Enemy from Within: Managing and Controlling Access
3 likes732 views
The document discusses the importance of managing access controls to prevent data breaches, highlighting various scenarios where weak security measures failed, such as weak passwords and advanced phishing attacks. It emphasizes the need for robust identity and access management (IAM) and privileged access management (PAM) to mitigate risks, including implementing multi-factor authentication and continuous monitoring. Additionally, it outlines the role of organizations in protecting their sensitive data from both insider and external threats.
Enemy from Within: Managing and Controlling Access
- 1. Enemy from Within: Managing and Controlling Access Dr. Eric Cole Author, SANS Top 20 Critical Controls Morey J. Haber VP of Technology, BeyondTrust Joe Gottlieb SVP Corporate Development, SailPoint
- 2. Is Your Access Control Hacker Proof? OR Are You One Click Away From a Breach? Dr. Eric Cole 2
- 3. The difference between a minor breach and a major breach is based off of what information the adversary was able to obtain access to. The question you need to ask is how effective is your access control? 3
- 4. Scenario 1 – Weak Password SCENARIO An attacker finds a web portal that allows access to your network. The access is based on a username and password. Account harvesting is done via social media and password cracking is performed. A weak password is cracked to obtain access WHAT FAILED Password controls and policies Monitoring and detection of password cracking REMEDIATION Account lockout Strong password policy with enforcement 4
- 5. Scenario 2 – Compromised Credentials SCENARIO User does not properly protect their credentials and leaves their computer unlocked at a hotel, airport or coffee shop. Adversary is able to compromise the system and gain access to both local and network based data stores WHAT FAILED User awareness System lockdown Account monitoring REMEDIATION Utilize multi-factor authentication Enabled screen lockout Limit or monitor access when connected to public networks 5
- 6. Scenario 3 – Uncontrolled Data SCENARIO Data is constantly copied and stored on multiple systems throughout the organization. No one has idea where the information is located except an adversary. From the DMZ the adversary is able to access and compromise sensitive information. WHAT FAILED Data classification No control of data access or permissions REMEDIATION Data discovery Segmentation Data flow analysis 6
- 7. Scenario 4 – Advanced Phishing SCENARIO User receives an email believing it is from their boss who is on vacation will all content being valid and legitimate but attachment contains malicious code Since boss is away, email cannot be verified and system becomes compromised with no remediation WHAT FAILED Email filtering and monitoring Controlling and managing access Privilege escalation REMEDIATION Controlling access Limiting executable content 7
- 8. Scenario 5 – Malicious External SCENARIO External adversary targets systems on the DMZ and compromises the server as a pivot point. From the DMZ they perform lateral movement and ultimately compromise sensitive information from the database WHAT FAILED Provision management Entitlements Timely detection REMEDIATION Access control Data classification Data monitoring 8
- 10. Your Organization • Resources • Identities • Entitlements Interaction Between Assets and Users Can Represent Risk 10
- 11. Enemy from Within… • Insider Threats • External Threats All Breaches and Exfiltration of Sensitive Data Need to Leverage Vulnerabilities and/or Privileges 11
- 12. Critical Questions for Managing Risk Identity & Access Management (IAM) and Privileged Access Management (PAM) Who has access to what? Is that access appropriate? Is that access being used appropriately? PAMIAM 12 How is that access changing over time?
- 13. How do IAM and PAM Fit Together? Deep Controls for Privileged AccountsBroad Governance for All Accounts CONTINUOUS MONITORING SESSION CONTROL ACCESS CONTROL DISCOVERY PROVISIONING ACCESS CERTIFICATION ACCESS REQUESTS CREDENTIAL LOCK DOWN IAM PAM 13
- 14. Combining IAM and PAM for Comprehensive Control Broad Governance for All Accounts + Deep Controls for Privileged Accounts CONTINUOUS MONITORING SESSION CONTROL ACCESS CONTROL DISCOVERY PROVISIONING ACCESS CERTIFICATION ACCESS REQUESTS CREDENTIAL LOCK DOWN Mobile Devices Security AppliancesDatabase s Operating Systems SaaS & Cloud Network DevicesDirectoriesStorageSCADAMainfram e 14
- 15. SailPoint Identity & Access Management 15 Compliance Manager Lifecycle Manager Password Manager Dashboards Reporting Analytics Policy Model Identity Warehouse Role Model Workflow Engine Risk Model 3rd Party Provisioning Mobile Device Management IT Service Management IT Security Identity Intelligence Unified Governance Platform Cloud Apps On-prem Apps Directory Services Structured Data Unstructured Data Scenario 1: Weak Password Scenario 3: Uncontrolled Data Scenario 4: Advanced Phishing Scenario 5: Malicious External
- 16. Reduce user-based risk and mitigate threats to information assets 3 Address security exposures across large, diverse IT environments 3 Comply with internal, industry and government mandates 3 The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively: BeyondTrust Privilege Management Platform 16 Scenario 1: Weak Password Scenario 2: Compromised Credentials Scenario 4: Advanced Phishing Scenario 5: Malicious External
- 17. Summary • Attacks are increasingly proactive, sophisticated and opportunistic • To minimize risk, enterprises must master the complexity of access • IAM and PAM can be combined to achieve comprehensive control 17
- 18. Poll
- 19. Thank you for attending today’s webinar! Dr. Eric Cole Author, SANS Top 20 Critical Controls Morey J. Haber VP of Technology, BeyondTrust Joe Gottlieb SVP Corporate Development, SailPoint