Mitigating the Risks of Privilege-based Attacks in Federal Agencies



Similar documents
How To Manage A Privileged Account Management

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015

October Application Control: The PowerBroker for Windows Difference

PowerBroker for Windows Desktop and Server Use Cases February 2014

BeyondInsight Version 5.6 New and Updated Features

Fusing Vulnerability Data and Actionable User Intelligence

PowerBroker for Windows

Retina CS: Using Strong Certificates

Solving the Security Puzzle

Windows Least Privilege Management and Beyond

SANS Top 20 Critical Controls for Effective Cyber Defense

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Critical Controls for Cyber Security.

How To Monitor Your Entire It Environment

Supporting FISMA and NIST SP with Secure Managed File Transfer

CyberArk Privileged Threat Analytics. Solution Brief

How To Manage Security On A Networked Computer System

Real-Time Security for Active Directory

1 Introduction Product Description Strengths and Challenges Copyright... 5

Vulnerability Management

Looking at the SANS 20 Critical Security Controls

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

PCI Compliance for Cloud Applications

THE TOP 4 CONTROLS.

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

McAfee Security Architectures for the Public Sector

Strengthen security with intelligent identity and access management

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Big Data, Big Risk, Big Rewards. Hussein Syed

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Security and HIPAA Compliance

The Impact of HIPAA and HITECH

eeye Digital Security and ECSC Ltd Whitepaper

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

IBM Tivoli Endpoint Manager for Security and Compliance

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

The Protection Mission a constant endeavor

Payment Card Industry Data Security Standard

Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies

Securing Endpoints without a Security Expert

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Understanding Enterprise Cloud Governance

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Security Management. Keeping the IT Security Administrator Busy

IBM Security Privileged Identity Manager helps prevent insider threats

Symantec Client Management Suite 8.0

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Module 1: Introduction to Designing Security

FISMA / NIST REVISION 3 COMPLIANCE

Sarbanes-Oxley Compliance for Cloud Applications

Safeguarding the cloud with IBM Dynamic Cloud Security

Compliance Overview: FISMA / NIST SP800 53

Securing the Cloud Infrastructure

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

ZIMPERIUM, INC. END USER LICENSE TERMS

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Total Protection for Compliance: Unified IT Policy Auditing

THE BLUENOSE SECURITY FRAMEWORK

Simplify security management in the cloud

Defending Against Data Beaches: Internal Controls for Cybersecurity

Secret Server Qualys Integration Guide

Preemptive security solutions for healthcare

IBM Security QRadar Vulnerability Manager

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

The Business Case for Security Information Management

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Proven LANDesk Solutions

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Logging In: Auditing Cybersecurity in an Unsecure World

Presented by Evan Sylvester, CISSP

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Software License Asset Management (SLAM) Part III

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

ALERT LOGIC FOR HIPAA COMPLIANCE

CORE Security and GLBA

How To Buy Nitro Security

How To Manage A System Vulnerability Management Program

Increase insight. Reduce risk. Feel confident.

BSM for IT Governance, Risk and Compliance: NERC CIP

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Securing OS Legacy Systems Alexander Rau

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

Transcription:

WHITE PAPER Mitigating the Risks of Privilege-based Attacks in Federal Agencies Powerful compliance and risk management solutions for government agencies 1

Table of Contents Your networks are under attack from within and without... 4 What does privilege have to do with it?... 4 PowerBroker: Comprehensive privileged account management... 5 The BeyondInsight IT Risk Management Platform... 7 Compliance: How BeyondTrust mitigates risk across the board... 7 FISMA/NIST... 7 NIST SP 800-53: Security and Privacy Controls for Federal Information Systems & Organizations... 8 NIST SP 800-39: Managing Information Security Risk... 8 NIST SP 800-137: Continuous Monitoring... 8 SANS Top 20 Critical Security Controls... 9 Certifications... 10 Providing the assurance you need... 10 Sample U.S. Federal customers that trust BeyondTrust... 11 2

2014 Beyond Trust. All Rights Reserved. Warranty This document is supplied on an "as is" basis with no warranty and no support. This document contains information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of BeyondTrust. Limitations of Liability In no event shall BeyondTrust be liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages (including lost profit or lost data) whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material. The information contained in this document is subject to change without notice. No trademark, copyright, or patent licenses are expressly or implicitly granted (herein) with this white paper. For the latest updates to this document, please visit: http://www.beyondtrust.com Disclaimer All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. BeyondTrust is not associated with any other vendors or products mentioned in this document. 3

Your networks are under attack from within and without The compliance landscape for government agencies changes with almost every administration. There are always new requirements and penalties that agencies have to be able to anticipate, implement, and report on. At the same time, government information networks like their counterparts in public and private enterprises are constantly vulnerable to both internal and external threats. Each of these types of threats has their own unique characteristics. Internal threats may be malicious (designed to cause harm) or unintentional (the result of human error), exposing weaknesses in the agency s defenses and policies. Regardless of intent, insiders can do significant damage quickly, as they are already inside perimeter-layer security. External threats are designed to exploit vulnerabilities in networks and endpoints; they often seek to gain a foothold where they can act as an insider. Once an attacker gains administrative access, it is easy to make configuration changes that enable the installation of malicious software, and alter security controls for unfettered access to sensitive information. The collateral damage of such attacks is extensive, ranging from simple non-compliance consequences to national security threats. Intellectual property, defense information, personnel records, and other classified information can easily be stolen, sold, and used against the interests of the U.S. government, its citizens, and its allies. The key is to enforce strict limits on what a given network user is able to do in terms of accessing and utilizing network resources, and to monitor usage to quickly identify improper activity. The most effective approach to take with end users in the current environment involves restricting access privileges through both policy and technology methods allowing the least possible privilege for every user. This is the domain of BeyondTrust s PowerBroker privileged account management (PAM) solutions. What does privilege have to do with it? The least-privilege approach has gained a lot of credibility recently thanks to one notorious name: Edward Snowden. In the aftermath of Snowden leaking classified information he had access privileges to, the NSA announced it would reduce system administrator privileges by 90%. Indeed, Insider and privilege misuse was identified by the 2014 Verizon Data Breach Investigations Report as one of the nine basic patterns of activity in the past decade that have resulted in confirmed data breaches. The fact is many government users have more access than they need to perform their current job functions. With a least-privilege approach, users receive permissions only to the systems, applications, and data they need based on their current role or profile in the agency. These privileges can be user, system, or role-based as well as time-based (e.g., access granted only for certain days or hours, or for a set duration of time). Administrators can increase or restrict access as needed after all, user roles do 4

change frequently and special projects often require elevated levels of access but whenever possible, and as quickly as possible, privileges should return to their least level. Still, it is important to understand that restricting privileges is only part of the solution. All user activity while under approved privileges should be monitored and audited to ensure appropriate use, and to quickly identify, flag, and prevent misuse whether malicious or unintentional. By monitoring privileged users with solutions such as BeyondTrust s PowerBroker products, which enable proactive alerts and associated reporting, you can achieve verifiable compliance with stated access policies and gain assurance that your security solution can pass any audit. PowerBroker: Comprehensive privileged account management BeyondTrust s PowerBroker suite of privileged account management (PAM) solutions provides comprehensive visibility and control over account privileges within complex agency environments. Integrated within the BeyondInsight IT Risk Management Platform, which provides centralized management and control, PowerBroker solutions reduce the risk and minimize the impact of internal and external threats by giving IT and security teams powerful discovery and analytics capabilities. BeyondTrust currently offers 15 distinct PowerBroker products within four functional categories that represent essential risk management requirements: Privilege Management Enabling fine-grained control for assigning privileges to users throughout the organization. PowerBroker Servers Enterprise PowerBroker UNIX & Linux PowerBroker for Windows Desktops & Servers PowerBroker for Virtualization & Cloud PowerBroker for Databases Survey Results: Privileges Gone Wild In 2013, BeyondTrust surveyed 265 IT decision makers, comprising security managers and network and systems engineers across a number of sectors, including government, financial services, manufacturing, and others. Their responses are fairly shocking, and speak to the importance of privileged account management. 80% of respondents believe that it s at least somewhat likely that employees access sensitive or confidential data out of curiosity. 76% say the risk to their organization caused by the insecurity of privileged users will increase over the next few years. 65% of organizations have controls to monitor privileged access, yet 54% say they have the ability to circumvent these controls. 44% of employees have unnecessary access rights. 43% of respondents allow sensitive data to be stored on employee workstations/laptops. 28% admitted to having retrieved information not relevant to their job, such as financial reports, salary information, and HR and personnel documents. Active Directory Bridging Ensuring single sign-on using the same Active Directory for all resources, while auditing all users who are logging in. PowerBroker Identity Services AD Bridge 5

Privileged Password Management Establishing a virtual safe for shared passwords in the company, ensuring secure storage and retrieval. PowerBroker Password Safe Auditing & Protection Offering reporting and analytics functionality to establish and maintain compliance. PowerBroker Auditor for File System PowerBroker Recovery for AD PowerBroker Auditor for SQL PowerBroker Change Manager for AD PowerBroker Auditor for Exchange PowerBroker Privilege Explorer for AD PowerBroker Auditor for Active Directory (AD) PowerBroker Event Vault for Windows For specific information on each of the PowerBroker applications, please visit http://www.beyondtrust.com/home/allproducts. 6

The BeyondInsight IT Risk Management Platform All PowerBroker PAM solutions are backed by BeyondTrust s Retina family of vulnerability management (VM) solutions. Both the PAM and VM solutions share a common management console framework called BeyondInsight. In addition to serving as a central management, analytics and reporting console for the PAM and VM product families, BeyondInsight offers additional capabilities such as discovery, profiling, role-based access, and smart groups for identifying, organizing, and reporting on assets and accounts. Additionally, the BeyondInsight console enables centralized alerting, reporting, and search functionality, which aggregates all privileged account information into a data warehouse and then provides rich analytics and reporting capabilities for mitigating risk and documenting compliance. The BeyondInsight management console is scanner-agnostic, allowing data feeds from BeyondTrust Retina and vulnerability scanners such as Nessus, Nexpose, and QualysGuard. Compliance: How BeyondTrust mitigates risk across the board PowerBroker and BeyondInsight provide important capabilities that support a wide range of government information security requirements. Here we have broken down some of the most common and pressing federal mandates and regulations, showing the extent to which BeyondTrust s PAM and Retina VM solutions can help agencies achieve and maintain compliance. FISMA/NIST This section requires some familiarity with the following: The Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to implement information security solutions to protect the information and information systems that support agency operations and assets. National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce charged with advancing measurement standards. Federal Information Processing Standards (FIPS) are issued by NIST in accordance with FISMA; they are compulsory and binding for federal agencies. Special Publications (SPs) are developed and issued by NIST as recommendations and guidance documents. NIST Risk Management Framework (NIST RMF) is the standard for integrating information security and risk management into government agency information systems. The NIST RMF encompasses a range of activities defined by several different NIST SPs. BeyondTrust supports the requirements of three key SPs relating to the NIST RMF: SP 800-53, SP 800-39, and SP 800-137. 7

NIST SP 800-53: Security and Privacy Controls for Federal Information Systems & Organizations BeyondTrust s solutions address several individual controls under the following control families: Access Control PowerBroker for UNIX & Linux, PowerBroker for Windows Audit & Accountability PowerBroker for UNIX & Linux, PowerBroker for Windows, PowerBroker Auditor Security Assessment and Authorization PowerBroker for Windows, Retina family of VM solutions Configuration Management PowerBroker for Windows, Retina Configuration Management Module Identification and Authentication PowerBroker Password Safe Risk Assessment PowerBroker for Windows, Retina family of VM solutions System & Services Acquisition PowerBroker for UNIX & Linux, PowerBroker for Windows, Retina CS System and Communications Protection PowerBroker for UNIX & Linux, PowerBroker for Windows System and Information Integrity PowerBroker Endpoint Protection Platform, Retina Patch Management Module, Retina Protection Agent By addressing the above controls, our solutions also enable agencies to prepare for security controls assessments per NIST SP 800-53A ( Guide for Assessing the Security Controls in Federal Information Systems and Organizations ). NIST SP 800-39: Managing Information Security Risk BeyondTrust s PowerBroker and Retina solutions, in conjunction with the BeyondInsight Risk Management Platform, collectively address all of the tasks defined under the following phases of the Risk Management Process defined in 800-39: Risk Framing Discovering and profiling assets and accounts; grouping and filtering according to risk, privacy, and compliance issues Risk Assessment Threat and vulnerability identification, risk determination Risk Response Identifying and evaluating alternative courses of action to responding to risks determined during the assessment phase Monitoring Risk Monitoring information systems and privileged accounts on an ongoing basis to verify compliance, determine effectiveness of response measures, and identify changes NIST SP 800-137: Continuous Monitoring BeyondTrust offers several solutions that enable continuous monitoring, defined by 800-39 as part of the 11 security automation domains that support continuous monitoring; these include: Vulnerability Management Patch Management Malware Detection Asset Management Configuration Management 8

SANS Top 20 Critical Security Controls The SANS Top 20 Controls are a set of recommendations coordinated by the SANS Institute, a private U.S. company that specializes in information security and cybersecurity training, and compiled by a consortium of U.S. and international agencies and experts from private industry. BeyondTrust solutions and services deliver coverage across several of the controls, as depicted below: 1: Inventory of Devices 11: Limitation/Control: Ports, Protocols, Services 2: Inventory of Software 12: Controlled Use of Administrative Privileges 3: Secure Configurations: Hardware & Software 13: Boundary Defense ½ 4: Continuous Vuln. Assessment & Remediation 14: Maintenance, Monitoring, & Analysis of Audit Logs 5: Malware Defenses 15: Controlled Access Based on Need to Know 6: Application Software Security ½ 16: Account Monitoring and Control 7: Wireless Device Control ½ 17: Data Loss Prevention ½ 8: Data Recovery Capability 18: Incident Response and Management 9: Security Skills Assessment and Training 19: Secure Network Engineering 10: Secure Configurations: Network Devices ½ 20: Penetration Tests & Red Team Exercises Broad applicability ½ Partial applicability Not applicable National Industrial Security Program Operating Manual (NISPOM) The National Industrial Security Program (NISP) was established to manage the needs of private industry to securely access classified information. The NISP Operating Manual (NISPOM) establishes the specific standard procedures and requirements for all government contractors with regards to their ability to access and use classified information. Collectively, the PowerBroker for UNIX & Linux, PowerBroker for Windows, and PowerBroker Auditor solutions address the following Information System Security procedures defined in Chapter 8 of the NISPOM: 8-303: Identification and Authentication Management 8-311: Configuration Management 8-505: Systems with Group Authenticators 8-606: Access Controls 8-607: Identification and Authentication 8-609: Session Controls 8-614: Security Testing 9

Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) Targeted for agencies within the U.S. Department of Defense, DITSCAP details the standards and processes that agencies must adhere to in order for their information assurance and security solutions to be certified and accredited. These standards are based largely on NIST SP 800-53 (see section A above), so the same PowerBroker and Retina solutions that enable compliance for 800-53 will position agencies for DITSCAP certification as well. Certifications FIPS 140-2 is a U.S government computer security standard used to accredit cryptographic modules. PowerBroker Password Safe ships on commercially supported FIPS 140-2 validated components for all encryption over passwords to critical data. PowerBroker for UNIX & Linux integrates with SafeNet Luna for U.S. and Canadian government agencies requiring FIPS 140-2 Level 2/Level 3 validation. Providing the assurance you need Key Benefits of PowerBroker PAM Solutions Pass audits and comply with government mandates Dynamically discover, profile, and group assets and accounts Mitigate insider threats through granular password and privilege management Implement and enforce least-privilege access controls for agency end users Ensure accountability through session monitoring and recording, keystroke logging, and real-time auditing Fulfill reporting requirements via 260+ reports included out of the box, plus a flexible ad hoc reporting capability Enable informed, actionable decisions from meaningful data gleaned from context-aware security intelligence, including asset, user, and account privilege information Consistently authenticate users across heterogeneous environments In the current environment, considering both the unrelenting cybersecurity threats faced by organizations of all sizes everywhere, and the many global political uncertainties affecting American institutions in particular, U.S. government agencies have to be more vigilant and proactive than ever before. With over 4,000 worldwide customers, including more than 200 U.S. Federal departments and agencies, BeyondTrust delivers a comprehensive suite of PowerBroker PAM solutions that have been proven in a wide range of large and complex IT environments. According to Gartner, BeyondTrust is one of only two vendors able to offer complete PAM capabilities today; as agencies are under pressure to limit the number of discrete vendors, BeyondTrust can handle the bulk of your security requirements and thereby help reduce your vendor portfolio. You get the protection you need and the peace of mind you desire. To see PowerBroker solutions in action, contact BeyondTrust at 1-301-807-3112 or federalsales@beyondtrust.com to schedule a demo. For more information, please visit us at http://www.beyondtrust.com. 10

Sample U.S. Federal customers that trust BeyondTrust Over 200 U.S. Federal departments and agencies trust BeyondTrust solutions for privileged account management and vulnerability management. About BeyondTrust BeyondTrust provides context-aware Privileged Account Management and Vulnerability Management software solutions that deliver the visibility necessary to reduce IT security risks and simplify compliance reporting. We empower organizations to not only mitigate user-based risks arising from misuse of system or device privileges, but also identify and remediate asset vulnerabilities targeted by cyber attacks. As a result, our customers are able to address both internal and external threats, while making every device physical, virtual, mobile and cloud as secure as possible. BeyondTrust solutions are unified under the BeyondInsight IT Risk Management Platform, which provides IT and security teams a single, contextual lens through which to view user and asset risk. This clear, consolidated risk profile enables proactive, joint decision-making while ensuring that daily operations are guided by common goals for risk reduction. The company is privately held, and headquartered in Phoenix, Arizona. For more information, visit beyondtrust.com. 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information