Presentation is loading. Please wait.

Presentation is loading. Please wait.

Locking down privileged accounts

Published byEsmond Shelton Modified over 7 years ago

Similar presentations

Presentation on theme: "Locking down privileged accounts"— Presentation transcript:

1 Locking down privileged accounts
Dan Ritch Sales Engineer Bruce Martin Senior Account Manager Thycotic’s PAM solution is called Secret Server Secret Server introduces a fundamental security layer to protect against cyber-attacks that use privileged accounts to strike at the core of the enterprise – and it enables you to manage your enterprises privileged accounts from single console Greg Hanchin Owner, TechVader

2 Insider threat: today’s risk
What does a security team have to deal with? Auditors/compliance External threats Insider threats Lets talk about the risk that Admins such as Snowden pose to your organization.

3 The threat landscape has changed
Old Paradigm Perimeter security Firewall, AV,IDS,IPS, gateways Threat detection SIEM, Big data analytics, IOC detection Account and user provisioning Role based access, layering, insider threat What is the result of all of this security? We are a global leader of next-generation IT security solutions that protect organizations against cyber-attacks that use privileges and strike at the core of the enterprise. Our software solution protects privileged accounts, which have become a critical target of today’s cyber-attacks. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control of, the IT infrastructure, core systems and applications, as well as critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT infrastructures, steal confidential information and commit financial fraud.

4 http://www. informationisbeautiful
This site shows that in the last 12 years, more than 2 billion records have been stolen.

5 Human Security Risks % of incidents related to errors by admins % of social media scams shared manually % of people open and click on phishing s 60% OF INCIDENTS WERE ATTRIBUTED TO ERRORS MADE BY SYSTEM ADMINISTRATORS— PRIME ACTORS RESPONSIBLE FOR A SIGNIFICANT VOLUME OF BREACHES AND RECORDS. Cybercriminals Are Leveraging Social Networks and Apps to Do Their Dirty Work remains a significant attack vector for cybercriminals, but there is a clear movement toward social media platforms. In 2014, Symantec observed that 70 percent of social media scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals because people are more likely to click something posted by a friend. Mobile was also ripe for attack, as many people only associate cyber threats with their PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware in disguise. Additionally, grayware apps, which aren’t malicious by design but do annoying and inadvertently harmful things like track user behavior, accounted for 36 percent of all mobile apps. NEW EMPLOYEES 60% CONTRACTORS 44% EXEC ASSISTANTS 38% HR STAFF 33% IT STAFF 23% Percentage of phishing attacks targeted at employee types Source: Check Point Software Security Report % of people use the same password for social sites +500 Data Breaches 500m Records Data Source: Symantec ISTR 2015 Data Source: Verizon DBIR Report 2015

6 In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin. Ransomware is often spread through phishing s that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

7 SEVERAL HOSPITALS DECLARED STATE OF EMERGANCY

8 The threat landscape has changed
New Paradigm No matter how much security you put in place you are still going to be breached. One example: Advanced Persistent Threats - Malware phishing: 10 s - 100% someone will open an executable. BOOM! APT has control We are a global leader of next-generation IT security solutions that protect organizations against cyber-attacks that use privileges and strike at the core of the enterprise. Our software solution protects privileged accounts, which have become a critical target of today’s cyber-attacks. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control of, the IT infrastructure, core systems and applications, as well as critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT infrastructures, steal confidential information and commit financial fraud. If we know that we are going to be breached, what can we do?

9 How do I mitigate risk? What do hackers target?
If we know we are going to get breached, the questions we should ask are: How do I mitigate risk? What do hackers target? We are a global leader of next-generation IT security solutions that protect organizations against cyber-attacks that use privileges and strike at the core of the enterprise. Our software solution protects privileged accounts, which have become a critical target of today’s cyber-attacks. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control of, the IT infrastructure, core systems and applications, as well as critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT infrastructures, steal confidential information and commit financial fraud.

10 What do hackers target? “100% of breaches involved stolen credentials”
“APT intruders…prefer to leverage privileged accounts where possible, such as Domain Administrators, service accounts with Domain privileges, local Administrator accounts, and privileged user accounts.” Mandiant, mtrends report and APT1 report For the 3 key privileged account challenges: Unknown Unmanaged Unprotected Lets discuss our primary capabilities as well as how you’ll benefit: Secret Server enables you to solve the problem that privileged accounts are unknown by helping you: Automatically discover and securely stores privileged accounts.  Here’s what we do: Our solution automatically identifies & discovers privileged accounts wherever they reside – such as local accounts, root accounts and hypervisor accounts, as well as wherever they are being used, including in services, scheduled tasks and more, anywhere across the entire enterprise. Then it takes control of those credentials, and securely stores them in our password vault. This enables you to immediately visualize the resulting compliance gaps and security vulnerabilities of unmanaged accounts. It also helps quickly change passwords – if your organization were under attack How you’ll benefit: Our automated account discovery process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, wherever they are used in the environment, thereby decreasing IT operational costs and increasing security on these accounts.– think about what you go through every time a new privileged account is provisioned… This enhanced discovery visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards. “100% of breaches involved stolen credentials”

11 What are Privileged accounts?
Windows Domain admin- How many are shared? Local Admin- password formatting UNIX root superuser What about vendor and consultant accounts? Database Oracle - Sys SQL - SA Dbadmin Cisco - Enable Service Accounts Scheduled tasks Web and social media

12 Seasoned Management Team
Insider Threat The key to securing against internal breaches is access management Seasoned Management Team 58% of large organizations suffered staff-related security breaches in 2014, compared to just 24% detecting outsiders penetrating their networks. 71% are very concerned with external threats, but only 46% indicated a strong concern for internal threats. In cases where staff will be dealing with sensitive information, monitoring user activity is a must. Information-age.com, Insider Hacks vs. outsider threats: spending budget in the wrong place 12 Jonathan Cogley- CEO – 19 years James Legg – President Steve Kahan – CMO – Nathan Wenzler years – CSO Directory R&D- David Cooksey 13 years

13 Three common practices that highlight need for password management
Failure to update passwords Passwords stored on spreadsheets or sticky notes Default passwords on Virtual machines Arellia’s products also provide similar business benefits as Thycotic – ALL ties back to MANAGING PRIVILEGES.

14 Core Principles of Effective PAM
Limit the number of privileged accounts Auditing and Accountability Do not allow users to bypass security protocols Unique, random passwords Ensure all passwords are rotated Only give users access to accounts they need to perform their job Key term and concept to understand.

15 Thycotic Product slide
Recent Acquisition of Arellia adds more depth to Security offering Lockdown the Endpoints Lockdown the Applications Lockdown the OS Configuration

16 Thycotic Product slide
Founded in 1996 and HQ in Washington DC, USA Over 3500 Global customers with additional 3000 on fully supported free version Software used by over 200,000+ IT admins INC 5000 fastest growing companies Numerous awards like Best of VMWorld 2014, Info Security Products Guide Global Excellence 2015, 5-Star award 2016 Best Privileged Account Management Award and many others Thycotic Product slide

17 Thycotic has over 2,500 customers with over 100,000 IT administrators using our PAM tool.
Have you heard of Thycotic? Sometimes not – that is because Thycotic’s approach has been to work with IT Operations for years. The good news is that means IT Ops likes working with our tools. Have you seen a situation where IT Security tries to push a tool down to IT Ops and they just hate it? It is important – you need IT Ops to be comfortable with tools else they find ways not to use the tool.

18 What our CUSTOMERS SAY Thycotic provides the best privileged account security software and the support we need to solve our most pressing problems.” – Liz McQuarrie, Director of Security Operations, Adobe “One of the things I love about Secret Server is the out of the box integration with our existing technology tools. We maintain a lot of different systems, and so it’s really nice to have tools that work together as opposed to needing to figure out how to build custom integrations.” – Mathew Eshleman, Chief Technology Officer Community IT Innovators “On the IT operations side Secret Server makes your life exponentially easier.” -Seth, Top four global IT consulting Firm As I mentioned, we have over 3000 customers – If you came to our user conference, this is what you would hear: Michael Boeglin, Director of Global Infrastructure – International Rescue Committee Our IT admins were able to get up to speed within minutes and our control over privileged accounts improved immediately. Because Secret Server helps us manage sensitive credentials across privileged accounts, we no longer face the inefficiencies and security risks that can plague an organization as big as ours.”

19 Secret Server Architecture

20 Remote Password Changing
Active Directory SAP Local Windows accounts F5 UNIX/Linux/Mac Blue Coat MS SQL Server Dell DRAC Oracle HP iLO Sybase SSH/Telnet MySQL LDAP ODBC Salesforce VMware ESX/ESXi Google SonicWALL Amazon Cisco Office365 Juniper PowerShell

21 Discovery Local Windows accounts Windows services
Windows scheduled tasks IIS application pools Unix/Linux accounts VMware ESX/ESXi accounts

22

23 Solution – Passwords: Heartbeat ensures passwords are valid
Auditing + Permissions + Rotation = Compliance

24 Closing the termination gap

25 Solution: IT ADMIN LEAVES
Run Audit Report on Password Usage Automate Password Changes Coordinate with HR

26 Reducing exposure

27 Solution: REDUCING EXPOSURE
Use passwords without knowing them Session Launching Change passwords automatically after use Check Out

28 Service accounts

29 Solution: MANAGING SERVICE ACCOUNTS
Automatically find all your service accounts Discovery Windows Services, Scheduled Tasks, IIS AppPools COM+, File Regex, PowerShell extensions Automatically change password everywhere Full automation

30

31 Solution: WORKFLOW APPROVAL
Request access to sensitive Secrets Dual Approval if necessary Approve for limited period of time Capture service request/ticket number Complete audit trail for compliance

32 Who’s watching IT?

33 Solution: WHO’S WATCHING IT?
SIEM integration Get shared/privileged account activity to your SIEM and correlate with AD identity for true accountability Session Monitoring Launch SSH, RDP, MSSQL, etc. sessions Record all activity SSH proxy to capture all keystroke activity Live monitoring and session termination

34 SIEM Tool integration Monitor Account Usage Syslog format CEF format For the 3 key privileged account challenges: Unknown Unmanaged Unprotected Lets discuss our primary capabilities as well as how you’ll benefit: Secret Server enables you to solve the problem that privileged accounts are unknown by helping you: Automatically discover and securely stores privileged accounts.  Here’s what we do: Our solution automatically identifies & discovers privileged accounts wherever they reside – such as local accounts, root accounts and hypervisor accounts, as well as wherever they are being used, including in services, scheduled tasks and more, anywhere across the entire enterprise. Then it takes control of those credentials, and securely stores them in our password vault. This enables you to immediately visualize the resulting compliance gaps and security vulnerabilities of unmanaged accounts. It also helps quickly change passwords – if your organization were under attack How you’ll benefit: Our automated account discovery process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, wherever they are used in the environment, thereby decreasing IT operational costs and increasing security on these accounts.– think about what you go through every time a new privileged account is provisioned… This enhanced discovery visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards. Get the most out of your SIEM tool by monitoring Privileged Account usage

35 Application password misuse

36 ** GET RID OF EMBEDDED PASSWORDS **
SOLUTION: Application password misuse ** GET RID OF EMBEDDED PASSWORDS ** API integrations .NET/Java/Perl/PHP/PowerShell/etc. Push Update embedded passwords directly from vault Pull Use API from custom and 3rd party applications to retrieve passwords at runtime Talking Windows local privileges. Endpoints: PC’s Laptops Servers Smartphones Tablets Point of sale terminals

37 BEFORE @echo off echo —————————————- echo Uploading changes… echo —————————————- ftpsync \ftpsync.pl documents @echo off echo —————————————- echo Connecting to Secret Server API… echo —————————————- FOR /F “tokens=*” %%A IN (‘java -jar secretserver-jconsole.jar -s 1587 Password’) DO SET FieldValue=%%A echo —————————————- echo Uploading changes… echo —————————————- ftpsync \ftpsync.pl documents AFTER Talking Windows local privileges. Endpoints: PC’s Laptops Servers Smartphones Tablets Point of sale terminals

38 10k foot perspective Protect against internal and external threats
Meet compliance mandates and industry best practices Automate scalable security processes and be more efficient Arellia’s products also provide similar business benefits as Thycotic – ALL ties back to MANAGING PRIVILEGES.

39 Implementation Plan Best Practice to increase Adoption Rate:
Phased Approach CHANGES Remove the timelines from the steps (example 1-30 days) Show implementation plan, emphasize that the solution will scale to match customer needs / requirements.

40 Questions? Request a Trial:

41 JUNE 20th & 21st Washington D.C.

Download ppt "Locking down privileged accounts"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Vormetric Data Security

Vormetric Data Security
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
©2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE. 1 Bomgar Privileged Access Management.

©2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE. 1 Bomgar Privileged Access Management.
Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.

Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.
ABOUT COMPANY Janbask is one among the fastest growing IT Services and consulting company. We provide various solutions for strategy, consulting and implement.

ABOUT COMPANY Janbask is one among the fastest growing IT Services and consulting company. We provide various solutions for strategy, consulting and implement.
Stopping Attacks Before They Stop Business

Stopping Attacks Before They Stop Business
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
Sophos Central for partners and customers: overview and new features

Sophos Central for partners and customers: overview and new features

Similar presentations

Ads by Google