CyberArk Endpoint Privilege Manager
1y ago
20 Views
1 Downloads
4.07 MB
26 Pages
Report/dmca
Download PDF

Transcription

CyberLagomWhy Privileged Access is CISO’s #1 priority14 April 2021Samira Zaker Soltani

Privileged Accounts What are they Why are they importantTAKEAWAYS Where do we find them CyberArk PAS solution demo Where do you start Prioritizing the onboarding roadmap

PRIVILEGED ACCOUNTSANY ACCOUNT EXCEEDING NORMALACCESS WHICH, IF COMPROMISED, WILLHAVE A HIGH IMPACT ON YOUR BUSINESSCyberLagom

GARTNER’S KEY PRIORITIES FOR IAM LEADERS IN 2021Nearly every successful security breach involves a failure ofprivileged access management (PAM).PAM is the combination of tools used to secure, control andmonitor privileged access to an organization’s criticalinformation and resources. And while it may not prevent aninitial breach, PAM can reduce or eliminate the impact of thebreach.CyberLagom

DID YOU KNOW 120 days80%The median time to discoverspilled credentials across 96 incidents.of All Breaches Involve Privileged CredentialsOften spills are discovered on the dark web beforeorganizations detect or disclose a breach.(The Forrester Wave: Privileged Identity Management, Q3 2016)(F5 Labs - 2021 Credential Stuffing Report)Stolen Credentials Have BeenBehind Some of the Largest andMost Costly Data Breaches.1.8 Billion(Equifax, U.S. Office of Personnel Management, Yahoo and more)(F5 Labs - 2021 Credential Stuffing Report)CyberLagomCredentials were stolen in 2020

PRIVILEGED ACCOUNT TAXONOMYCyberLagom

3X MOREPrivileged accounts than employeesCyberLagom

CyberLagom

HAVEIBEENPWNED?9

HAVEIBEENPWNED?10

CREATING BOUNDARIESCyberLagom

GARTNER 2020 PRIVILEGED ACCESS MANAGEMENT MAGIC QUADRANTCyberLagom

CYBERARK IDENTITY SECURITY PORTFOLIOWORKFORCEAND WORKSPACEIDAPTIVEAccess Management for MFA,SSO, and Lifecycle ManagementPRIVILEGEDACCESS MANAGEMENTPRIVILEGE CLOUDCORE PRIVILEGED ACCESS SECURITYSaaSOn-PremiseFoundational PAM Controls for Credential and Session ManagementENDPOINT PRIVILEGE MANAGERALEROLeast Privilege for Workstationsand Windows ServersThird Party Remote Access to CyberArk PAMCyberLagomSECRETSMANAGEMENTAPPLICATION ACCESS MANGERSecrets Management forApplications, Tools, Containers,and DevOps13

SITUATION WITHOUT PASENTERPRISERESOURCESJUMP SERVERS CyberLagomCredentials known to administratorsDirect access, leaving traces which can be abusedCredentials not rotated periodicallyComplex auditing and OUDINFRASTUCTURE

SITUATION WITH aultSIEM/SOC CyberLagomCredentials not known to anyone and securely stored in the vaultNo traces left behind on the end targetsCredentials are rotated periodicallyThreat analysis and automatic response

CYBERARK PRIVILEGED ACCESS SECURITY (PAS) PRODUCTSCore Privileged Access SecurityPrivileged CloudPSM & PSMfor SSHCPMVAULTPVWAWeb interfaceCyberLagomPTA16

ENTERPRISE-WIDE PRIVILEGE SECURITY POLICIESCISO AND IT LEADERS WANT TO CONSISTENTLY ENFORCE PRIVILEGE SECURITY POLICIES.BOTH FOR HUMAN & NON-HUMAN IDENTITIESConsistently Enforce Non-Human & Human Privilege Security Policies Across the EnterpriseVAULTOn-Prem Infrastructure and Apps(*NIX, Windows, zOS)App Servers andCustom AppsCyberLagomSecuritySolutionsIT MgtSoftwareRPAIaaSPaaSDevOps Tools

CyberLagom Demo time.

WONDERING WHERE TO START ?DNA ToolDiscovery & AuditCyberArk BlueprintCyberLagom

CYBERARK DNA SCAN Gain visibility of privileged accountsIn Windows, *nix, Mac, and then some more. Uncovered vulnerabilitiesIdentify machines vulnerable to credentialtheft attacks and assess the security risks. Clean up ancient credentialsDisable or change the high risk credentialswhich have not been changed for a long time. Requires: Executable without installation License file (Free) Connectivity and account to scan machinesCyberLagom20

THE CYBERARK BLUEPRINT21

CYBERARK PAM SUCCESS BLUEPRINT: 3 GUIDING PRINCIPLESPREVENTCREDENTIALTHEFTSTOP LATERAL& VERTICALMOVEMENTLIMIT PRIVILEGEESCALATION &ABUSE

RISK PRIORITIZATION METHODOLOGYHigh Impact,High EffortHigh Impact,Low EffortRISK REDUCTION(Quick Wins)Low Impact,High EffortEASE OF IMPLEMENTATIONLow Impact,Low Effort

BLUEPRINT STAGES DEEP DIVEPAM CapabilitiesGOALSTAGE 1FoundationalPrivilegedAccessManagementAdmins: Domain, VM,Windows Server local,IaaSSTAGE 3STAGE 4Focus on lockingdown the mostubiquitoustechnologyplatformsBuild PAS into thefabric of enterprisesecurity strategy andapplication pipelinesMature existingcontrols and expandinto advancedprivileged accesssecurityLook for newopportunities to goabove and beyondin securingprivileged accessAdmins: Network &Infra, Named DBA,Web Apps (Top),Business AppsAdmins: Mainframe,Web Apps (All),Business AppsAdmins: WorkstationLocal, Privileged ADUsers, *nix Root,CI/CDLeast PrivilegeSecretsManagementRisk ReductionSecure privileged IDswith the potential tocontrol an entireenvironmentSTAGE 2Concepts: CredBoundariesAdmins: *nix RootSimilar, 3rd PartyVendors, Out of Bandaccess, Database Built-InWorkstation (IT)3rd party Tools: C3Security Tools, MFA3rd party Tools: C3Business ToolsDynamic AppsWindows ServerWorkstation (All)Static AppsSTAGE 5Windows ServiceWindows Server*nix ServerStatic Apps (Adv)Limit PrivilegeEscalation& AbuseStop Lateral& ajorModerate

EXAMPLE PAM PROGRAM ROADMAPLegendCore PASEndpoint Privilege ManagerBlueprint Stages 1 & 2Phase 1 Domain AdminsLocal Admins C3 IntegrationsQ4Q1FY 2020Phase ALeast Privilege fornon-R&D workstationsBlueprint Stage 4Blueprint Stages 2 & 3Phase 4Phase 2 Q3Application Access ManagerPhase 6 Cloud Instances 3rd Party Vendor AccessCred BoundariesServer/WKS AdminsCloud ConsolesQ2Blueprint Stages 3 & 4 Strategy RefreshVMWare/VirtualizationNetwork DevicesRemote Access ilO/DRAC Apps Stage 1: DevOpsQ1Q4Q4Q1Phase BPhase 3 Root Root SSH Keys Other *NIXExpand Least Privilege toremainder of workstationsBlueprint Stages 3 & 4Q2Q3 FY 2023FY 2022FY 2021Blueprint Stages 2 & 3Q3Q2Phase 5 Built-In DB Accounts Personal DBA Accounts Oracle, MSSQLBlueprint Stages 3 & 4Phase 7Apps Stage 2: Enterprise WideHard Coded Credential RemovalBlueprint Stages 4 & 5Organization has auditfinding around least privilegeThe CyberArk Blueprint is NOT a definite roadmap. It is a series of recommendations to GUIDE roadmap design.CyberLagom

CyberLagomTHANK YOUSamira Zaker Soltaniszs@cyberlagom.com 31(0)682019193CyberLagom.com

GARTNER'S KEY PRIORITIES FOR IAM LEADERS IN 2021. CyberLagom . GARTNER 2020 PRIVILEGED ACCESS MANAGEMENT MAGIC QUADRANT. CyberLagom CYBERARK IDENTITY SECURITY PORTFOLIO 13 Access Management for MFA, SSO, and Lifecycle Management Least Privilege for Workstations and Windows Servers

Related Books

CyberArk Privilege Access Security Enterprise Password Vault

CyberArk Privilege Access Security Enterprise Password Vault

Endpoint Privilege Manager - ISC)2 East Bay Chapter

Endpoint Privilege Manager - ISC)2 East Bay Chapter

Assurance Activity Report For CyberArk Privileged Account .

Assurance Activity Report For CyberArk Privileged Account .

CYBERARK GLOBAL ADVANCED THREAT LANDSCAPE REPORT . - CIO Academy Asia

CYBERARK GLOBAL ADVANCED THREAT LANDSCAPE REPORT . - CIO Academy Asia

IBM Endpoint Manager: Configuration Guide

IBM Endpoint Manager: Configuration Guide

TEXAS RULES OF EVIDENCE - txcourts.gov

TEXAS RULES OF EVIDENCE - txcourts.gov

CyberArk Webservices SDK Integration

CyberArk Webservices SDK Integration

DEPLOYMENT GUIDE Fortinet FortiSIEM and CyberArk

DEPLOYMENT GUIDE Fortinet FortiSIEM and CyberArk

CyberArk Enterprise Password Vault (EPV)

CyberArk Enterprise Password Vault (EPV)

Integration Guide CyberArk - Rapid7

Integration Guide CyberArk - Rapid7

Account Security Solution Symantec VIP Integration Guide .

Account Security Solution Symantec VIP Integration Guide .

PopularTags

Recent Views