Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case Study: Privileged Access and Data Science

Published byIsabel Jacobs Modified over 5 years ago

Similar presentations

Presentation on theme: "Case Study: Privileged Access and Data Science"— Presentation transcript:

1 Case Study: Privileged Access and Data Science
Mike MacIntyre | VP of Product, Panaseer 03/22/19

2 Framing the problem Introduction to CCM Building the Graph
Outline Framing the problem Introduction to CCM Building the Graph Simple Measures Next steps

3 BOARD SCRUTINY The story so far…
Departing board member asks CISO to demonstrate control over privilege access in the company before leaving the business in 18 months time

4 “It’s just not possible” - PAM was in a state of panic

5 Customer Approach Rank Business applications
How complete is your CMDB? Focus on Crown Jewel application stack Define Control set for Crown Jewels Strongest & most comprehensive Establish ground truth Increase visibility on privilege allocation Clean up Privilege Track progress Optimise number of Humans with Crown Jewel privileges Minimise number of privilege inheritance paths Continuously monitor Expand to next set of critical applications Reduce control set “I’m an admin!”…”No, I’m an admin!”.. Frank was a film buff and knew exactly what this lot were playing at​

6 Fundamental layers for achieving effective CCM
Data collection Automatic data collection of technical controls thru APIs/logs, into central repo Asset inventories Create trusted inventories triangulated from multiple sources of data Measurement Automatically populate measures against SLA and other target thresholds Continuous Control Monitoring Continuously monitor and measure controls against SLAs in multiple security frameworks Data unification Data cleaning correlation, normalization, aggregation and modelling ` Control coverage Check Control Coverage against asset inventories to identify and fill gaps Controls catalogue and frameworks Automatically populate any security framework any time Automatic data collection CCM Controls catalogue and frameworks Security measurement Control coverage analysis Asset inventories Data unification Value CONFIDENTIAL AND PROPRIETARY INFORMATION

7 Building the Graph Application Database Server Asset Inventory
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Database Server

8 Building an Inventory Read more
Discovery tools Nmap CMDB discovery modules Vuln Scanner Network Netflow Windows event logs DHCP Endpoint Agent Tanium OSQuery AV Configuration management/Patching SCCM BigFix Authentication Services AD Read more

9 Building an Inventory Assets in need of management Active Directory
Config Mgmt Discovery Scanner CMDB Endpoint Agent

10 Building the Graph Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Server

11 Building the Graph Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Server Group Account

12 Building the Graph Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Organisation Employee Server Group Account

13 Building the Graph Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Organisation Employee Server Group Account Group Account

14 Building the Graph Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Applications logs Organisation Employee Server Group Account Group Employee Account

15 The reality of a “Critical” system

16 Simple Graph Measures Number of devices with no graph!
Number of Accounts with Direct Privileged Access Include classification of account type Number of Accounts with inherited Privileged Access Via group membership Number of Humans with Access Does this map 1:1 with accounts? Number of Paths to Privileged Access How many are approved?

17 Untangling Permissions
Before we can remove privileged access… Is this account vaulted? Is direct privilege appropriate for this account? Is this account privileged through an alternative path? Is it appropriate for this group to permit privilege? Is this group granting privilege to additional services? Does this Human need this privilege? Is there anyone that should have this privilege but doesn’t? Terry had been searching for correctly assigned admin permissions since 1957.​

18 Extending the Graph Application Asset Inventory Local Admin
CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Quest Direct Access SQLServer, Oracle Applications logs Organisation Employee Database Server Group Account Group Employee Account

19 SQL Server Database Permissions

20 What did we achieve? Comprehensive visibility of Privilege across critical systems within the organisation Automated, continuous Privilege Access analysis for multiple platforms Windows & Linux Servers Oracle & SQL Server DBs Applications - coming soon Demonstrable progress in reducing privilege on critical systems Account Group Employee Server Database Application Organisation

21 How could we be more helpful?
Augmented Analytics – Decision Support Clean-up recommendations Graph Exploration tooling Which graph (aka system) is higher risk? Where to start clean up How to make this scalable? Crown Jewel systems – 20’s Key Systems – 100’s How to embed this in to a continuous process? Avoid drift as the organization evolves Additional data sources? Was this a valuable activity to undertake? What are other approaches?

22 Expanding the Controls
Application Asset Inventory CMDB Spreadsheet Local Admin Endpoint Agent Vulnerability Scans Identity & Access Management HR Line Management Role Authentication Services Active Directory Database logs Quest Direct Access SQLServer, Oracle Applications logs Organisation Employee Database Server Group Account Group Employee Account

23 Fundamental layers for achieving effective CCM
Data collection Automatic data collection of technical controls thru APIs/logs, into central repo Asset inventories Create trusted inventories triangulated from multiple sources of data Measurement Automatically populate measures against SLA and other target thresholds Continuous Control Monitoring Continuously monitor and measure controls against SLAs in multiple security frameworks Data unification Data cleaning correlation, normalization, aggregation and modelling ` Control coverage Check Control Coverage against asset inventories to identify and fill gaps Controls catalogue and frameworks Automatically populate any security framework any time Automatic data collection CCM Controls catalogue and frameworks Security measurement Control coverage analysis Asset inventories Data unification Value CONFIDENTIAL AND PROPRIETARY INFORMATION

24 Thank you mike.macintyre@panaseer.com @theTechRunner www.panaseer.com
© 2019 Panaseer Limited

Download ppt "Case Study: Privileged Access and Data Science"

Similar presentations

ManageEngine IT360 Product Overview

ManageEngine IT360 Product Overview
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
ServiceDesk Plus Product Overview Presented by ManageEngine 1.

ServiceDesk Plus Product Overview Presented by ManageEngine 1.
Service Manager for MSPs

Service Manager for MSPs
ServiceDesk Plus MSP Product Overview. Why ServiceDesk Plus - MSP? Capability of Managing Multiple Client’s in one Help Desk Stop Juggling with multiple.

ServiceDesk Plus MSP Product Overview. Why ServiceDesk Plus - MSP? Capability of Managing Multiple Client’s in one Help Desk Stop Juggling with multiple.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
High-Level Assessment Month Year

High-Level Assessment Month Year
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
........ Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.

Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
© 2010 VMware Inc. All rights reserved Access Control Module 8.

© 2010 VMware Inc. All rights reserved Access Control Module 8.
Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.

Access Control Module 8. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.
VARONIS OVERVIEW DATA GOVERNANCE & SECURE FILE SHARING JUNE 5, 2013 Presented By: Dietrich Benjes VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

VARONIS OVERVIEW DATA GOVERNANCE & SECURE FILE SHARING JUNE 5, 2013 Presented By: Dietrich Benjes VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

Unify and Simplify: Security Management

Unify and Simplify: Security Management
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google