With Great Power comes Great Responsibility: Managing Privileged Users

Similar documents
Protecting Sensitive Data Reducing Risk with Oracle Database Security

Cloud Data Security. Sol Cates

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Agenda , Palo Alto Networks. Confidential and Proprietary.

Vormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard

Leveraging Privileged Identity Governance to Improve Security Posture

Data Centric Security

CyberArk Privileged Threat Analytics. Solution Brief

Evolution Of Cyber Threats & Defense Approaches

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Stay ahead of insiderthreats with predictive,intelligent security

Securing and protecting the organization s most sensitive data

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Trust but Verify: Best Practices for Monitoring Privileged Users

Securing OS Legacy Systems Alexander Rau

SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Virtualization Impact on Compliance and Audit

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Compliance & Data Protection in the Big Data Age - MongoDB Security Architecture

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Securing Sensitive Data within Amazon Web Services EC2 and EBS

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

Enterprise Cybersecurity: Building an Effective Defense

Privileged Session Management Suite: Solution Overview

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Teradata and Protegrity High-Value Protection for High-Value Data

Vormetric Data Security

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Strengthen security with intelligent identity and access management

BECAUSE DATA CAN T DEFEND ITSELF

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Secret Server Qualys Integration Guide

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

How To Protect Your Organization From Insider Threats

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Learn From the Experts: CyberArk Privileged Account Security. Łukasz Kajdan, Sales Manager Baltic Region Veracomp SA

Host/Platform Security. Module 11

Take Control of Identities & Data Loss. Vipul Kumra

IBM Security Privileged Identity Manager helps prevent insider threats

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Perspectives on Cybersecurity in Healthcare June 2015

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing Oracle E-Business Suite in the Cloud

IBM QRadar Security Intelligence April 2013

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Secure Your Mobile Workplace

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

SANS Institute First Five Quick Wins

Additional Security Considerations and Controls for Virtual Private Networks

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:

PCI Data Security Standards (DSS)

SIEM is only as good as the data it consumes

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Mitigating Risks and Monitoring Activity for Database Security

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

BeyondInsight Version 5.6 New and Updated Features

Security Whitepaper: ivvy Products

APIs The Next Hacker Target Or a Business and Security Opportunity?

The CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect and respond to privileged accounts

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

How To Protect Your Mobile Device From Attack

Windows Operating Systems. Basic Security

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

SoftNAS Application Guide: In-Flight Encryption 12/7/2015 SOFTNAS LLC

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Pass-the-Hash. Solution Brief

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Operating System Security Hardening for SAP HANA

Advanced Threats: The New World Order

Vormetric Encryption Architecture Overview

Transcription:

With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer

Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence Segregation of Duties How can this be implemented? The Vormetric Platform Questions?

What is a Privileged User? Privileged users are; Privileged user accounts designed to perform system wide operations Commonly referred to as System Administrator or root. 3 Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Why do root privileges matter? Analysis of breaches 100% of breaches involve stolen credentials 94% of records are stolen from servers 66% of data stolen is at rest Impact (PSN CoCo)..Privileged accounts should only be used for activity that requires that level of privilege. Many attacks enable an attacker to run code in the context of the currently logged in user. If that user account is privileged, the impact is higher. An attacker, having gained a foothold within a network, will seek out privileged accounts. If these accounts are poorly controlled, the attackers task becomes easier..

How does a privileged user have visibility into sensitive data? Take Ownership SU The root user can simply change the Access Control List (ACL) The root user can switch user to become the account that has access to the sensitive data SUDO The user can switch to the root account to perform the actions mentioned above Mount the disk From another location

Different methods of control Monitoring OS level monitoring, keystroke logging etc. Privileged Account Management The ability to checkout the root account with a single use password Policy Based Evaluation Tools that allow a user to elevate to a privileged user on a per command basis None of these controls stop the privileged user just how a person becomes the privileged user

What do Vormetric Provide? Access Policies and Privileged User Control Fine-grained control to determine who can access specific data in order to block privileged users such as root as well as Advanced Persistent Threats (APTs). Encryption and Key Management Lock down data using strong industry approved coupled with a security appliance for key and policy management Security Intelligence Compliance reports and continuous monitoring provide visibility and sophisticated analytics on access to sensitive data 7 Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

How does this help control Privileged access? Stop System Administrators from seeing file content Content is encrypted Lock down access to a specific process Only an approved binary running as a specific user can access sensitive data We look at the full user chain If root uses SU to switch accounts, Vormetric will deny access, even if the account that they switched to is normally granted access in the policy We overlay Access Control Lists (ACL) We can deny roots request to change permissions

Security Intelligence Log all access to information (permitted/denied) See when accounts are trying to side step the access policy

Segregation of Duties and Data Enterprise Administrator Official Domain Administrator Secret Domain Administrator Key Custodian Policy Manager Host Admin Audit Role Key Custodian Policy Manager Host Admin Audit Role Top Secret Domain Administrator Key Custodian Policy Manager Host Admin Audit Role Domains can be location, business unit, customer, department Separation of roles for key management, security controls, encryption and audit

What is the benefit? Reduce the number of people and processes accessing your data only those who need to know Fewer people and processes mean less risk Eliminate the inherent powers of privileged users Allows these users to do their jobs without the need to know and without any impact to their user experience Sysadmins do not need to know Lower risk of leaked data By removing commonly used methods to steal or leak data Audit & Report on all access to sensitive data Malicious users make more noise protective & detective control

Questions? Darren Harmer Systems Engineer dharmer@vormetric.com

The Vormetric Data Firewall Policy-based security controls around the data itself Using Firewall like rules Criteria & Effect, to control access to your data Enforcement across physical, virtual and cloud environments Access Policies and Privileged User Control Block privileged users like root from viewing data and thwart APTs Fine-grained control to determine who can view specific data Encryption and Key Management Lock down data using strong, highly performing, industry approved algorithms Simple to use, centralized and hardened key management appliance Security Intelligence Log all access and attempted access to what matters the data Provide real-time auditing on who is accessing protected data where and when Automation Automatic installation and initial configuration of Vormetric Data Firewall Dynamically adjust policy based on real-time threats and anomalies Multi-Tenancy Secure data in commingled, multi-tenant environments Enable end customers to control keys and policies specific to their own data Copyright 2013 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Admin Dirk Snowman imitated user steve attempted a read this file and was denied access because he violated this policy

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information