NIST Guidelines for Secure Shell and What They Mean for Your Organization
|
|
- Georgiana Rose
- 7 years ago
- Views:
Transcription
1 NIST Guidelines for Secure Shell and What They Mean for Your Organization
2 Table of Contents Introduction 3 SSH: A refresher 3 A secure yet vulnerable control 3 A widespread risk throughout the enterprise 3 Security controls help to reduce risk 4 NIST Control Area: Account Management 4 NIST Control Area: Access Enforcement 5 NIST Control Area: Least Privilege 5 NIST Control Area: Auditing and Monitoring 6 NIST Control Area: Risk Assessment 7 NIST Control Area: Identity and Authentication 7 Bringing a new level of security to the enterprise 8 About CyberArk 9 About NISTIR Cyber-Ark Software Ltd. cyberark.com 2
3 Introduction As part of an ongoing effort to help organizations strengthen security, the National Institute of Standards and Technology (NIST) recently issued an internal report on the use of Secure Shell (SSH) in interactive and automated access management. This report is intended to help organizations better understand SSH, and it offers a series of recommendations regarding SSH key management, access control, session monitoring, auditing and more to help organizations better secure remote access that is established using SSH. SSH: A refresher SSH is a protocol used to enable secure access to remote systems. SSH relies on a pair of cryptographic keys to authenticate users and applications to root, administrative and other system accounts. Thanks to its ease of use and reliability, SSH has become frequently used by system administrators to access privileged accounts on remote machines, and it is commonly used in automated IT processes to secure application-to-application communications, such as file transfers and automated backups. A secure yet vulnerable control While the SSH protocol itself provides a secure communications channel, unmanaged SSH keys can introduce several vulnerabilities into an otherwise secure system. The greatest challenge associated with the SSH protocol is that there is no inherent way to see or manage the keys used for authentication. As a result, SSH keys can easily be created and distributed, but they are difficult to track and control. Worse, due to this inherent lack of control, SSH keys can be intentionally created and used to circumvent privileged account management solutions. To compound this risk, the keys, which are completely out of the view and control of IT, never expire. Consequently, SSH keys can provide backdoor access for authorized and unauthorized users to critical systems, and IT security teams may never know. A widespread risk throughout the enterprise In a typical enterprise environment, there could be hundreds or even thousands of unsecured, unmanaged SSH keys used to authenticate to privileged administrative and root accounts. However, unlike privileged passwords, these keys are not typically part of any IT security plan. There is no way to monitor who has access to what, or even where the keys exist across an organization. As a result, basic security measures, such as the termination of unused accounts or the automatic rotation of account credentials, are not typically applied to SSH keys. Therefore, unhappy employees or malicious attackers can exploit these unsecured privileged credentials to gain widespread access to a multitude of systems and the sensitive data on these systems without ever being detected. According to a recent report by the Ponemon Institute, the majority of organizations today are neither securing nor managing SSH keys. Worse, as a result, fifty-one percent of organizations surveyed in the report have already experienced an SSH key-related compromise. 1 1 Ponemon 2014 SSH Security Vulnerability Report. Ponemon Institute. Cyber-Ark Software Ltd. cyberark.com 3
4 Security controls help to reduce risk As noted in the NIST recommendations for SSH, the effective management of SSH-based access requires proper provisioning, termination and monitoring processes. In its report, NIST has provided very specific guidelines on security controls for SSHbased access management. Some of the key areas that require controls include: Account management Access enforcement Least privilege Risk assessment Identification and authentication Auditing and monitoring Through its recommendations, NIST has begun encouraging organizations to start treating SSH keys like the privileged credentials they truly are. These proposed controls recognize the sensitivity of SSH keys and compel organizations to better secure and manage these keys. By following the NIST recommendations, organizations can get a head start on becoming compliant, mitigate the risk of unauthorized access to critical systems and better secure their sensitive data. The sections below look at each of the above categories and highlight how CyberArk solutions can help organizations implement these security controls. NIST Control Area: Account Management AC-2 CONTROLS #D, #G, #J, #K CyberArk SSH Key Manager CyberArk Discovery and Audit To prevent unauthorized users from accessing sensitive or regulated information, NIST recommends that organizations proactively secure, manage and monitor the use of SSH keys that provide access to privileged accounts. Recommendations related to account management include: Ensure that users only have access to the SSH keys needed for their role. Track the usage of keys to gain an audit trail of who accessed what and when. Rotate shared SSH keys as soon as a user leaves the authorized group. Continuously ensure that SSH keys are compliant with organizational policy. With CyberArk solutions, organizations can set policies to grant users access to SSH keys based on their existing role and access rights. Security teams can then track and audit the usage of the SSH keys to see exactly who accessed what and when. To ensure that these credentials do not remain static, policies can be configured to rotate SSH key pairs according to a master schedule or when needed, on-demand. The CyberArk Discovery and Audit tool, which finds and locates SSH keys across the IT environment, can be run to locate SSH keys and easily pinpoint which keys are compliant with organizational policy and which require attention. Cyber-Ark Software Ltd. cyberark.com 4
5 NIST Control Area: Access Enforcement AC-3, AC-3 CONTROL ENHANCEMENT #3, AC-17 CyberArk SSH Key Manager CyberArk Application Identity Manager A critical security measure is the control of access to enterprise systems, whether they are servers, virtual machines, operating systems, databases or applications. Any compromise at any level could result in serious consequences. As a result, the NIST recommended best practices in this area include: Create and enforce approval policies for SSH key-based access. Prevent users from propagating access rights by installing new private keys. Lock down authorized keys files so that users are unable to install their public keys on unauthorized target systems. CyberArk SSH Key Manager allows security personnel to grant access to SSH keys based on role. Organizations can define which credentials each user or user group is permitted to view or access. Organizations are then able to protect access to these credentials, as well as hide all unauthorized credentials from a user s view. Automated workflows can be configured to allow users to request one-time access to SSH keys with elevated privileges as needed for specific business reasons. Additionally, CyberArk Application Identity Manager enables organizations to remove locally stored SSH keys from applications and application servers and instead store them securely in a digital vault, thus preventing unauthorized users from compromising these keys and using them to propagate access across the environment. When used together, CyberArk SSH Key Manager and CyberArk Application Identity Manager can significantly reduce the risk of unauthorized access to private SSH keys. By securely storing private user and application SSH keys, organizations can control access to these keys, strengthen their security posture and become compliant with NIST recommendations. NIST Control Area: Least Privilege AC-6, AC-6 CONTROL ENHANCEMENTS #2, #3, #4, #5, #7, #10 CyberArk Discovery and Audit CyberArk SSH Key Manager CyberArk On-Demand Privileges Manager Privileged accounts are at the heart of most data breaches, so it s important to control SSH keys based on what type of access each user is granted. Privileges and access rights should be limited to only those required for a user s role or function to provide the highest degree of security. Therefore, in this area, NIST recommends the following: Continuously monitor the SSH key inventory and trust relationships between keys. Restrict what commands may be run with each SSH key. Only grant privileged SSH access if a task cannot be done using a non-privileged account. Prevent unauthorized users from accessing private keys that grant access to privileged accounts. Cyber-Ark Software Ltd. cyberark.com 5
6 Remove private SSH keys from local machines and frequently rotate key pairs. Lockdown the authorized keys files to prevent users from adding their own public keys without approval. CyberArk Discovery and Audit enables organizations to inventory SSH keys, trust relationships and orphan keys; for maximum effectiveness, the tool can be run at regular intervals to monitor the key inventory over time. Once discovered, the keys can be removed from local machines and centrally stored in the digital vault. SSH Key Manager enables organizations to restrict privileges at the key level and granularly control who has access to what keys, thus enforcing least privilege. Automated key rotation and distribution helps organizations streamline security processes, comply with requirements and improve their security postures, all without burdening the IT team. Additionally, CyberArk On-Demand Privileges Manager enables organizations to limit privileges at the individual account level while still allowing users to escalate privileges for specified business purposes in accordance with policy. NIST Control Area: Auditing and Monitoring AU-3 CONTROL ENHANCEMENT #1, CA-7, CM-5, SI-4 CyberArk SSH Key Manager CyberArk Discovery and Audit CyberArk Privileged Session Manager Continuous auditing of privileged account access helps organizations ensure that the processes for provisioning, lifecycle management and key termination are being followed and enforced. Similarly, ongoing monitoring of privileged user activity helps organizations detect unauthorized activities, commands or changes to critical systems. To effectively monitor and audit the use of both SSH keys and SSH session activity, NIST recommends that organizations: Track the use of SSH keys, including who used the private key and what target system was accessed with that key. Regularly analyze SSH-based access and trusts to detect unauthorized keys. Proactively prevent systems administrators from modifying SSH keys and files. Monitor user activity to detect unauthorized changes to SSH keys or SSH configuration files. CyberArk Discovery and Audit enables organizations to locate SSH keys throughout the environment and clearly understand trust relationships between systems. Using this tool, organizations can identify unauthorized SSH keys and trusts and take steps to remediate unauthorized keys. CyberArk SSH Key Manager works with CyberArk Privileged Session Manager to track the use of SSH keys and monitor user activity during SSH sessions. With these tools for monitoring and auditing, organizations can detect unauthorized SSH access, unauthorized changes to SSH key files and other unauthorized configuration changes. Combined, CyberArk technology provides visibility into the SSH key inventory, a complete audit trail of SSH access and searchable session audit logs that can accelerate forensics investigations. Cyber-Ark Software Ltd. cyberark.com 6
7 NIST Control Area: Risk Assessment CA-3, RA-3 CyberArk Discovery and Audit Security and risk assessments help organizations identify vulnerabilities and weaknesses that employees or attackers could exploit. Environments that use SSH keys for authentication often have several linked systems that can all subsequently be compromised if an attacker were to compromise a single private key. To address this vulnerability, organizations should assess their environments, look for unnecessary relationships between systems, and take steps to better segregate their environment and reduce the risk an SSH key compromise. To effectively understand an SSH environment and make a plan to mitigate risks, NIST recommends: Assess the entire IT environment to locate all SSH keys. Understand trust relationships between systems, and map how lateral movement could occur using compromised SSH keys. Determine which users, systems or applications have access to which keys. Make an actionable plan to remove unnecessary keys from users and systems. CyberArk Discovery and Audit enables organizations to locate privileged accounts and SSH keys throughout the IT environment, gain insight into trust relationships between users and systems, and map which systems can be exploited by attackers to move laterally through the organization. Using this information, organizations can fully understand their privileged account vulnerabilities and create a clear plan to remediate risks and remove unnecessary access. NIST Control Area: Identity and Authentication CyberArk SSH Key Manager IA-2, IA-5, IA-5 CONTROL ENHANCEMENT #7, IA-8, PS-4 CyberArk Application Identity Manager CyberArk Enterprise Password Vault To easily identify who is doing what, it s important to ensure that each user has a unique SSH key and that the SSH key cannot be shared with other users. In situations when it is not possible to distribute individual keys, organizations must limit which users have access to shared keys, control access to those keys, and monitor who is accessing the keys. Organizations must also be sure to rotate shared key pairs as soon as a user within an authorized user group leaves. Regardless of whether key pairs are used by individuals or shared within groups, it is important that organizations do not rely on static SSH keys for authentication. Instead, organizations should proactively rotate all key pairs to limit the risk of unauthorized access using SSH keys. Further, to ensure that organizations are cognizant of all the credentials used within their environments, NIST also highlights the importance of finding and removing hard-coded passwords used within applications and scripts, as these credentials can easily be accessed and used to propagate unauthorized access. Cyber-Ark Software Ltd. cyberark.com 7
8 To support the above goals, NIST recommends the following: Assign SSH keys on an individual user or system basis, and enforce policies that prohibit the sharing, copying, or moving of private keys. Ensure that shared SSH key pairs are rotated as soon as a user leaves the group. Proactively rotate all key pairs on a regular basis to eliminate static keys. Prohibit automated access that relies on hard-coded passwords. CyberArk SSH Key Manager can tie both shared and non-shared SSH keys to individual user identities, allowing for the controlled management of private key information within the context of a corporate identity policy. It is designed to securely store, rotate, and control access to SSH keys to prevent unauthorized access to privileged accounts. In addition, it can limit the lifetime of a key by automatically managing key rotation. This solution also integrates with Active Directory and other identity and access management solutions to ensure that keys are appropriately decommissioned in the event of an employee s termination. On the hard-coded credential side, CyberArk Application Identity Manager can remove embedded passwords and locally stored SSH keys that are used to facilitate automated application processes and securely store these privileged credentials in a digital vault. Using CyberArk Enterprise Password Vault or SSH Key Manager, organizations can secure, manage and rotate these credentials from a single platform in accordance with organizational policy. Bringing a new level of security to the enterprise By following the carefully detailed NIST guidelines and using CyberArk solutions, companies can now bring SSH key security and management into their broader enterprise security plans. With these measures in place, no longer will unprotected SSH keys pose an underlying threat to critical systems and data. With CyberArk solutions, companies can discover and identify the thousands of SSH keys within their organizations, and then proactively secure, manage and control access to them. Monitoring and auditing, along with continual assessments, help to identify new vulnerabilities as they develop and ensure ongoing security. Using CyberArk solutions, organizations can build a comprehensive privileged account security strategy that equally secures, manages, and monitors privileged passwords and SSH keys all from a single, unified platform. By using an integrated platform to secure all privileged accounts and credentials, organizations can address compliance requirements and strengthen their security postures while streamlining IT security process. Cyber-Ark Software Ltd. cyberark.com 8
9 About CyberArk CyberArk is the trusted expert in privileged account security because of its track record of innovation and security expertise. CyberArk s Privileged Account Security solutions have been organically developed from the ground up, designed to meet the needs of even the largest, most complex organizations. CyberArk provides a comprehensive, tightly integrated, end-to-end solution that protects all privileged accounts, whether they are on-premises or in the cloud. In addition, the entire CyberArk suite of products is built on a single integrated platform, providing organizations with a high degree of flexibility, scalability, and usability. Companies can deploy a single infrastructure and expand the solution cost effectively as budgeting and funds allow. With CyberArk solutions, organizations can secure, manage, monitor and control access to all their privileged credentials, including both passwords and SSH keys, as well as gain the reporting capabilities necessary to prove compliance with audit requirements. CyberArk solutions enable organizations to strengthen their security postures while confidently addressing NIST guidelines for secure automated access. To learn more about CyberArk, visit About NISTIR 7966 To read the brief and recommendations in full, download NISTIR 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH) directly from the NIST website at Cyber-Ark Software Ltd. cyberark.com 9
10 All rights reserved. This document contains information and ideas, which are proprietary to Cyber-Ark Software Ltd. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, without the prior written permission of Cyber-Ark Software Ltd. Copyright by Cyber-Ark Software Ltd. All rights reserved.
Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationSecuring Remote Vendor Access with Privileged Account Security
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
More informationPass-the-Hash. Solution Brief
Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationIBM Security Privileged Identity Manager helps prevent insider threats
IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationComplying with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 An Assessment of Cyber-Ark's Solutions
Complying with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 An Assessment of Cyber-Ark's Solutions z September 2011 Table of Contents EXECUTIVE SUMMARY... 3 CYBER-ARK
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationSecure Shell User Keys and Access Control in PCI-DSS Compliance Environments
A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments
More informationThe 10 Pains of UNIX Security. Learn How Privileged Account Security Solutions are the Right Painkiller
Learn How Privileged Account Security Solutions are the Right Painkiller Table of Contents Introduction: Control Access, Empower Team 3 The 10 Pains of UNIX Security 4 Pain No.1: Protecting the Keys to
More informationWhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program
WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information
More informationManaging Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform
Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationNext Generation Jump Servers for Industrial Control Systems
Next Generation Jump Servers for Industrial Control Systems Isolation, Control and Monitoring - Learn how Next Generation Jump Servers go beyond network separation to protect your critical infrastructure
More informationLeveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP
P a g e 1 Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP December 24, 2015 Coalfire Systems, Inc. www.coalfire.com 206-352- 6028 w w w. c o
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationSecurity issues in M2M envinronments when dealing with encrypted communication channels (such as SSH) Raoul Chiesa President, Security Brokers
Security issues in M2M envinronments when dealing with encrypted communication channels (such as SSH) Raoul Chiesa President, Security Brokers Agenda Introductions The rise of machine-based identities
More informationHow can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?
SOLUTION BRIEF Content Aware Identity and Access Management May 2010 How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward? we can CA Content
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationSecureGRC TM - Cloud based SaaS
- Cloud based SaaS Single repository for regulations and standards Centralized repository for compliance related organizational data Electronic workflow to speed up communications between various entries
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationIs Your Identity Management Program Protecting Your Federal Systems?
Is Your Identity Management Program Protecting Your Federal Systems? With the increase in integrated, cloud and remote technologies, it is more challenging than ever for federal government agencies to
More informationReal-Time Security for Active Directory
Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationHow to Achieve Operational Assurance in Your Private Cloud
How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational
More informationConfiguring Hosting Controller with Exchange 2013 & 2016
Configuring Hosting Controller with Exchange Hosting Controller www.hostingcontroller.com Contents Proprietary Notice... 1 Introduction... 2 Minimum System Requirements for Exchange 2013... 2 Exchange
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationPrivileged Session Management Suite: Solution Overview
Privileged Session Management Suite: Solution Overview June 2012 z Table of Contents 1 The Challenges of Isolating, Controlling and Monitoring Privileged Sessions... 3 2 Cyber-Ark s Privileged Session
More informationAddressing PCI Compliance
WHITE PAPER DECEMBER 2015 Addressing PCI Compliance Through Privileged Access Management 2 WHITE PAPER: ADDRESSING PCI COMPLIANCE Executive Summary Challenge Organizations handling transactions involving
More informationQTS Leverages HyTrust to Build a FedRAMP Compliant Cloud
CASE STUD QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust
More informationThe Essential Security Checklist. for Enterprise Endpoint Backup
The Essential Security Checklist for Enterprise Endpoint Backup IT administrators face considerable challenges protecting and securing valuable corporate data for today s mobile workforce, with users accessing
More informationThe CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect, alert and respond to privileged accounts
The CyberArk Privileged Account Security Solution A complete solution to protect, monitor, detect, alert and respond to privileged accounts Table of Contents The Privileged Account a Real, Pervasive, Threat...3
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More information10 Hidden IT Risks That Might Threaten Your Law Firm
(Plus 1 Fast Way to Find Them) Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationSECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD
SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion
More informationPowerBroker for Windows Desktop and Server Use Cases February 2014
Whitepaper PowerBroker for Windows Desktop and Server Use Cases February 2014 1 Table of Contents Introduction... 4 Least-Privilege Objectives... 4 Least-Privilege Implementations... 4 Sample Regulatory
More informationHost-based Protection for ATM's
SOLUTION BRIEF:........................................ Host-based Protection for ATM's Who should read this paper ATM manufacturers, system integrators and operators. Content Introduction...........................................................................................................
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationSOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013
SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationPowerBroker for Windows
PowerBroker for Windows Desktop and Server Use Cases February 2014 1 Table of Contents Introduction... 4 Least-Privilege Objectives... 4 Least-Privilege Implementations... 5 Sample Regulatory Requirements...
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL Server www.securityfirstcorp.com 29811 Santa Margarita Pkwy Rancho Santa Margarita, CA 92688 888-884-7152 CONTENTS Database Security Issues 3 Balancing Database Security
More informationCentrify Server Suite Management Tools
SERVER SUITE TECHNICAL BRIEF Centrify Server Suite Management Tools Centrify Server Suite includes - at no extra charge - a powerful set of management tools in all editions: Centrify Identity Risk Assessor
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationEmbracing Microsoft Vista for Enhanced Network Security
Embracing Microsoft Vista for Enhanced Network Security Effective Implementation of Server & Domain Isolation Requires Complete Network Visibility throughout the OS Migration Process For questions on this
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationDefending the Database Techniques and best practices
ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target
More informationSymantec Client Management Suite 8.0
IT Flexibility. User Freedom. Data Sheet: Endpoint Management Overview of Symantec Client Management Suite Symantec Client Management Suite automates time-consuming and redundant tasks for deploying, managing,
More informationSecurity Self-Assessment Tool
Security Self-Assessment Tool State Agencies Receiving FPLS Information, 7/15/2015 Contents Overview... 2 Access Control (AC)... 3 Awareness and Training (AT)... 8 Audit and Accountability (AU)... 10 Security
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationAccount Access Management - A Primer
The Essentials Series: Managing Access to Privileged Accounts Understanding Account Access Management sponsored by by Ed Tittel Understanding Account Access Management...1 Types of Access...2 User Level...2
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationThree significant risks of FTP use and how to overcome them
Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature
More informationGovernance and Control of Privileged Identities to Reduce Risk
WHITE PAPER SEPTEMBER 2014 Governance and Control of Privileged Identities to Reduce Risk Merritt Maxim CA Security Management 2 WHITE PAPER: PRIVILEGED IDENTITY GOVERNANCE Table of Contents Executive
More informationRESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT
Document K23 RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT THE BOTTOM LINE Managing privileged accounts requires balancing accessibility and control while ensuring audit capabilities. Cyber-Ark
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationMitigating Risks and Monitoring Activity for Database Security
The Essentials Series: Role of Database Activity Monitoring in Database Security Mitigating Risks and Monitoring Activity for Database Security sponsored by by Dan Sullivan Mi tigating Risks and Monitoring
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationCA Vulnerability Manager r8.3
PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector
ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationAdvanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know
Whitepaper Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Phone (0) 161 914 7798 www.distology.com info@distology.com detecting the unknown Integrity
More informationHiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint
HiSoftware Policy Sheriff SP HiSoftware Security Sheriff SP Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationPrivileged Account Security & Compliance Survey Report
Privileged Account Security & Compliance Survey Report May 2013 Executive Summary Cyber-Ark s 2013 Privileged Account Security & Compliance Survey is the company s first global IT security survey focused
More information