Transcription
THYCOTICPARTNER PLAYBOOK
YOUR CUSTOMERSWANT AN EASY WAYTO GOVERNPRIVILEGEDACCOUNTSHELP THEM KEEP ATTACKERS OUT ANDTHREATS CONTAINEDFrom phishing attempts to the latest breed of malware, privilegedaccounts play a key role in the majority of today’s most commonattacks. To stay secure, your customers need a better understandingof how their accounts are used – and an easy way to remove privilegeswhen they’re not necessary.PRIVILEGED ACCOUNT MANAGEMENTwith Thycotic Secret ServerTake control of the most important accountsYour customers are struggling to keep up with hundreds ofprivileged accounts – it’s hard to know where they are, let alonewho is using them at a given moment.With Privileged Account Management (PAM), give them a wayto secure and monitor every account, from admin credentials toservice accounts and default logins.LEARN MORE ABOUT PAMENFORCING LEAST PRIVILEGEwith Thycotic Privilege ManagerEliminate the risk of escalationYour customers want to give users the level of access they need– so they’re erring on the side of caution and giving endpointsprivileged access for no good reason.With a better approach to least privilege enforcement, give theman automated, effortless way to remove unnecessary privilegesand set the ideal security policy for every application.LEARN MORE ABOUT LEAST PRIVILEGE ENFORCEMENTThycotic Partner Playbook2
PRIVILEGE ACCOUNT MANAGEMENTUNDERSTANDINGTHE THREATTHE DANGERS THAT YOUR CUSTOMERS FACENumerous Privileged AccountsOn average, a company has three or four times moreprivileged accounts than employees. The sheer volume ofpasswords is hard to manage and monitor.Unknown And Unmanaged PasswordsThe risk doesn’t just come from the administrativepasswords IT teams are using. It’s in the service andapplication accounts that many administrators are entirelyunaware of.Insider And Outsider ThreatsAn external attacker could breach an account to accesscritical systems and confidential data.Meanwhile, malicious insiders and former employees coulduse known credentials to target an organisation.PRIVILEGED ACCOUNTS THAN EMPLOYEESThycotic Partner Playbook PAM3
UNDERSTANDINGYOUR CUSTOMER’SCHALLENGESWHAT MAKES SECURING PRIVILEGED ACCOUNTSSO DIFFICULT?Poor VisibilityWith so many privileged accounts created ‘out of the box’ bydefault, or used solely by operating system services, mostorganisations don’t even know how many privilegedaccounts they have. So they can’t hope to monitor andsecure them effectively.Shared PasswordsPrivileged accounts are often shared between multipleusers. This creates several key challenges including: Communicating passwords insecurely (like listing themin an Excel spreadsheet) Tracking who is really accountable for a given actionusing a privileged accountProductivity Versus Password PolicyEnforcing policies on the most critical passwords getsin the way of productivity. Every enforced rotation orauthentication step runs the risk of slowing people down asthey try to work.Thycotic Partner Playbook PAM4
ADDRESSINGYOUR CUSTOMER’SNEEDSWHAT THE ANSWER TO PRIVILEGED ACCOUNTMANAGEMENT LOOKS LIKEThe most complete guide to effective PrivilegedAccount Management comes from hackersthemselves. According to the Black Hat SurveyReport, they identify five key ways to improvepassword security.Limit admin access to systems, adopting a leastprivilege strategy where elevated permissionsare only available when they’re really essential.Protect privileged accounts with strong securityand detailed auditing – not in an open, manual systemlike a spreadsheet.Extend IT security awareness training, so peopleunderstand the dangers of exposingprivileged accounts.Limit unknown applications with strict passwordpolicy enforcement on all application accounts.Protect user passwords with security best practices– strong policies, regular resets, and granular logs.Thycotic Partner Playbook PAM5
PRIVILEGEDACCOUNTMANAGEMENTAN EVOLVING PRIORITY IN IT SECURITYAND COMPLIANCEIn every organisation, passwords are the keys tocritical systems and confidential data. And somepasswords are more powerful – and more desirable– than others.Privileged accounts are the ones that offer the greatest levelsof systems access. On Windows, they’re admin accounts,Active Directory service accounts, and domain adminaccounts. On UNIX, they’re typically root accounts – althoughuser accounts can be modified to offer elevated permissions.These privileged accounts are an attacker’s most covetedtarget – and 80%* of all breaches involve privilege abuseof some kind.We can give you the tools to have that conversation.80* The Forrester Wave: Privileged Identity Management, Q4 2018Thycotic Partner Playbook PAM6
THYCOTICSECRET SERVEROUR RECOMMENDED PRIVILEGED ACCOUNTMANAGEMENT PLATFORMThycotic Secret Server automatically detects privileged accountsacross a Windows or UNIX infrastructure, then stores thosepasswords in a centralised vault with AES 256-bit encryption andtwo-factor authentication.With all passwords retrieved from this central repository, yourcustomers can confidently raise security without compromisingon productivity or ease of access.End-To-EndPasswordSecuritySecret Servermakes it easy foryour customers to: Discoverpasswords Store themsecurely Enforce passwordpoliciesPasswordProtectionTo SupportComplianceSecret Server helpsyour customerscomply withstandards like: PCI DSS GDPR ISO 27001 Cyber EssentialsFrom Leaders InPrivileged AcountManagementThycotic SecretServer is alreadybeing used by morethan 180,000 ITadmins and morethan 7,500customers –including 20% inthe Fortune 500 –every day. Monitor howpasswords areused withindividualaccountabilityThycotic Partner Playbook PAM7
LEAST PRIVILEGE ENFORCEMENTUNDERSTANDINGTHE THREATWHY OVER-PRIVILEGED ACCOUNTS ARESO DANGEROUSMalware and RansomwareMalicious applications start on the endpoint. If thatendpoint has the necessary privileges, applications thatoften irreversibly disrupt and damage businesses canrun rampant.And with so many new and previously unknown threats,your customers can’t always depend on detection.Privilege EscalationA common technique, hackers start with a low-level,limited access account on the endpoint – then look foropportunities to escalate those privileges for wider systemand network access.And when breaches sit undetected, they potentially havemonths to find their next opportunity.Shadow IT and Rogue InsidersThe people inside a business remain a serious source of risk.With unnecessary privileges on the endpoint, unapprovedsoftware can leave systems exposed to a whole range ofexternal threats.And, if an end-user turns rogue, privileges on the endpointcan be quickly weaponised.Thycotic Partner Playbook Least Privilege Enforcement8
UNDERSTANDINGYOUR CUSTOMER’SCHALLENGESThe current position is unknownDefault configurations and poor account tracking mean thatendpoints are rife with over-privileged accounts.But discovering and cataloguing all of these accounts is ahuge undertaking – let alone making an informed decidingwhether they’re really necessary.WHY ENFORCING LEAST PRIVILEGE IS SO DIFFICULTToo many applications to manageAcross every operating system, device and endpoint, thereare too many applications for anyone to manually control.For your customers, it’s easy to focus on fighting fires thanprevention when manually creating whitelists and blacklistswould require a big investment.Productivity must be protectedYour customers want to give their employees everythingthey need to stay productive – and are concerned thatremoving privileges might become an obstacle.They need a way to make intelligent decisions aboutevery application, based on user roles and context, not aone-size-fits-all allow/deny rule.Thycotic Partner Playbook Least Privilege Enforcement9
LEAST PRIVILEGEENFORCEMENTLIMITING ACCESS ON THE MOST EXPOSED PART OFTHE NETWORKEndpoints are by far the most vulnerable part of thenetwork. They’re the place where users open emails,run executables, and click around on the web despitethe best attempts to train them on security bestpractice. After all, their priority is productivity.The only way for your customers to lock their endpointsdown is to take more control of privileges. To give everyuser on every endpoint the level of access they need to getthe job done – and not an ounce more. But with so manyendpoints to manage, new applications to provision, anddefault configurations to change, enforcing least privilegecan become a time-consuming, costly task.THE ANSWER:AUTOMATION ANDAPPLICATION CONTROLThycotic Partner Playbook Least Privilege Enforcement10
THYCOTICPRIVILEGEMANAGERA MORE PRACTICAL WAY TO ENFORCE LEAST PRIVILEGEBuilt for ease of use and simple policy-based enforcement,Thycotic Privilege Manager detects applications on endpoints,identifies them, and allows just the right level of access. It’scontrol centred on individual applications, not users or endpoints.As a result, your customers can remove unnecessary privilegesfrom their endpoints, dramatically reducing their risk. If anexternal attacker or rogue insider were to gain access to theendpoint, they’d be unable to escalate their privileges for wideraccess to the system and network.Take controlof endpointsThycotic PrivilegeManager helps yourcustomers to: Understand what isbeing run onendpoints basedon smart applicationrecognition Removeunnecessaryprivileges andblacklist or whitelistapplications Report onapplication usage –ideal for compliancewith standardslike GDPRThycotic Partner Playbook Least Privilege EnforcementEnforcementmade easyThycotic PrivilegeManager saves yourcustomers time with: Automatedapplicationdiscovery Policy templatesto streamlinedeploymentFrom the leadersin least privilegeThycotic PrivilegeManager comes fromthe specialists atThycotic – and canbe easily integratedwith Thycotic SecretServer to combine leastprivilege enforcementwith centralisedPrivileged AccountManagement. A centraliseddashboard fordefining policiesand responding toaccess requests11
THYCOTICPARTNER BENEFITSGET PRACTICAL TOOLS AND SUPPORT TO DRIVEYOUR SALESThycotic may provide a world-leading product for PAM, but we knowit takes more to reach customers and tell them about everythingThycotic has to offer. That’s why we provide extensive support tohelp you achieve more.An in-demand newaddition to your portfolioWith privileged accountsinvolved in so many breaches,demand for effective PAM isrocketing. With the marketleaders at Thycotic, you canoffer a highly-effective solutionthat your customers will want– with margins you’ll love.Sales supportand incentivesAs a partner, your salessupport goes beyond adedicated sales team anddetailed partner resources.Special events like head-tohead Beat the Caller Dayswhere your team competeswith one of our Thycoticexperts, are a great sales andperformance incentive togenerate more leads.Find Out MoreReady-mademarketing campaignsand collateralTo help you reach moreprospects – and convert them– you can take advantage of anentire suite of marketing tools.With campaigns that coverevery stage of your buyer’sjourney, there everything youneed to tell the world.Find Out MoreProactive support fromThycotic and AlphaGenerationWith Thycotic and AlphaGeneration, you’ll get hands-onhelp whenever you need it: Specialist channelexpertise Deal registration tomake sure you’realways rewarded Partner portal access foruseful resources Ongoing sales andtechnical supportThycotic Partner Playbook12
Find out more at www.alpha-gen.co.ukOr call Alpha Gen on 01777 852222 2019 Alpha Generation Distribution Ltd. All Rights Reserved. All trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.
Thycotic Privilege Manager saves your customers time with: Automated application discovery Policy templates to streamline deployment A centralised dashboard for defining policies and responding to access requests Thycotic Privilege Manager comes from the specialists at Thycotic - and can be easily integrated with Thycotic Secret
