privilege security
play

Privilege Security & Next-Generation Technology Morey J. Haber - PowerPoint PPT Presentation

Oct 01, 2023 •123 likes •450 views

Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing Cloud, DevOps & IoT o

  1. Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com

  2. Agenda • The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing Cloud, DevOps & IoT o Privilege Security Threats • PAM & Privilege Security Maturity o Privileged Access Management o Privilege Security Maturity Model • How BeyondTrust Helps

  3. The Next-Gen Threat Landscape

  4. Innovation Leader Infonomics 30+ years of firsts "Infonomics is the theory, study, and discipline of asserting 1 st fully-integrated PAM and VM platform • economic significance to information. It provides the 1 st to provide vulnerability insights to inform privilege decisions • framework for businesses to monetize, manage, and 1 st PAM vendor on all major cloud marketplaces • measure information as an actual asset. 1 st Unix/Linux, Mac and network device PAM solution • … Infonomics endeavors to apply both economic and asset management principles and practices to the valuation, Strong roadmap Patented technology handling, and deployment of information assets." • • Active threat response 7 patents granted • • Context-aware PAM 10 pending - Infonomics: How to Monetize, Manage, and Measure Information as an • Asset for Competitive Advantage by Douglas B. Laney SaaS-based PAM platform • DevOps secrets management

  5. Notable Breaches Credentials Unpatched software exploited; Credentials hacked amplified by excessive privileges stolen 80 % 95 % 28 % of security breaches involve of critical vulnerabilities in Microsoft of breaches privileged credentials systems could be mitigated by involve insiders removing admin rights (and growing) Forrester Wave: Privileged Identity Management, Q3 2016 2018 Microsoft Vulnerabilities Report 2018 Verizon Data Breach Investigations Report

  6. The Cyber Attack Chain 1. Perimeter 2. Privilege Hijacking 3. Lateral Movement Exploitation & Escalation & Exfiltration … hijacks privileges or … and compromises other Attacker exploits asset vulnerabilities to gain entry leverages stolen/cracked network resources. passwords Vulnerable Unmanaged Credentials Limited Systems and Excessive Privileges Visibility

  7. The New Enterprise Expanding Accounts DevOps / A2A / A2DB More people, processes and technology have access to your systems and data than ever before. Remote Cloud & Employees IoT Mainstream adoption DevOps Partners & 60% Mobile Contractors IoT 56% Internal WWW Cloud 15% Employees Client- Server Evolving Infrastructure

  8. Attack Surface Evolution DevOps Cloud & Hybrid Cloud  Cloud Management Platforms (AWS, Azure)  DevOps Tools  Dynamic Virtual Environments  Virtualized Environments (VMWare, MSFT)  Containers  Virtualized Machines (UNIX, Linux, Windows)  Microservices  SaaS Apps (Facebook, LinkedIn, Custom) On-Premise • Shared Administrator Accounts • Desktops (Windows, Mac) • Servers (Unix, Linux, Windows) • Industrial Control Systems • Security Infrastructure • Network Infrastructure • Applications & Application Servers More Privileged Accounts Internet of Things • Databases & Database Servers  SaaS Admins  Roaming workstations • Machine Credentials (AtoA)  Cloud Admins  BYOD • Hypervisors & Virtual Machine  Application Admins  Cameras  Privileged End Users  Sensors  Developers  Printers  Machine Password & Keys  More…

  9. Cloud

  10. Secure Cloud DISCOVER & INVENTORY Enablement Asset RESTRICT Management SCAN FOR PRIVILEGES VULNERABILITIES Privileged Vulnerability Management Management Secure cloud ENSURE enablement CONFIGURATION SEGMENT COMPLIANCE requires a NETWORKS Cloud Security Hardening and Network Design multidisciplinary Best Practices strategy! ENFORCE GAIN ACCOUNTA- APPROPRIATE BILITY OVER CREDENTIAL USAGE SHARED ACCOUNTS ELIMINATE Least Privilege Password HARD-CODED Management Management PASSWORD A2A Security

  11. Secure Cloud Transformation The New Cloud Perimeter • Cloud Management Platforms In the cloud • Shared Administrator Accounts • Servers (Unix, Linux, Windows) • Applications & Application Servers • Databases & Database Servers Into the cloud • Machine Credentials (A to A) • Security & Network Infrastructure From the cloud • Hypervisors & Virtual Machines • SaaS Applications • DevOps Environments • Containers & Micro Services • IoT Devices Virtual Machines, Dedicated Hardware | Marketplace Applications | IaaS, PaaS, & SaaS

  12. Privilege Management for the Cloud Cloud-Agnostic Private, Public and Hybrid Environments • • Respects OA and application hardening License flexibility • Fully automated for passwords & API • Asset inventory integration • Auditing, reporting and change-aware • Docker and container aware • Proxy access • Discover online & offline instances • Session management • Leverage Hypervisor APIs • Regulatory compliance • Agent technologies

  13. DevOps

  14. DevOps Security Strategy RESTRICT DISCOVER & ELIMINATE HARD- GAIN ACCOUNTABILITY PRIVILEGES INVENTORY CODED PASSWORDS OVER SHARED ACCOUTS Asset A2A Security Management Privilege Management Password Management Secure DevOps Least Privilege Vulnerability Management Management Hardening and Network Security Best Design Practices ENSURE CONFIGURATION SEGMENT ENFORCE APPROPRIATE SCAN FOR COMPLIANCE NETWORKS CREDENTIAL USAGE VULNERABILITIES

  15. Privilege Automation for DevOps • • Only allow approved assets; identify Platform-agnostic, from cloud to on unacceptable variations premise • • Identify security risks and Limit all users, including privileged automatically remediate them access, in the DevOps automated workflow • Ensure configuration hardening • Provide security and performance • Eliminate all locations for hard- visibility to ensure security and coded credentials automation success

  16. IoT / IIoT

  17. Privilege Management for IoT, IIoT, ICS,SCADA Communications and Restricted Lateral Movement Zones Privileged Access Internet Segmentation Users Public Device Type & Risk Servers DMZ Private IoT IIoT ICS SCADA Guest Dumb Devices Air-Gapped

  18. The Privileged IoT Perspective • IoT asset and inventory management • Risk assessment with vulnerability management • Password management and privileged session access • Command line least privilege management • Policy and script repository

  19. Privilege Security Threats

  20. Privilege Security Threats • • • Guessing Vulnerabilities Default credentials • • • Dictionary attacks Misconfigurations Anonymous • • • Brute Force Exploits Predictable • Pass the Hash • • Malware Shared credentials • Security questions • • Social engineering Temporary • Password resets • • MFA flaws Reused Insider Threats External Threats Hidden Threats

  21. Accountability for Privileges • Privileged account discovery • Develop permissions model • Rotate passwords and keys • Workflow process and auditing • Define session monitoring • Segmentation • User behavior analysis

  22. Privileged Access Management & Privilege Security Maturity

  23. Privileged Access Management • Provides an integrated approach to ENTERPRISE PASSWORD enterprise password management MANAGEMENT • Enforces least privilege on all endpoints with- ACTIVE PRIVILEGE out compromising productivity or security DIRECTORY MANAGEMENT BRIDGING • Ensures administrator and root compliance Privileged on Unix, Linux, Windows and Mac Access Management • Identifies high-risk users and assets by USER teaming behavioral analytics and risk data BEHAVIOR SESSION MONITORING with security intelligence from best-of-breed MANAGEMENT security solutions ADVANCED • Achieves unified visibility over accounts, REPORTING & applications, and assets that they protect ANALYTICS

  24. The Journey to Privilege-Centric Security IT ECOSYSTEM INTEGRATION NEW ENTERPRISE DEPLOYMENT: CLOUD, DEVOPS, NETWORK/IOT/ICS/SCADA UNIFIED MANAGEMENT, REPORTING & THREAT ANALYTICS FIM, system-level control FIM, VBAM, event Maturity log monitoring Session recording & monitoring Server least A2A & A2DB Asset discovery & privilege / command Endpoint least vulnerability elevation & privilege / command Session scanning delegation elevation & management Password/key storage delegation & rotation Account discovery IMPROVE ACCOUNTABILITY & ELIMINATE EXCESSIVE PRIVILEGES & IDENTIFY & CONTROL OVER SHARED GAIN GRANULAR COMMAND AND INVENTORY CREDENTIALS TASK-LEVEL CONTROL Time

  25. About BeyondTrust

  26. Privilege-Centric Privilege security solutions control, monitor and audit privileged access to systems and data across the expanding enterprise. Security for the New Identity- Enterprise Focused Centralized Not network Dynamic & Modular focused Locations, Integrates w/ teams, contexts best-of-breed solutions Future- Risk- Ready Based Built for next- Accounts for gen IT user & asset risk environments

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

CSE 127: Computer Security Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage This week How to build secure systems Least privilege and privilege separation

578 views • 46 slides
Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to

Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Principle of Least Privilege Dawn Song Principle of least privilege Privilege Ability to access or modify a resource Principle of least privilege A

429 views • 39 slides
Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix and Windows Michal Knapkiewicz, May 2016 whoami Senior Consultant at Advanced Security

884 views • 51 slides
Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 12th ACM Symposium on Access Control Models and Technologies IDRM and Least Privilege Introduction

458 views • 18 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege

Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege

Outline Secure use of the OS Bernsteins perspective CSci 5271 Techniques for privilege separation Introduction to Computer Security Announcements intermission Day 9: OS security basics OS security: protection and isolation Stephen

649 views • 13 slides
Privilege: An Update Litigation Privilege: a brief definition Confidential Made for

Privilege: An Update Litigation Privilege: a brief definition Confidential Made for

Privilege: An Update Litigation Privilege: a brief definition Confidential Made for dominant purpose of civil or criminal litigation Relate to litigation which is pending, reasonably contemplated, or existing Legal Advice Privilege:

532 views • 20 slides
Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners

Legal Privilege, Client Communication and Discovery Cayman Islands Legal Practitioners Association Adam Huckle 27 March 2019 Overview What is Privilege? Types: Legal Advice Privilege Litigation Privilege Recent cases

226 views • 18 slides
+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited

+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited

+ The Primacy of Client Privilege: Designing a Statutory Advice Privilege for Accredited Non-Lawyer Tax Advisors Nicole Wilson-Rogers, Annette Morgan and Dale Pinto + Structure Snapshot: Argument advanced in the paper Current Privileges

422 views • 17 slides
Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests

Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests

Presenting a live 90-minute webinar with interactive Q&A Attorney-Client Privilege Between Affiliated Entities: Who Owns the Privilege When Interests Diverge? Navigating the Complexities of Joint Representations During Litigation, Spinoffs,

889 views • 42 slides
Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and

Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and

CSE 127: Computer Security Privilege separation and isolation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Chromium security architecture Browser ("kernel") Full privileges (file system,

603 views • 29 slides
Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015

Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015

Privilege Escalation via Client Management Software November 21, 2015 November 21, 2015 Matthias Deeg | BSidesVienna 0x7DF 1 Who am I? Dipl.-Inf. Matthias Deeg Expert IT Security Consultant CISSP, CISA, OSCP, OSCE especially IT security

749 views • 36 slides
Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client

Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client

Presenting a live 90-minute webinar with interactive Q&A Protecting Privilege in Post-Accident Investigations Successfully Asserting Attorney-Client Privilege, Self-Critical Analysis Privilege, Work Product Doctrine and More TUESDAY, MARCH

471 views • 36 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
Windows Privilege Escalations: Still abusing Service Accounts to get SYSTEM privileges Antonio

Windows Privilege Escalations: Still abusing Service Accounts to get SYSTEM privileges Antonio

Windows Privilege Escalations: Still abusing Service Accounts to get SYSTEM privileges Antonio Cocomazzi, Rome, September 27 th 2020 whoami System Engineer @ SentinelOne Passionate about IT security and constantly trying to learn and

893 views • 60 slides
and Meeting Legal Ethics Standards Addressing Waiver and Exceptions to the Privilege, the

and Meeting Legal Ethics Standards Addressing Waiver and Exceptions to the Privilege, the

Presenting a live 90-minute webinar with interactive Q&A Attorney-Client Privilege in Insurance Disputes: Preserving Confidentiality and Meeting Legal Ethics Standards Addressing Waiver and Exceptions to the Privilege, the Tripartite

1.17k views • 78 slides
Accessible Voting and How Voters with Disabilities Can Assist with Election Planning Fred Nisen,

Accessible Voting and How Voters with Disabilities Can Assist with Election Planning Fred Nisen,

Accessible Voting and How Voters with Disabilities Can Assist with Election Planning Fred Nisen, Supervising Attorney for Disability Rights Californias Voting Rights Unit Gail Pellerin, Santa Cruz County Clerk Jose Pena, AT Coordinator at

624 views • 46 slides
Session Transcript: 6/26/2020 Closed Captioning/ Transcript Disclaimer Closed captioning and/or

Session Transcript: 6/26/2020 Closed Captioning/ Transcript Disclaimer Closed captioning and/or

Session Transcript: 6/26/2020 Closed Captioning/ Transcript Disclaimer Closed captioning and/or transcription is being provided solely for the convenience of our viewers. Yoga Alliance does not review for accuracy any information that appears in

291 views • 3 slides
Privacy harms Privacy harms Engineering & Public Policy Lorrie Faith Cranor September 3,

Privacy harms Privacy harms Engineering & Public Policy Lorrie Faith Cranor September 3,

CyLab Privacy harms Privacy harms Engineering & Public Policy Lorrie Faith Cranor September 3, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: b r a a t L o

517 views • 24 slides
topological media lab a transversal machine Sha Xin Wei Canada Research Chair, Critical Studies

topological media lab a transversal machine Sha Xin Wei Canada Research Chair, Critical Studies

topological media lab a transversal machine Sha Xin Wei Canada Research Chair, Critical Studies of Media Arts & Sciences Director, Topological Media Lab Associate Professor, Faculty of Fine Arts Concordia University. Montral 1 menu 1

631 views • 49 slides
Towards an analysis of parabolic Anderson models in very rough environments Samy Tindel Purdue

Towards an analysis of parabolic Anderson models in very rough environments Samy Tindel Purdue

Towards an analysis of parabolic Anderson models in very rough environments Samy Tindel Purdue University University of Wyoming 2019 1 st Meeting for the Northern States Section of Siam Ongoing joint work with A. Deya, X. Chen, C. Ouyang

618 views • 32 slides
Some estimates for the parabolic Anderson model Samy Tindel Purdue University Probability

Some estimates for the parabolic Anderson model Samy Tindel Purdue University Probability

Some estimates for the parabolic Anderson model Samy Tindel Purdue University Probability Seminar - Urbana Champaign 2015 Collaborators: Xia Chen, Yaozhong Hu, Jingyu Huang, Khoa L, David Nualart Samy T. (Purdue) Parabolic Anderson model

626 views • 35 slides
B. Pam Ismail Founder and Director bismailm@umn.edu https://ppic.cfans.umn.edu Plant Protein

B. Pam Ismail Founder and Director bismailm@umn.edu https://ppic.cfans.umn.edu Plant Protein

C OLLABORATIVELY GROWING THE LANDSCAPE OF PLANT - BASED PROTEINS B. Pam Ismail Founder and Director bismailm@umn.edu https://ppic.cfans.umn.edu Plant Protein Innovation Center Mission The Plant Protein Innovation Center (PPIC) mission is to

336 views • 16 slides
Discussion of: Assortative Learning" by Eeckhout and Weng Giuseppe Moscarini Yale and

Discussion of: Assortative Learning" by Eeckhout and Weng Giuseppe Moscarini Yale and

Discussion of: Assortative Learning" by Eeckhout and Weng Giuseppe Moscarini Yale and NBER Recap competitive labor market model with incomplete information about workers general human capital Recap competitive labor market model

517 views • 36 slides

More recommend