2015: The Year You Finally Get

Control of Privileged Users

Dave Shackleford
Founder, Voodoo Security
 Introduction
Weve had some bad years, folks.
Attackers have had their way with us, and
were not necessarily getting better.
This headlineis from 2009.
 Breachesand privileges?
The Verizon 2014
Data Breach
report highlighted
some startling
facts:
11,698 incidents
of insider abuse or
privilege abuse
112 of these had
confirmed data
disclosure
Privilege abuse in real breaches?
Target and Home
Depot 3rd party
account
compromise
Code Spaces
admin account
portal compromise
Think these had privileges?
 The Solution?
Verizon says:

Thanks, Captain Obvious!

 Preventing Insider Abuse
Preventing insider abuse involves the
following:
Enforce separation of duties and least privilege.
Implement strict password and account-
management policies and practices.
Log, monitor, and audit employee online actions.
Use extra caution with system administrators and
privileged users.
Lets focus on the last one - privileged user
management
 Privileged User Management
Privileged Users
A user with allocated powers within the computer
system which are significantly greater than those
available to the majority of users
Includes system administrators, network
administrators, and database administrators
Responsibilities may include keeping the system
available
May need powers to create new user profiles,
add or change the privileges and access rights of
existing users.
 Privileged User Controls
Are Still Lacking
A 2014 Ponemon Institute report signals
that 88% of 700 survey respondents felt
that privileged user risk would continue
now and in the future.

Source: http://searchsecurity.techtarget.com/news/2240221047/Enterprises-fear-insiders-but-lack-privileged-user-controls
How to Address Privileged User
Monitoring/Management
How can organizations address Privileged
User Monitoring (PUM)?
Look for manual processes tracking privilege
use (think spreadsheets)
Centralize privilege management in one place
(with one technology, if possible)
Look for tools that integrate with user stores
and accommodate multiple platforms
Develop regular audit reports that are
automated and delivered to risk teams
 First Things First
What types of users do you have?
Local users
Central directory users
App-specific users
Cloud/service account
All of the above (likely)
Determine where user accounts are being
leveraged, and who manages them
 Get Back to the Source
Do you have a central provisioning
process?
Who manages this?
Often a combination of IT and HR
Look at role definitions and who approves
them for new users
Are the roles up to date? Do they reflect
the reality of business use cases?
 Auditing and Monitoring
Determine where audit trails can be found
related to logins and privilege account use
Developing profiles and patterns of
privileged account use takes time, but is
worth itthis is understanding your
business AND vulnerabilities
Are accounts being misused?
 Train employees
Train employees in the proper use of
elevated access privileges, including
logging out after performing tasks that
require them.
If standard laptop and desktop privileges
are excessive, these should be removed
This will also require training and may result
in nasty political battles
 Additional points
Enforce separation of duties and least
privilege
Implement strict password and account-
management policies and practices
Termination policies are key here
Know thy system/network/app admins!
These people should be identified and
monitored from Day 1.
 One last note: Local Accounts
These have to GO
Using standard local accounts (root,
Admin, etc.) severely limit the controls you
can implement on privilege use
Consider a privileged user management
platform that can facilitate account
checkout and short-term use
This will also help with auditing and
monitoring
 Conclusion
Ready for a fight?
Changing privilege use and (maybe) taking
away some of them will lead to some
You can do this, though there are
solutions out there and the key is to just
get started!
We can help out many other facets of
security by getting privilege use under
control
 BeyondTrust Privileged Account
Management Solutions
Closing the privilege gap between users and the business

18

18
 Once inside threat actors move laterally using
exposed vulnerabilities

430+ million
individuals and
records
affected in 2014

>$150 million
in fines and lost
business (not
including costs
of compliance)

19

19
 What are the options?

20

20
 The problem is clear

Gap between protecting

the organizations critical
data and enabling users
and admins to be
productive

21

21
 Closing the gap between users and the business

Deliver both broad and deep privileged account

management capability across every scenario
Provide detailed reporting for multiple
stakeholders, delivering the visibility and insights to
mitigate security and compliance concerns and
tighten up operational practices
Align with other security solutions, providing a more
complete picture of IT risk management in context

22

22
 Introducing PowerBroker Privilege Account
Management Solutions

PowerBroker Comprehensive privilege

Privileged Account Management
account management
Privileged
Password
Privilege delivered as modules in an
Management
Management integrated platform
Deep analytical insights
Active Directory Auditing &
Bridging Protection for better decision making
Active
Extensible across the
Network Applications
Infra-
structure
Servers &
Desktops
&
Databases
Virtual &
Cloud
Directory/
Exchange/
security landscape
File Sys

23

23
 Gaining a better understanding of IT risk

Retina PowerBroker
Vulnerability Management Privileged Account Management

Enterprise Privileged
Network Security Privilege
Vulnerability Password
Scanner Management
Management Management

BeyondSaaS
Web Security Active Directory Auditing &
Cloud-Based
Scanner Bridging Protection
Scanning

Active
Network Applications Network Applications
Servers & Virtual & Servers & Virtual & Directory/
Infra- & Mobile Infra- &
Desktops Cloud Desktops Cloud Exchange/
structure Databases structure Databases
File Sys

24

24
 PowerBroker Privileged Account Management:
Validated by the industry
BeyondTrust is a representative vendor for all five key
feature solution categories.1

Deploying the BeyondTrust PAM platform provides an

integrated, one-stop approach to PAM one of only a small
band of PAM providers offering end-to-end coverage.2

BeyondTrust is a pure-player in the Global Privileged Identity

Management market and holds a significant position in the
market.3

"Frost & Sullivan endorses PowerBroker Password Safe.4

"Leverage a solution like BeyondTrusts PowerBroker for

Windows to transparently remove administrator privileges.5

1Gartner, Market Guide for Privileged Account Management, June 17, 2014.
2Ovum, SWOT Assessment: BeyondTrustThe BeyondInsight and PowerBroker Platform,
November 5, 2014.
3TechNavio, Global Privileged Identity Management Market 2015-2019, 2014. 25
4Frost & Sullivan, PowerBroker Password Safe a Frost & Sullivan Product Review, 2014.
25
5Forrester, Introducing Forresters Targeted Hierarchy of Needs, May 15, 2014.
 Why PowerBroker Privileged Account Management
Solutions?
Broadest capabilities available in the market password, server,
Validated by customers and

BeyondPoint: A desktop, bridge and more

broad and deep Single platform for central policy management and reporting
solution family Modular and integrated approach adopt what you need when you
need it
analysts alike

BeyondReporting: Secure audit trails with full session recording

Analytics across Extensive compliance reporting
the environment Drive better, more informed security decisions

BeyondPrivilege: Tightly integrated with vulnerability management through

Better BeyondInsight IT Risk Management Platform
understanding of Patented technology = industry leadership
threats 25 years of experience

26

26
 Next steps
Learn more about the PowerBroker Privileged Account
Management solutions
Read case studies, white papers, recorded demos, and more
Learn about whats new in the latest version
Read what the analysts think
Gartner
Ovum
Start a free trial of one of our PowerBroker Privileged
Account Management solutions

27

27
 Quick Poll
Would you like to receive a free trial for any of our PAM
solutions?

28

28
 Questions?

Thanks for coming!