Addressing the United States CIO Office s Cybersecurity Sprint Directives

Transcription

1 RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015

2 Addressing Cybersecurity Sprint Directives with BeyondTrust Whether the goal is to compromise sensitive government data, steal personally identifiable information (PII) or disrupt normal operations, the increasing sophistication of attacks is making it more difficult to safeguard the Federal government s cyber critical infrastructure. These large-scale information breaches, like the recent Office of Personnel Management attack, often begin with an attacker exploiting a single external vulnerability on a low-level system or through contractor credentials, and then capitalizing on privileges to gain access to critical systems and data. BeyondTrust delivers a single, integrated solution that directly addresses the directives established by Federal CIO Tony Scott in the 30-day Cybersecurity Sprint. Our integrated suite of software solutions can help reduce user-based risk and protect against threats to sensitive information. Privileged account protection and threat detection is at the center of many of these requirements due to their powerful role in providing access to critical cyber infrastructure and sensitive information. Read below to learn how BeyondTrust solutions apply to the directives and how we can help you secure your agency s sensitive information. Cybersecurity Sprint Directive BeyondTrust Applicability Scan systems and check logs to identify evidence of malicious activity BeyondInsight Clarity Threat Analytics BeyondInsight Clarity is an advanced threat analytics capability that enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions. A standard capability of the BeyondInsight IT Risk Management Console, Clarity pinpoints specific, highrisk users and assets by correlating low-level privilege, vulnerability malware, and threat data from a variety of BeyondTrust and third-party vulnerability solutions and security tools. Patch critical vulnerabilities Retina CS Patch Management Module Seamlessly integrated with Retina CS Enterprise Vulnerability Management, the Patch Management Module closes the loop on vulnerabilities by providing seamless patching for Microsoft and third-party applications. Integrated, automated and agentless, the solution improves the efficiency and effectiveness of patch processes. 2

3 Cybersecurity Sprint Directive BeyondTrust Applicability Tighten policies and practices for privileged users: PowerBroker Privileged Account Management Solutions Minimize the number of privileged users PowerBroker for Windows & PowerBroker for Mac BeyondTrust PowerBroker for Windows and PowerBroker for Mac reduce the risk of privilege misuse on physical and virtual Microsoft Windows desktops and Mac OS X assets. By eliminating administrator privileges, simplifying the enforcement of least privilege policies, maintaining application access control, and logging privileged activities, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster while also eliminating common attack vectors like Passthe-Hash. Limit functions that can be performed when using privileged accounts PowerBroker for Windows, PowerBroker for Mac, PowerBroker for Unix & Linux BeyondTrust privilege management solutions provide fine-grained access control for Windows, Unix, Linux and Mac servers, as well as for Windows and Mac OS X desktop environments. Permissions are rules-based and automated, using access rights that are linked to particular users and their roles, and can be elevated to meet the specific requirements of a particular task or project without disclosing passwords for root, admin or other accounts. Limit the duration that privileged users can be logged in PowerBroker Password Safe PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting and recording for any privileged account from local or domain shared administrator, to a user s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts even to SSH keys. Password Safe can limit the amount of time a user can connect to resources. As well as giving a specific time interval, it can limit access via date, day, time and location (source IP of user). Limit the privileged functions that can be performed using remote access PowerBroker for Windows, PowerBroker for Mac, PowerBroker for Unix & Linux The PowerBroker Privilege Management patented solutions provide fine grained control of which applications and processes users can execute, and what level of privilege they can be executed with. Policies are centrally managed and users actions can be audited to ensure compliance and application health. 3

4 Cybersecurity Sprint Directive BeyondTrust Applicability PowerBroker Password Safe Enables users to automatically log into RDP and SSH sessions, without revealing the passwords. The solution works in concert with PowerBroker privilege management solutions, which are able to limit the privileged activities performed via remote access. Dramatically accelerate implementation of multifactor authentication, especially for privileged users PowerBroker Identity Services * Provides a simple way to maintain Active Directory as a single authentication platform across your enterprise. To provide increased security, you can leverage multi-factor authentication with Smartcards or one-time passwords (OTP) on UNIX, Linux and Mac. *PowerBroker Identity Services is not a multi-factor solution, thought it does support multi-factor authentication for single-sign-on (SSO) in heterogeneous environments. Ensure that privileged activities are logged and that such logs are reviewed regularly PowerBroker for Windows Ensures accountability with included Windows Event Log monitoring. Add optional file session monitoring and integrity monitoring for comprehensive auditing, reporting and change control across all privileged activity. PowerBroker for Mac Logs all privileged events automatically for complete visibility and reporting through web services hosted on the BeyondInsight IT Risk Management platform. PowerBroker for Unix & Linux Produces time-stamped logs for every administrative, user-level, and application activity ensure that no suspicious activity goes unnoticed. DVR-style recording and indexing ensures all activity is available for quick discovery and playback. 4

5 About BeyondTrust BeyondTrust is a global security company that believes preventing data breaches requires the right visibility to enable control over internal and external risks. We give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Account Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your organization goes. BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including over half of the Fortune 100. To learn more about BeyondTrust, please visit 5

6 2015. Beyond Trust. All Rights Reserved. Warranty This document is supplied on an "as is" basis with no warranty and no support. This document contains information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of BeyondTrust. Limitations of Liability In no event shall BeyondTrust be liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages (including lost profit or lost data) whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material. The information contained in this document is subject to change without notice. No trademark, copyright, or patent licenses are expressly or implicitly granted (herein) with this white paper. For the latest updates to this document, please visit: Disclaimer All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. BeyondTrust is not associated with any other vendors or products mentioned in this document. 6