PRIVILEGED ACCESS MANAGEMENT: The Key to Protecting Your Business Amid Cybercrime s Current Boom

Similar documents
Managing Your Privileged Identities: The Choke Point of Advanced Attacks

GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

Protect Your Data the Way Banks Protect Your Money

Teradata and Protegrity High-Value Protection for High-Value Data

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Privileged Account Security: A Balanced Approach to Securing Unix Environments

the SWIFT Customer Security

AKAMAI CLOUD SECURITY SOLUTIONS

Five Best Practices to Manage and Control Third-Party Risk

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Key Authentication Considerations for Your Mobile Strategy

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Security Fundamentals for your Privileged Account Security Deployment

5 OAuth Essentials for API Access Control

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Keep the Door Open for Users and Closed to Hackers

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Reducing the Cost of Incident Response

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

McAfee Skyhigh Security Cloud for Amazon Web Services

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

ALIENVAULT USM FOR AWS SOLUTION GUIDE

RSA NetWitness Suite Respond in Minutes, Not Months

Challenges and. Opportunities. MSPs are Facing in Security

HIPAA Regulatory Compliance

Comprehensive Database Security

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

Traditional Security Solutions Have Reached Their Limit

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

QuickBooks Online Security White Paper July 2017

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Breaking the Kill Chain

How Breaches Really Happen

Securing Your Amazon Web Services Virtual Networks

2015 VORMETRIC INSIDER THREAT REPORT

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Closing the Biggest Security Hole in Web Application Delivery

align security instill confidence

Integrated Access Management Solutions. Access Televentures

CloudSOC and Security.cloud for Microsoft Office 365

locuz.com SOC Services

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Moving From Reactive to Proactive Storage Management with an On-demand Cloud Solution

Building Resilience in a Digital Enterprise

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

with Advanced Protection

Keys to a more secure data environment

The security challenge in a mobile world

All the resources you need to get buy-in from your team and advocate for the tools you need.

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

ISO27001 Preparing your business with Snare

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Make security part of your client systems refresh

A GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING

IBM Cloud Internet Services: Optimizing security to protect your web applications

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

McAfee MVISION Cloud. Data Security for the Cloud Era

How AlienVault ICS SIEM Supports Compliance with CFATS

Office 365 Buyers Guide: Best Practices for Securing Office 365

A Security Admin's Survival Guide to the GDPR.

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Microsoft Security Management

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Understand & Prepare for EU GDPR Requirements

CA Test Data Manager Key Scenarios

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

WHITEPAPER. Protecting Against Account Takeover Based Attacks

68 Insider Threat Red Flags

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

MEETING ISO STANDARDS

Pieter Wigleven Windows Technical Specialist

Google Identity Services for work

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

SentinelOne Technical Brief

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

CipherCloud CASB+ Connector for ServiceNow

Control-M and Payment Card Industry Data Security Standard (PCI DSS)

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

CA Security Management

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Transcription:

PRIVILEGED ACCESS MANAGEMENT: The Key to Protecting Your Business Amid Cybercrime s Current Boom

Cybercrime Is a Growth Industry Thanks to numerous, headline-making incidents in recent years, cybercrime has risen toward the top of the concern list for many organizations and the customers with whom they do business. You ve heard many of the stories. Major health insurers, such as Anthem, Premera BlueCross and CareFirst had personal information for millions of their customers stolen. Sony Pictures experienced a breach that not only embarrassed employees and adversely impacted the release of the high-profile film, The Interview, but also damaged systems and applications making it extremely difficult for the company to conduct business. The list goes on. Some you maybe haven t heard, like the one about CodeSpaces, a provider of version management services to developers. When attackers were able to gain access to its cloud-based management consoles, they deleted the company s entire infrastructure and backups ultimately forcing CodeSpaces out of business. The bad news for organizations like yours is, thanks to the demands of the application economy and the transition to hybrid infrastructures, protecting against these threats has only gotten more challenging. THE REALITY IS, CYBERCRIME IS A GROWTH INDUSTRY. $400 BILLION TRILLION CYBERCRIME POTENTIAL Intel Security estimates that the annual cost to the global economy from cybercrime is more than $400 billion. 1 $3 McKinsey believes that number will skyrocket to $3 trillion in 10 years. 2 1 Intel Security, Net Losses: Estimating the Global Loss of Cybercrime, June, 2014. 2 World Economic Forum in collaboration with McKinsey & Company, Risk and Responsibility in a Hyperconnected World, January, 2014. 2

New Vulnerabilities in the Application Economy To not only survive, but thrive in the application economy, many businesses are undergoing a digital transformation in which they add digital components to all of their products and services. This means having to develop for and integrate with a variety of APIs, microservices, cloud applications and infrastructures while continuing to manage, optimize and protect their current environments. This transformation has created a whole new set of attack surfaces that must be defended, in addition to the existing infrastructure you ve been protecting for years. These new points of vulnerability include: HYBRID ENVIRONMENTS: As your IT environment has evolved to include software-defined data centers and networks, and expanded outside of your four walls to incorporate public cloud resources and software-as-a-service (SaaS) applications, the traditional way of approaching administration and management quickly falls apart mainly because it fails to protect new attack surfaces like management consoles and APIs. ADMINISTRATIVE POWER: In addition, administrators have concentrated power in these evolving environments, because they can define or redefine an organization s entire IT infrastructure with just the push of a button. AUTOMATION TOOLS: In more sophisticated IT shops, some of these processes see no human intervention at all. Tasks like provisioning, administration and management are automated with scripts or tools like Chef and Puppet often using hard-coded administrative credentials that are ripe for theft and misuse. When you add up these vulnerabilities, it becomes clear how much havoc an attacker could wreak in your environment if he or she were able to gain the appropriate access. 3

The Risks of Privileged Accounts and Credentials Did you know that stealing and exploiting privileged accounts is a critical success factor for attackers in 100 percent of all advanced attacks, regardless of attack origin? 3 Sounds like more bad news, right? Thankfully, there is a positive angle you can take on this fact. If privileged accounts are the common thread amongst the innumerable attack types and vulnerability points, then these accounts and the credentials associated with them are exactly where you should focus your protection efforts. By 2018, the inability of organizations to properly scope and contain privileged access will be responsible for up to 60 percent of insider misuse and data theft incidents, up from more than 40 percent today. 4 For many, it s tough to focus on privileged users as a group, because its population can be so diverse. For example, it can include privileged insiders that work for you, privileged outsiders that represent third-party vendors and contractors, and even privileged unknowns who are securing shadow IT resources without your knowledge. This begs the question, if you can t even get a clear tally of who represents your privileged user population, how can you hope to protect these accounts? By securing those credentials at each stop along the breach kill chain. 3 CyberSheath Services International, The Role of Privileged Accounts in High Profile Breaches, May, 2014. 4 Gartner, Inc., Twelve Best Practices for Privileged Access Management, Anmal Singth and Felix Gaehtgens, October 8, 2015. 4

Getting to Know the Kill Chain What is a kill chain? It s the series of steps an attacker typically follows when carrying out a breach. Threat Actor Network Perimeter EXTERNAL THREATS C&C, Data/IP Exfiltration While the chain can comprise numerous steps, there are four key ones in which privileged credentials represent the cornerstone of an attack. These include: Gain/Expand Access Lateral Movement, Reconnaissance Elevate Privilege Wreak Havoc GAIN AND EXPAND ACCESS: To access the network, insiders might exploit the credentials they already have, while outsiders will exploit a vulnerability in the system (e.g., via a spear-phishing attack) to steal the necessary credentials. ELEVATE PRIVILEGES: Once inside, attackers will often try to elevate their privileges, so they can issue commands and gain access to whatever resources they re after. INVESTIGATE AND MOVE LATERALLY: Attackers rarely land in the exact spot where the data they re seeking (e.g., credit card records, personal information, etc.) is located, so they ll investigate and move around in the network to get closer to their ultimate goal. WREAK HAVOC: Once they have the credentials they need and have found exactly what they re looking for, the attackers are free to wreak havoc (e.g., theft, business disruption, etc.). Explore what you can do during each step to manage your privileged identities and secure your business. 5

STEP 1 Preventing Unauthorized Access Threat Actor Network Perimeter EXTERNAL TH EATS L THREATS C&C, Data/IP Exfiltration Gain/Expand Access Elevate Privilege Wreak Havoc Lateral Movement, Reconnaissance If you can prevent an unauthorized user insider or outsider from gaining access to the system in the first place, you can stop an attack before it even starts. Strong authentication is the best way to secure credentials at this step. To achieve strong authentication, you must ensure that: All credentials run through the same privileged identity management system The privileged identity system integrates with existing identity stores, such as Active Directory or LDAP directories Multi-factor authentication is employed in some fashion (e.g., soft smartphone tokens, physical key cards, etc.) Login restrictions are used based on where and when users require access (e.g., IP address or time of day) Credentials are protected in an encrypted data store and rotated periodically 6

STEP 2 Limiting Privilege Escalation, Investigation and Lateral Movement Threat Actor Network Perimeter EXTERNAL THREATS EXTERNAL THREATS C&C, Data/IP Exfiltration ss Gain/Expand Access Elevate Privilege Elevate Privilege Wreak Havoc Lateral Movement, Reconnaissance In many networks, it s common for users to have access to more resources than they actually need across the entire network which means attackers can cause maximum damage quickly and benign users can even cause problems inadvertently. This is why granular access controls are so important. To prevent unauthorized access, you need to ensure that: A zero trust policy forces users to be authenticated before granting access to only the systems they need to do their jobs Role-based access controls and single sign-on capabilities work in concert to define and present permissions to users as they log in Policies are enforced via command filters and black and white lists that enable precise control over what users can and cannot do on a system Attempts by users to move laterally between unauthorized systems are proactively shut down 7

STEP 3 Monitoring, Recording and Auditing Activity Threat Actor Network Perimeter EXTERNAL THREATS EXTERNAL THREATS C&C, Data/IP Exfiltration Gain/Expand Access Elevate Privilege Wreak Havoc Lateral Movement, Reconnaissance Whether it s a trusted insider who wandered into the wrong area or an attacker with malicious intent, there s a good likelihood that users will gain access they shouldn t have at some point. The challenge, then, is to improve visibility and forensics around user activity within sensitive systems. To deter violations at this late stage of the kill chain, you need to ensure that: User sessions are continuously monitored, logged and recorded, so they can be played back in DVR-like fashion All session activity graphical and text-based and meta data is recorded, like when sessions began and any attempted policy violations All privileged account activity is attributed to a specific user, to avoid the muddling that can happen with shared accounts Analytics capabilities include the ability to proactively detect inappropriate behavior by integrating privileged user activity with existing SIEM data 8

About the Solution from CA Technologies CA Privileged Access Manager is a simple-to-deploy, automated, proven solution for privileged access management delivered in a single appliance protecting physical, virtual and cloud environments. Available as a rack-mounted, hardened hardware appliance, an Open Virtualization Format (OVF) Virtual Appliance or an Amazon Machine Instance (AMI), CA Privileged Access Manager enhances security by protecting sensitive administrative credentials, such as root and administrator passwords, controlling privileged user access and proactively enforcing policies and monitoring and recording privileged user activity across all IT resources. Key features include: Privileged Access Control for IT Resources: Unify privileged user policies across physical data center assets, virtual infrastructure, public cloud and hybrid environments. Comprehensive Monitoring, Alerting and Recording: Log events, generate alerts and warnings or even terminate sessions. Capture continuous, tamper-evident logging and video recording of administrative sessions. Protection for Hybrid-Cloud Consoles: Provide privileged users access only to authorized hybrid-cloud infrastructure, with all activity fully monitored and recorded. Positive Privileged User Authentication: Leverage existing IAM infrastructure through integration with Active Directory, LDAPcompliant directories, RADIUS, TACACS+, smartcards, hardware tokens and more. Fast Time to Protection: Quickly deploy CA Privileged Access Manager as a hardened device or a virtual machine, protecting your enterprise resources with one scalable, agentless solution. 9

Are You Doing Enough to Protect Your Business During Cybercrime s Current Boom? CA Privileged Access Manager can help you answer that question with a confident yes. Learn how at ca.com/privileged-access CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2015 CA, Inc. All rights reserved. All marks used herein may belong to their respective companies. This document does not contain any warranties and is provided for informational purposes only. Any functionality descriptions may be unique to the customers depicted herein and actual product performance may vary. CS200-170091

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback