The Problem with Privileged Users

Similar documents
Clearing the Path to PCI DSS Version 2.0 Compliance

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

Security Automation Best Practices

2018 Edition. Security and Compliance for Office 365

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Security and Compliance for Office 365

Six Ways to Protect your Business in a Mobile World

Single Secure Credential to Access Facilities and IT Resources

Clearing the Path to PCI DSS Version 2.0 Compliance

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

From Reactive to Proactive: How to Avoid Alert Fatigue

4 Ways to Protect Your Organization from a Data Breach

Securing Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Privileged Account Security: A Balanced Approach to Securing Unix Environments

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

The GDPR data just got personal

Integrated Access Management Solutions. Access Televentures

Five Reasons It s Time For Secure Single Sign-On

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

A GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING

Protect Your Data the Way Banks Protect Your Money

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

2015 VORMETRIC INSIDER THREAT REPORT

Crash course in Azure Active Directory

Streamline IT with Secure Remote Connection and Password Management

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Altitude Software. Data Protection Heading 2018

The security challenge in a mobile world

Tripwire State of Cyber Hygiene Report

WHITEPAPER. How to secure your Post-perimeter world

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Best Practices in Securing a Multicloud World

IT Needs More Control

HIPAA Regulatory Compliance

Next Generation Privilege Identity Management

WHITE PAPER. Best Practices for Web Application Firewall Management

Securing Digital Transformation

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Go Cloud. VMware vcloud Datacenter Services by BIOS

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Safeguarding Cardholder Account Data

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Transforming Security from Defense in Depth to Comprehensive Security Assurance

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

PREVENTING PRIVILEGE CREEP

Solution. Imagine... a New World of Authentication.

Secure Access & SWIFT Customer Security Controls Framework

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

Data Privacy in Your Own Backyard

BlackBerry Enterprise Identity

Best practices in IT security co-management

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

DDoS MITIGATION BEST PRACTICES

Maximize your move to Microsoft in the cloud

Teradata and Protegrity High-Value Protection for High-Value Data

Moving to a New Business Phone System

LEARN READ ON TO MORE ABOUT:

white paper SMS Authentication: 10 Things to Know Before You Buy

Securing Devices in the Internet of Things

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

The 2017 State of Endpoint Security Risk

Secure Access for Microsoft Office 365 & SaaS Applications

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Securing Your Enterprise in the Cloud. IT executives must be ready to move to the cloud safely

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Securing Office 365 with SecureCloud

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

SECURING DEVICES IN THE INTERNET OF THINGS

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Designing a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

System Structure. Steven M. Bellovin December 14,

AKAMAI CLOUD SECURITY SOLUTIONS

Building a Smart Segmentation Strategy

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

BREAK THE CONVERGED MOLD

Securing Today s Mobile Workforce

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

8 Must Have. Features for Risk-Based Vulnerability Management and More

RSA NetWitness Suite Respond in Minutes, Not Months

WHITEPAPER. Security overview. podio.com

5 OAuth Essentials for API Access Control

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Why This Major Automaker Decided BlackBerry Cybersecurity Consulting was the Right Road to Protecting its Connected Cars

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

Transcription:

Flash Point Paper Enforce Access Control The Problem with Privileged Users Four Steps to Reducing Breach Risk: What You Don t Know CAN Hurt You Today s users need easy anytime, anywhere access to information and services so they can do their jobs. The technologies needed to deliver that simplicity have become increasingly complex, and someone has to be there to keep it all running. These administrators (or super users) need privileged access to everything within the system in order to troubleshoot, resolve issues and maintain that immediate level of access. This privileged access is necessary, but it can pose some serious problems. Today s increasingly complex environments require many administrators, from users with root-level access to key systems to Active Directory (AD) administrators. And if you re like most companies, you may have more of these privileged users than you think. When a privileged user logs in, how do you know that it is really them and not a hacker with stolen credentials? Limit the scope and number of access rights granted Monitor changes and access to the systems and data that matter most Use identity to determine if user activity is business appropriate Establish a baseline of normal behavior

Flash Point Paper The Problem with Privileged Users According to the Ponemon Institute, most breaches and security incidents today come from insider activity. It isn t that privileged users are malicious although some of them can be that s not the only problem. With the level of access that privileged users have, even accidental or unintentional actions can create significant risk for your organization. While the number of breaches and incidents from true insiders is significant, the true scope of what constitutes an insider attack expands considerably when you consider the damage done by malicious attackers who gain access through privileged accounts. These attackers look like insiders, but actually aren t. Today s hackers know the importance of gaining the access rights of privileged users (or any user with broad access rights). Your data is a precious commodity, and there s a good chance that someone wants access to it, whether it is personal data, credit card information, corporate secrets or even access rights shared between companies. Hackers have become very Note: All incidences of breaches were included so there were multiple answers possible. Source: Ponemon Institute, Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2016. good at acquiring the credentials of these privileged users and infiltrating systems. Once they re inside the question becomes not if they can gain access to everything, but when they will gain access to everything. The question you have to ask is this: When a privileged user logs in, how do you know that it is really them and not a hacker with stolen credentials? You Can t Eliminate Privileged Users But You Can Reduce the Risk The answer is actually pretty simple: Use a riskbased approach. First, identify projects that are a business priority and align your resources accordingly. Within these key projects, place the best protection that you can around your data and systems that matter. Then, pay attention to what s happening to, and being done with, that data. Because the problem isn t that hackers have access to sensitive data the problem is that they re going to use that access to do something you don t want with the data. Once hackers are inside, the question becomes not if they can get access to everything, but when they will gain access to everything. 2

What is your organization s single biggest failing when it comes to managing privileged identities? Source: 2015 Privileged Access Management Study, Information Security Media Group Fall 2015 In managing privileged users, track behavior and triangulate on threats by asking: Is the data sensitive? (Yes/No) Should the user be accessing that data based on their role? (Yes/No) We fail to enforce the good policies we have 23% We lack the right technology tools 22% We lack the trained staff to properly manage the tools 17% The organization fails to recognize this as a critical objective 13% We lack financial resources to invest in staff and tools 9% We lack the right policies 7% Should they be doing whatever they re doing with the data? (Yes/No) So What Does a Risk-Based Approach Look Like? 1. The first principle is simply limiting the level of access granted to privileged users across the employee lifecycle. In many organizations, privileged users not only have administrator privileges, but the privileges they have are too broad. And once those access rights have been granted, they often aren t revoked in a timely fashion. This happens because it is difficult or time consuming to provide granular access rights, and people either don t have time or they forget to turn off access once it is no longer needed. 2. Second, look at the data and systems that matter most to your organization. Make sure that you have a solution in place that can alert you when certain critical pieces of data or certain systems have been accessed or changed. And ideally, you should be able to tell who has made the change, when they made it and from where. But just knowing who has made the change isn t enough changes are made all the time, and you d spend all your time chasing after false alarms. Unfortunately, that s the default state of most security teams. 3. The third key to managing privileged users: identity. Identity goes beyond the access credentials of the user to provide additional context such as business role and location. When you integrate this identity context into your security monitoring data, you gain real security intelligence that helps you to better understand when user activity is appropriate (Yes, Bill should be accessing the server from our offices at 3:00 p.m.), and when activity is suspicious and should be investigated (No, Bill probably shouldn t be accessing the server from halfway around the world at 3:00 a.m.). And that brings us to the final consideration for managing privileged users: behavioral monitoring. You have to be able to monitor behavior and link it to the identity behind the user account. To monitor behavior in a meaningful way, you have to establish a baseline of normal behavior against which to measure. This is important even when things accidentally go wrong. Root-level users can mistakenly alter system settings and bring entire networks down. If you can t tell what was done to create the problem, it becomes much more difficult to fix. But if you re able to retrace their steps, you can identify where the problem occurred and fix it. 3

Flash Point Paper The Problem with Privileged Users More importantly, behavioral monitoring allows you to triangulate on threats is the data sensitive? (Yes/no) Should the user be accessing that data based on their role? (Yes/no) Should they be doing whatever they re doing with the data? (Yes/no) Ensure Secure Access Without Impacting Business Unintended outages can cause big problems, especially when it comes to cloud services. For example, social networking giant Facebook, with 1.5 billion monthly users worldwide, is relied on by consumers to keep in touch with family and friends, and by businesses to support their apps or social media marketing efforts. During the month of September 2015, Facebook experienced a series of three, world-wide outages, totaling over 2.5 hours. The outages occurred, not as a result of malicious attacks, but by errors in its configuration system. Only a few months earlier, Facebook experienced a significant world-wide outage During the month of September 2015, Facebook experienced a series of three, world-wide outages, totaling over 2.5 hours. The outages occurred, not as a result of malicious attacks, but by errors in its configuration system. that they admitted occurred as a result of their engineers accessing and tinkering with critical configuration values. It is estimated Facebook s loss of in ad-revenues for each hour was around $0.8 million to $1.7 million. After the outages in September 2015, Facebook shares slid almost 4%, reflecting market disappointment. Let s face it: the only truly secure solution would be to not grant any access but you can t do that, so the best approach is to ensure that you re only allowing the right level of access and then monitor what users are doing with the rights they ve been granted. The beauty of this sort of approach is that it doesn t prevent administrators who should have access from doing their jobs they can continue as before. And because response to monitored events can be automated it alleviates the need for security staff to manually review incident logs. Additionally, by integrating behavioral and identity-based contextual information with security monitoring data, security teams can provide even faster detection and response to potential threats. Choosing the Right Privileged Management Solution There are many ways that you can address these problems, from a range of Security Information and Event Management (SIEM) products, to identity management solutions, change management systems and automation solutions. However, as you evaluate your choices, make sure that you choose an option that will:. Work together seamlessly. While each of the systems serves a unique purpose, they are actually complementary. In an ideal scenario, they need to be able to talk to each other and hand information back and forth. If they don t, you aren t really solving the problem in the first place. Allow sufficient automation. Let s face it this is a lot of stuff that we re expecting to happen. If it requires manual intervention or extensive subject matter expertise, it isn t going to be practical. And the whole point of this endeavor is to try to make it easier for your team to distinguish between real threats and incidental events. Allow policy-based monitoring. Enriching security monitoring with identity context doesn t really help if you can t build a set of rules and policies around particular business scenarios. This is the piece that really brings the whole solution together. Be affordable for the long term. Think beyond the purchase price and consider what it ll cost long term. Is it easy to use? Will it work with the systems you already have in place? How much additional management time is needed? How much additional training will you need? 4

As you evaluate which solution will work best for you, consider Identity-Powered Security Solutions from NetIQ.. Our identity, access and security management solutions integrate seamlessly to help organizations reduce the total number of users with privileged access, ensure the right people have the right access when they need it, and monitor what users, especially users with broad privileges, are doing with the rights they have been granted. By leveraging identity intelligence in this manner, you can balance the access required for productivity with the need to reduce security risks that stem from our hyper-connected world. NetIQ Change Guardian provides the who, what, when and where for user activity in the enterprise, whether it be configuration changes or access to sensitive files (file integrity monitoring). It gives you the security intelligence you need to rapidly identify and respond to privileged user activities that could signal a data breach or result in compliance gaps. NetIQ Sentinel is a full-featured SIEM solution. Sentinel simplifies the deployment, management and day-to-day use of SIEM. It readily adapts to dynamic enterprise environments and delivers the true actionable intelligence security professionals need to quickly understand their threat posture and prioritize response. NetIQ Identity Manager delivers a complete, yet affordable, solution to control who has access to what across your enterprise from inside the firewall and into the cloud. Identity Manager enables secure and convenient access to critical information for business users, while meeting compliance demands. NetIQ Directory and Resource Administrator provides smart Active Directory (AD) administration features like granular delegation of administrative privileges and control of administrative access. It easily delegates proper administrative powers in Microsoft s Active Directory, Exchange Server and Exchange Online hosted on Office 365. NetIQ Privileged Account Manager allows IT administrators to work on systems without exposing administrator or supervisor passwords, or root-account credentials. It manages, controls and records privileged account activities for all credential-based systems, including applications, databases, cloud services, and virtual servers. It also supports multifactor authentication and single sign-on for enhanced secure access. Learn what next steps you can take by visiting NetIQ at: MAKE SURE THAT YOUR SOLUTIONS WILL: Work together seamlessly Allow sufficient automation Allow policy-based monitoring Be afflordable for the long term Automating systems can keep out problems: 1. Automated provisioning/ de-provisioning/re-provisioning of user access rights and privileges 2. Centralized HR source for creation, deletion or updating of rights This is especially helpful when large groups of users who require privileged access (such as contractors or temporary employees) leave the workforce. Don t leave the door open for them! 5

Our privileged management solutions help organizations reduce the total number of users with privileged access, ensure the right people have the right access when they need it, and monitor what users, especially users with broad privileges, are doing with the rights they have been granted. Worldwide Headquarters 515 Post Oak Blvd., Suite 1200 Houston, Texas 77027 USA +1 713 548 1700 888 323 6768 info@netiq.com /communities/ For a complete list of our offices in North America, Europe, the Middle East, Africa, Asia-Pacific and Latin America, please visit: /contacts 584-000014-003 Q 07/16 2016 NetIQ Corporation and its affiliates. All rights reserved. NetIQ, the NetIQ logo, Directory and Resource Administrator, and Sentinel are trademarks or registered trademarks of NetIQ Corporation in the USA. All other company and product names may be trademarks of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback