Access the full webinar here: https://www.beyondtrust.com/resources/webinar/enemy-within-managing-controlling-access/?access_code=380c50225d67f81afaf12a795543782a
In this presentation from the webinar of SANS faculty fellow and industry-recognized security expert, Dr. Eric Cole, discover how identity and access management (IAM) and privileged access management work together to reduce the threat surface and contain attacks.
Also, hear how BeyondTrust and SailPoint solutions work together.
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Enemy from Within: Managing and Controlling Access
1. Enemy from Within:
Managing and
Controlling Access
Dr. Eric Cole
Author, SANS Top 20 Critical Controls
Morey J. Haber
VP of Technology, BeyondTrust
Joe Gottlieb
SVP Corporate Development, SailPoint
2. Is Your Access Control Hacker Proof?
OR
Are You One Click Away From a Breach?
Dr. Eric Cole
2
3. The difference between a minor breach and a major breach is
based off of what information the adversary was able to
obtain access to.
The question you need to ask is how effective is your access
control?
3
4. Scenario 1 – Weak Password
SCENARIO
An attacker finds a web portal
that allows access to your
network. The access is based
on a username and password.
Account harvesting is done
via social media and
password cracking is
performed. A weak password
is cracked to obtain access
WHAT FAILED
Password controls and
policies
Monitoring and
detection of password
cracking
REMEDIATION
Account lockout
Strong password policy
with enforcement
4
5. Scenario 2 – Compromised Credentials
SCENARIO
User does not properly
protect their credentials
and leaves their computer
unlocked at a hotel,
airport or coffee shop.
Adversary is able to
compromise the system
and gain access to both
local and network based
data stores
WHAT FAILED
User awareness
System lockdown
Account monitoring
REMEDIATION
Utilize multi-factor
authentication
Enabled screen lockout
Limit or monitor access when
connected to public networks
5
6. Scenario 3 – Uncontrolled Data
SCENARIO
Data is constantly copied
and stored on multiple
systems throughout the
organization. No one has
idea where the
information is located
except an adversary.
From the DMZ the
adversary is able to access
and compromise sensitive
information.
WHAT FAILED
Data classification
No control of data
access or permissions
REMEDIATION
Data discovery
Segmentation
Data flow analysis
6
7. Scenario 4 – Advanced Phishing
SCENARIO
User receives an email
believing it is from their boss
who is on vacation will all
content being valid and
legitimate but attachment
contains malicious code
Since boss is away, email
cannot be verified and
system becomes
compromised with no
remediation
WHAT FAILED
Email filtering and
monitoring
Controlling and
managing access
Privilege escalation
REMEDIATION
Controlling access
Limiting executable
content
7
8. Scenario 5 – Malicious External
SCENARIO
External adversary targets
systems on the DMZ and
compromises the server
as a pivot point. From the
DMZ they perform lateral
movement and ultimately
compromise sensitive
information from the
database
WHAT FAILED
Provision management
Entitlements
Timely detection
REMEDIATION
Access control
Data classification
Data monitoring
8
11. Enemy from Within…
• Insider Threats
• External Threats
All Breaches and Exfiltration
of Sensitive Data Need to Leverage
Vulnerabilities and/or Privileges
11
12. Critical Questions for Managing Risk
Identity & Access Management (IAM) and Privileged Access Management (PAM)
Who has access
to what?
Is that access
appropriate?
Is that access being
used appropriately?
PAMIAM
12
How is that access changing over time?
13. How do IAM and PAM Fit Together?
Deep Controls for Privileged AccountsBroad Governance for All Accounts
CONTINUOUS MONITORING
SESSION CONTROL
ACCESS CONTROL
DISCOVERY
PROVISIONING
ACCESS CERTIFICATION
ACCESS REQUESTS
CREDENTIAL LOCK DOWN
IAM PAM
13
14. Combining IAM and PAM for Comprehensive Control
Broad Governance for All Accounts + Deep Controls for Privileged Accounts
CONTINUOUS MONITORING
SESSION CONTROL
ACCESS CONTROL
DISCOVERY
PROVISIONING
ACCESS CERTIFICATION
ACCESS REQUESTS
CREDENTIAL LOCK DOWN
Mobile
Devices
Security
AppliancesDatabase
s
Operating
Systems
SaaS &
Cloud
Network
DevicesDirectoriesStorageSCADAMainfram
e
14
15. SailPoint Identity & Access Management
15
Compliance
Manager
Lifecycle
Manager
Password
Manager
Dashboards
Reporting
Analytics
Policy
Model
Identity
Warehouse
Role
Model
Workflow
Engine
Risk
Model
3rd Party
Provisioning
Mobile Device
Management
IT Service
Management
IT
Security
Identity
Intelligence Unified Governance
Platform
Cloud
Apps
On-prem
Apps
Directory
Services
Structured
Data
Unstructured
Data
Scenario 1:
Weak
Password
Scenario 3:
Uncontrolled
Data
Scenario 4:
Advanced
Phishing
Scenario 5:
Malicious
External
16. Reduce user-based risk and mitigate threats
to information assets
3 Address security exposures across large,
diverse IT environments
3 Comply with internal, industry and
government mandates
3
The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively:
BeyondTrust Privilege Management Platform
16
Scenario 1:
Weak
Password
Scenario 2:
Compromised
Credentials
Scenario 4:
Advanced
Phishing
Scenario 5:
Malicious
External
17. Summary
• Attacks are increasingly proactive, sophisticated and
opportunistic
• To minimize risk, enterprises must master the complexity of
access
• IAM and PAM can be combined to achieve comprehensive
control
17
19. Thank you for attending
today’s webinar!
Dr. Eric Cole
Author, SANS Top 20 Critical Controls
Morey J. Haber
VP of Technology, BeyondTrust
Joe Gottlieb
SVP Corporate Development, SailPoint