Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication

1.670 visualizaciones

Publicado el

In this age of an interconnected global business ecosystem, businesses rely on network connections with partners, suppliers, and others for efficient business processes. You just have to look at the headlines to see that several recent security breaches have compromised these connections as a way into a corporate network. Utilizing CA Advanced Authentication, CenterPoint Energy is making connections more secure through multi-factor authentication and reduce the risk of standard network credentials becoming compromised.

For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm

Publicado en: Tecnología
  • Sé el primero en comentar

Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication

  1. 1. ca Securecenter Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication Mike Phillips Session Number SCX07S #CAWorld @jamiebass25 CenterPoint Energy Corporate Technology Security Director Jamie Bass PwC Advisory Director
  2. 2. 2 © 2014 CA. ALL RIGHTS RESERVED. Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication In this age of an interconnected global business ecosystem, businesses rely on network connections with partners, suppliers, and others for efficient business processes. You just have to look at the headlines to see that several recent security breaches have compromised these connections as a way into a corporate network. Utilizing CA Advanced Authentication, CenterPoint Energy is making connections more secure through multi-factor authentication and reduce the risk of standard network credentials becoming compromised. Mike Phillips CenterPoint Energy Corporate Technology Security Director Jamie Bass PwC Advisory Director
  3. 3. 3 © 2014 CA. ALL RIGHTS RESERVED. Agenda BACKGROUND AND PROBLEM FACED CENTERPOINT’S APPROACH TECHNICAL CHALLENGES DEPLOYMENT PLAN Q & A 1 2 3 4 5
  4. 4. BACKGROUND AND PROBLEM FACED
  5. 5. 5 © 2014 CA. ALL RIGHTS RESERVED. Introduction CenterPoint Energy is a company with more than 5 million metered customers and a long history of service. CenterPoint Energy is composed of an electric transmission and distribution utility serving the Houston metropolitan area, local natural gas distribution businesses in six states, a competitive natural gas sales and service business serving customers in the eastern half of the U.S. We also operate an interstate pipelineoperationwith two natural gas pipelines in the mid-continent region, and a field services business with natural gas gathering operations, also in the mid-continent region. We're an established company with substantial assets that are managed by experienced people. CenterPointEnergy's vision is to be recognized as America's leading energy delivery company and We know that reliable energy is not a luxury. It's up to us to keep the lights on and to provide clean natural gas for homes, factories and businesses. OVERVIEW OF CENTERPOINT ENERGY
  6. 6. 6 © 2014 CA. ALL RIGHTS RESERVED. Interconnected business ecosystem* Businesses are becoming increasingly interconnected with third-parties –External connections and efficient access is a requirement for staying competitive –Not controlling this access effectively can be detrimental An effective security model must be deployed to balance and control this Organization Suppliers Vendors Other agents Partners PERIMETER DEFENSES ARE BECOMING IMPRACTICAL Users Vendor Partners Supplier Users Partners Supplier Users Vendors Users Agents Vendors Users Partners Agents Contractors Users Users Users Users
  7. 7. 7 © 2014 CA. ALL RIGHTS RESERVED. The threat is real Despite following best security practices, an organization is still susceptible to weaknesses from an external party –There have been recent breaches leveraging smaller, less secure external parties to get into large enterprise environments –Hackers have a long history of attacking the supply chain for certain industry sectors Often vendors will have access to very critical components of the infrastructure SEVERE IMPACTS FOR DOING THIS INCORRECTLY
  8. 8. 8 © 2014 CA. ALL RIGHTS RESERVED. The threat is increasing Recent reports from Department of Homeland Security indicate increased number of security breaches –We exist in a ‘copy cat world’ where successful attacks are quickly executed on other organizations with similar infrastructure Due to the evolving regulatory landscape, organizations are being held accountable THESE ATTACKS ARE HAPPENING MORE FREQUENTLY
  9. 9. 9 © 2014 CA. ALL RIGHTS RESERVED. External users pose unique challenges Third-party access to the organization poses several security concerns not seen with internal users –Security capabilities of these external parties will vary –Monitoring capabilities for items such as user activity outside the corporate network is limited –Lack of visibility to the actual user behind the connectionand the full connection path Assessing the security posture of each third party is difficult UNCONTROLLED ACCESS POINTS
  10. 10. CENTERPOINT’S APPROACH
  11. 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Improve the external authentication process Leverage advanced authentication for external users –Protect against phishing attacks and more accurately tie access to an actual end user with Multi-Factor Authentication (MFA) –Risk based authentication can leverage location, time, etc. –Provides centralized authentication for improved management and monitoring capabilities Find all of the external connections –Many of these are setup and managed outside of IT –Some of these many not even be active anymore THIS IS BOTH A TECHNICAL AND BUSINESS EFFORT
  12. 12. 12 © 2014 CA. ALL RIGHTS RESERVED. CenterPoint’s path to secure these connections Standardize •Define policies and supporting standards for third-party connections •Leverage leading industry practices and recommended security frameworks Inventory •Gather details around existing connections to the network and build an inventory •Assign business and technical owners to these connections Assess •Determine risk level for existing connections •Identify gaps from policies / standards Prioritize •Prioritize connections for integration with MFA •Consider the risk they pose and the ease of integration ROADMAP FOR SECURING EXTERNAL CONNECTIONS
  13. 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Technology can be implemented in a phased approach Deploy advanced authentication technology –Deploy the base infrastructure for CA Strong Authentication –Migrate external connections to the infrastructure –Consider internal use-cases Expand the capabilities of advanced authentication –Integrate with CA Single Sign-On to protect web interfaces –Integrate with CA Risk Authentication for adaptive, context aware authentication GET IMMEDIATE VALUE QUICKLY, BUT ALSO PLAN FOR EXTENDED CAPABILITIES IN THE FUTURE
  14. 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Lessons learned Must partner with business and IT stakeholders –Clearly articulate objectives –Make it easy to do the right thing Developing complete inventory is a stretch goal –Knowledge of connections distributed –Chasing a moving target THE PROBLEM CROSSES BUSINESS AND IT BOUNDARIES
  15. 15. TECHNICAL DEPLOYMENT
  16. 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Overview of PwC SECURITY CAPABILITIES WITH BUSINESS UNDERSTANDING PwC is a global leader in information security and privacy solutions, with a history of deploying CA Security products Over 1,600 dedicated security practitioners globally Access to 2 offshore centers in India & China (Service Delivery Centers –SDCs) Integrated offerings developed over 15+ years Capabilities to assess, plan, implement, and respond to security incidents
  17. 17. 17 © 2014 CA. ALL RIGHTS RESERVED. Technology requirements Challenges to look for in advanced authentication integration –Simplify and automate the distribution and management of tokens –Need to be able to deploy this across broad technical areas of the environment such as modems, web interfaces, Virtual Desktop Infrastructure (VDI), Virtual Private Networks (VPN) etc. –Effectively leverage and integrate with existing and planned infrastructure (Active Directory, CA Single Sign-On, CA Identity Management, etc.) Make management, support, and integration easy NEED TO CONSIDER THE ARCHITECTURE, INTEGRATION POINTS, AND USABILITY
  18. 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Product requirements VPN –Virtual Private Network; UI –User Interface; ISDN –Integrated Services Digital Network; CONSIDER SECURITY, SCALABILITY, AND USABILITY Flexible means of One Time Password (OTP) generation and distribution Authentication for web interfaces as well as network infrastructure components such as VPN, VDI, etc. Integration with threat and fraud prevention tools Ease of use, proven scalability, and real customer success
  19. 19. 19 © 2014 CA. ALL RIGHTS RESERVED. CA Strong Authentication product fit Flexible options for OTP distribution: text, app, call, etc. Multiple integration options: web, RADIUS, etc. IdentityMinder integration to provide user interface for enrolling and managing soft tokens Integrates with CA Risk Authentication to provide features such as risk profiling, device fingerprinting, etc. OTP –One Time Password; RADIUS –Remote Authentication Dial In User Service; IDM –Identity Management; UI –User Interface; HOW CA AUTHMINDER FITS THE ENVIRONMENT
  20. 20. DEPLOYMENT PLAN
  21. 21. 21 © 2014 CA. ALL RIGHTS RESERVED. Deployment plan PwC –Pricewaterhouse Coopers; CNP –CenterPoint Energy; UI –User Interface; VDI –Virtual Desktop Infrastructure; RADIUS –Remote Authentication Dial In User Service; 5 PHASE DEPLOYMENT PLAN FOR CA AUTHMINDER IMPLEMENTATION Validate Product ExpandandRefine IntegrateApplications PlanDeployment •Perform Proof of Concept with key infrastructure components •Architect the infrastructure integration •Identify remote connection platforms for authentication •Develop integration plan •Develop plan to manage soft token provisioning •Deploy base infrastructure per CA / PwC / CenterPoint joint design •Pilot with a non- critical connection and small user set •Validate infrastructure sizing and UI / workflows for managing tokens •Start migrating prioritized connections •Gradually expand the solution •Refine the rules to strengthen authentication DeployFoundation
  22. 22. 22 © 2014 CA. ALL RIGHTS RESERVED. Summary A few words to review Remember You are only as secure as your least secure vendor (none are too small to consider) Implementing a second layer of authentication can protect you from things occurring outside of your network Do Be aware of recent breaches and ensure you raise the bar for attackers Provide users with flexibility and an easy way to do the right thing Don’t Be convinced that you are secure because your infrastructure has advanced monitoring and protection Cripple the business with cumbersome processes they will find a way to circumvent
  23. 23. 23 © 2014 CA. ALL RIGHTS RESERVED. For More Information To learn more about Security, please visit: http://bit.ly/10WHYDm Insert appropriate screenshot and textoverlayfrom following“More Info Graphics” slide here; ensure it links to correct page Security
  24. 24. 24 © 2014 CA. ALL RIGHTS RESERVED. For Informational Purposes Only © 2014CA. All rights reserved. All trademarks referenced herein belong to their respective companies. This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutionssoactual results may vary. For Customer/Partner content please note: Customer/Partner content provided in this presentation has not been reviewed for accuracy and is based on information provided by CA Partners and Customers. Terms of this Presentation

×