey, or risk legal sanctions, up to and including prison for its officers. Gartner Improve Troubleshooting & Forensics 36% of the worst security breaches in the year were caused by inadvertent human error. Information Security Breaches Survey 2013 Compliance is becoming increasingly important in several industries - laws, regulations and industrial standards mandate increasing security awareness and the protection of customer data. Regulations like the Sarbanes- Oxley Act (SOX), the Payment Card Industry - Data Security Standard (PCI-DSS), ISO 27001, or the EU Data Protection Act all mandate the strict protection of sensitive information - be it personal data, credit card data, or financial information. For example: $ SOX mandate CEOs COBIT, among others, The PCI DSS ISO27001 references and CFOs to certify requires security references a need controls for monitoring that all financial data monitoring, to audit access to system use, provided to the auditors change management cardholder data and controls for system is accurate and have and securing data the need to implement administration and not been modified. controls which an access control operations, and the If a firm fails an audit, necessitate the ability system. management of management can even to monitor user activity security incidents. be sentenced to prison and resource access. in case of serious infringements. Consequently, companies have to increase the auditability of their business processes, including the activity of privileged users. Sensitive customer data is usually stored in a database on a central server (perhaps in the cloud), and is accessible only via dedicated applications, such as accounting software. However, this server has to be accessible also by IT administrators for maintenance reasons. Having superuser privileges on the system, these administrators have the possibility to directly access and manipulate the database, and possibility to erase the traces of such actions from the logs. In addition, with standard log collector applications only limited data can be collected: for example, IT auditors would miss critical actions like viewing or manipulating sensitive data by unauthorized personnel. Missing items from the log collection system result in many question marks when an incident occurs. Therefore, organizations must find a reliable solution to be able to audit the actions of their privileged users in order to ensure compliance. The simple question Who did what on our server? is one of the toughest questions to answer in IT today. When something wrong happens, everybody wants to know the real story. For example, when you have to investigate a remote-access incident, the correlation of logs might be necessary between the desktop PC, the firewall, and the accessed servers. Analyzing thousands of text-based logs can be a nightmare and may require the participation of costly external experts. In many cases, computer forensics at larger companies is performed by local Computer Emergency Response (CERT) or Computer Incident Response Teams (CIRT). However, without reliable recording of administrative and privileged access to servers, the investigation of incidents becomes expensive and circumstantial. System management tools are improving the ability of companies to handle system errors, but the solution to human error, the number one cause for server downtime, remains elusive. Without recording the user sessions, the question of who did what and when? is almost impossible to answer, and often leads to accusations along with time and money wasted on investigating the incident. To avoid this, a tamper-proof session-recording solution should be used. 6

7 Most Affected Sectors Telecommunications A telecommunications company has been accused of using leaked identity credentials to poach Telecom New Zealand customers in a breach that mirrors a similar theft which hit Vodafone Australia weeks earlier. zdnet.com Protecting client and billing data Telecommunication firms possess and must control access to several types of sensitive data, including private customer data, employee records, and company financial information. Not only do service providers maintain large databases containing demographic and transactional data, they also possess massive amounts of usage data information in the form of Call Data Records (CDR) and Internet Traffic and Transaction Data (IPDR). With large numbers of employees, service providers must manage and record access to this sensitive information. Complex, interconnected networks Telecommunication firms operate complex, heterogeneous network environments which are difficult to monitor. They need different monitoring products for different platforms which can be expensive and complex. Larger providers have tens of thousands of servers and networking devices managed by countless external and internal system administrators. Their activity cannot be fully traced or controlled with traditional solutions. For example, an accidental misconfiguration of a mission-critical router can cause a serious service outage. Compliance challenges Telecommunication providers are increasingly subject to data protection regulations from a variety of organizations ranging from the Payment Card Industry (PCI), to governmental agencies, such as the European Union and its Data Retention Directive. Publicly traded US-based telecom companies must also comply with Sarbanes-Oxley (SOX). Laws and standards prescribe keeping clients sensitive data safe and the deployment of a system that does not allow traceless modification of critical information, thus protecting the clients interests. 7

8 Most Affected Sectors Cloud- and Managed Service Providers Gartner predicts that from 2013 through 2016, $677 billion will be spent on cloud services worldwide. Strict measures to keep reputation Amazon, Google, Salesforce.com, Rackspace, and other similar companies are all raising cloud providers, which increasingly affect the IT and business operations of companies. However, these providers, as partners, are expected to provide proactive security solutions and specialized expertise. Damage done by a malicious insider, such as a cloud administrator might be extremely rare, but far more devastating than in a regular computing environment. Therefore, special precautions must be taken to prevent such damage. These precautions should include strong authentication, authorization and the rigorous recording of the actions of the cloud administrators. Brand image and reputation are precious assets in the Managed Service Provider (MSP) and Cloud Service Provider (CSP) sectors. Even minor performance issues, delays or downtime can result in irreparable damage to their reputation. Accountability issues Just like in traditional IT outsourcing, using the services of a cloud provider requires the customer to give up control over his IT infrastructure. Every action a Cloud Service Provider (CSP) performs on its customers servers can trigger playing the blame-game. Consequently, to reassure their customers, CSPs should make the IT management and maintenance more transparent and auditable by the customers. This should include recording complete administrative sessions affecting the part of the cloud infrastructure used by the customer and if requested making these accessible to the customer. If activities can be investigated, most potential attacks from inside are prevented just by the mere existence of the monitoring solution providing objective proof of all events, and CSPs can eliminate the shadow of doubt about their operation. SLA verification Without the possibility to oversee CSP/MSP administrators, the evaluation of their effectiveness is also a challenging exercise. The control over SLA is also a problem, as there is no reliable solution in the hands of a CSP to justify its Key Performance Indicators (for example, response times) and billable activities. Without a tamper-proof activity monitoring solution in-place the provider cannot prove that his work is compliant with the SLA requirements. Compliance challenges MSPs and cloud providers are increasingly subject to data protection regulations from a variety of organizations ranging from the PCI DSS (Cloud Computing Guidelines) through Cloud Security Alliance (Security, Trust & Assurance Registry - STAR) to SAS70 and national law enforcement agencies. Laws and standards require to keep client data safe, to separate roles, and to fully audit administrative access to these data. These regulatory requirements may call for a tamper-proof session-recording tool to pass compliance audits of cloud security processes. A cloud provider that can meet these requirements and offer hard evidence of this compliance can gain significant advantage. 8

9 Most Affected Sectors Finance Citigroup Inc. said that hackers accessed the credit card information of North American customers in an online security breach affecting about 200,000 accounts. CBCNews, 2011 Increasing risk of fraud Banks manage and store massive amounts of sensitive data, such as payment transaction and personal financial information. Consequently, the finance industry is the largest target for cyber-criminals, because the IT infrastructures that manage financial transactions have made cyber-crime more prevalent. Risks associated with data loss or data breach can be fatal. Regulatory pressure Besides strict internal IT security policies, industry regulations are increasingly challenging to implement and increasingly important to comply with for finance services firms. For instance, financial institutions need to meet Basel III, the Markets in Financial Instrument Directive (MiFID II), SOX- EuroSox, PCI DSS and several other standards forcing the adoption of IT controls such as ITIL, COBIT or ISO 2700x. Laws and standards require the deployment of IT systems that record all access to sensitive financial information, thus protecting the interests of investors, creditors, and clients. Financial institutions must pass these audits to continue everyday operations and prevent financial losses and damage to their reputation. Complex IT organizations International banks and insurers operate large, distributed data centers, with thousands of servers and applications managed by hundreds of system administrators. Traditional solutions, for example, logging and ticketing systems cannot completely trace and control the activity of these administrators. Without user-session recording, the question of who did what? is almost impossible to answer, and usually leads to finger-pointing along with significant time and money invested in investigation the incident. The clients of this sector do not tolerate longer outages, so reducing downtime and increasing the mean time between failures is essential. Difficulties of controlling third-parties In a global financial environment, responsibilities are unsurprisingly outsourced or sub-contracted to third party. Giving responsibility to an IT service provider is always a security risk. Financial organizations often use custom-developed applications, which are often supported remotely by the external developers. In these cases, third-party developers and administrators might have direct access to sensitive financial databases. Although some financial institutions have custom-developed activity-monitoring solutions in place, these tools often lack the required functionality and support and have interoperability issues with the existing IT environment. 9

10 Most Affected Sectors Government in 2013 [Cyber Warfare] was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. Ken Dilanian, Los Angeles Times, March, Cyber Warfare Designs for many of the U.S most sensitive advanced weapons systems have been compromised by Chinese hackers. Washington Post, May, 2013 Security within the government sector is a high-stakes game where getting out ahead of emerging cyber-attacks can be a matter of national security. Cyber warfare is a form of information warfare which refers to politically motivated hacking to conduct sabotage and espionage. Indeed, these attacks can range from Denial-of-Service attacks (DOS) through sabotage in a critical national infrastructure to espionage and national security breaches. It is of paramount importance to improve the efficiency of real-time response to critical situations and security issues. Consequently, government institutions should use advanced security technologies with extra attention towards activity reporting, data collection and analysis. Regulatory pressure The government, being the national regulator, has to articulate new regulations as well as fulfill them afterward, in a cost-effective way. For example, for the U.S. government agencies, complying with FISMA and the new NIST SP requirements pose a real challenge. In addition, several standards, for example, ISO requires special attention paid to privileged users and accounts that handle sensitive data as phrased in the Monitoring and User Access Management (A , A.11.2.) processes. Managing third-party IT providers Giving the lack of deep technical expertise, public sector institutions rely heavily on IT outsourcing providers. Institutions, such as government agencies or healthcare providers operate several custom-developed or proprietary systems, which are managed or supported by third-party vendors or providers. In these cases, third-party developers and administrators might have direct access to sensitive databases, for example, personal records. Other Industries Other industries also face challenges which require the closer monitoring of privileged users. For example, protecting intellectual property, such as R&D information, as well as auditing processes across the supply chain may call for a sessionrecording solution in the manufacturing sector. In the retail industry, PCI-DSS compliance is a must to protect card-holder information, but controlling IT systems among trading companies and their subcontractors is also a challenging exercise. 10

11 The Solution Privileged Activity Monitoring All organizations have to balance the security risks associated with privileged accounts against the operational efficiencies gained through the use of such accounts. Gartner Like many new concepts, Privileged Activity Monitoring does not have a clear and perfect definition. Many vendors have introduced new terminology for this concept in an attempt to be first to define the market with mixed results. They are trying to use different naming conventions but similar acronyms: PUM, PAM, PAAM, etc. Privileged User Monitoring, Privileged Activity Monitoring, Privileged Account Activity Management and all the variants of these expressions can be found on Google. In fact, even major IT analyst firms do not have a generally accepted definition, which illustrates how new this concept is. Perhaps the following definition can provide the most accurate description, according to which PAM tools aim to address the following requirements: Controlling the users Managing and controlling Monitoring use of shared Collecting audit access to privileged privileged sessions (for and superuser accounts information for forensics accounts (authenticating example, restricting (for example, root or situations, compliance the users, restricting administrative access to Administrator) reports, and so on. access based on time the servers) policies) Figure 3: Key PAM requirements 11

12 The Solution Different Vendors Different Approaches Privileged Activity Monitoring is still a niche market, with a small but growing number of IT security vendors in the field. Vendors approach this market from different directions and with various core competencies, such as password management, identity and access management, or network forensics. Typically, they market their technologies as essential parts of larger solutions. However, all of these products are trying to meet the same challenge: control and monitor the access of privileged users to critical IT assets. Since there are a number of different ways to approach to the problem, let s review the technologies they use. Jump hosts (Hop gateways) Jump hosts provide a web-based interface for accessing servers: the users access the jump host from their browser, and connect to the target server using a web-based client application that is running on the jump host. In the meantime, the jump host records the actions or logs of the application. As jump-hosts are non-transparent solutions, they make integration into an existing infrastructure difficult. Also, the users must use the applications provided by the jump hosts, which may have compatibility issues with their server applications. Auditing of graphical protocols (for example, Remote Desktop Protocol, or Citrix ICA) is rarely supported, and even if it is, it can become a performance issue. Transferring files between the server and the client can also be problematic, or not supported at all. Network sniffers Network sniffers are based on switch port mirroring; they receive the network traffic going to the servers and try to extract useful information from it. These solutions are easy to integrate and are non-invasive by nature. They also have no effect on the way users do their work. However, all this also means that they are very limited in monitoring encrypted traffic, for example, SSH or RDP. Being passive solutions also limits the capabilities of these devices, so they cannot authenticate users, control protocol channels, or terminate unwanted connections to a server. Agent based solutions Agent based solutions install small applications (agents) on the monitored servers that collect information about the user activities. They can provide detailed monitoring capabilities, but have some general disadvantages: Agents must be installed and maintained on each server. Monitoring is limited to the platforms supported by the agent. Typically, they run only on the most common operating systems, leaving other systems and devices (for example, network devices) unmonitored. They do not have any control over the connection used to access the server, thus cannot limit their use (for example, they cannot restrict file transfers or port-forwarding in SSH, or file redirection on Windows) There is no separation between the monitoring system and the monitored system, so the agents can be manipulated by the monitored superusers. This is essentially the same problem as using the system logs of the monitored system to check the actions of the superuser, who can influence the system logs. 12

13 The Solution Proxy Gateways Proxy gateways are the most mature solutions in terms of control granularity and auditing quality. Proxy-based technologies operate as network gateways: they are placed between the client and the server, and inspect the traffic on the application level. Since these proxies have full access to the inspected traffic, they have full control over protocol features. For example, you can selectively permit or deny access to certain protocol-specific channels: you can enable terminal sessions in SSH, but disable port-forwarding and file transfers, or enable desktop access for the Remote Desktop Protocol, but disable file and printer sharing. Monitoring and replaying user sessions The monitoring and replaying capabilities of PAM solutions show a wide spectrum. Some collect syslog-like log messages, which can be displayed or replayed based on the timestamps of the log messages. Others log only keystrokes. There are solutions that save screenshots from user sessions, or even record the entire session into an AVI file. However, unless some way is provided to process and analyze the content of the screenshots and video files, these are not as useful as they might seem at first. Figure 4: The concept of proxy gateways Proxy gateways can operate transparently in the network and are independent from the client and the monitored server. This prevents anyone from modifying the extracted audit information, as the administrators of the server have no access to the proxy gateway. Certain solutions can even store the audit trails in time-stamped, encrypted, and digitally signed format, so not even the administrator of the gateway can tamper the audit trails. As transparent solutions, proxy gateways require minimum change to existing IT environment. Also, since they operate on the network level, the users can keep using the client applications they are familiar with, and do not have to change their working habits. Standing in the middle of the monitored network traffic allows proxy gateways to actually intervene in the traffic, making it possible, for example, to require the user to authenticate on the gateway, or to pause the connection until it is authorized by someone appropriate. With an appropriate way to stream the traffic to the authorizer, the work of the user can be monitored in real-time. It is also possible to extract the files transferred to the server, and store them with the audit trails for later review. However, movie-like session recording and playback can be a powerful tool, giving auditors the possibility to review all actions of the administrators exactly as they appeared on their monitor. (The proxy gateways stand out with this capability.) This can be immensely useful in forensic situations and reporting, if it can be processed automatically to extract the executed commands, applications, the contents of the screen, and other similar information. To make this happen, advanced PAM solutions index the commands of terminal screens (like SSH or Telnet), and use Optical Character Recognition (OCR) techniques on graphical screens (like in the case of Remote Desktop, Citrix ICA, and so on). The monitoring and auditing of user sessions should make it possible to conduct ad-hoc forensics investigations, analyze recorded data in detail, and also to create custom reports. The subject of the analysis can be, for example, a user login, a file access, a file transfer, the launch of an application, the stopping of a service, and so on. 13

14 Best Practices 01 Adopt the least-privilege principle Give a user account only those privileges which are essential to that user s work. 02 Use God mode only in emergency Generally, system administrators do not need unlimited access to the systems they manage. Lock up your superuser (root, admin, system, and so on) accounts and use them only if absolutely needed. 03 Personalize every single account Make personal accountability possible among your privileged users. The first step to this is minimizing the number of shared accounts. The second rule is that shared-account passwords must not themselves be shared. Then, you can go on with elaboration of functional areas, detecting incompatibilities and segregating of duties. 04 Limit the number of systems in scope for each person s privileged accounts System administrators should have superuser privileges only on the systems that are needed - what is consistent with business and operational needs. This is a common audit recommendation. 05 Build a central user monitoring infrastructure Log management or SIEM solutions do not capture all the necessary information. The easiest way to eliminate these blind spots is to use a Privileged Activity Monitoring solution, which augments the existing logs by showing precisely what the user did (as opposed to the technical results of what he did). 06 Implement an independent and transparent activity monitoring device Implement an independent PAM tool that operates transparently, and extracts the audit information directly from the communication of the client and the server. This prevents anyone from modifying the audited information not even the administrator of the device can tamper the encrypted audit trails. Your existing IT environment requires no change and your staff can do their day-to-day jobs without changing their working habits. 07 Use strong authentication and authorization for privileged accounts Where superuser privileges are assigned to personal accounts, protect those accounts with strong authentication methods. Full-blown system administrators should use higher-assurance methods such as public keys or X.509 smart tokens. To avoid accidental misconfiguration and other human error, certain PAMs support the 4-eyes authorization principle as well. This is achieved by requiring an authorizer to track the administrator actions on the server. 08 Control remote access in detail The most secure way is to control who can access what and when based on the protocol being used. With the right PAM solution it is possible to control file-transfers and other unusual traffic. For example, you can allow or deny protocol channels such as disk sharing, port-forwards or file-transfers based on the group-membership of the user, or the time of day. 09 Prevent malicious actions in real-time Advanced PAM solutions can monitor the traffic of remote connections in real time, and execute various actions if a certain pattern (for example, a suspicious command or text) appears in the command line or on the screen. Certain PAMs can also detect numbers such as credit card numbers. In case of risky user action, the device can send an alert to you or immediately terminate the connection. For example, it can block the connection before a harmful administrator command, such as deleting an essential system file is executed on the server. 10 Improve forensics with movie-like playback and fast search Advanced PAM tools can replay the recorded sessions just like a movie all actions of the users can be seen exactly as they appeared on their monitor. They enable fast forwarding during replays, searching for events (for example, typed commands or pressing Enter) and texts seen by the user. In case of any problems (database manipulation, unexpected shutdown, and so on), the circumstances of the event are readily available in the trails, thus the cause of the incident can be easily identified. 14

15 Summary Privileged users include not just administrators, but a much wider group within an enterprise. Having extra privileges in the IT environment these (super)users represent a security risk for the business as they can access and manipulate sensitive systems and data. Protecting critical IT assets from advanced cyber-attacks using privileged accounts causes headache for security managers as well. Though logging and SIEM tools do a good job at presenting event data, they have limitations and cannot capture all the required user information. The need to control and monitor the actions of privileged users is typical in the finance, telecommunications, cloud providers, and public sectors. These organizations operate critical infrastructures and handle large amount of sensitive data, the strict protection of which is vital from compliance, reputation and - in some cases - from national security reasons, as well. Privileged Activity Monitoring (PAM) tools can be an ideal solution to these challenges. These tools can restrict privileged access to IT resources and control user sessions. They can even monitor administrative activities and collect audit information for forensics situations, compliance reports, and so on. By implementing PAM, your organization will be able to control the work of its internal IT administrators, powerful business users, as well as its outsourcing partners. Advanced PAM tools support movie-like playback and fast, free-text search in user activities, which dramatically speeds up troubleshooting and forensics investigations. These solutions control and audit who, when and what have done, for example, in the financial or SAP system. Aware of this, your employees will do their work with greater sense of responsibility, thus the number of human errors can be reduced. By having a tamper-proof activity record, accountability issues can also be eliminated. In addition, PAM tools help to fulfill the monitoring-specific requirements of various regulations (for example, PCI-DSS, SOX, ISO 2700x, and so on), supporting you to pass compliance audits quickly and cost-efficiently. All in all, by controlling and auditing the activities of privileged users, PAM solutions help you to notably increase your security and compliance level. 15

16 Learn More BalaBit Shell Control Box - A Leading PAM Tool Shell Control Box (SCB) is an activity monitoring appliance that controls access to remote servers, virtual desktops, or networking devices, and records the activities of the users accessing these systems. For example, it records as the system administrators configure your database servers through SSH protocol, or your employees make transactions using thin-client applications in Citrix environment. The recorded audit trails can be replayed like a movie to review the events exactly as they occurred. The content of the audit trails is indexed to make searching for events and automatic reporting possible. SCB is especially suited to supervise privileged-user access as mandated by many compliance requirements, like PCI-DSS. It is an external, fully transparent proxy gateway, completely independent from the clients and the servers. The server- and client applications do not have to be modified in order to use SCB; it integrates smoothly into the existing infrastructure. SCB solves exactly those problems introduced in this document. Learn More About BalaBit BalaBit IT Security is an innovative information security company, a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies. We help protect customers against internal and external threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments. BalaBit is also known as the logging company, based on the company s flagship product, the open source log server application (the syslog-ng Open Source Edition), which is used by more than companies worldwide and became the globally acknowledged de-facto industry standard. BalaBit, the fastest-growing IT Security company in the Central European region according to Deloitte Technology Fast 50 (2012) list, has local offices in France, Germany, Russia, and in the USA, and cooperates with partners worldwide. Our R&D and global support centers are located in Hungary, Europe. More information: Learn More Shell Control Box homepage Request a callback Request an online demo Find a reseller Figure 5: SCB controls, monitors, records and reports privileged access to remote systems All statements in this report attributable to Gartner represent BalaBit interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this document). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice. 16

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance GUARDING YOUR BUSINESS BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance www.balabit.com In 2008, the Monetary Authority of Singapore (MAS),

More information

Logging the Pillar of Compliance

Logging the Pillar of Compliance WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes

More information

ISO27001 compliance and Privileged Access Monitoring

ISO27001 compliance and Privileged Access Monitoring ISO27001 compliance and Privileged Access Monitoring February 24, 2014 Abstract How to control and audit remote access to your servers to comply with ISO27001:2013 using the BalaBit Shell Control Box Copyright

More information

The Business Benefits of Logging

The Business Benefits of Logging WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as

More information

Shell Control Box 4 LTS Product Description

Shell Control Box 4 LTS Product Description Shell Control Box 4 LTS Product Description Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction Shell Control Box (SCB) is a turnkey activity monitoring appliance

More information

Shell Control Box 3 F5

Shell Control Box 3 F5 Shell Control Box 3 F5 BalaBit Shell Control Box Copyright 2000-2013 BalaBit IT Security All rights reserved. www.balabit.com Introduction Shell Control Box (SCB) is an activity monitoring appliance that

More information

Shell Control Box 4 F2 Product Description

Shell Control Box 4 F2 Product Description Shell Control Box 4 F2 Product Description Copyright Balabit All rights reserved. www.balabit.com Introduction Independent and Transparent User Monitoring Shell Control Box (SCB) is a turnkey activity

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS

PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS A SECURITY Preventing AND Data Loss COMPLIANCE Through Privileged WHITE Access Channels PAPER PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS 1 TABLE OF CONTENTS: Introduction...3 The Privilege

More information

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Table of Contents 3 10 Essential Steps 3 Understand the Requirements 4 Implement IT Controls that Affect your

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Privileged Session Management Suite: Solution Overview

Privileged Session Management Suite: Solution Overview Privileged Session Management Suite: Solution Overview June 2012 z Table of Contents 1 The Challenges of Isolating, Controlling and Monitoring Privileged Sessions... 3 2 Cyber-Ark s Privileged Session

More information

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background What is a privileged user? A privileged user is an individual who, by virtue of function,

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

PCI Compliance Auditing and Forensics with Tectia Guardian

PCI Compliance Auditing and Forensics with Tectia Guardian PCI Compliance Auditing and Forensics with Tectia White Paper November 2010 This document discusses auditing remote system access processes for policy compliance (for example, PCI DSS) and for gathering

More information

GUARDING YOUR BUSINESS. Log Management Essentials

GUARDING YOUR BUSINESS. Log Management Essentials GUARDING YOUR BUSINESS Log Management Essentials Content Introduction...2 Challenges solved by log management...3 Forensics...3 Compliance...3 Supporting security information and event management (SIEM)...3

More information

The Comprehensive Guide to PCI Security Standards Compliance

The Comprehensive Guide to PCI Security Standards Compliance The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

CorreLog Alignment to PCI Security Standards Compliance

CorreLog Alignment to PCI Security Standards Compliance CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor

More information

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing. ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing. ObserveIT acts like a security camera on your servers, generating audit

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Secret Server Splunk Integration Guide

Secret Server Splunk Integration Guide Secret Server Splunk Integration Guide Table of Contents Meeting Information Security Compliance Mandates: Secret Server and Splunk SIEM Integration and Configuration... 1 The Secret Server Approach to

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

IBM Security Privileged Identity Manager helps prevent insider threats

IBM Security Privileged Identity Manager helps prevent insider threats IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged

More information

Securing Remote Vendor Access with Privileged Account Security

Securing Remote Vendor Access with Privileged Account Security Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials

More information

Next Generation Jump Servers for Industrial Control Systems

Next Generation Jump Servers for Industrial Control Systems Next Generation Jump Servers for Industrial Control Systems Isolation, Control and Monitoring - Learn how Next Generation Jump Servers go beyond network separation to protect your critical infrastructure

More information

PowerBroker for Windows Desktop and Server Use Cases February 2014

PowerBroker for Windows Desktop and Server Use Cases February 2014 Whitepaper PowerBroker for Windows Desktop and Server Use Cases February 2014 1 Table of Contents Introduction... 4 Least-Privilege Objectives... 4 Least-Privilege Implementations... 4 Sample Regulatory

More information

Security and Data Protection for Online Document Management Software

Security and Data Protection for Online Document Management Software Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

PowerBroker for Windows

PowerBroker for Windows PowerBroker for Windows Desktop and Server Use Cases February 2014 1 Table of Contents Introduction... 4 Least-Privilege Objectives... 4 Least-Privilege Implementations... 5 Sample Regulatory Requirements...

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO 2009 by Lieberman Software Corporation. Rev 20090921a Identity Management Definitions

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be

More information

Enterprise Security Solutions

Enterprise Security Solutions Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

More information

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES The Office of the Government Chief Information Officer of The Government of the Hong Kong Special Administrative Region issued its IT Security

More information

The syslog-ng Store Box 3 F2

The syslog-ng Store Box 3 F2 The syslog-ng Store Box 3 F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Managed Hosting & Datacentre PCI DSS v2.0 Obligations Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version

More information

Results Oriented Change Management

Results Oriented Change Management Results Oriented Change Management Validating Change Policy through Auditing Abstract Change management can be one of the largest and most difficult tasks for a business to implement, monitor and control

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

privileged identities management best practices

privileged identities management best practices privileged identities management best practices abstract The threat landscape today requires continuous monitoring of risks be it industrial espionage, cybercrime, cyber-attacks, Advanced Persistent Threat

More information

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information

The 10 Pains of UNIX Security. Learn How Privileged Account Security Solutions are the Right Painkiller

The 10 Pains of UNIX Security. Learn How Privileged Account Security Solutions are the Right Painkiller Learn How Privileged Account Security Solutions are the Right Painkiller Table of Contents Introduction: Control Access, Empower Team 3 The 10 Pains of UNIX Security 4 Pain No.1: Protecting the Keys to

More information

ObserveIT User Activity Monitoring

ObserveIT User Activity Monitoring KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on

More information

Compliance Management, made easy

Compliance Management, made easy Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one

More information

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort

More information

Guideline on Auditing and Log Management

Guideline on Auditing and Log Management CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius

More information

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing! ObserveIT auditing software acts like a security camera on your servers. It provides bulletproof video evidence of user sessions, significantly shortening investigation time. Every action performed by

More information

MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING

MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING LACK OF USER ACTIVITY MONITORING EXPOSES COMPANIES TO USER-BASED RISK A lthough every organization wants to believe that all threats are external,

More information

LogRhythm and PCI Compliance

LogRhythm and PCI Compliance LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent

More information

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise InterSect Alliance International Pty Ltd Page 1 of 9 About this document The PCI/DSS documentation provides guidance on a set of baseline security measures

More information

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for ISO 27002: 2013 Audit Standard ISO 27002. Publication Date: Feb 6, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief for ISO 27002: 2013 Audit Standard Publication Date: Feb 6, 2015 8815 Centre Park Drive, Columbia MD 21045 ISO 27002 About delivers business critical software and services that transform

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

The PCI Dilemma. COPYRIGHT 2009. TecForte

The PCI Dilemma. COPYRIGHT 2009. TecForte The PCI Dilemma Today, all service providers and retailers that process, store or transmit cardholder data have a legislated responsibility to protect that data. As such, they must comply with a diverse

More information

PineApp TM Mail Encryption Solution TM

PineApp TM Mail Encryption Solution TM PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging

More information

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

RETHINKING CYBER SECURITY Changing the Business Conversation

RETHINKING CYBER SECURITY Changing the Business Conversation RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

Information Security Services. Log Management: How to develop the right strategy for business and compliance

Information Security Services. Log Management: How to develop the right strategy for business and compliance Information Security Services Log Management: How to develop the right strategy for business and compliance The purpose of this whitepaper is to provide the reader with guidance on developing a strategic

More information

How to Achieve Operational Assurance in Your Private Cloud

How to Achieve Operational Assurance in Your Private Cloud How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational

More information

Using Skybox Solutions to Achieve PCI Compliance

Using Skybox Solutions to Achieve PCI Compliance Using Skybox Solutions to Achieve PCI Compliance Achieve Efficient and Effective PCI Compliance by Automating Many Required Controls and Processes Skybox Security whitepaper August 2011 1 Executive Summary

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Understanding Enterprise Cloud Governance

Understanding Enterprise Cloud Governance Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination

More information

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit 5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology

More information

The syslog-ng Store Box 3 LTS

The syslog-ng Store Box 3 LTS The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

Compliance Guide: PCI DSS

Compliance Guide: PCI DSS Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security

More information

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital

More information

Conquering PCI DSS Compliance

Conquering PCI DSS Compliance Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

White Paper. Hitachi Data Systems: A Storage Security Leader. By: Jon Oltsik Enterprise Strategy Group. September 2005

White Paper. Hitachi Data Systems: A Storage Security Leader. By: Jon Oltsik Enterprise Strategy Group. September 2005 White Paper Hitachi Data Systems: A Storage Security Leader By: Jon Oltsik September 2005 Copyright 2005. The, Inc. All Rights Reserved. Over the past few years, spending on information security products

More information

Reining in the Effects of Uncontrolled Change

Reining in the Effects of Uncontrolled Change WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Drawbacks to Traditional Approaches When Securing Cloud Environments

Drawbacks to Traditional Approaches When Securing Cloud Environments WHITE PAPER Drawbacks to Traditional Approaches When Securing Cloud Environments Drawbacks to Traditional Approaches When Securing Cloud Environments Exec Summary Exec Summary Securing the VMware vsphere

More information