SlideShare a Scribd company logo

kill-chain-presentation-v3

Download as PPTX, PDF
S
Shawn Croswell

1) Privileged identity, such as system administrator accounts, is the core enabler of cyber attacks according to security reports. 2) Existing security layers like firewalls and antivirus have been breached in major data breaches involving companies like Target and Home Depot. 3) A new security layer focused on privileged identity management (PIM) is needed to protect privileged accounts and help break the cyber attack kill chain.

1 of 30
Downloaded 41 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Privileged Identity – The Core of the Kill Chain Shawn Croswell, CISSP Senior Security Engineer scroswell@xceedium.com @shawncroswell on Twitter
© Copyright 2015, Xceedium, Inc. 2 Introducing Xceedium Best Overall IT Company Best Privileged Access Management Solution Best Privileged Access Management Solution Gold: Innovations in Cloud Security Silver: Innovations in Privileged Identity Management  Leading Privileged Identity Management solution for hybrid enterprises  Global Fortune 1000 and US government customer base  Headquartered in Herndon, VA  Flagship Product - Xsuite® February 2015
 High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed Symantec Internet Security Threat Report 2014 © Copyright 2015, Xceedium, Inc. 3 2013 – Year of the Mega Breach 62% Increase in Breaches (YoY) 552 Million Identities Compromised February 2015
 High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed February 2015 © Copyright 2015, Xceedium, Inc. 4 2013 – Year of the Mega Breach 40% Population of South Korea had personal data exposed 150 Million Records compromised in a single breach (Adobe)
95% Percent of all attacks on enterprise networks are a result of spearfishing attempts Percent of scanned public websites contained a vulnerabilities that could be exploited 77%  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed SANS/Symantec © Copyright 2015, Xceedium, Inc. 5 2013 – Year of the Mega Breach February 2015
 3 of top 10 breaches of all time  Home Depot - 56 million credit cards stolen ($4.3 billion loss in market cap) • Compromised privileged credentials used to deploy custom malware on self-checkout systems  CodeSpaces - forced out of business • Privileged credential breach of AWS account  Sony Pictures –pulled movie release • Unprecedented waterfall effect 6 2014 – High Profile Breaches Accelerate © Copyright 2015, Xceedium, Inc.February 2015
The Common Thread? “Stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all advanced attacks, regardless of attack origin.”
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 10+ Years of Global Breach • * Source- February 2015 © Copyright 2015, Xceedium, Inc. Adobe 152,000,000 AOL 2,400,000 JP Morgan Chase 76,000,000 Community Health Services Gmail Sony AOL 92,000,000 Ebay 145,000,000 Home Depot 56,000,000 Mozilla Japan Airlines Target 70,000,000 Staple sUPS Evernote 50,000,000 NASDAQ Niemen Marcus Korea Credit Bureau European Central Bank Telcom Telcom Telcom Telcom Telcom TelcomTelcom Telcom Telcom Telcom Telcom Telcom Telcom Living Social 50,000,000 Massive American Business Hack 160,000,000 Sony PSN 77,000,000 UbiSoft Ubuntu Telcom Court Ventures 200,000,000 Zappos 24,000,000 Compass Bank Citigroup TJ Maxx 94,000,000 VA 26,500,000 Monster.com KDDI Fidelity Bank US Military 76,000,000 AOL 20,000,000 Card systems Solutions AT&T Telcom Telcom Jefferson County Telcom Telcom Apple Telcom NHS VA Dept Health Telcom US Nat Guard Telcom Telcom Heartland 130,000,000 RockYou! 32,000,000 Telcom CheckFree Telcom US Military Telcom Telcom AT&T JP Morgan Telcom Telcom Telcom Telcom Anthem 80,000,000
Hacker Malware/APT © Copyright 2013, Xceedium, Inc. 9 What is Privileged Access? On Premise Employees/Partners • Systems Admins • Network Admins • DB Admins • Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/A pplication Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator Internet
© Copyright 2015, Xceedium, Inc. 10 Who are Privileged Users? Ponemon Institute, June 2014 February 2015
11 Existing Security Layers Have Been Breached Melissa, Code Red, etc. Mvdoom, Bagle, DM5, etc. Zeus, Aurora, Conflicker, etc. Stuxnet, GitHub, NSA, etc. “Over 90% of enterprises today have already been breached with active malware networks running” -- Ponemon Institute 2013 Annual Worldwide IT Security Spend – Gartner 2014 $28 Billion February 2015 © Copyright 2015, Xceedium, Inc.
Privilege: Core of the Breach Kill Chain Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access • Weak Authentication/Default Passwords • Stolen/Compromised Credentials • Poor Password/Key Management • Shared Accounts/Lack of Attribution • Authentication = Access Control • No Limits on Lateral Movement • No Limits on Commands • Lack of Monitoring/Analysis February 2015
February 2015 © Copyright 2015, Xceedium, Inc. 13 KPMG Corroborates Breach Stats
Component Customers that Reported using this Security Measure Breach Rate Firewall 212 100% IDS/IPS 119 100% Web proxy 138 100% Network anti-virus 75 100% Endpoint AV 169 100% Other anti-malware 33 100% February 2015 © Copyright 2015, Xceedium, Inc. 14 As Does FireEye Over 1,200 trial deployments and 6 months of data show: Mandiant/FireEye, 2014
 If breach is the rule, not the exception  And privileged identity is at the core of the breach kill chain  Then privileged identity needs to be an enterprise’s most protected asset 15 PIM – A New Security Imperative We need a new security layer! February 2015 © Copyright 2015, Xceedium, Inc.
Break The Kill Chain: Strong Authentication Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Strong Authentication • AD/LDAP Integration • Multifactor Hardware/Software • PIV/CAC Card Support • SAML • Login Restriction • Origin IP • Time of Day © Copyright 2015, Xceedium, Inc. 16February 2015
Break The Kill Chain: Prevent Unauthorized Access Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Zero Trust – Deny All, Permit by Exception • Role-Based Privileged User Access Limits • Privileged User Single Sign on • Command Filtering • Leapfrog Prevention • Proactive Policy Violation Prevention © Copyright 2015, Xceedium, Inc. 17February 2015
Break The Kill Chain: Improve Forensics, Deter Violations Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Continuous monitoring and logging • Warnings, Session Termination, Alerts • DVR-like recording and playback of sessions • Activity Log Reporting • Privileged Account Use Attribution • SIEM/SYSLOG Analytics © Copyright 2015, Xceedium, Inc. 18February 2015
Vault & Manage Credentials Attribute Identity for Shared Accounts (e.g., Root/Admin) Always Record Sessions and Metadata Continuously Monitor and Enforce Policy Federate Identity and Attributes Activity (SSO) Restrict Access to Authorized Systems Positively Authenticate Users 19 Xsuite In Action © Copyright 2015, Xceedium, Inc.February 2015
February 2015 © Copyright 2015, Xceedium, Inc. 20 Don’t Mistake Compliance for Security The Target Timeline
February 2015 © Copyright 2015, Xceedium, Inc. 21 Mandiant Recommends PIM for PCI DSS 3.0 Mandiant 2014 Threat Report
 Continuous Diagnostics and Mitigation (CDM) • $6 Billion BPA for IT security • Phase 2 requires PIM  NIST 800-53r4  FedRAMP v2 February 2015 © Copyright 2015, Xceedium, Inc. 22 US FedGov Requires PIM
February 2015 © Copyright 2015, Xceedium, Inc. 23 Forrester – PIM Requirements for Cloud
February 2015 © Copyright 2015, Xceedium, Inc. 24 Gartner – PIM Requirements for Cloud
February 2015 © Copyright 2015, Xceedium, Inc. 25 Gartner – PIM Requirements for Virtualization
© Copyright 2015, Xceedium, Inc. 26 Privileged Identity Management A Necessary New Security Layer February 2015 Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
© Copyright 2015, Xceedium, Inc. 27 Privileged Identity Management A Necessary New Security Layer February 2015 Enterprise Management Plane • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Privileged Accounts and Credentials Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
Next Generation Privileged Identity Management Introducing Xsuite® New Enterprise Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Identity Integration Enterprise-Class Core Hardware Appliance AWS AMIOVF Virtual Appliance Unified Policy Management © Copyright 2015, Xceedium, Inc. 28February 2015
 Privileged identity must be a highly protected core asset (process & technology)  A Zero-Trust model should be adopted for all privileged access (including applications); Some process re-engineering is a reasonable trade-off for the additional security and risk mitigation  Next generation PIM platforms will make this more manageable, but defense in depth is still required  Organizations need to employ Protection, Detection, and Response Frameworks specifically focused on Privileged Identities (and associated keys) that span the new Hybrid Enterprise Best Practices for PIM February 2015 © Copyright 2015, Xceedium, Inc. 29
2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-636-5803 Contact Us linkedin.com/company/xceedium @Xceedium info@xceedium.com facebook.com/xceedium

More Related Content

PDF
Addressing the cyber kill chain
Symantec Brasil
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
PDF
Cyber Threat Intelligence
mohamed nasri
 
PDF
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
PDF
When Insiders ATT&CK!
MITRE ATT&CK
 
PDF
MITRE ATT&CK Framework
n|u - The Open Security Community
 
PDF
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Addressing the cyber kill chain
Symantec Brasil
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Cyber Threat Intelligence
mohamed nasri
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
When Insiders ATT&CK!
MITRE ATT&CK
 
MITRE ATT&CK Framework
n|u - The Open Security Community
 
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 

What's hot (20)

PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
PPTX
Cyber kill chain
Ankita Ganguly
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PPTX
Cyber Threat Hunting Workshop
Digit Oktavianto
 
PDF
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
MITRE ATT&CK
 
PDF
Cyber Kill Chain Deck for General Audience
Tom K
 
PDF
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
MITRE ATT&CK
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PDF
State of the ATT&CK
MITRE ATT&CK
 
PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PPTX
Cyber threat intelligence: maturity and metrics
Mark Arena
 
PPTX
MITRE ATT&CK framework
Bhushan Gurav
 
PDF
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
PDF
Threat Modelling - It's not just for developers
MITRE ATT&CK
 
PDF
Threat Hunting Report
Morane Decriem
 
PDF
It's just a jump to the left (of boom): Prioritizing detection implementation...
MITRE ATT&CK
 
PDF
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
PDF
Threat Hunting
Splunk
 
PDF
Introduction to MITRE ATT&CK
Arpan Raval
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber kill chain
Ankita Ganguly
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
MITRE ATT&CK
 
Cyber Kill Chain Deck for General Audience
Tom K
 
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
MITRE ATT&CK
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
State of the ATT&CK
MITRE ATT&CK
 
Introduction to Cybersecurity
Krutarth Vasavada
 
Cyber threat intelligence: maturity and metrics
Mark Arena
 
MITRE ATT&CK framework
Bhushan Gurav
 
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Threat Modelling - It's not just for developers
MITRE ATT&CK
 
Threat Hunting Report
Morane Decriem
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
MITRE ATT&CK
 
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
Threat Hunting
Splunk
 
Introduction to MITRE ATT&CK
Arpan Raval
 
Ad

Similar to kill-chain-presentation-v3 (20)

PDF
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
PDF
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
CA Technologies
 
PDF
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
PDF
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
PPTX
Catalyst 2015: Patrick Harding
Ping Identity
 
PDF
MultiValue Security
Rocket Software
 
PPTX
Cyber 101: An introduction to privileged access management
seadeloitte
 
PPTX
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
 
PPTX
Check Point Corporate Overview 2020 - Detailed
Moti Sagey מוטי שגיא
 
PDF
Retail Week: Cloud Security
Datapipe
 
PDF
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
PPT
iViZ Security : On Demand Penetration Testing
iViZ Techno Solutions
 
PPTX
knowledgeforthebestofthe_bestestguy.pptx
ADARSHKUMAR87428
 
PPT
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
PPTX
HP2065_TieCon_Presentation_V7
Mark Interrante
 
PPTX
David valovcin big data - big risk
IBM Sverige
 
PDF
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Symantec Brasil
 
PPTX
Cyber Security Management in a Highly Innovative World
SafeNet
 
PPTX
Info sec for startups
Kesava Reddy
 
PDF
Presentation security build for v mware
solarisyourep
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
CA Technologies
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Catalyst 2015: Patrick Harding
Ping Identity
 
MultiValue Security
Rocket Software
 
Cyber 101: An introduction to privileged access management
seadeloitte
 
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
 
Check Point Corporate Overview 2020 - Detailed
Moti Sagey מוטי שגיא
 
Retail Week: Cloud Security
Datapipe
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
iViZ Security : On Demand Penetration Testing
iViZ Techno Solutions
 
knowledgeforthebestofthe_bestestguy.pptx
ADARSHKUMAR87428
 
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
HP2065_TieCon_Presentation_V7
Mark Interrante
 
David valovcin big data - big risk
IBM Sverige
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Symantec Brasil
 
Cyber Security Management in a Highly Innovative World
SafeNet
 
Info sec for startups
Kesava Reddy
 
Presentation security build for v mware
solarisyourep
 
Ad

kill-chain-presentation-v3

  • 1. Privileged Identity – The Core of the Kill Chain Shawn Croswell, CISSP Senior Security Engineer scroswell@xceedium.com @shawncroswell on Twitter
  • 2. © Copyright 2015, Xceedium, Inc. 2 Introducing Xceedium Best Overall IT Company Best Privileged Access Management Solution Best Privileged Access Management Solution Gold: Innovations in Cloud Security Silver: Innovations in Privileged Identity Management  Leading Privileged Identity Management solution for hybrid enterprises  Global Fortune 1000 and US government customer base  Headquartered in Herndon, VA  Flagship Product - Xsuite® February 2015
  • 3.  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed Symantec Internet Security Threat Report 2014 © Copyright 2015, Xceedium, Inc. 3 2013 – Year of the Mega Breach 62% Increase in Breaches (YoY) 552 Million Identities Compromised February 2015
  • 4.  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed February 2015 © Copyright 2015, Xceedium, Inc. 4 2013 – Year of the Mega Breach 40% Population of South Korea had personal data exposed 150 Million Records compromised in a single breach (Adobe)
  • 5. 95% Percent of all attacks on enterprise networks are a result of spearfishing attempts Percent of scanned public websites contained a vulnerabilities that could be exploited 77%  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed SANS/Symantec © Copyright 2015, Xceedium, Inc. 5 2013 – Year of the Mega Breach February 2015
  • 6.  3 of top 10 breaches of all time  Home Depot - 56 million credit cards stolen ($4.3 billion loss in market cap) • Compromised privileged credentials used to deploy custom malware on self-checkout systems  CodeSpaces - forced out of business • Privileged credential breach of AWS account  Sony Pictures –pulled movie release • Unprecedented waterfall effect 6 2014 – High Profile Breaches Accelerate © Copyright 2015, Xceedium, Inc.February 2015
  • 7. The Common Thread? “Stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all advanced attacks, regardless of attack origin.”
  • 8. 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 10+ Years of Global Breach • * Source- February 2015 © Copyright 2015, Xceedium, Inc. Adobe 152,000,000 AOL 2,400,000 JP Morgan Chase 76,000,000 Community Health Services Gmail Sony AOL 92,000,000 Ebay 145,000,000 Home Depot 56,000,000 Mozilla Japan Airlines Target 70,000,000 Staple sUPS Evernote 50,000,000 NASDAQ Niemen Marcus Korea Credit Bureau European Central Bank Telcom Telcom Telcom Telcom Telcom TelcomTelcom Telcom Telcom Telcom Telcom Telcom Telcom Living Social 50,000,000 Massive American Business Hack 160,000,000 Sony PSN 77,000,000 UbiSoft Ubuntu Telcom Court Ventures 200,000,000 Zappos 24,000,000 Compass Bank Citigroup TJ Maxx 94,000,000 VA 26,500,000 Monster.com KDDI Fidelity Bank US Military 76,000,000 AOL 20,000,000 Card systems Solutions AT&T Telcom Telcom Jefferson County Telcom Telcom Apple Telcom NHS VA Dept Health Telcom US Nat Guard Telcom Telcom Heartland 130,000,000 RockYou! 32,000,000 Telcom CheckFree Telcom US Military Telcom Telcom AT&T JP Morgan Telcom Telcom Telcom Telcom Anthem 80,000,000
  • 9. Hacker Malware/APT © Copyright 2013, Xceedium, Inc. 9 What is Privileged Access? On Premise Employees/Partners • Systems Admins • Network Admins • DB Admins • Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/A pplication Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator Internet
  • 10. © Copyright 2015, Xceedium, Inc. 10 Who are Privileged Users? Ponemon Institute, June 2014 February 2015
  • 11. 11 Existing Security Layers Have Been Breached Melissa, Code Red, etc. Mvdoom, Bagle, DM5, etc. Zeus, Aurora, Conflicker, etc. Stuxnet, GitHub, NSA, etc. “Over 90% of enterprises today have already been breached with active malware networks running” -- Ponemon Institute 2013 Annual Worldwide IT Security Spend – Gartner 2014 $28 Billion February 2015 © Copyright 2015, Xceedium, Inc.
  • 12. Privilege: Core of the Breach Kill Chain Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access • Weak Authentication/Default Passwords • Stolen/Compromised Credentials • Poor Password/Key Management • Shared Accounts/Lack of Attribution • Authentication = Access Control • No Limits on Lateral Movement • No Limits on Commands • Lack of Monitoring/Analysis February 2015
  • 13. February 2015 © Copyright 2015, Xceedium, Inc. 13 KPMG Corroborates Breach Stats
  • 14. Component Customers that Reported using this Security Measure Breach Rate Firewall 212 100% IDS/IPS 119 100% Web proxy 138 100% Network anti-virus 75 100% Endpoint AV 169 100% Other anti-malware 33 100% February 2015 © Copyright 2015, Xceedium, Inc. 14 As Does FireEye Over 1,200 trial deployments and 6 months of data show: Mandiant/FireEye, 2014
  • 15.  If breach is the rule, not the exception  And privileged identity is at the core of the breach kill chain  Then privileged identity needs to be an enterprise’s most protected asset 15 PIM – A New Security Imperative We need a new security layer! February 2015 © Copyright 2015, Xceedium, Inc.
  • 16. Break The Kill Chain: Strong Authentication Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Strong Authentication • AD/LDAP Integration • Multifactor Hardware/Software • PIV/CAC Card Support • SAML • Login Restriction • Origin IP • Time of Day © Copyright 2015, Xceedium, Inc. 16February 2015
  • 17. Break The Kill Chain: Prevent Unauthorized Access Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Zero Trust – Deny All, Permit by Exception • Role-Based Privileged User Access Limits • Privileged User Single Sign on • Command Filtering • Leapfrog Prevention • Proactive Policy Violation Prevention © Copyright 2015, Xceedium, Inc. 17February 2015
  • 18. Break The Kill Chain: Improve Forensics, Deter Violations Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Continuous monitoring and logging • Warnings, Session Termination, Alerts • DVR-like recording and playback of sessions • Activity Log Reporting • Privileged Account Use Attribution • SIEM/SYSLOG Analytics © Copyright 2015, Xceedium, Inc. 18February 2015
  • 19. Vault & Manage Credentials Attribute Identity for Shared Accounts (e.g., Root/Admin) Always Record Sessions and Metadata Continuously Monitor and Enforce Policy Federate Identity and Attributes Activity (SSO) Restrict Access to Authorized Systems Positively Authenticate Users 19 Xsuite In Action © Copyright 2015, Xceedium, Inc.February 2015
  • 20. February 2015 © Copyright 2015, Xceedium, Inc. 20 Don’t Mistake Compliance for Security The Target Timeline
  • 21. February 2015 © Copyright 2015, Xceedium, Inc. 21 Mandiant Recommends PIM for PCI DSS 3.0 Mandiant 2014 Threat Report
  • 22.  Continuous Diagnostics and Mitigation (CDM) • $6 Billion BPA for IT security • Phase 2 requires PIM  NIST 800-53r4  FedRAMP v2 February 2015 © Copyright 2015, Xceedium, Inc. 22 US FedGov Requires PIM
  • 23. February 2015 © Copyright 2015, Xceedium, Inc. 23 Forrester – PIM Requirements for Cloud
  • 24. February 2015 © Copyright 2015, Xceedium, Inc. 24 Gartner – PIM Requirements for Cloud
  • 25. February 2015 © Copyright 2015, Xceedium, Inc. 25 Gartner – PIM Requirements for Virtualization
  • 26. © Copyright 2015, Xceedium, Inc. 26 Privileged Identity Management A Necessary New Security Layer February 2015 Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
  • 27. © Copyright 2015, Xceedium, Inc. 27 Privileged Identity Management A Necessary New Security Layer February 2015 Enterprise Management Plane • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Privileged Accounts and Credentials Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
  • 28. Next Generation Privileged Identity Management Introducing Xsuite® New Enterprise Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Identity Integration Enterprise-Class Core Hardware Appliance AWS AMIOVF Virtual Appliance Unified Policy Management © Copyright 2015, Xceedium, Inc. 28February 2015
  • 29.  Privileged identity must be a highly protected core asset (process & technology)  A Zero-Trust model should be adopted for all privileged access (including applications); Some process re-engineering is a reasonable trade-off for the additional security and risk mitigation  Next generation PIM platforms will make this more manageable, but defense in depth is still required  Organizations need to employ Protection, Detection, and Response Frameworks specifically focused on Privileged Identities (and associated keys) that span the new Hybrid Enterprise Best Practices for PIM February 2015 © Copyright 2015, Xceedium, Inc. 29
  • 30. 2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-636-5803 Contact Us linkedin.com/company/xceedium @Xceedium info@xceedium.com facebook.com/xceedium