Privileged Account Security: A Balanced Approach to Securing Unix Environments
|
|
- Randall Parrish
- 6 years ago
- Views:
Transcription
1 Privileged Account Security: A Balanced Approach to Securing Unix Environments
2 Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged Credential Management 4 Account and Key Discovery: Inventory privileged accounts and credentials 4 Credential Security and Management: Protecting privileged passwords and SSH keys 4 Controls for User Credentials: 4 Controls for Application Credentials: 5 Least Privilege and Access Control 5 Shared Accounts: Introducing individualized control and accountability 5 Individual Accounts: Enabling the necessary privileges, but no more 6 Individual Accounts: Streamlining privileged identity management 6 Session Management 7 Session Isolation: Protect critical systems from malware and uncontrolled access 7 Session Recording: Gain a complete audit trail of user activity 7 Session Monitoring: Detect and terminate suspicious activity in real-time 7 Behavioral Threat Analytics 8 Behavioral analysis: Using anomaly detection to rapidly identify threats 8 Strengthen and Simplify Unix Security 8 CyberArk Privileged Account Security 9 Cyber-Ark Software Ltd. cyberark.com 2
3 Introduction Enterprise IT environments can contain hundreds or thousands of Unix systems, all of which are accessed by privileged users on a regular basis. However, unlike Windows environments that offer centralized administration, Unix systems operate in silos and offer no native capabilities for central management. As a result, it is incredibly difficult for Unix security teams to manage identities, control access rights or know who is doing what on critical Unix systems. This document will outline common challenges within Unix environments, offer recommendations on how to address those challenges, and describe how CyberArk Privileged Account Security solutions can work together to help organizations better secure and manage privileged access within these environments. Every User is a Privileged User The greatest challenge facing Unix security teams is that, in Unix environments, every user is a privileged user. Unix users, by nature, include systems administrators, security administrators, and network administrators, all of whom have privileged access, including root access, to critical systems and sensitive data. Without clear visibility and control over what these users are able to do, organizations will continue to face several security and compliance challenges that simply cannot be left unaddressed. Compounding the security and compliance challenges are the perceived tradeoffs of Unix security. In the past, Unix security has often been viewed as an all or nothing decision; teams have felt forced to choose between locking down systems and keeping users productive. However, with the right tools, organizations can now implement a balanced approach that protects critical accounts and systems, yet enables administrators to carry out their day-to-day responsibilities without being impacted. Privileged Account Security: A Balanced Approach Privileged account security solutions offer a balanced approach to help organization better secure, manage and control Unix environments while keeping users productive. An optimal privileged account security solution should offer the capabilities needed to achieve end-to-end protection of all privileged accounts, including: Credential Management Least Privilege and Access Control Session Management Behavioral Threat Analytics Without clear visibility and control over what Unix users are able to do, organizations will continue to face several security and compliance challenges that simply cannot be left unaddressed. By implementing controls in each of these areas, organizations can secure, manage and control access within their Unix environments without impacting user productivity. Cyber-Ark Software Ltd. cyberark.com 3
4 Privileged Credential Management To effectively protect privileged accounts and therefore the systems and data accessed by those accounts organizations should proactively secure and manage privileged account credentials, including both passwords and SSH keys. When taking steps to protect privileged credentials, it s crucial that organizations consider both interactive user credentials and application credentials, as both enable privileged account access and can be exploited by malicious users to facilitate a data breach. Account and Key Discovery: Inventory privileged accounts and credentials Due to the decentralized nature of Unix environments and lack of native management tools, it s often very difficult for security teams to see what accounts and keys exist, much less know who has access to what. Without this baseline visibility, it s impossible for IT to secure, manage or control access to these privileged accounts and credentials. The CyberArk Discovery and Audit tool provides the visibility organizations need to begin taking control of Unix environments. The Discovery and Audit tool enables organizations to locate all privileged accounts and SSH keys, as well as map trust relationships between users and systems. The data enables security teams to clearly see which accounts and keys are compliant with organization policy, which require attention and which should be removed altogether. Armed with this information, organizations can set an actionable plan to clean up their environment and begin securing and managing privileged credentials. Credential Security and Management: Protecting privileged passwords and SSH keys After locating privileged user and application accounts and SSH keys, organizations should proactively secure, rotate and control access to their privileged account credentials. The CyberArk Digital Vault provides a highly secure repository for storing sensitive account passwords and private SSH keys, and it supports strong access controls to help ensure that only authorized users, applications or systems are able to access these credentials. Using the Digital Vault, organizations can centrally manage access to most all privileged accounts, including but not limited to those on Unix systems, Windows systems, databases, and network devices, both on-premises and in the cloud. To comply with best practices, as well as to reduce the of risk compromise with a stolen credential, organizations should proactively rotate privileged passwords and SSH keys. Using CyberArk Enterprise Password Vault and CyberArk SSH Key Manager, security teams can automate password and key pair rotation, set policies to rotate these credentials at regular intervals and rotate credentials on-demand as needed. When securing and managing privileged account credentials, it s important to keep in mind the nuanced differences between privileged user credentials and privileged application credentials. While both types of credentials require centralized security, rotation and access controls, the approaches should be slightly different in order to maintain user productivity and application availability. Controls for User Credentials: Once user credentials are securely stored and managed in the Digital Vault, security teams should set policies to ensure that only authorized users are able access authorized credentials. To do this, CyberArk solutions enable organizations to create access control policies based on individual users or user groups. Customizable workflows enable users to request access to credentials with elevated privileges as needed for business purposes, and integrations with IT ticketing systems are available to validate approvals. Cyber-Ark Software Ltd. cyberark.com 4
5 For added control, organizations can require two-factor authentication before users may gain access to credentials in the Digital Vault. This not only helps to strengthen security, but also enforces strong authentication to protected systems, as required by some regulations and industry standards. Controls for Application Credentials: Applications that run automated processes often rely on embedded passwords or locally stored SSH keys for authentication, both of which are stored in plaintext. These credentials can be copied by anyone inside the network and can be exploited to propagate unauthorized privileged access across the environment. To remediate this vulnerability, organizations should remove plaintext credentials from applications and scripts and instead securely store, rotate and control access to them. CyberArk Application Identity Manager enables organizations to removed hard-coded passwords and locally stored SSH keys from applications and scripts, and instead stores these credentials in the Digital Vault where they can be called only as needed. The solution offers high availability, helping organizations strengthen security and meet compliance requirements while ensuring that business critical applications are always available, even in the event of a network outage. As an added control, CyberArk Application Identity Manager includes advanced authentication capabilities, which authenticate applications before granting them access to privileged credentials. This helps to ensure that spoofed applications are unable to steal privileged passwords or SSH keys. Least Privilege and Access Control In an ideal scenario, each administrative user would have a personalized, controllable, auditable account that is known and used only by that user. Better, these accounts could be tailored so that each user has all the privileges needed for day-to-day responsibilities but no more. The trouble is, in reality, this scenario is all too often infeasible. Because Unix environments are incredibly siloed and each account on each system requires its own identity, the use of individual user accounts can create far more identities than IT can reasonably be expected to manage. As a result, organizations frequently resort to using shared administrative accounts, which are incredibly difficult to control and, for simplicity, often provide more privileges than the majority of users require. With shared accounts, security and audit teams have no way to know who did what, much less know which users have access to each account. Worse, shared account credentials can be easily shared between authorized and unauthorized users, and oftentimes less-privileged users receive, by default, unnecessary root privileges. To help Unix security teams better control privileged user access in these siloed environments, CyberArk provides tools to remove unnecessary root privileges, enforce least privilege at the user level and gain auditability at the user level regardless of whether an organization is using individual accounts, shared accounts or a combination of both. CyberArk solutions help organizations enforce practical least privilege policies, allowing for granular access controls and better reporting without compromising productivity. Shared Accounts: Introducing individualized control and accountability To gain individualized control over shared accounts, organizations should store shared account credentials in a secure repository and then control which users may access those credentials. Using CyberArk, organizations can secure shared privileged passwords and SSH keys in the Digital Vault and set policies based on user or user group that dictate who may access which credentials. Authorized users can be required to checkout the shared credentials for use, providing security and audit teams with a complete audit trail of exactly which user accessed what account and when. To ensure that an authorized user is unable to share the credential or gain unaudited Cyber-Ark Software Ltd. cyberark.com 5
6 access to a target system, organizations can opt to either mask the credential from the user or automatically rotate the credential after use. To enforce the principle of least privilege to shared accounts, organizations can leverage automated workflows that enable less-privileged users to request access to shared credentials with elevated privileges. Using CyberArk Enterprise Password Vault and CyberArk SSH Key Manager, users can request access to passwords and keys with elevated privileges for legitimate business purposes. Only upon approval by the required approver(s) can the user gain temporary access to the elevated privileged account. With this approach, organizations can remove root privileges from less privileged users, while still providing a way for users to complete one-off, approved tasks that require root access. Individual Accounts: Enabling the necessary privileges, but no more When working towards a least-privilege model for individual user accounts, organizations should look to solutions that remove unnecessary root privileges and support user productivity while simultaneously helping IT teams simplify the management of so many identities. Similar to shared credentials, organizations should securely store individual privileged account credentials in a digital vault to prevent their misuse and unauthorized sharing. Next, to limit privileges associated with each account, organizations should set policies that dictate which users or user groups may run which commands under what circumstances. CyberArk On-Demand Privileges Manager acts as a sudo replacement, providing a restricted shell that allows for granular, centrally managed privilege controls. Using this solution, organizations can limit what commands may be run based on individual user or user group, as well as define what elevated privileges may be invoked for legitimate business purposes. When a user does elevate privileges, CyberArk On-Demand Privileges Manager provides a full record of when it happened, for what purpose, and all commands run during that elevated session. As a result, security teams are able to remove unnecessary privileges, keep users productive by enabling limited elevated privileges, and gain a complete, tamper-proof audit trail of all elevated session activity. Individual Accounts: Streamlining privileged identity management To complement individualized least privilege controls, CyberArk offers Active Directory (AD) bridge capabilities to help organizations streamline and centralize the management of privileged user identities across both Unix and Windows systems. Using CyberArk s AD bridge capabilities, organizations can define Unix user groups in AD and centrally manage privileged access policies for those user groups within CyberArk. As new Unix users are added to AD, the associated Unix accounts can be automatically provisioned, in accordance with policy, as needed. Similarly, as users leave the organizations and their identities are deprovisioned from AD, the users will no longer be able to access any associated Unix accounts. As an added benefit, users may use their AD passwords to authenticate to Unix systems, thus reducing the total number of credentials each user must manage. Cyber-Ark Software Ltd. cyberark.com 6
7 Session Management Once privileged account credentials are secured, organizations should takes steps to proactively control and review privileged user sessions on Unix systems. Effective controls include session isolation, session recording and real-time session monitoring. Using these controls, organizations can separate critical systems from potentially infected user devices, control how users access target systems, and verify that authorized users are only engaging in authorized session activity. Session Isolation: Protect critical systems from malware and uncontrolled access End users often work on devices that are difficult to control and vulnerable to malware. If a user on an infected machine were to directly access a target system, the malware could easily spread, thus infecting critical IT infrastructure and putting sensitive data at risk. To mitigate this risk, organizations should isolate critical systems while still ensuring that users can easily administer these systems. CyberArk Privileged Session Manager acts as a secure jump server, separating vulnerable user devices from the critical systems that must be administered. As a result, organizations are able to prevent malware on end user devices from infecting target systems. To ensure that users are unable to bypass this control, organizations should mask target system credentials and restrict traffic to the target. To prevent direct, uncontrolled access to critical target Unix systems, CyberArk Privileged Session Manager can facilitate seamless connections to target systems via the jump server without ever exposing users or their machines to the target s credentials. Additionally, organizations should lock down target systems to require that all privileged user sessions occur via the jump server. Such an architecture creates a single point of control for all privileged sessions and prevents users, both authorized or unauthorized, from gaining direct, uncontrolled access to critical systems. Session Recording: Gain a complete audit trail of user activity Once all privileged traffic is directed through a secure jump server, organizations can leverage controls on that jump server to record all privileged sessions. Using CyberArk Privileged Session Manager, organizations can gain a complete audit trail of all privileged session activity. That audit trail is then stored in the secure Digital Vault with full access controls, limiting viewership to only authorized members of the security or audit teams. During an investigation, security teams can easily search session history to quickly understand what happened, what commands were run and which user executed them. Using detailed audit logs and recordings, security teams can accelerate incident investigation times and gain the opportunity to stop attackers before it s too late. Audit teams can leverage the same session logs and recordings to easily search for relevant activity and accelerate audit times. Session Monitoring: Detect and terminate suspicious activity in real-time For real-time awareness of privileged session activity, CyberArk Privileged Session Manager enables security teams to monitor privileged user activity in real-time. The solution also integrates with leading SIEM solutions so that security and incident response teams can gain real-time alerts on suspicious, unauthorized activity. Using CyberArk Privileged Session Manager, security teams can detect suspicious, unauthorized activity in real-time, instantly locate the session, and remotely terminate it, thus disrupting the potential attack while in-progress. Cyber-Ark Software Ltd. cyberark.com 7
8 Behavioral Threat Analytics In today s threat environment, organizations must do everything they can to proactively protect their critical systems and sensitive data, but they must also anticipate targeted and insider attacks that bypass proactive controls. The greatest risk associated with privileged accounts is that once one is compromised, attackers are able to freely move around the environment, locating and accessing sensitive data. And because these accounts allow attackers to hide in plain sight, deleting their tracks along the way, the attackers can operate undetected for months. Without the ability to detect abnormal privileged account activity, advanced and inside attackers can exfiltrate sensitive data before an organization even knows that a breach occurred. Behavioral analysis: Using anomaly detection to rapidly identify threats Cyber attackers behave differently than legitimate users, logging in at different times, from different locations, and accessing systems in different patterns. As such, these malicious users can hide from rules-based detection methods. However, it is much more difficult for them to hide from detection mechanisms that rely on behavioral pattern analysis. Privileged accounts are an organization s last line of defense against a cyber attack. Once these accounts are compromised, the attackers have everything they need to successfully locate and steal the targeted data. At this point in a breach, the only way to thwart the attack is locate anomalous privileged account activity that indicates a compromise and restrict the impacted accounts. CyberArk helps organizations do just that. CyberArk Privileged Threat Analytics monitors all privileged user and account activity to establish a baseline of what is normal. Using a self-learning, statistical analysis engine, CyberArk Privileged Threat Analytics is able to rapidly detect and alert on any information that falls outside of that norm, indicating a potential attack in progress. By alerting organizations to anomalous activity early, the solution enables organizations to accelerate incident detection times, reduces the window of opportunity for attackers, and gives security teams the opportunity to stop cyber criminals before they cause irreparable damage. Strengthen and Simplify Unix Security While the decentralized nature of Unix environments presents a series of challenges for IT and security administrators, these challenges can be overcome with the right tools. CyberArk s portfolio of products is designed to work together to help organizations strengthen security, even in the most complex, disparate IT environments. By centralizing the management of privileged Unix users, accounts, and credentials, CyberArk can help organizations strengthen security, accelerate threat detection and streamline identity management in Unix environments. CyberArk s Privileged Account Security Solution delivers a single, unified platform from which organizations can centrally manage access control policies, proactively secure and rotate privileged account passwords and SSH keys, monitor and record all privileged session activity, and analyze privileged account behavior to rapidly detect threats. With CyberArk, organizations can protect their most critical assets and confidently prove compliance with regulatory requirements. Cyber-Ark Software Ltd. cyberark.com 8
9 CyberArk Privileged Account Security CyberArk s privileged account security portfolio offers a complete solution to protect, monitor, detect, alert, and respond to privileged accounts. Products within the portfolio include: Enterprise Password Vault fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when. SSH Key Manager secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts. Privileged Session Manager isolates, controls, and monitors privileged user access and activities on critical systems throughout most traditional on-premises and cloud environments. Application Identity Manager eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance. On-Demand Privileges Manager allows for control and continuous monitoring of the commands super-users run based on their role and task. Privileged Threat Analytics analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack. Endpoint Privilege Manager enables organizations to control privileges on the endpoint and contain attacks early in their lifecycle. To learn more about the CyberArk Privileged Security Solution, please visit Cyber-Ark Software Ltd. cyberark.com 9
10 All rights reserved. No portion of this publication may be reproduced in any form or by any means without the express written consent of CyberArk Software. CyberArk, the CyberArk logo and other trade or service names appearing above are registered trademarks (or trademarks) of CyberArk Software in the U.S. and other jurisdictions. Any other trade and service names are the property of their respective owners. U.S., Doc # 124 CyberArk believes the information in this document is accurate as of its publication date. The information is provided without any express, statutory, or implied warranties and is subject to change without notice. CyberArk Software Ltd. cyberark.com
CyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationThe Ten Pains of Unix Security. Learn How Privileged Account Security Solutions are the Right Remedy
Learn How Privileged Account Security Solutions are the Right Remedy Table of Contents Introduction: Control Access, Empower Teams 3 The Ten Pains of Unix Security 4 Pain No.1: Who Has Access to my Unix
More informationHow CyberArk can help mitigate security vulnerabilities in Industrial Control Systems
How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems Table of Contents Introduction 3 Industrial Control Systems Security Vulnerabilities 3 Prolific Use of Administrative
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationNIST Revision 2: Guide to Industrial Control Systems (ICS) Security
NIST 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security How CyberArk can help meet the unique security requirements of Industrial Control Systems Table of Contents Executive Summary
More informationSecurity Fundamentals for your Privileged Account Security Deployment
Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationSecuring Office 365 with SecureCloud
Securing Office 365 with SecureCloud 1 Introduction Microsoft Office 365 has become incredibly popular because of the mobility and collaboration it enables. With Office 365, companies always have the latest
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSecuring Privileged Accounts Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.2 with CyberArk Solutions
Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.2 with CyberArk Solutions Table of Contents Executive Summary 3 Obligations to Protect Cardholder Data 3 PCI and Privileged Accounts
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationCyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory
CyberArk Solutions for Secured Remote Interactive Access Addressing NERC Remote Access Guidance Industry Advisory Table of Contents The Challenges of Securing Remote Access 3 Using CyberArk s Privileged
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationIMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES
IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES Introduction Almost all enterprises have rogue or misconfigured certificates that are unknown to operations teams without a discovery tool they
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationMake security part of your client systems refresh
Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More information6 Key Use Cases for Securing Your Organization s Cloud Workloads. 6 Key Use Cases for Securing Your Organization s Cloud Workloads
6 Key Use Cases for Securing Your Organization s Cloud Workloads 1 6 Key Use Cases for Securing Your Organization s Cloud Workloads Table of Contents Introduction: The Continuing Rise of Cloud Adoption
More information7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager
7 Steps to Complete Privileged Account Management September 5, 2017 Fabricio Simao Country Manager AGENDA Implications of less mature privileged account management What does a more mature approach look
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationUnderstand & Prepare for EU GDPR Requirements
Understand & Prepare for EU GDPR Requirements The information landscape has changed significantly since the European Union (EU) introduced its Data Protection Directive in 1995 1 aimed at protecting the
More informationSafeguarding Privileged Access. Implementing ISO/IEC Security Controls with the CyberArk Solution
Safeguarding Privileged Access Implementing ISO/IEC 27002 Security Controls with the CyberArk Solution Contents Executive Summary... Meeting an Internationally-Recognized Information Security Standard...
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationBomgar Discovery Report
BOMGAR DISCOVERY REPORT Bomgar Discovery Report This report is designed to give you important information about the privileged credentials regularly being used to access endpoints and systems on your network,
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationDefend Against the Unknown
Defend Against the Unknown Stay ahead of new threats with McAfee Endpoint Threat Defense solutions Targeted exploits. Ransomware. Explosive growth in zero-day malware. Organizations are locked in an ongoing
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationClearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds
Clearing the Path to Micro-Segmentation A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds Clearing the Path to Micro-Segmentation 1 More Clouds in the Forecast The migration of vast
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationSOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK
RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationIDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY
IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY Identity is replacing perimeter as the primary defensive frontline OVERVIEW Organizations have been grappling with identity and access management since
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationIntegrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries
Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationCyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory
CyberArk Solutions for Secured Remote Interactive Access Addressing NERC Remote Access Guidance Industry Advisory Table of Contents The Challenges of Securing Remote Access.......................................
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationSecuring Privileged Accounts: Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 with CyberArk Solutions
Securing Privileged Accounts: Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 with CyberArk Solutions Contents Executive Summary... Obligations to Protect Cardholder Data... PCI
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationCYBERARK GDPR ADVISORY. SECURE CREDENTIALS. SECURE ACCESS. A PRIVILEGED ACCOUNT SECURITY APPROACH TO GDPR READINESS
CYBERARK GDPR ADVISORY. SECURE CREDENTIALS. SECURE ACCESS. A PRIVILEGED ACCOUNT SECURITY APPROACH TO GDPR READINESS 2017 CYBERARK GDPR ADVISORIES: PRACTICAL STEPS TO GDPR READINESS There is no personal
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationMOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT
MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT DON T USE A HAMMER MOVE BEYOND GPO FOR NEXT-LEVEL TO TURN A SCREW PRIVILEGE MANAGEMENT The first stage of privilege management Most organizations with
More informationTRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS
SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual,
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More information