PRIVILEGED IDENTITY MANAGEMENT CASE STUDY Barak Feldman, Cyber-Ark Software Seth Fogie, Lancaster General Health November 10, 2011
Cyber-Ark Overview! Established in 1999, HQ Boston, MA Strategic Partnerships! Offices Worldwide! Award-winning patented Vaulting Technology! 50% CAGR in the last 5 years! 900 Global Enterprise customers! 96% renewal rate Recognized Market Leadership Enterprise Security Solution of the Year Winner The company has gradually expanded from its initial start as an enterprise vault for file and sensitive content sharing to assume a commanding position in privileged identity management (PIM) - Steve Copland, April 2010 Cyber-Ark has one of the largest customer bases of the vendors included in this Market Scope and, because of its focus on enterprise customers the largest market share by revenue by a wide margin. - Ant Allan/Perry Carpenter, June 2009 Cyber-Ark is perceived as a leader in the rapidly expanding market for Privileged Access Management solutions. - Martin Kuppinger, 2010 Cyber-ark is at the top of the PIM market, based on product maturity & the number of customer deployments - Mark Diodati, 2009 2
Privileged Identity Privileged Management Identity Management 101 Scope Used by Used for Elevated Personal Personal accounts w/ elevated permissions jsmith_admin IT staff Privileged operations Access to sensitive information Shared Privileged Accounts Application Accounts (App2App) Administrator UNIX root Cisco Enable Oracle SYS Local Administrators ERP admin Hard coded/ embedded App IDs Service Accounts IT staff System admins Network admins DBAs Help desk, etc Developers Legacy application Highly Powerful Difficult to Control, Manage & Monitor Hard-Coded, Unchanged Pose Devastating Risk if Misused Applications Scripts Windows Services Scheduled Tasks Batch jobs, etc Developers Emergency Fire-call Disaster recovery Privileged operations Access to sensitive information Online database access Batch processing App-2-App communication
Privileged Accounts Give PHI System-Wide Access 48% of data breaches were caused by privileged misuse Proactively manage privileged access to prevent such attacks Who has access to PHI systems? Administrators, support Contractors; Cloud Service Providers DBAs Terminated Employees Applications Application specific vendors Why are these breaches happening? Shared account usage Excessive privilege Hidden/Sleeping accounts No revocation of access Non-existent/unenforced access controls Infrequent replacement of credentials * Verizon, 2010 Data Breach Investigations Report 4
Unified Workflows for Accessing Privileged Accounts Unix Admins Windows Admins DBAs VM Admins External Vendors Business Applications Auditor/ Security & Risk OPM Workflow SSH / X / Telnet EPV Workflow AIM AIM Workflow Workflow Monitoring & Reporting Workflow Privileged Identity Management Suite Unix Linux Windows AS400 OS390 Virtual Servers Unix /Linux Servers Windows Servers iseries zseries Mainframes Mainframes Databases Applications Network Security Devices Appliances 5
Challenges: Privileged Identity & Session Management Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage (breakglass, approvals, ticketing, one time password) Record and monitor privileged activities React and comply Productivity Embedded Passwords Config files Application servers Scripts Service accounts 6
PRIVILEGED IDENTITY MANAGEMENT 7
Cyber-Ark Solution Suite Privileged Identities
Enterprise Password Vault In Action 1. Central and Integrated Policy Definition 2. Initial load & Reset Automatic Detection, Bulk upload, Manual 3. Request Workflow Dual control, Integration with Ticketing Systems, One-time Passwords, exclusivity, groups 4. Direct Connection to Device 5. Auditor Access Security/ Risk Management IT Policy Request access to Windows Administrator On prod.dom.us Policy Vault Password Vault Web Access Central Policy Manager System User Pass Unix Oracle Windows z/os Cisco root SYS Administrator DB2ADMIN enable Oiue^$fgW y7qef$1 Tojsd$5fh X5$aq+p lm7yt5w gvina9% tops3cr3t tops3cr3t tops3cr3t tops3cr3t tops3cr3t Enterprise IT Environment Auditors
About Lancaster General Health! Founded in 1893, Lancaster General Hospital is a 629 bed not-for-profit community hospital in Lancaster, PA.! The hospital is a Type II trauma facility that admits more than 35,000 patients annually and sees 110,000 patients in the ER.! Magnet hospital accredited by the Joint Commission.! Lancaster General Health! Lancaster General Hospital! Women s and Babies Hospital,! Lancaster General College of Nursing and Health Science,! Cleft Palate Clinic! ~ 25 physician practices
Main Business Drivers! Why privileged access management?! Auditing of Privileged Accounts! What are people doing with privileged access?! Why so many domain admin accounts?! How are we controlling vendor access?! Security Management of Privileged Accounts! Who knows shared passwords/service accounts?! What if a privileged account is compromised?! How can we securely manage all the server admin accounts?! Security Controls for Privileged Accounts! How can we prevent access to the PIM?! How can we control access to the objects? 11
Solution Scope/Use Case! Implemented Cyber-Ark Enterprise Password Vault! Main use cases:! Privileged user controls and auditing! One-time (time limited) password! Change management reason capture! Client drop box for sensitive files! Scope - 400+ servers. 1200+ accounts. 200+ users! Special Integration! Firewall/IDS/Appliances! Vendor access control! Customization! Possible Future Scopes! Radius integration for two factor support! Dual access for change management and PCI compliance! Customized interface 12
Main Challenges during Implementation & Solution! Challenges! The new hire! IT Culture! Cost per user per year! Hidden accounts! Negative impact to existing workflow! Resolutions! Management buy in! Marketing and sales! Total solution approach! Appreciate the business vs. risk balance 13
Privileged Session Management for Servers 6 1 HTTPS PVWA 4 Windows 2 RDP over HTTPS Windows Servers IT personnel SSH Unix Linux PSM 3 5 Unix /Linux Servers 1. Logon through PVWA 2. Connect 3. Fetch credential from Vault 4. Connect using native protocols 5. Store session recording 6. View session recording Vault Routers & Switches. 14
Summary: Privileged Identity & Session Management A comprehensive platform for isolating and preemptively protecting your datacenter whether on premise or in the cloud Discover all privileged accounts across datacenter Manage and secure every credential Enforce policies for usage Record and monitor privileged activities React and comply 15