Professional Documents
Culture Documents
Dave Shackleford
Founder, Voodoo Security
Introduction
Weve had some bad years, folks.
Attackers have had their way with us, and
were not necessarily getting better.
This headlineis from 2009.
Breachesand privileges?
The Verizon 2014
Data Breach
report highlighted
some startling
facts:
11,698 incidents
of insider abuse or
privilege abuse
112 of these had
confirmed data
disclosure
Privilege abuse in real breaches?
Target and Home
Depot 3rd party
account
compromise
Code Spaces
admin account
portal compromise
Think these had privileges?
The Solution?
Verizon says:
Source: http://searchsecurity.techtarget.com/news/2240221047/Enterprises-fear-insiders-but-lack-privileged-user-controls
How to Address Privileged User
Monitoring/Management
How can organizations address Privileged
User Monitoring (PUM)?
Look for manual processes tracking privilege
use (think spreadsheets)
Centralize privilege management in one place
(with one technology, if possible)
Look for tools that integrate with user stores
and accommodate multiple platforms
Develop regular audit reports that are
automated and delivered to risk teams
First Things First
What types of users do you have?
Local users
Central directory users
App-specific users
Cloud/service account
All of the above (likely)
Determine where user accounts are being
leveraged, and who manages them
Get Back to the Source
Do you have a central provisioning
process?
Who manages this?
Often a combination of IT and HR
Look at role definitions and who approves
them for new users
Are the roles up to date? Do they reflect
the reality of business use cases?
Auditing and Monitoring
Determine where audit trails can be found
related to logins and privilege account use
Developing profiles and patterns of
privileged account use takes time, but is
worth itthis is understanding your
business AND vulnerabilities
Are accounts being misused?
Train employees
Train employees in the proper use of
elevated access privileges, including
logging out after performing tasks that
require them.
If standard laptop and desktop privileges
are excessive, these should be removed
This will also require training and may result
in nasty political battles
Additional points
Enforce separation of duties and least
privilege
Implement strict password and account-
management policies and practices
Termination policies are key here
Know thy system/network/app admins!
These people should be identified and
monitored from Day 1.
One last note: Local Accounts
These have to GO
Using standard local accounts (root,
Admin, etc.) severely limit the controls you
can implement on privilege use
Consider a privileged user management
platform that can facilitate account
checkout and short-term use
This will also help with auditing and
monitoring
Conclusion
Ready for a fight?
Changing privilege use and (maybe) taking
away some of them will lead to some
You can do this, though there are
solutions out there and the key is to just
get started!
We can help out many other facets of
security by getting privilege use under
control
BeyondTrust Privileged Account
Management Solutions
Closing the privilege gap between users and the business
18
18
Once inside threat actors move laterally using
exposed vulnerabilities
430+ million
individuals and
records
affected in 2014
>$150 million
in fines and lost
business (not
including costs
of compliance)
19
19
What are the options?
20
20
The problem is clear
21
21
Closing the gap between users and the business
22
22
Introducing PowerBroker Privilege Account
Management Solutions
23
23
Gaining a better understanding of IT risk
Retina PowerBroker
Vulnerability Management Privileged Account Management
Enterprise Privileged
Network Security Privilege
Vulnerability Password
Scanner Management
Management Management
BeyondSaaS
Web Security Active Directory Auditing &
Cloud-Based
Scanner Bridging Protection
Scanning
Active
Network Applications Network Applications
Servers & Virtual & Servers & Virtual & Directory/
Infra- & Mobile Infra- &
Desktops Cloud Desktops Cloud Exchange/
structure Databases structure Databases
File Sys
24
24
PowerBroker Privileged Account Management:
Validated by the industry
BeyondTrust is a representative vendor for all five key
feature solution categories.1
1Gartner, Market Guide for Privileged Account Management, June 17, 2014.
2Ovum, SWOT Assessment: BeyondTrustThe BeyondInsight and PowerBroker Platform,
November 5, 2014.
3TechNavio, Global Privileged Identity Management Market 2015-2019, 2014. 25
4Frost & Sullivan, PowerBroker Password Safe a Frost & Sullivan Product Review, 2014.
25
5Forrester, Introducing Forresters Targeted Hierarchy of Needs, May 15, 2014.
Why PowerBroker Privileged Account Management
Solutions?
Broadest capabilities available in the market password, server,
Validated by customers and
26
26
Next steps
Learn more about the PowerBroker Privileged Account
Management solutions
Read case studies, white papers, recorded demos, and more
Learn about whats new in the latest version
Read what the analysts think
Gartner
Ovum
Start a free trial of one of our PowerBroker Privileged
Account Management solutions
27
27
Quick Poll
Would you like to receive a free trial for any of our PAM
solutions?
28
28
Questions?