Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Similar documents
the SWIFT Customer Security

Mapping BeyondTrust Solutions to

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Automating the Top 20 CIS Critical Security Controls

Implementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Transforming Security from Defense in Depth to Comprehensive Security Assurance

CyberArk Privileged Threat Analytics

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

align security instill confidence

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Are we breached? Deloitte's Cyber Threat Hunting

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Next Generation Authentication

PowerBroker Password Safe Version 6.6

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

PowerBroker Auditing & Security Suite Version 5.6

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

SIEM: Five Requirements that Solve the Bigger Business Issues

Industrial Defender ASM. for Automation Systems Management

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

External Supplier Control Obligations. Cyber Security

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

To Audit Your IAM Program

Cybersecurity: Incident Response Short

Why you should adopt the NIST Cybersecurity Framework

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SIEM Solutions from McAfee

MITIGATE CYBER ATTACK RISK

The NIST Cybersecurity Framework

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Introducing Cyber Observer

Gujarat Forensic Sciences University

Automated, Real-Time Risk Analysis & Remediation

AKAMAI CLOUD SECURITY SOLUTIONS

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

NCSF Foundation Certification

Reinvent Your 2013 Security Management Strategy

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

CYBER RESILIENCE & INCIDENT RESPONSE

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Device Discovery for Vulnerability Assessment: Automating the Handoff

SIEMLESS THREAT DETECTION FOR AWS

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

October 30, 2015 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Cyber Security Program

Managing Microsoft 365 Identity and Access

Accelerate Your Enterprise Private Cloud Initiative

THE POWER OF TECH-SAVVY BOARDS:

Department of Defense Cybersecurity Requirements: What Businesses Need to Know?

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

NEXT GENERATION SECURITY OPERATIONS CENTER

CA Security Management

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

IT Needs More Control

Critical Hygiene for Preventing Major Breaches

with Advanced Protection

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Best Practices in Securing a Multicloud World

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Sustainable Security Operations

Copyright 2016 EMC Corporation. All rights reserved.

10 FOCUS AREAS FOR BREACH PREVENTION

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Voluntary Product Accessibility Template PowerBroker for Mac

RSA INCIDENT RESPONSE SERVICES

Teradata and Protegrity High-Value Protection for High-Value Data

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Security Operations & Analytics Services

Sage Data Security Services Directory

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Transcription:

TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security

Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3 Discovery... 3 Layered Defense Supports Least Privilege... 3 Provide Context to Vulnerabilities... 4 Detect... 5 Central management... 5 Recovery... 6 Session monitoring and recording... 7 The BeyondTrust IT Risk Management Platform for Federal Agencies... 7 Privileged Access Management... 7 Vulnerability Management... 8 About BeyondTrust... 9 1

Introduction Whether the goal is to compromise sensitive government data, steal personally identifiable information or disrupt normal operations, the sophistication of attacks is making it more difficult to safeguard the Federal government s cyber critical infrastructure. Large scale information breaches like those we see in the news often begin with an attacker exploiting a single external vulnerability on a low-level system or through contractor credentials, then capitalizing on privileges to gain access to critical systems and data. What can government agencies do to protect their environments from this constant threat? In June of 2015 the Federal CIO Initiated a 30-day Cybersecurity Sprint to accelerate the adoption of several key countermeasures. The result of that sprint informed the development of the Cybersecurity Strategy and Implementation Plan (CSIP) which incorporates ongoing progress reporting and corrective actions. It also emphasizes the government-wide adherence to NIST standards and FISMA Metrics. The CSIP lays the groundwork for strengthening cybersecurity in Federal civilian agencies through five objectives 1 : 1. Prioritized Identification and Protection of high value information and assets; 2. Timely Detection of and Rapid Response to Cyber Incidents; 3. Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment; 4. Recruitment and Retention of the most highly-qualified Cybersecurity Workforce talent the Federal Government can bring to bear, and 5. Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology. For the purpose of this brief, we will explore Protection, Detection, and Recovery objectives. Achieving CSIP Objectives Protection Privileged user accounts are a known target for malicious actors 2 Because of the powerful role privileged accounts provide in access to critical infrastructure and sensitive information 1 M-16-04 Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government 0ctober 30, 2015 2 M-16-04 Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government 0ctober 30, 2015 2

they are at the center of many of the NIST standards and CSIP elements. There are a number of best practices that can be employed to protect these valuable assets. Reducing the attack surface Minimizing the use of administrative privileges Utilizing Strong Authentication Credentials (PIV) Ensuring repeatable processes and procedures Mitigating Vulnerabilities STEPS TO IMPROVE PROTECTION Discovery Understanding your environment and knowing where your assets are is the first step to reducing the attack surface. With the complexity of today s Federal information systems this can be a daunting task for agency IT teams. Relieve the burden and increase accuracy by deploying a solution that automatically discovers network, web, mobile, cloud and virtual infrastructure, then profiles asset configuration and accesses risk potential. This zero-gap coverage ensures that no assets are left unprotected. Layered Defense Supports Least Privilege In a recent benchmarking study 56% of government responders reported that they have no way of managing privileged credentials, and that 20% of users likely had more privilege than they need. 3 To secure privileged accounts and reduce the impact should a breach occur, agencies can apply a layered defensive approach that supports least privilege by granting privileges to applications and tasks, not users. This protects administrator credentials and provides IT professionals the control needed to close possible security gaps without impacting efficiency. Utilizing Strong Authentication Credentials (PIV) is an important part of a layered defense. To achieve optimal security, utilize solutions that support public key infrastructure integration with tools that control and audit access to privileged accounts including shared administrative accounts, application accounts, local administrative accounts, service accounts, database accounts, cloud and social media accounts, devices and SSH keys. PKI integration with solutions that address control over root account privileges in Unix and Linux environments further reduce risk and address compliance concerns. 3 BeyondTrust 2016 Privileged Benchmarking Study 3

Provide Context to Vulnerabilities 99% of exploited vulnerabilities occurred more than a year after the vulnerability was identified and published. 4 When mitigating vulnerabilities, security professionals are often saddled with volumes of rigid data and static reports. They are left to manually discern real threats and determine how to act upon them. It becomes extraordinarily difficult to deliver risk information in a context that supports decision making towards appropriate action. What s needed is a consistent repeatable automated process to arm these teams with the information required to best protect their organizations, achieve compliance and communicate risk enterprise-wide. They need a solution that helps to put vulnerability and risk information in the context of agency mission. To solve this, it is recommended that agencies utilize a solution that delivers reporting and analytics for stakeholders throughout the organization, enabling immediate action and speeding time to resolution. Ideally the solution should cover all device types across the organization, reducing the risks from gaps. Addressing every phase of vulnerability management from assessment to remediation eliminates the need for multiple tools. Automatically identifying and rectifying vulnerabilities across the entire network enables efficiencies to quickly secure an agencies environment. BeyondTrust s privileged access management solutions reduce the risk of privilege misuse and manage access control to assets. Regardless if the asset is physical or virtual, Microsoft Windows desktops or server, Apple OS X systems, or Unix and Linux servers, our solutions 4 2016 Verizon Data Break Investigations Report 4

provide password management for local and cloud resources. BeyondTrust solutions can also assist organizations with implementing least privilege access on any desktop or server platform (Unix & Linux, Mac, or Windows). Detect Federal agencies have made great strides in sharing and receiving cyber threat information which supports defense against breaches before they happen. But information sharing alone is not enough to defend against the barrage of attacks agencies experience each day. Government organizations need an automated solution that sets a baseline for normal behavior, observes changes and alerts to possible anomalies that signal threat. This leads to earlier detection should an internal or external threat gain access to a system. The PowerBroker Privileged Access Management platform combines behavioral analytics, vulnerability and malware intelligence, and security data from best-of-breed security solutions to allow you to out-maneuver attackers and stop data breaches. PowerBroker leverages BeyondInsight Threat & Vulnerability Intelligence + Behavioral Analytics capabilities to: o Aggregate user and asset data to baseline and track behavior o Correlate asset, user and threat activity to reveal critical risks o Identify potential malware threats buried in asset activity data o Increase the ROI of your existing security solutions o Generate reports to inform and align security decisions CENTRAL MANAGEMENT When adopting a solution for identifying activity that is outside of the norm, or detecting possible breaches, it should provide centralized management of all privileged and vulnerability data in a single platform. To be truly effective it will also provide robust advanced threat analytics capabilities. In both CISP and the NIST Cybersecurity framework it has been made clear that detection alone is not enough. Agency teams must be armed with the information and tools to take action should a cybersecurity event be detected. The combined capabilities outlined above enable IT and security professionals to act on threats typically missed in many security analytics solutions. The right tool pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of security solutions and malware databases. Utilizing the right technology solutions supports added efficiency for agency IT security professionals, and reduces the time it takes to detect a problem. 5

Recovery The CSIP defines recover as the development and implementation of plans, processes and procedures for recovery and full restoration, in a timely manner of any capabilities or services that are impaired due to a cyber event. 5 Following guidelines established by NIST in SP 800-53, the Incident Response Control addresses how an organization should detect, prioritize, remediate and communicate any events that constitute a threat or breach to its information systems. In the event your organization experiences an incident agency IT professionals need to recover quickly and efficiently. CSIP guidance directly aligns to the recover layer of the NIST Cybersecurity framework core recover function. When choosing a solution for your agency you 5 M-16-04 Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government 0ctober 30, 2015 6

want information identified and delivered in a consumable way. To be highly successful in getting ahead of a possible breach arm them with threat analytics that alert to possible trouble. SESSION MONITORING AND RECORDING To quickly and efficiently recover, depend on referenced keystroke logging and DVR style recording of all activity performed in a Unix or Linux environment to understand exactly what took place through the use of a compromised credential. Know the who, what, where and when of changes so a rollback and restore can be executed for any accidental or malicious changes or deletions to active directory or group policy. Finally, establish a system that can provide robust customizable reporting to every level of the organization to be FISMA compliant and keep all stakeholders accurately informed. It is certain that today s Federal Information environment is highly complex. Government IT professionals are in the trenches developing policies and procedures to secure their systems and be nimble enough to get ahead of the next threat. It is clear that having the right tools can make the difference between thwarting the next incident or reporting on one. The BeyondTrust IT Risk Management Platform for Federal Agencies As breaches and threats actors continue to refine their methods for penetrating agencies security perimeters, it is more critical than ever for IT security administrators to have a complete view of their IT landscape and its potential risks. The latest revision to SP 800-53 is further proof that organizations need to take both privilege access and vulnerability management into consideration when implementing new information security systems. The BeyondTrust IT Risk Management Platform helps agencies fulfill NIST requirements through its integrated suite of IT security solutions that reduce user-based risk and addresses security exposures. The platform provides IT security leaders with a single view of all assets and user activity. With behavioral analytics to understand anomalies, compliance reporting, and the ability to leverage third-party data, the platform reduces risks while helping to maximize the value of existing security investments. Available in software and hardware appliance formats, the BeyondTrust platform integrates two foundational security methodologies: PRIVILEGED ACCESS MANAGEMENT The BeyondTrust PowerBroker Privileged Access Management Platform is a modular, integrated solution to provide control and visibility over all privileged accounts and users. By uniting capabilities that many alternative providers offer as disjointed tools, the PowerBroker platform simplifies deployments, reduces costs, improves system security and reduces privilege risks. 7

VULNERABILITY MANAGEMENT BeyondTrust Vulnerability Management Solutions provide security professionals with vulnerability assessment and risk analysis in context. With BeyondTrust, IT teams can proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructures, and communicate that risk to operations and compliance teams to reduce risk. 8

About BeyondTrust BeyondTrust is a global cyber security company that believes preventing data breaches requires the right visibility to enable control over internal and external risks. We give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your organization goes. BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including over half of the Fortune 100 and hundreds of federal government organizations. To learn more about BeyondTrust, please visit www.beyondtrust.com. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback