Privileged Administra0on Best Prac0ces :: September 1, 2015

Similar documents
Identity and Access Positioning of Paradgimo

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Project Por)olio Management

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Cloud Data Security. Sol Cates

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management

Panorama Consulting Group. PERFECT Fit ERP Selection Framework

Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step. Arbela Technologies

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook

Cloud Compu)ng in Educa)on and Research

Everything You Need to Know about Cloud BI. Freek Kamst

Payments Cards and Mobile Consul3ng Overview 2013

Online Enrollment Op>ons - Sales Training Benefi+ocus.com, Inc. All rights reserved. Confiden>al and Proprietary 1

Introduc)on to the IoT- A methodology

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013

How To Protect Virtualized Data From Security Threats

Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Cloud Security and Managing Use Risks

DTCC Data Quality Survey Industry Report

PCI Compliance for Cloud Applications

So#ware quality assurance - introduc4on. Dr Ana Magazinius

The Pitfalls of Encrypted Networks in Banking Operations Compliance Success in two industry cases

Privileged Account Management Mar3n Cannard, Security Solu3ons Architect

Business Analysis Center of Excellence The Cornerstone of Business Transformation

Modernizing EDI: How to Cut Your Migra6on Costs by Over 50%

Case Study. The SACM Journey at the Ontario Government

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

Performance Management. Ch. 9 The Performance Measurement. Mechanism. Chiara Demar8ni UNIVERSITY OF PAVIA. mariachiara.demar8ni@unipv.

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

2013 AWS Worldwide Public Sector Summit Washington, D.C.

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term

Legacy Archiving How many lights do you leave on? September 14 th, 2015

ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps

Securing Oracle E-Business Suite in the Cloud

Big Data. The Big Picture. Our flexible and efficient Big Data solu9ons open the door to new opportuni9es and new business areas

Privilege Gone Wild: The State of Privileged Account Management in 2015

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna

Privilege Gone Wild: The State of Privileged Account Management in 2015

With Great Power comes Great Responsibility: Managing Privileged Users

Windows Least Privilege Management and Beyond

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

How To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Connec(ng to the NC Educa(on Cloud

RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

PRIVILEGED IDENTITY MANAGEMENT CASE STUDY. Barak Feldman, Cyber-Ark Software Seth Fogie, Lancaster General Health

ObserveIT User Activity Monitoring

SC09 Tutorial M06 Cluster Construc5on Tutorial

Seven Things To Consider When Evaluating Privileged Account Security Solutions

How To Manage A Privileged Account Management

ITS Strategic Plan Enabling an Unbounded University

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Trust but Verify: Best Practices for Monitoring Privileged Users

Data Centric Security

Building an Effec.ve Cloud Security Program

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

TRIPWIRE NERC SOLUTION SUITE

Phone Systems Buyer s Guide

Introduc)on of Pla/orm ISF. Weina Ma

Fixed Scope Offering (FSO) for Oracle SRM

Identity Access Management Challenges and Best Practices

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT

Transcription:

Privileged Administra0on Best Prac0ces :: September 1, 2015

Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program Understanding the Landscape Scoping Ques0onnaire 3) Market Trends PxM Overview Vendor Space 4) Best Prac0ces 5) Cri0cal Success Factors Page: 2

Definition of need Current problem: Insider threat 55% of incidents was privilege abuse which is the defining characteris0c of the internal actor breach. We see individuals abusing the access they have been entrusted with by their organiza0on in virtually every industry. Verizon Globally 89% of respondents felt that their organiza0on was now more at risk from an insider a_ack; 34% felt very or extremely vulnerable. Vormetric Found half (52%) of employees see no security risk to their employer in sharing work logins. Insider Threat Persona Study Page: 3

Definition of need 2015 Vormetric Insider Threat Report When asked about who posed the biggest internal threat to corporate data, a massive 55% of respondents said privileged users, nine percentage points behind on 46% were contractors and service providers, and then business partners at 43%. Vormetric Page: 4

Definition of need 2015 Vormetric Insider Threat Report Databases, file servers, and the cloud hold the vast bulk of sensi0ve data assets, but for many (38%) mobile is perceived as a high- risk area of concern. Vormetric Page: 5

Definition of need Compliance to Regulations, Standards, Frameworks FFIEC, SOX, HIPAA Authoriza0on for privileged access should be 0ghtly controlled. PCI DSS Standards: 6.3.1 Remove development, test and custom applica0on accounts, user IDs, and passwords before applica0ons become ac0ve or are released to customers. 10.1 Establish a process for linking all access to system components to each individual user especially access done with administra0ve privileges. 10.2 Implement automated audit trails for all system components for reconstruc0ng these events all ac0ons taken by any individual with root or administra0ve privileges COBIT 5 Framework General IT Controls for privileged accounts which include provisioning, de- provisioning and access review Page: 6

Capabilities Overview What exactly is a Privileged Account? Root, superuser, administrator, system, or service accounts, emergency account, or plain user accounts with excessive privilege. These accounts may be anonymous, shared, hard- coded and seldom changed, a challenge to track or audit. What are risk surrounding Privileged Accounts? Privileged accounts allow unrestricted access with li_le or no tracking; may violate principle of least privilege, and can place business cri0cal systems at risk if lej un- managed What is Privileged Account Management? They are tools and techniques for gaining control over the use of privileged accounts. Tools and techniques include password check- out mechanism, command filtering, and session monitoring What is PxM? Privileged Account Management Privileged Access Management Privileged Iden0ty Management Privileged User Management Page: 7

Privileged Account Management Iden0ty and Access Management Lifecycle SAPM SUPM PSM AAPM Shared Account Password Management Super User Privilege Management Privileged Session Management Applica0on to Applica0on Password Management DATA ANALYTICS Page: 8

SAPM: Shared Account Password Management Solu0ons that fall into this category will provide an encrypted and hardened password safe or vault for storing creden0als, keys and other secret informa0on. SAPM products will control access to shared accounts, allowing authorized users to access them. Ideally, these users will not see the actual passwords. Page: 9

SUPM: Super User Password Management SUPM tools work by allowing certain commands to be run under elevated privileges, or by restric0ng commands that can be executed. A common example - the "sudo" command on many UNIX and Linux systems, or the "run as" command for Microsoj Windows. These commands allow a user to run a command under the privilege level of another user (typically of an administrator or superuser). Vendor implementa0on control versus complexity Kernel based Host based Gateway based Page: 10

PSM: Privilege Session Management Session establishment and session recording Start recording beginning- to- end of session or when the user starts execu0ng privileged commands. Real- 0me visibility and aler0ng Session recording and live monitoring of privileged sessions. Managers or administrators can intervene or even terminate the session if necessary. Page: 11

AAPM: Applica0on to Applica0on Password Management AAPM tools are add- ons to SAPM tools, and are used to eliminate hard- coded passwords or creden0als stored in configura0on files. Creden0als are pulled from the vault using a proprietary interface provided by the PxM vendor. These interfaces are usually in the form of APIs, sojware developer kits (SDKs) and command line interfaces (CLIs), and require applica0ons or scripts to be modified. Page: 12

Preparing your PxM Program Understanding the Landscape SaaS PaaS IaaS Page: 13

Market Trends Emerging COTS Market ~ 20 vendors Niche players - Best- of- breed - full suite Capabili0es are rapidly expanding Variances in TCO and technical extensibility Requires focused analysis Define Use Cases 1 st Vendor Selec0on 2nd Page: 14

COTS Solu0on Scorecard Functional,Capabilities Technical,Capabilities Usability Business,Performance Top,5,Vendor, Solutions SAPM SUPM PSM AAPM Integration API, Extensibility Scalability,&, Performance Administration Market, Position Sustainability CA CyberArk Dell NetIQ ManageEngine Top$5$$Solu)ons$per$Weighted$Scores$ 35.4 30.52 21.21 33.32 63.98 65.84 75.52 59.85 48 62.64 56.64 61.04 63.63 74.97 82.26 74.07 84.96 SAPM" 68.4 100" 72 70.47 Sustainability" 80" SUPM" 28.32 53.41 49.49 58.31 63.98 41.15 66.08 60" 59.85 56 CA" 54.81 49.56 53.41 56.56 66.64 73.12 65.84 Market" 40" PSM" CyberArk" Posi4on" 75.52 20" 51.3 32 70.47 0" Dell" 56.64 61.04 56.56 66.64 63.98 57.61 Administra4on" 66.08 68.4 AAPM" 40 NetIQ" 39.15 Scalability"&" Performance" API" Extensibility" Integra4on" ManageEngine" Tailor criteria to meet your unique needs Apply weight to designate priority Emerging space; vendors are rapidly expanding/strengthening their capabili0es Page: 15

Cri0cal Success Factors 1) Solicit adequate representa0on across Compliance, IT, Opera0ons, Security 2) Understand linkage to upstream/downstream IDLM and SIEM processes and solu0ons 3) Ar0culate desired PxM outcomes 4) Perform solu0on evalua0on/rfp ajer defining Use Case Scenarios 5) Promote project objec0ves: Effec0ve communica0on is key 6) Rou0nely align PxM milestones within context of Informa0on Security and IAM Program Roadmaps 7) Involve Admins early Bo5om Line: Evolving PxM in context of broader Informa>on Security program will yield sustainable control objec>ves Page: 16

Best Prac0ces Founda0onal 1. Ensure exis0ng access privileges are properly aligned with current job roles 2. Enforce principle of least privilege fine- grained access 3. Ensure the segrega0on of du0es 4. Do not share user creden0als 5. Know why the privileged account exists. 6. Know who is accountable for its existence. 7. Document who approved it and why. 8. Periodic review of the privileged accounts 9. Do not reuse sojware accounts 10. Eliminate hard coded passwords Page: 17

Best Prac0ces PxM Technology 1. Discovery and profiling for PxM accounts prior to building the architecture ~ categorize 2. The PxM system a. Protect the keys to the creden0al vault b. Must be configured for high availability and failover (loca0on, access, etc.) c. Ensure no single point of failure 3. Premise of PxM password management a. Password change process should be protected against race condi0ons b. Time limit access - can be configured to change every 24 hours c. Should not be changed when in use by users or programs 4. Make use of session monitoring with full playback 5. Integrate with repor0ng and analy0cs to gain greater insights Page: 18

Resources http://media.scmagazine.com/documents/117/verizon_dbr_29210.pdf http://enterprise-encryption.vormetric.com/rs/vormetric/images/ CW_GlobalReport_2015_Insider_threat_Vormetric_Single_Pages_010915.pdf http://www.isdecisions.com/insider-threat/statistics.htm http://www.gartner.com http://www.sans.org/reading-room/whitepapers/incident/protecting-insider-attacks-33168 http://www.ciosummits.com/media/pdf/solution_spotlight/ Privileged_Identity_Management.pdf Page: 19

About Clango Consul1ng organiza1on specializing in Iden1ty and Access Governance Services - - - - - - IAM Ra0onaliza0on Strategy & Planning Solu0on Evalua0on Architecture Integra0on Func0onal Enhancements Profile - 14+ years of IAM specializa0on - Vendor- Neutral Analysis - Proven Methodologies - - Enabled 100 s of IAM deployments interna0onally Technology specific deep exper0se in partner products Capability Exper0se Access Governance Role Lifecycle Management Cer0fica0ons Iden0ty Lifecycle Management User & Account Provisioning Authen0ca0on Services Federa0on/SSO/TFA Adap0ve Authen0ca0on Privileged Access Administra0on Technology enhancements Iden0ty Func0onal Enhancements Solu0on Coverage RSA NetIQ Oracle ForgeRock CyberArk Page: 20

info@clango.com www.clango.com Commercial 7701 France Avenue, Suite 400 Edina, MN 55435 Federal 2107 Wilson Blvd, Suite 100 Arlington, VA 22201

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information