Security Diagnostics for IAM Strategies and Approaches Rebecca Harvey Brian Dudek 10/29/2018
Core Competencies Our areas of expertise Cloud Data Mobility Security Enable business innovation and transition to IT as a Service through reduced complexity, increased agility, and unified management. Increase efficiency and agility while protecting data, minimizing recovery time, and deploying new technologies without disruption. Increase productivity, simplify access, and improve collaboration without compromising security. Reduce risk by shifting the focus from network security to a secure network, from datacenter to cloud to endpoint.
How Can We Provide Value? Easy to engage People like working with Data Strategy because of our approach to customer engagement. We listen first. We give unbiased advice based. And, we re easy to engage because we re local. This is what drives our goal to have the highest customer satisfaction in the industry. Local support 350 Full Time Employees 160 Engineering Focused Nine office locations in seven-state territory Redundant NOCs Presales, design, and implementation Demo & POC facilities Technical integration
Combined Geographies Trace3 Existing Regions Trace3 New/Priority Regions Data Strategy / Optio Data Region(s) Trace3 & Data Strategy
Defense in Depth Evolve, Adapt, Change, Survive Secure Assets Implement Effective Policy s and Procedures Create Multiple Layers of Security Protect Life Authenticate & Automate Access Control Intrusion Detection Countermeasures
The strength of your information protection strategy depends on your ability to: Understand weaknesses in the current approach to managing cybersecurity and protection of information within your purview; Implement improvements that benefit your organization Demonstrate that you have the vision and capabilities to transition this strategy into operational reality; Manage this capability for the long term
Why a Program Assessment? Understand and document weaknesses in the current data protection program, including: The scope of what should be considered; The types of critical data requiring protection; The current cybersecurity related operations; and Assigned responsibilities of personnel Provide a sound strategy detailing what has to be achieved to improve the program to a baseline maturity level with 20/20 vision of data protection programs currently in flight, have been completed or are planned. Identify and documentation changes, programs and technologies where required to comply with and achieve the expectations associated with your cybersecurity strategy; Design and create a cybersecurity improvement roadmap detailing the recommended project path to your target security state.
Security Program Assessment Components Cybersecurity Strategy Cybersecurity Operations Cybersecurity Monitoring, Response, & Recovery Cybersecurity Charter, Goals & Objectives Security Program Legal Support Cybersecurity Risk Incidental Cybersecurity Team Structure, Roles & Responsibilities GDPR, Regulatory & Internal Compliance Cyberthreat Configuration & Patch Intrusion Detection & Prevention Cybersecurity Policies, Standards, and Procedures Vulnerability Logging, Monitoring, & Alerting Application Security Compliance Tracking and Reporting Cybersecurity Architecture & Strategic Planning Identity & User Account GDPR Data Subject Data Data Classification & Privacy Business Continuity Security Program Assurance & Governance Asset VPN & Encryption Network & System Security GPDR Data Subject Request
The Importance of Network Penetration Testing To Identify Gaps, Prioritize, and Roadmap Mitigation Steps Vulnerability Assessment Traditional Penetration Testing Enhanced Red Teaming / Advanced Penetration Testing SCOPING Limited Limited to scan results Comprehensive SKILL LEVEL REQUIRED OBJECTIVE TECHNIQUES THREAT EMULATION REPORTING Tutorial Needed Training Required Advanced Degree Required Broad scanning for information gathering Fully automated using software which identifies publicly known vulnerabilities Utilize broad scanning to manually test a network for compliance driven needs Driven by automation with penetration testers manually testing the findings uncovered by automated scanning Uncover as many vulnerabilities as possible using the resources leveraged by real attackers Human driven with a team of hackers focused on your network identifying vulnerabilities unique to your network None Partial Advanced Persistent Threat Emulation Computer generated report with unverified information and no determination of business impact Computer generated report which is verified by penetration tester reducing the amount of false positives Narrative report with actionable remediation steps and verified intelligence determining the business impact of all findings
What s needed to Recover Quickly? INSIGHT Prioritize the incidents that matter using the best intelligence ACTION Streamline the response Enrich Incident Data Reputation Data Unify Views and Intel for All Key Tools Understand Context Global Malware Exchange One Click to Confirm Compromises Automate Correlation Attacker and Campaign Intel One Click to Take Action
Example of an Automated Threat Response Threat Intelligence Industry ISACs Open Source Intelligence Commercial Intelligence or TIP SIEM IDS/IPS, Firewall Email Security Malware Sandbox Alerts Collect, Group, Prioritize Enrich & Augment Threat Response Respond, Block, Quarantine Enforcement Controls Exchange, O365 Web Gateway IDS/IPS, Firewall Understand Verify Contain AD, Identity Mgmt. Active Directory AUTOMATED CONSISTENT INSTANT Custom Network Access
What is IAM? Identity and Access (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. Gartner Identity Data User Identity Governance Access Advanced Analytics
Identity Data Authoritative Identity Stores vs Many Islands of Identity Groups, Profiles, Roles Decentralized or Centralized Identity Data Mapping, Consolidation, and Cleansing Workforce Identity vs Consumer Identity Directory (AD, LDAP, Database, Cloud, Virtual, EDirectory, Google)
User Concepts Birth-right provisioning Automated de-provisioning Access requests and approvals User registration Self service and Delegated Administration Contractor and Temp Worker Benefits Improved efficiency and cuts administration costs Reduce user idle time Increase security by reducing orphaned accounts Increase compliance posture Centralize view of enterprise access
Access Concepts Single Sign-On (SSO) Internal apps SaaS, Cloud, eg. Office 365 Standard SAML, OpenID Connect Multi-Factor Authentication SMS, mobile app push Soft/Hard token, adaptive/risk Authentication Benefits Less usernames and passwords Better user experience Improved security
Privileged Access (PAM) Keys to the kingdom Local administrators AD domain users Root on Unix Database accounts Cloud infrastructure accounts Principle of least privilege Password vault and automated password rotation Usage monitoring and recording AD bridge to Unix systems Application password integration
Identity Governance Concepts Access review and remediation for regulations such as SOX, HIPAA, GDPR, PCI, etc. Enterprise Role Definition Segregation of Duties Structured and Unstructured Data Benefits Automate manual process Focus on high risk users Enforce SOD policies Centralize view of access
Advanced Analytics Detect Compromised Accounts and Insider Threats Data Collection firewall, application, SIEM, IAM, SaaS, etc. Processing normal vs abnormal, policies, machine learning Alert event-based, risk score, or thresholds Analysis timeline, objects touched, and historical use Case open, assign, remediate, close
Key IAM Areas and Recommended Vendors
No Magic Bullet
Security practice overview SECURITY LABS ADVISORY SERVICES BUSINESS CONTINUITY SECURITY AS A SERVICE Network Penetration Testing -Security Program Assessments -GDPR Active/Active Data Centers -Managed SIEM/SOC -IRaaS, Data Forensics -Intrusion Detection and Response Vulnerability Scanning and Assessments Gap Analysis and Risk Registry Operationalization Disaster Recovery and BCP Cloud Access Security Brokerage (CASB) Services Social Engineering PCI DSS and Payment Systems Risk Report Off-site Replication Identity and Access solutions -Incident Response Services -Security Training HIPAAHIPAA/HITECH ISO 27001, FFIEC, FISMA NERC CIP, FedRAMP 3PAO SOC and SSAE 16, NIST Assessments -Backup & Archiving -Backup and DR as a Service -End point security solutions -Multi-Factor Authentication -BYOD & Mobile Device ; MDM/EMM Digital Forensics Cloud and Virtualization Security Strategies Recovery Optimization, including Cloud-based NG Firewalls and Proxies Application Security Policy and Procedure Development Runbook Automation -Email Security solutions -Vulnerability as a service
Questions?
Thank you! Rebecca Harvey & Brian Dudek Rharvey@data-strategy.com Bdudek@data-strategy.com