Professional Documents
Culture Documents
© BeyondTrust 2019
• Today’s Threat Landscape
Agenda
• The Problem
• Just-In-Time Privileged Access
Management (JIT PAM)
• Why every business needs JIT
PAM
• Technology Demonstration
© BeyondTrust 2019
|
TODAY’S
THREAT
LANDSCAPE
© BeyondTrust 2020
© BeyondTrust 2019
The Attack Surface Continues to Expand
NEAR FUTURE
Even More Priv. Accts
TODAY
On-Premise
• SaaS Admins
• Cloud Admins
• Roaming workstations
• Application Admins
• BYOD
• Cloud Mgmt. Platforms (AWS, Azure) • Privileged End Users
• Cameras, Sensors, Printers
• Virtualized Environments • Developers
• Shared Admin Accounts • DevOps & SecDevOps Tools
(VMWare, MSFT) • Machine Password & Keys
• Desktops (Windows, Mac) • Dynamic Virtual Environment
• Virtualized Machines (Unix, Linux,
• Servers (Unix, Linux, Windows) • Containers
Windows)
• Industrial Control Systems • Microservices
• SaaS Apps (Facebook, LinkedIn,
• Security Infrastructure
Custom)
• Network Infrastructure
• Applications & Application Servers
• Databases & Database Servers
• Machine Credentials (AtoA)
• Hypervisors & Virtual Machine
DevOps &
Automation
Workstations
Cloud
Infrastructure
Management
& Applications
& Operations
©BeyondTrust 2020 | 5
DevOps &
Automation
Workstations
Cloud Infrastructure
Management & Applications
& Operations
Traditional
Password Management
encompasses
two attack vectors.
©BeyondTrust 2020 | 6
Cloud
Management DevOps &
& Operations Automation
Workstations
Infrastructure
& Applications
Mobile
Devices
&
Next Gen But today’s attack vectors
Tech are very different from
the past.
©BeyondTrust 2020 | 7
DevOps &
Automation
Workstations
Cloud Infrastructure
Management & Applications
& Operations
© BeyondTrust 2019
The Impact
Unmanaged privileges and accounts leave the door open for hackers.
vulnerabilities are
vulnerabilities are of breaches start with of breaches are the result of companies aren’t
associated with
associated with excess
excess stolen and/or weak of privilege account adequately tracking
admin rights1 1 passwords2 abuse or misuse3 privileged access4
admin rights
Source: 1. 2020 Microsoft Vulnerabilities Report, BeyondTrust | 2. 2018 Privileged Access Threat Report, BeyondTrust
3. “The Forrester WaveTM: Privileged Identity Management, Q3 2016 | 4. Forrester. “2019 Data Breach Investigations Report” Verizon
10
THE PROBLEM
© BeyondTrust 2020
© BeyondTrust 2019
Always-On
Accounts Admin or Root Accounts
• always enabled
-and- • always have the entitlements & privileges
Persistent • can always perform privileged tasks on
Privileged Access an asset
Always-on (24x7) =
• always “fully-loaded”
• always ripe for abuse
The Attack Vector
Compromise an Always-On
Account (Identity)
Gain Administrative or
Root Privilege Access
Threat Actor
Goal
Users, processes, applications, and systems Users, processes, applications, and systems
have “just enough” rights and access to have “just enough” rights and access - and for
perform appropriate actions no longer than necessary - to perform
appropriate actions.
#
© BeyondTrust 2019
JUST IN TIME
PRIVILEGED ACCESS MANAGEMENT
Never Always On,
Always Just In Time
© BeyondTrust 2020
© BeyondTrust 2019
By 2024, 50% of organizations will have
implemented a just in time (JIT) privileged access
model, which eliminates standing privileges,
experiencing 80% fewer privileged breaches than
those that don’t.
© BeyondTrust 2020
“Just-In-Time” (JIT) Concept
• Just-In-Time manufacturing strategy –
designed to minimize costs by reducing the in-
process inventory level.
17
© BeyondTrust 2018
JIT PAM in Action PRIVILEGES REMOVED
• Access Certification
TRIGGERS • Reporting
• Auditing
• Workflow • Regulatory Compliance
• Context-Aware
• Entitlements
• Multi-Factor Authentication POLICIES
19
© BeyondTrust 2018
©BeyondTrust 2020 | 20
BeyondTrust JIT PAM: Solution Mapping
PRIVILEGE PASSWORD & ENDPOINT PRIVILEGED SECURE REMOTE
SESSION MANAGEMENT MANAGEMENT ACCESS
TRIGGERS
Entitlements
Workflow
Context Aware
Multi-Factor
METHODS
Account Creation
& Deletion
Group Membership
Privilege
Impersonation
Disabled Administration
Accounts
Tokenization
https://bit.ly/32lToSW
THANK YOU
FOLLOW US ON
© BeyondTrust 2019