SECURE, MANAGE & CONTROL PRIVILEGED ACCOUNTS & SESSIONS. Presenter: Terence Siau

Transcription

1 SECURE, MANAGE & CONTROL RIVILEGED ACCOUNTS & SESSIONS resenter: Terence Siau

2 Agenda Company Introduction Today s Security Challenges rivileged Identity Management Suite Overview rivileged Session Management Suite Overview Sensitive Information Management Suite Overview 2

3 COMANY INTRODUCTION 3

4 Cyber-Ark Overview Strategic artnerships Established in 1999, HQ Boston, US Offices Worldwide (including Singapore and Malaysia) customers globally Customers in Vietnam: Banks, Oil & Gas, Government Recognized Market Leadership The company has gradually expanded from its initial start as an enterprise vault for file and sensitive content sharing to assume a commanding position in privileged identity management (IM) - Steve Copland, April 2010 Best Identity Management Solution Highly Commended: Information Security roduct of the Year Cyber-Ark is perceived as a leader in the rapidly expanding market for rivileged Access Management solutions. Cyber-Ark has one of the largest customer bases of the vendors included in this Market Scope and, because of its focus on enterprise customers the largest market share by revenue by a wide margin. - Ant Allan/erry Carpenter, June 2009 Cyber-ark is at the top of the IM market, based on product maturity & the number of customer deployments -Mark Diodati, Martin Kuppinger,

5 What it takes to be Market Leader? Recognition from Authoritative Bodies A Strong History of Acknowledged Excellence

6 Cyber-Ark s Solution Suites Sensitive Information Management Suite rivileged Identity Management Suite rivileged Session Management Suite Inter-Business Vault Enterprise assword Vault SM for Servers Sensitive Document Vault Application Identity Manager SM for Databases On-Demand rivileges Manager SM for Virtualization DIGITAL VAULT 6

7 TODAY S SECURITY CHALLENGES 7

8 rivileged Account Types Shared redefined: UNIX root Administrative Accounts Cisco enable DBA accounts Windows domain Etc. Help Desk Operations Emergency Legacy applications Developer accounts Hard-coded, embedded: Application Accounts Not owned by any person or identity Service Accounts: Resource (DB) IDs Windows Service Accounts Application / Generic IDs Scheduled Tasks Batch jobs Testing Scripts Windows Local administrator: ersonal Computer Accounts Owned by the system: Shared: Desktops Laptops

9 rivileged Accounts Give System-Wide Access 48% of data breaches were caused by privileged misuse roactively manage privileged access to prevent such attacks Who has access to privileged accounts? Administrators Contractors; Cloud Service roviders DBAs Terminated Employees Applications Why are these breaches happening? Shared account usage Excessive privilege Hidden/Sleeping accounts Non-existent/unenforced access controls Infrequent replacement of credentials * Verizon, 2010 Data Breach Investigations Report 9

10 RIVILEGED IDENTITY MANAGEMENT 10

11 rivileged Identity Management Suite v.7.1 IM ortal/web Access External Vendors Identity Management Ticketing Systems IT ersonnel Monitoring & SIEM Applications Central olicy Manager Auditors Secure Digital Vault Enterprise Directory and more Developers & DBAs 11

12 Enterprise assword Vault: reventing Threats, Improving roductivity Who is accessing critical information assets? Ticketing Application The result? A preventative approach that: Secures privileged credentials Gives you full control over access John s access is logged, personalized and reason is entered Ticketing integration; approval workflow John requests managerial approval to ersonalizes usage retrieve password Automatically replaces credentials on a periodic basis (policy driven) rotection from terminated employees & 3rd parties and & shorter time to resolution Generates John, the ITbetter admin,productivity receives a ticket he transparently connects without seeing needs to handle. There s a problem on the Windows the password machines and he needs to install a patch to fix Windows Server it which requires administrator access 12

13 Full Datacenter Coverage Enterprise IT Environment Applications Operating Systems Databases Oracle MSSQL DB2 Informix Sybase MySQL Any ODBC Web Applications Central olicy Manager Windows Unix/Linux IBM iseries Z/OS HUX Tru64 NonStop ESX/i OVMS OS X XenServers Security Appliances FW1, SLAT ISO IX Ironort Netscreen FortiGate roxysg anorama SA WebSphere WebLogic Windows: Services Scheduled Tasks IIS App ools IIS Anonymous COM+ Cluster Service Oracle Application ER System Center Configuration Manager Generic Interface SSH/Telnet ODBC Windows Registry Network Devices Cisco Juniper Nortel Alcatel Quntum F5 H 3Com RuggedCom Avaya BlueCoat Yamaha Remote Control and Monitoring Directories and Credential Storage AD SunOne Novel UNIX Kerberos UNIX NIS HMC HiLO ALOM Digi CM DRAC irmc Alterath

14 EV: Better Visibility & Control for Managers When was themy account accessed and why? Where do all privileged accounts exist? Auto-discovery automatically detects unmanaged devices and service accounts for operational efficiency and full compliancy Automatically manage hundreds of thousands of local admin accounts 14

15 Application Identity Management: Tighter Security; Better Compliance Secure, manage and eliminate hard-coded privileged accounts from applications Billing App Websphere CRM App Weblogic UserName = GetUserName() assword = Getassword() Host = GetHost() ConnectDatabase(Host, UserName = app UserName, assword) assword = y7qef$1 Host = ConnectDatabase(Host, UserName, assword) Secure & reset application credentials with no downtime or restart Ensure business continuity & high performance with a secure local cache Strong application authentication Unique solution for Java Application Servers with no code changes HR App Legacy Online Booking System Avoid hard coding connection strings no code changes & overhead IIS /.NET 15

16 On-Demand rivileges Manager: Tightening Unix Security When Who What Where What Monitor & audit with reports and text recording Control superuser access (root, oracle, app1 ) Unix /Linux Servers Granular Access Control and Hardening

17 OM for Windows Reduce TCO of desktop management & IT overhead Least privilege leads to less tickets/calls to IT, less unintentional damage Gartner: 20% lower TCO with full least-privileged implementation Reduce the risk of infecting desktops with malware 90% of Windows vulnerabilities are mitigated when running without admin rights. Eliminating admin rights reduces the attack surface of malwares.

18 BUT IS ACCESS CONTROL ENOUGH? RIVILEGED SESSION MANAGEMENT SUITE

19 Expanding from Managing Accounts to Managing Sessions ortal/web Access External Vendors IT ersonnel Secure, manage rivileged and track Identity privileged Management accounts Isolate, control, rivileged and monitor Session privileged Management sessions Identity Management Ticketing Systems Monitoring & SIEM Applications Central olicy Manager Auditors Secure Digital Vault Enterprise Directory and more Developers & DBAs 19

20 Continuous Monitoring & rotection Across the Datacenter Control rivileged Session Management Suite SM for Servers Monitor SM for Databases SM for Virtualization Isolate 20

21 Cyber-Ark SM latform Support latform Microsoft: Windows X Windows Vista Windows 7 Windows 2003 Server Windows 2008 Server IBM: AS400 IBM: AIX Sun Solaris H: HUX Tru64 Open VMS SSH-compatible sessions SQL lus / LSQL Developer SQL Server Management Studio SybaseASE Sybase Interactive SQL Client SecureCRT Virtualization: Hypervisors inc ESX, ESXi vsphere Video Mode Text Command

22 Remote Vendor Access with SM Internet Corporate Network DMZ Auditors, IM Admins Windows Servers HTTS 3rd party vendor VWA SM Firewall UNIX Servers Firewall Routers and Switches IM Vault

23 Real-Time Monitoring with Session Interaction 23

24 Easily Search rivileged Sessions for Forensic Analysis Search for SQL commands that include the word 'Salary' Click to lay oint in Time * Supports SSH and SQL commands 24

25 Accessing & Monitoring Websites & Cloud Applications Manage sensitive credentials to websites and web-based/saas applications using IM Connect transparently to the web-based application without needing to know the password Monitor and record privileged sessions in web applications in real-time or for forensic analysis 25

26 Value of rivileged Session Management Isolate revent cyber attacks by isolating desktops from sensitive target machines Control Create accountability and control over privileged session access with policies, workflows and privileged single sign on Monitor Deliver continuous monitoring and compliance with session recording with zero footprint on target machines 26

27 Sensitive Information Management Suite Sample use cases

28 Accelerate Business, Securely Variety of Interfaces Enterprise Ready Business Autonomy

29 THANK YOU! 29