Waukesha County Technical College and Marquette University Cyber Security Summit 10.28.16
Do you know who s on your Network? Your organization is counting on you to protect them, do you know who is logged on to your network and what they are doing?
Password Access Management for The Enterprise Presented by: Jim Dziak President/CEO Matthew Dziak Vice President of Sales & Marketing
About us AxCel Technology is a leading security company specializing in Compliance Security, Password Protection, Email Continuity, and Risk Management. We've partnered with leading companies to provide a full package of solutions tailored to your company s security needs. Paired with stellar customer service, AxCel help s clients get the protection they need so they can focus on their business.
Threats are Changing
The Threat Landscape Perimeter security Firewall, AV, IDS, IPS, email gateways Threat detection SIEM, Big data analytics Indicators of Compromise (IOC) IOC; pieces of forensic data, such as system log entries or files, that identify potentially malicious activity on a system or network Account and user provisioning Role based access, layering, insider threat
What is being targeted? Advanced Persistent Threat (APT) intruders prefer to leverage privileged accounts where possible, such as Domain Administrators, service accounts with Domain privileges, local Administrator accounts, and privileged user accounts. 100% of breaches involved stolen credentials Mandiant, Mtrends and APT1 report
What is a privileged account and what threats do they pose? Privileged Accounts: Accounts used by IT and other elevated staff; often have unfettered access to critical data and systems i.e. Domain Admin, root, super user. Exist everywhere in nearly every connected device, server, hypervisor, OS, DB, or application; on-premises & cloud. One of the most vulnerable aspects of an organization s IT infrastructure. Threats: MALWARE RANSOMWARE SENSITIVE DATA LOSS INSIDER ATTACKS & DATA LEAKS DATA POISONING SERVICE DISRUPTION FINANCIAL FRAUD
Data Breaches Continue
Target Incident $10 Million January 10, 2014 Target says up to 70 million customers were hit by the December 2013 data breach - 40 million more than the company originally estimated. March 19, 2015 Target to pay out $10 million to victims.
Sony Incident $4.5 Million November 24, 2014 Confidential data released; included personal information on employees and their families, e-mails, executive salaries, copies of thenunreleased Sony films, and other information. October 20, 2015 Sony Cyber Attack Settlement Includes ID Theft Protection, $4.5 Million Reimbursement Funds.
Ashley Madison - could cost dating sites more than $1 billion as lawsuits mount The Washington Times - Tuesday, August 25, 2015 August 19, 2015 Account details of 37 million users of Ashley Madison are published to the WEB. The data dump includes customers credit cards and ALM internal documents. CEO Noel Biderman says the company s security teams suspect that an individual who touched ALM s IT systems is responsible for the hack.
DNC Cost undetermined at this time August 13, 2016 Another Democratic Party Group was Hacked, hackers admit the hack was Even Easier Than DNC Breach.
Lost Data Records 2015
Lost Data Records by Industry
CryptoWall, CTB-Locker, TeslaCrypt, MSIL/Samas, Locky The damage inflicted by these types of malware prompted the U.S. Federal Bureau of Investigation (FBI) to [ask] business and software security experts for emergency assistance in its investigation. Ransomware has evolved from single-system infections to enterprise compromises. Quotes: Secure Works - May, 2016
Did you Know? Ransomware is on track to be a $1 billion crime in 2016! 25+ variants of ransomware families have been identified. 4,000+ ransomware attacks happened daily since January 1, 2016. Phishing is the most popular ransomware attack vector. Carbon Black, September, 2016
Businesses Pay to Avoid Disruptions! Ransomware has become a common and integral attack method that most organizations are fighting a losing battle against. Businesses are routinely choosing to pay hefty ransoms rather than lose access to their intellectual property, patient records, credit card information and other valuable business data. Simply put, they pay ransoms in order to avoid significant disruptions in every-day operations. Carbon Black, September, 2016
World Data Breaches http://bit.ly/19xscqo
Prevention is key! Avoid plaintext passwords embedded in scripts or configuration files. Virtually impossible to decrypt without paying. If Infected restore from backups, change all passwords. No guarantee the hackers will cooperate!
Don t be a Business Statistic 60% of small companies that suffer a cyber attack are out of business within six months. Denver post, 2016 Partial List of Wisconsin Companies in the news: Cate Machine and Welding Froedtert Health Medical College of Wisconsin Milwaukee Bucks Washington County Ozaukee County Mercury Marine
Threat: Insider Critical to securing against internal breaches is access management. 58% of large organizations suffered staff-related security breaches in 2014, compared to just 24% detecting outsiders penetrating their networks. 71% are very concerned with external threats, but only 46% indicated a strong concern for internal threats. In cases where staff will be dealing with sensitive information, monitoring user activity is a must. Information-age.com, Insider Hacks vs. outsider threats: spending budget in the wrong place
Internal Threat
Internal Threat Run Audit Report on Password Usage Automate Password Changes Coordinate with HR
Password Exposure 2016 Thycotic and Cybersecurity VENTURES survey 60% of businesses still rely on manual methods to manage privileged accounts. Only 10% have implemented an automated security vendor solution. 20% of organizations have never changed their default passwords on privileged accounts. 70% do not require approval for creating new privileged accounts. 50% do not audit privileged account activity. 40% use the same security for privileged accounts as standard accounts.
Password Exposure Solutions 2016 Thycotic and Cybersecurity VENTURES 550 company survey Step 1: Educate Key Stakeholders Educate key stakeholders in your organization about the urgency and value of privileged account and access management security. Step 2: Discover Privileged Accounts Discover where your privileged accounts are located across your entire enterprise environment. You can t protect what you don t know exists. A good Privileged Account Management (PAM) solution will provide free tools you can use to discover where your privileged accounts are located for both Windows and Unix environments.
Password Exposure Solutions 2016 Thycotic and Cybersecurity VENTURES survey Step 3: Automate the Management and Security Automate the management and security of privileged account passwords. It s shocking that 6 out of 10 organizations, according to the 2016 survey, still use manual methods such as spreadsheets and lists to keep track of privileged account passwords. There are affordable PAM solutions available for any size organization to help organizations automate.
Password Exposure Solutions 2016 Thycotic and Cybersecurity VENTURES survey Step 4: Adopt and Implement Security Policies Adopt and implement security policies to help ensure an appropriate privilege strategy for account access. Too many accounts have been granted broad and deep privileges, and if only one of these accounts is compromised, it can quickly be used by an attacker to exploit your entire IT infrastructure. Explore employing software tools to limit privileged access without impacting user productivity.
Password Exposure Solutions 2016 Thycotic and Cybersecurity VENTURES survey Step 5: Provide Greater Visibility & Senior Management Buy-In Provide greater visibility with PAM for your CISO- Chief Information Security Officer while helping to assure you can demonstrate compliance with audits and policies affecting privileged account credentials. Implement a PAM Compliance solution approved by C-Suite ( CEO/CFO/CIO) for strict adherence to insure account security policies as well as automate and enforce those policies to improve security and satisfy auditors. AVOID SHELF WARE!
Common Practices Highlighting the need for Privileged Account Management 1. Failure to update passwords. 2. Passwords stored on spreadsheets or sticky notes. 3. Default passwords.
PAM Enforces Password Best Practice PAM solutions automatically follow best practices, eliminating tedious and complicated manual processes. Session Launching & Recording Session Monitoring Passwords can automatically change after session use Check Out
According to Industry Experts More effective solutions are needed to protect against a breach, as once access is granted, much of the network is likely to be exposed Gemalto Inc. Data Security Confidence Index, May 2016
Automate and Implement a PAM Solution Privileged Access Management provides appropriate access to privileged accounts, bolsters security, achieves compliance, decreases risk, streamlines administration, extends governance and more. Some key features Include: Privilege safe - Automate, control and secure the entire process of granting privileged credentials. Session management - Improve security and achieve compliance by limiting privileged access for administrators, remote vendors and highrisk users to a specific duration.
Automate and Implement a PAM Solution Active Directory bridge - Extend the unified authentication and authorization of Microsoft Active Directory (AD) to Unix, Linux, Mac and other systems. Privileged account governance - Extend the governance advantages of unified policy, automated and businessdriven attestation, enterprise provisioning, and access request and fulfillment to privileged accounts and administrator access. Centralized administration - Simplify administration with centralized reporting, access rights and activities, as well as keystroke logging of activities performed.
PAM Implementation
PAM Architecture
Why Privileged Account Management is Important? PAM security offers mission-critical solutions to protect privileged credentials from unauthorized access and misuse. It helps assure that if and when perimeter defenses are breached, privileged account controls will act to limit access to sensitive information and curtail an attacker s ability to circulate unhindered throughout the IT environment. Protects against internal and external threats. Meets compliance mandates and industry best practices. Automate scalable security processes so you are more efficient.
Why Implement PAM? Limits the number of privileged accounts. Auditing and Accountability met with significantly less effort. Does not allow users to bypass security protocols! Unique, random passwords are automatic. Ensures all passwords are rotated. Only gives users access to accounts that are needed to perform their job!
The Importance of PAM 80% of organizations consider PAM as a high security priority. 60% of organizations face compliance requirements involving PAM security. 60% of organizations MANUALLY manage privilege accounts. Only 10% of organizations have implemented a commercial solution to automate PAM. Cyber attacks are increasing while IT resources seem to be static. Automation; PAM allows you to become more proactive at preventing identity/data and fiscal loss.
6 OUT OF 10 ORGANIZATIONS MANUALLY MANAGE PRIVILEGE ACCOUNTS 60% of cyber breaches are due to human error, this creates a significant barrier to properly managing privileged account password security. Mistakes and inconsistencies can easily occur in managing hundreds or even thousands of privileged account passwords. Manually manage privileged account credentials today using passphrases or other similar methods to make the passwords longer and more complex. 40.9% Manually manage privileged account credentials and treat these accounts no differently than other user accounts in their environment. 25.5% THE 2016 STATE OF PRIVILEGED ACCOUNT MANAGEMENT REPORT. Thycotic and Cybersecurity Ventures
PAM Allows Automated Remote Password Changing! Active Directory Local Windows accounts UNIX/Linux/Mac MS SQL Server Oracle Sybase MySQL ODBC VMware ESX/ESXi Cisco/Fortinet/Palo Alto/Sourcefire etc. Switches/Routers/Wireless AP SAP F5 Blue Coat Dell DRAC HP ilo SSH/Telnet LDAP Salesforce Google Amazon Office365 PowerShell
Pam Enables Easy Discovery Local Windows accounts. Windows services. Windows scheduled tasks. IIS application pools. Unix/Linux accounts. VMware ESX/ESXi accounts.
Privileged Account Management Should Automatically discover rogue accounts and secure them. Actively audit and monitor privileged user access. Rotate passwords on privileged accounts constantly. Enforce strong password policies for end users. Nearly 70% of organizations have not implemented a solution or are using a homegrown solution. Homegrown solutions are typically manual operations that can be difficult to keep updated and/or used to demonstrate compliance with regulatory requirements.
Start Your Privileged Access Management Discussion Today! Do you have a password problem? What about privileged account passwords? Aware of risks associated with bad password management? What tool are you using to manage passwords? Does the tool audit usage of passwords? Does the tool limit access to passwords? Are passwords shared among internal teams? How often do you change passwords? Manually? What is your process when an admin leaves? How do you know what they had access to? How do you manage service account passwords? What is your policy for accounts on networked devices? Are default manufacture passwords in use? Do you use third party contractors? If so, how do you manage the credentials they are exposed to?
Do you know who s on your Network? Your organization is counting on you to protect them, do you know who is logged on to your network and what they are doing?