SECURE, MANAGE & CONTROL RIVILEGED ACCOUNTS & SESSIONS resenter: Terence Siau
Agenda Company Introduction Today s Security Challenges rivileged Identity Management Suite Overview rivileged Session Management Suite Overview Sensitive Information Management Suite Overview 2
COMANY INTRODUCTION 3
Cyber-Ark Overview Strategic artnerships Established in 1999, HQ Boston, US Offices Worldwide (including Singapore and Malaysia) 1200+ customers globally Customers in Vietnam: Banks, Oil & Gas, Government Recognized Market Leadership The company has gradually expanded from its initial start as an enterprise vault for file and sensitive content sharing to assume a commanding position in privileged identity management (IM) - Steve Copland, April 2010 Best Identity Management Solution Highly Commended: Information Security roduct of the Year Cyber-Ark is perceived as a leader in the rapidly expanding market for rivileged Access Management solutions. Cyber-Ark has one of the largest customer bases of the vendors included in this Market Scope and, because of its focus on enterprise customers the largest market share by revenue by a wide margin. - Ant Allan/erry Carpenter, June 2009 Cyber-ark is at the top of the IM market, based on product maturity & the number of customer deployments -Mark Diodati, 2009 - Martin Kuppinger, 2010 4
What it takes to be Market Leader? Recognition from Authoritative Bodies A Strong History of Acknowledged Excellence
Cyber-Ark s Solution Suites Sensitive Information Management Suite rivileged Identity Management Suite rivileged Session Management Suite Inter-Business Vault Enterprise assword Vault SM for Servers Sensitive Document Vault Application Identity Manager SM for Databases On-Demand rivileges Manager SM for Virtualization DIGITAL VAULT 6
TODAY S SECURITY CHALLENGES 7
rivileged Account Types Shared redefined: UNIX root Administrative Accounts Cisco enable DBA accounts Windows domain Etc. Help Desk Operations Emergency Legacy applications Developer accounts Hard-coded, embedded: Application Accounts Not owned by any person or identity Service Accounts: Resource (DB) IDs Windows Service Accounts Application / Generic IDs Scheduled Tasks Batch jobs Testing Scripts Windows Local administrator: ersonal Computer Accounts Owned by the system: Shared: Desktops Laptops
rivileged Accounts Give System-Wide Access 48% of data breaches were caused by privileged misuse roactively manage privileged access to prevent such attacks Who has access to privileged accounts? Administrators Contractors; Cloud Service roviders DBAs Terminated Employees Applications Why are these breaches happening? Shared account usage Excessive privilege Hidden/Sleeping accounts Non-existent/unenforced access controls Infrequent replacement of credentials * Verizon, 2010 Data Breach Investigations Report 9
RIVILEGED IDENTITY MANAGEMENT 10
rivileged Identity Management Suite v.7.1 IM ortal/web Access External Vendors Identity Management Ticketing Systems IT ersonnel Monitoring & SIEM Applications Central olicy Manager Auditors Secure Digital Vault Enterprise Directory and more Developers & DBAs 11
Enterprise assword Vault: reventing Threats, Improving roductivity Who is accessing critical information assets? Ticketing Application The result? A preventative approach that: Secures privileged credentials Gives you full control over access John s access is logged, personalized and reason is entered Ticketing integration; approval workflow John requests managerial approval to ersonalizes usage retrieve password Automatically replaces credentials on a periodic basis (policy driven) rotection from terminated employees & 3rd parties and & shorter time to resolution Generates John, the ITbetter admin,productivity receives a ticket he transparently connects without seeing needs to handle. There s a problem on the Windows the password machines and he needs to install a patch to fix Windows Server it which requires administrator access 12
Full Datacenter Coverage Enterprise IT Environment Applications Operating Systems Databases Oracle MSSQL DB2 Informix Sybase MySQL Any ODBC Web Applications Central olicy Manager Windows Unix/Linux IBM iseries Z/OS HUX Tru64 NonStop ESX/i OVMS OS X XenServers Security Appliances FW1, SLAT ISO IX Ironort Netscreen FortiGate roxysg anorama SA WebSphere WebLogic Windows: Services Scheduled Tasks IIS App ools IIS Anonymous COM+ Cluster Service Oracle Application ER System Center Configuration Manager Generic Interface SSH/Telnet ODBC Windows Registry Network Devices Cisco Juniper Nortel Alcatel Quntum F5 H 3Com RuggedCom Avaya BlueCoat Yamaha Remote Control and Monitoring Directories and Credential Storage AD SunOne Novel UNIX Kerberos UNIX NIS HMC HiLO ALOM Digi CM DRAC irmc Alterath
EV: Better Visibility & Control for Managers When was themy account accessed and why? Where do all privileged accounts exist? Auto-discovery automatically detects unmanaged devices and service accounts for operational efficiency and full compliancy Automatically manage hundreds of thousands of local admin accounts 14
Application Identity Management: Tighter Security; Better Compliance Secure, manage and eliminate hard-coded privileged accounts from applications Billing App Websphere CRM App Weblogic UserName = GetUserName() assword = Getassword() Host = GetHost() ConnectDatabase(Host, UserName = app UserName, assword) assword = y7qef$1 Host = 10.10.3.56 ConnectDatabase(Host, UserName, assword) Secure & reset application credentials with no downtime or restart Ensure business continuity & high performance with a secure local cache Strong application authentication Unique solution for Java Application Servers with no code changes HR App Legacy Online Booking System Avoid hard coding connection strings no code changes & overhead IIS /.NET 15
On-Demand rivileges Manager: Tightening Unix Security When Who What Where What Monitor & audit with reports and text recording Control superuser access (root, oracle, app1 ) Unix /Linux Servers Granular Access Control and Hardening
OM for Windows Reduce TCO of desktop management & IT overhead Least privilege leads to less tickets/calls to IT, less unintentional damage Gartner: 20% lower TCO with full least-privileged implementation Reduce the risk of infecting desktops with malware 90% of Windows vulnerabilities are mitigated when running without admin rights. Eliminating admin rights reduces the attack surface of malwares.
BUT IS ACCESS CONTROL ENOUGH? RIVILEGED SESSION MANAGEMENT SUITE
Expanding from Managing Accounts to Managing Sessions ortal/web Access External Vendors IT ersonnel Secure, manage rivileged and track Identity privileged Management accounts Isolate, control, rivileged and monitor Session privileged Management sessions Identity Management Ticketing Systems Monitoring & SIEM Applications Central olicy Manager Auditors Secure Digital Vault Enterprise Directory and more Developers & DBAs 19
Continuous Monitoring & rotection Across the Datacenter Control rivileged Session Management Suite SM for Servers Monitor SM for Databases SM for Virtualization Isolate 20
Cyber-Ark SM latform Support latform Microsoft: Windows X Windows Vista Windows 7 Windows 2003 Server Windows 2008 Server IBM: AS400 IBM: AIX Sun Solaris H: HUX Tru64 Open VMS SSH-compatible sessions SQL lus / LSQL Developer SQL Server Management Studio SybaseASE Sybase Interactive SQL Client SecureCRT Virtualization: Hypervisors inc ESX, ESXi vsphere Video Mode Text Command
Remote Vendor Access with SM Internet Corporate Network DMZ Auditors, IM Admins Windows Servers HTTS 3rd party vendor VWA SM Firewall UNIX Servers Firewall Routers and Switches IM Vault
Real-Time Monitoring with Session Interaction 23
Easily Search rivileged Sessions for Forensic Analysis Search for SQL commands that include the word 'Salary' Click to lay oint in Time * Supports SSH and SQL commands 24
Accessing & Monitoring Websites & Cloud Applications Manage sensitive credentials to websites and web-based/saas applications using IM Connect transparently to the web-based application without needing to know the password Monitor and record privileged sessions in web applications in real-time or for forensic analysis 25
Value of rivileged Session Management Isolate revent cyber attacks by isolating desktops from sensitive target machines Control Create accountability and control over privileged session access with policies, workflows and privileged single sign on Monitor Deliver continuous monitoring and compliance with session recording with zero footprint on target machines 26
Sensitive Information Management Suite Sample use cases
Accelerate Business, Securely Variety of Interfaces Enterprise Ready Business Autonomy
THANK YOU! 29