Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Similar documents
Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Secure & Unified Identity

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Best Practices for Augmenting IDaaS in a Cloud IAM Architecture PAM DINGLE, PING IDENTITY OFFICE OF THE CTO

Centrify Identity Services for AWS

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Hybrid Identity de paraplu in de cloud

Go mobile. Stay in control.

Minfy-Magnaquest Migration Use Case

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Yubico with Centrify for Mac - Deployment Guide

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

News and Updates June 1, 2017

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Crash course in Azure Active Directory

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

IBM Future of Work Forum

Best Practices in Securing a Multicloud World

Agenda. Copyright 2015 Centrify Corporation. All Rights Reserved. 1

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Secure Access for Microsoft Office 365 & SaaS Applications

How Next Generation Trusted Identities Can Help Transform Your Business

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Cloud Customer Architecture for Securing Workloads on Cloud Services

Google Identity Services for work

Secure Access - Update

THE SECURITY LEADER S GUIDE TO SSO

Secure access to your enterprise. Enforce risk-based conditional access in real time

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Choosing the right two-factor authentication solution for healthcare

Microsoft Security Management

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

SAP Security in a Hybrid World. Kiran Kola

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

How Identity as a Service Makes UCaaS/SaaS Integrations More Scalable, Productive, and Secure

Use EMS to protect your mobile data and mobile app

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

1 The intersection of IAM and the cloud

Move Cyber Threats On To Another Target. Encrypt Everything, Everywhere. Imam Sheikh Director, Product Management Vormetric

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Virtual Machine Encryption Security & Compliance in the Cloud

Five Reasons It s Time For Secure Single Sign-On

Cloud-Security: Show-Stopper or Enabling Technology?

Securing the New Perimeter:

Identity as the core of enterprise mobility

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Safelayer's Adaptive Authentication: Increased security through context information

Azure Multi-Factor Authentication: Who do you think you are?

Cloud Security: Constant Innovation

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Next Generation Privilege Identity Management

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

Privileged Account Security: A Balanced Approach to Securing Unix Environments

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The Oracle Trust Fabric Securing the Cloud Journey

SharePoint 2019 and Extranet User Manager

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Intelligent Edge Protection

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Integrated Access Management Solutions. Access Televentures

Keep the Door Open for Users and Closed to Hackers

CloudSOC and Security.cloud for Microsoft Office 365

Identity Management as a Service

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

App Gateway Deployment Guide

Secure single sign-on for cloud applications

White Paper Securing and protecting enterprise data on mobile devices

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

The Modern Web Access Management Platform from on-premises to the Cloud

Unbound and Oasis KMIP Interoperability

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

the SWIFT Customer Security

VMware Hybrid Cloud Solution

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Identity & Access Management

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Office 365: Modern Workplace

Centrify for Dropbox Deployment Guide

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Centrify for Google G Suite Deployment Guide

ProteggereiDatiAziendalion-premises e nel cloud

Transcription:

Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1

Threat Landscape Breach accomplished Initial attack on End User Leverage account access of Privileged User 63% of data breaches involved weak, default or stolen passwords Hackers target both end and privileged users 2016 Centrify Corporation. All Rights Reserved. 2

Threat Landscape FBI has lead in probe of 1.2 billion stolen Web credentials 2 million FB, Twitter, Gmail passwords stolen and posted online http://www.reuters.com/article/us-usa-cyberattack-russiaiduskbn0td2yn20151124 http://tech.firstpost.com/news-analysis/2-million-fb-twitter-gmail-passwords-stolen-andposted-online-215958.html 10 million stolen passwords were just released here s how to see if yours is one of them http://bgr.com/2015/02/12/10-million-passwords-leaked-hack-check/ Hackers post millions of stolen Gmail passwords on Russian site http://www.cbsnews.com/news/russian-hackers-steal-5-million-gmail-passwords/ Update: LinkedIn Confirms Account Passwords Hacked http://www.pcworld.com/article 257045/ 6_5m_linkedin_passwords_posted_online_after_apparent_hack.html Assume every password has been stolen 2016 Centrify Corporation. All Rights Reserved. 3

Future of Enterprise IT On-Premises Mobile SaaS IaaS Access Anywhere De-perimeterization Data is everywhere Enterprises no longer trust their networks 2016 Centrify Corporation. All Rights Reserved. 4

Compliance 8.3 remote Secure all individual non-console administrative access and all access to the CDE using multi-factor authentication. All administrative access into the cardholder data environment, even from within a company s own network will need MFA Troy Leach, PCI Security Standards Council Chief Technology Officer 2016 Centrify Corporation. All Rights Reserved. 5

The Goal CLOUD (IAAS & PAAS) APPLICATIONS DATA CENTER SERVERS NETWORK DEVICES Secure Access to Apps & Infrastructure From Any Device BIG DATA For All Users END USER PARTNER PRIVILEGED IT USER OUTSOURCED IT CUSTOMER 2016 Centrify Corporation. All Rights Reserved. 6

The Time to Act is Now MFA Everywhere Password risk increases 2014 2015 Today The year of the breach Millions more passwords stolen Limit Lateral Movement Enforce Least Privilege Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 7

Solution Benefits IT RISK Reduce Risk Step-by-step DANGER GOOD BETTER GREAT OPTIMAL 2016 Centrify Corporation. All Rights Reserved. 8

Reduce Risk Across Hybrid IT RISK DANGER Too Many Passwords Too Much Privilege Basic Authentication GOOD Establish Identity Assurance BETTER Limit Lateral Movement GREAT Enforce Least Privilege OPTIMAL Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 9

Establish Identity Assurance RISK DANGER Too Many Passwords Too Much Privilege Basic Authentication GOOD Establish Identity Assurance BETTER Limit Lateral Movement GREAT Enforce Least Privilege OPTIMAL Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 10

Identity Consolidation SERVERS NETWORK APPS SaaS IaaS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS jsmith joans js josmith joansmith joan joan.s j.smith smithjoan smithj End Users Copyright 2015 Centrify Corporation. All Rights Reserved. 11

MFA Everywhere MFA for VPN MFA for Cloud Infrastructure (IaaS) MFA for On-Prem Apps MFA for Cloud Apps MFA for Server Login and Privilege Elevation MFA for Shared Resources 2016 Centrify Corporation. All Rights Reserved. 12

Context-Aware Policy DEVICE WHO WHEN WHERE 2016 Centrify Corporation. All Rights Reserved. 13

Cloud-based Adaptive MFA Strong authentication without user hassle Limit user frustration with context Time of day, work hours Inside/outside corporate network User role or attributes Specific privileged role or command Device attributes (type, management status) Location Support flexible factors Push notification to smartphones and wearables Biometrics for mobile One time passcode (OTP) over SMS, email, or from OATH-compliant devices Smartcard and derived credentials Interactive phone call Offline or connected 2016 Centrify Corporation. All Rights Reserved. 14

Jump Box Multi-factor Authentication for Infrasctructure Block cyber attacks MFA for login and privilege elevation MFA for remote access MFA for shared password checkout Control step-up auth. via roles Multi-factor Authentication to Cloud Service Centrify Identity Platform ENTERPRISE DATA CENTER Centrify Cloud Connector Multi-factor Authentication for Login and Privilege Elevation Audit DB Multi-factor Authentication for Login Privilege Elevation Shared Account Sessions and Auditing SERVER SUITE 2016 Centrify Corporation. All Rights Reserved. 15

Multi-factor Authentication for Secure Access Reduce password risk MFA on a per-app basis MFA for IaaS console access MFA for VPN MFA + SSO = fewer passwords 2016 Centrify Corporation. All Rights Reserved. 16

MFA + SSO for SaaS Mitigate Risk Stop Passwords Demand SAML Enable BYOD 2016 Centrify Corporation. All Rights Reserved. 17

MFA + SSO for IaaS Minimize Attack Surface Provide role-based access to IaaS console Lock down the root or billing account and require MFA on access AWS, Google Compute, Azure 2016 Centrify Corporation. All Rights Reserved. 18

MFA + SSO Everywhere Based on Context Single Sign-On to Business Apps Challenge for MFA Block Access to Business Apps? Approved Location Unknown Location Blocked location 2016 Centrify Corporation. All Rights Reserved. 19

Rethink Benefits Reduce Risk across Hybrid IT Limit Lateral Movement RISK DANGER Too Many Passwords Too Much Privilege Basic Authentication GOOD Establish Identity Assurance BETTER Limit Lateral Movement GREAT Enforce Least Privilege OPTIMAL Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 20

Mitigate VPN Risk VPN-less Access to specific App On-Premise Apps Employees, Contractors, Partners, Customers VPN Connections On-Premise Apps VPN-less Access to Specific Resource On-Premise Infra Employees, Contractors, Outsourced IT VPN Connections On-Premise Infra 2016 Centrify Corporation. All Rights Reserved. 21

Automate App Provisioning Monitor / Report Offboard Onboard Create / Update License / Authorize Role-Based Provisioning Mobile App Provisioning Comprehensive Deprovisioning SSO / MFA / IWA / Remote Access Enable Mobile 2016 Centrify Corporation. All Rights Reserved. 22

Rethink Benefits Reduce Risk across Hybrid IT Enforce RISK Least Privilege DANGER Too Many Passwords Too Much Privilege Basic Authentication GOOD Establish Identity Assurance BETTER Limit Lateral Movement GREAT Enforce Least Privilege OPTIMAL Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 23

Implement Comprehensive Privileged Identity Management username and username PRIVILEGED INDIVIDUAL ACCOUNTS Log in as yourself Elevate privilege when needed Attribute activity to individual PRIVILEGED SERVICE ACCOUNTS Check out service account password Log in as service (shared) account Attribute account use to individual Core Rule: Get users to log in as themselves, while maximizing control of shared accounts 2016 Centrify Corporation. All Rights Reserved. 24

Log & Monitor RISK DANGER Too Many Passwords Too Much Privilege Basic Authentication GOOD Establish Identity Assurance BETTER Limit Lateral Movement GREAT Enforce Least Privilege OPTIMAL Log & Monitor 2016 Centrify Corporation. All Rights Reserved. 25

Monitor Privileged Sessions SERVERS NETWORK IaaS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS PRIVILEGED ACCOUNTS Privileged Sessions Report and Replay 2016 Centrify Corporation. All Rights Reserved. 26

Orchestrate with SIEM and Threat Analytics Vendors Expose Events Expose Actions for Remediation Leverage Event Data (including Video) within existing SOC Actions received from Threat Analytics Vendors Integrate with Existing Enterprise Tools 2016 Centrify Corporation. All Rights Reserved. 27

The Time to Act is Now MFA Everywhere Password risk increases 2014 2015 Today 2016 Centrify Corporation. All Rights Reserved. 28

Thank You Copyright 2015 Centrify Corporation. All Rights Reserved. 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback