Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Similar documents
GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

PRIVILEGED ACCESS MANAGEMENT: The Key to Protecting Your Business Amid Cybercrime s Current Boom

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

VMware Hybrid Cloud Solution

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

SYMANTEC DATA CENTER SECURITY

Managing the Risk of Privileged Accounts and Passwords

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Virtual Machine Encryption Security & Compliance in the Cloud

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Who s Protecting Your Keys? August 2018

Google Identity Services for work

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Go mobile. Stay in control.

DreamFactory Security Guide

HIPAA Regulatory Compliance

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

VMware, SQL Server and Encrypting Private Data Townsend Security

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Security Readiness Assessment

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

Acronis Hybrid Cloud Architecture Unified Centralized Data Protection Web-based User Interface Deployed On-premises or in the Cloud.

Transform to Your Cloud

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

VMware, SQL Server and Encrypting Private Data Townsend Security

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

The threat landscape is constantly

Cloud Customer Architecture for Securing Workloads on Cloud Services

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Crash course in Azure Active Directory

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Security Fundamentals for your Privileged Account Security Deployment

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Centrify Identity Services for AWS

Securing Your Most Sensitive Data

the SWIFT Customer Security

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

All the resources you need to get buy-in from your team and advocate for the tools you need.

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Securing Data in the Cloud: Point of View

AKAMAI CLOUD SECURITY SOLUTIONS

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Understand & Prepare for EU GDPR Requirements

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

locuz.com SOC Services

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Teradata and Protegrity High-Value Protection for High-Value Data

Minfy-Magnaquest Migration Use Case

The Road to a Secure, Compliant Cloud

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

CSP 2017 Network Virtualisation and Security Scott McKinnon

The Latest EMC s announcements

PCI DSS Compliance. White Paper Parallels Remote Application Server

Ten things hyperconvergence can do for you

Secure & Unified Identity

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

BYOD: BRING YOUR OWN DEVICE.

Dynamic Datacenter Security Solidex, November 2009

Compare Security Analytics Solutions

Top 5 NetApp Filer Incidents You Need Visibility Into

Accenture Intelligent Infrastructure in Action with EMC Pivotal Enabling Access to High Volume Consumer Data

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

De kracht van IBM cloud: hoe je bestaande workloads verhuist naar de cloud

Enterprise & Cloud Security

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

BeOn Security Cybersecurity for Critical Communications Systems

CSN38: Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Hackproof Your Cloud Responding to 2016 Threats

The Etihad Journey to a Secure Cloud

EXECUTIVE VIEW. One Identity SafeGuard 2.0. KuppingerCole Report

The Oracle Trust Fabric Securing the Cloud Journey

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

by Cisco Intercloud Fabric and the Cisco

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Evolved Backup and Recovery for the Enterprise

Managing your Cloud with Confidence

Convergence is accelerating the path to the New Style of Business

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Automating the Software-Defined Data Center with vcloud Automation Center

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Transcription:

Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017

Agenda Why Privileged Access Management Why CA Technologies 2 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

The Common Thread? Privileged Accounts 3 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Privileged Access Management Trends Quick Take: 12 Lessons for Security & Risk Pros from the US OPM Breach, Forrester, 8 June 2015 Forrester estimates that 70% to 80% of data breaches involve the use of privileged and administrative passwords and credentials Risk Market Guide for Privileged Access Management, Gartner, 2 Aug 2016, ID: G00279025 Privileged Access Management market grew by 33% to reach $690 Million in 2015 Compliance Technology Refresh Emerging Enterprises CA Privileged Access Manager product licenses grew by 113% last year 4 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Privileged Accounts: The Emerging Front Line Organizations typically have 3-4x more privileged accounts than employees! Endpoints Workstation Mobile Industrial Control Systems Internet of Things On Premise Employees/Partners System Accounts Network Accounts DB Accounts Application Accounts Service Accounts Business Accounts Developer Accounts INTERNET Cloud Remote Privileged Users Partners/Contractors/ Employees Apps 5 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Privilege: Core of the Breach Kill Chain Threat Actor Network Perimeter EXTERNAL THREATS C&C, Data/IP Exfiltration Gain/Expand Access Elevate Privilege Wreak Havoc Trusted Insider Lateral Movement, Reconnaissance nsyd INTERNAL THREATS 6 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Risk & burden of privileged accounts Same password for local admin accounts HYBRID CLOUD ENVIRONMENT Privileged Personal Domain Accounts Individual Privileged Users Non-rotating passwords Hard-coded credentials Privileged Account Standing Access Software Defined Data Centre Public & Private Cloud Security Compliance Efficiency Traditional Data Center 7 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

CA Privileged Access Manager (CA PAM) Credential Vault Authentication Control Access Auto-Login (SSO) Record Sessions Enforce Policy Threat Analytics Log Everything HYBRID CLOUD ENVIRONMENT Software Defined Data Centre Privileged User Public & Private Cloud Integrated Controls and Unified Policy Management Traditional Data Center 8 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Key CA PAM Differentiators Scalability Quick Time-to-Value Defense-in-Depth CA PRIVILEGED ACCESS MANAGEMENT Lower TCO Most Highly Certified Platform Hybrid Enterprise 9 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

CA Privileged Access Manager (CA PAM) Privileged Account Management for the Hybrid Enterprise Traditional Data Center Software Defined Data Center HYBRID ENTERPRISE Public Cloud - IaaS SaaS Applications Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools SDDC Console and APIs Cloud Console and APIs SaaS Consoles and APIs A New Security Layer - Control & Audit All Privileged Access Unified Policy Management CA Privileged Access Manager Identity Integration Enterprise-Class Core Hardware Appliance OVF Virtual Appliance AWS AMI 10 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Thank You

CA PAM: Application-to-Application Support Credential Vault Applications Applications Data 12 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Scalability Make sure to grow your capacity at a better & more predictable value CA PAM requires only a single appliance to protect thousands of resources supporting a large number of concurrent sessions. Danny MacAskill's Imaginate 13 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Quick Time-To-Value Realize immediate and long-term benefits with an appliance form factor Comprehensive solution based on single appliance Deploys in as little as few hours for smaller enviros Intuitive and cost-effective to operate & maintain Rapid time-to-value, without the unexpected resource requirements that come with a softwareonly solution requiring its own infrastructure 14 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Lower TCO Don t get caught with HIGH COST of OWNERSHIP CA provides an all-inclusive pricing model based on an appliance form factor CA pricing is easy to understand, without unexpected costs for multiple hardware/virtual instances, disaster recovery or high availability No incremental costs such as additional OS, DB and remote desktop licensing No huge cost of deployment, administration & maintenance 15 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

CA PAM for Hybrid Enterprise Unified Control for Administrative consoles and Guest Systems & Applications All AWS Regions VPC GOV Cloud AWS Public Cloud vsphere vcenter vshield vcloud NSX Manager Cloud Operations Automation AWS Management APIs/SDK AWS Management Console & APIs Cloud Admin Microsoft Online Services Office 365 Console Guest system & Application Admin 16 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION. CA Privileged Access Manager for Microsoft Online Services

Most Highly Certified Platform Make sure the solution is enterprise and government ready CA Privileged Access Manager is first & currently only PAM product certified for Common Criteria Using NIAP*-Preferred Protection Profile. What does this mean? CA PAM has met the Protection Profile evaluation required by NIAP before a commercially-of-the-shelf product can be considered for procurement by governments of 27 countries. A proof to private sector that CA PAM meets the federal government s demands *National Information Assurance Partnership 17 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Defense-In-Depth Avoid being the next victim Only CA can offer a comprehensive solution for privileged access management, delivering both the broad protection and simplified deployment of a network-based solution, and the fine-grained protections enabled by a host-based product. Unlike other vendors, CA offers a more future proof solution and allows you to better focus your investments using a risk-appropriate approach. 18 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Comprehensive Privileged Access Lifecycle Management Advanced Authentication CA Identity Suite CA Privileged Access Manager (CA PAM) CA PAM Server Control IDENTITY-BASED SECURITY PRIVILEGED-ACCESS SECURITY DEFENSE IN DEPTH HOST-BASED SECURITY 19 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Credential Safe Authentication Access Control Monitoring, Alerting & Intervention CA PAM Key Capabilities > Privileged credentials > SSH Session Keys >FIPS 140-2 Level 1 & 2 compliant encryption >Optional HSM for FIPS 140-2 Level 3 support > Application-to- Application Support >Industry s broadest platform support >Active Directory & LDAP >RADIUS integration >PKI/X.509 & Smartcard (PIV/CAC) support >Multi-factor authentication (CA Technologies, RSA, VASCO, SafeNet, Entrust, etc) > Privileged user SSO >Federated Identity & attribution >Role-based privileged user access limits >Zero Trust deny all, permit by exception policy engine >Continuous monitoring & logging >DVR-like session recording >Command filtering >Leapfrog prevention >Proactive policy violation prevention 20 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Risk & burden of privileged accounts Same password for local admin accounts HYBRID CLOUD ENVIRONMENT Privileged Personal Domain Accounts Excessive Permissions Local admin privileges for workstation users Non-rotating passwords Standing Access Lack of accountability & visibility Software Defined Data Centre Individual Privileged Users Privileged Account Public & Private Cloud Security Compliance Efficiency Traditional Data Center 21 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

Recognitions Overall Rating: Ovum Decision Matrix: Selecting a Privileged Identity Management Solution, November 2015 2016 Gold: Innovations in Cloud Security Silver: Innovations in Privileged Identity Management Best Privileged Access Management Solution Best Privileged Access Management Solution Best Overall IT Company 22 2017 CA. ALL RIGHTS RESERVED. NO UNAUTHORIZED USE, COPYING OR DISTRIBUTION.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback