IAM and the rest of the security stack -- network and applications firewalls, threat and intrusion detection -- are often treated as entirely separate silos. It's time this changed. By orchestrating and integrating these disparate systems, information from the data security tier can inform your IAM processes in real-time, leading to better Authorization decisions and provide user experience improvements. This workshop, informed by and demonstrating real-world examples, will provide insight into the kind of cross-system orchestration that can help make a tangible difference to your security and to usability.
Scanning the Internet for External Cloud Exposures via SSL Certs
Retail Cyber Attacks: Closing the Security Gaps
1.
2. In 2014, 1,000 retail businesses were hit by remote attacks. Ultimately, most
retail attacks started with stolen credentials, which enabled attackers to move
laterally, harvesting credentials along the way until they reached their final
destination.
There is a worldwide shortage of 600 to 900 thousand cyber security
professionals, while 62% of organizations feel unprepared to fend off a
sophisticated attack. -ISACA
.. organizations seek new technologies to protect their networks from new
cybersecurity threats, and layer these technologies onto existing ones.. The
result is a patchwork of equipment and software. A layered approach to security
-- using siloed, specialized security technologies -- makes organizations
vulnerable to sophisticated attacks that exploit the gaps between each layer
Simplify
Orchestrate
Automate
Security Landscape
3. Security Gaps – What are they?
§ Defence in Depth industry strategy contributes to Security Gaps.
§ Diversity and limitations of existing single point solutions create security gaps in threat analysis,
operations and responsiveness.
§ Deployment of new protection solutions are regularly delayed due to cumbersome but
necessary integration efforts.
§ Personnel shortage of 1M in CyberSecurity alone.
§ Average Time from Discovery to Remediation over 200 Days.
§ Lack of Holistic Approach to Security.
§ Lateral movement is the latest largest threat.
75
Percent
of
Mobile
Security
Breaches
Will
Be
the
Result
of
Mobile
Applica=on
Misconfigura=on
-‐-‐Gartner
Identity and Data Security:
BREAKING THE BOUNDARIES
4. 7.Data
1.Network
2.Databases
3.Systems
4.Endpoints
6.Messaging
&
content
5.Applica<on
infrastructure
Policy
defini=on
Enforcement
Monitoring
&
response
Measurement
Network
access
control
Network
Visibility
Wireless
gateway
WLAN
monitoring
Audit
&
risk
management
framework
IPS
Firewall
VPN
Database
encryp<on
Vulnerability
management
Database
monitoring
An<virus
Configura<on
mgmt.
Storage
Security/Cloud
Security
Firewall/Host
IPS
Directory
Applica<on
assessment
An<virus
An<spam
Email
encryp<on
&
filtering
Web
filtering
Enterprise
SSO
An<virus/An<spyware
Endpoint
control
/MDM
Firewall/Host
IPS
Client
encryp<on
Web
SSO
IM
filtering
Digital
inves<ga<on
&
forensics
SIEM
App
encryp<on
Informa<on
leak
protec<on
Enterprise
encryp<on
&
key
management
Digital
rights
management
Iden<ty
&
access
management
/PIM
Strong
authen<ca<on
Database
config.
mgmt.
Applica<on
FW
Real World Customer
§ Defence in Depth industry strategy
contributes to Security Gaps.
§ Average Time from Compromise to
Discovery over 200 Days.
§ Lack of Holistic Approach to Security.
§ Silos, Silos Everywhere.
§ Zero Automation.
§ Applications have to integrate with
the entire stack.
§ Security becomes a Disabler.
§ Dozens of support tickets.
Market Need:
FIXING THE SECURITY GAPS
5. Minding the Security Gaps
§ Simplify Standardize Security templates and workflow visualization.
§ Simplify Agile deployment and Security coordination.
§ Automate protection and leverage value from existing infrastructure.
§ Automate standardized security processes into new business applications.
§ Orchestrate ‘Defend the gaps’ by combining Data Security feeds, devices, behaviours and
Identity Management into access control decisions.
§ Orchestrate threat mitigation through adaptive risk response.
§ IoT/Cloud Ready with web scale and device management.
§ Ultimately.. Transform Security from a defensive obstacle into a competitive advantage.
Market Need:
FIXING THE SECURITY GAPS
7. Establish the Foundation
Necessary Steps
1. Customer focused mind-set
2. Scale, scale, scale
3. Business Alignment
4. SecDevOps
5. Orchestrated Response
6. Continuous Monitoring
8. Love your Customer….Love your Business
Requirements
1. KISSing builds love (Keep it Secure and Simple)
2. Customers build the business
3. Business Led IT
4. Adaptive Authorization
9.
Business Alignment:
UTILIZE EXISTING PROCESSES
Requirements: Policies, Templates, Processes
§ Workflow aligns with pre-defined business processes.
§ Seal the gaps in reaction, coordination and operation.
§ Applications are protected dynamically.
§ Do more with Less: Simplify migrations, patching &
upgrades.
§ Simple to communicate Business Processes.
11. Jenkins
Chef
OrchIS
Applica<on
Access
Applica<on
Development
SecDevOps:
USAGE SCENARIOS
Application Security Definitions
§ SecDevOps – Policy Configuration/
automation with Remediation for
cloud and on-premises security
infrastructure.
§ DevOPS - Build/Deploy
Infrastructure.
§ Continuous Integration - Build
Deploy Application WAR/EAR Files.
Application Development Process
12. Automated Security Configuration
§ Rapid repeatable architecture blueprints
enable setup via automated deployments
in minutes.
§ Flexible UI to design, adapt and implement
security component architectures.
§ Macro Policy Definition at the Application
Tier.
§ Automated Micro Policies for Security
Services.
§ Cross platform policy-writing and auditing.
§ Available for Cloud Apps.
§ Leverages existing infrastructure.
§ Automation Reduces Manpower.
§ Remedy/Service Now Integration.
OrchIS:
AUTOMATED SECURITY FOR APPLICATIONS
13. User
Directory
Policy
Store
Session
Mgmt
PDP
STS
Other
IAM
Infrastructure
MFA
SecDevOps
Applica<on
Services
(API)
Security
Orchestra<on
WORKFLOW
ADAPTIVE
ACCESS
DATA
SECURITY
Integra<on
Layer
(API)
Risk
Response
Audit/Repor<ng
Support
Orchis:
Structure
14. Imperva
WAF
InstantIAM listeners
takes Imperva
notification and maps
user to session then
executes Workflow.
Syntegrity
OrchIS™
AM
System
Orchestrated Response Example
Workflow takes action
on user account:
- Reduce AuthN level
- Disable Account
- Destroy Session
- Audit Records
- Other Options
SQL Injection is
detected by Imperva
and results are
published out via
SYSLOG.
User Access
Application and
inserts SQL injection.
1
2
3
4
16. Simplified Drag and Drop Security Architecture
§ Rapid repeatable architecture blueprints enable setup via automated deployments in minutes.
§ Flexible UI to design, adapt and implement security component architectures.
§ Macro policy definitions based
on data sensitivity and
compliance.
§ Cross platform policy-writing and
auditing.
§ Automation of security policies
and configuration for
applications.
Business win: Simplification and
Automation of Application Security
Simplified Security Architecture
17. Orchestrated Response:
REAL-TIME REACTION TO THREATS
Orchestrated Response Interface
§ Bridge the gaps-holistic security blanket
unifying the existing security estate.
§ Common RESTful API for management of
Users, Sessions, Devices, and Applications.
§ Ultra scale Session Management: in-memory
Data Grid harnessing Big Data Technologies.
§ Adaptive Risk Based Response: limit
transactions based on risk profile of User,
Session, Device, and Application level.
§ Increase ROI of existing Security investments.
18. Orchestrated Response: Scale, Scale, Scale
WEB-SCALE SESSION STORE
WAM is not enough
§ < 40% Applications are protected
§ Cumbersome deployments
§ Expensive Integrations
§ Binary responses
§ Full trust Authorizations
WebScale Session Store
§ Available for all applications
§ 50k TPS/node (Medium AWS instance)
§ Common Session API
§ Stateful and Stateless tokens
§ Risk Inculcated
§ Memory Grid
§ Integrates with existing IAM estate.
19. Users Sessions Devices Apps
Risk
Web-Scale Session Store
§ Web-Scale for B2E or B2C 50,000+tps/node.
§ Multi-dimensional array between users, devices,
sessions and applications with Risk tracking.
§ Workflow based remediation matches the action
with the threat:
§ Reduce Entitlements
§ De-provision Account
§ Step up AuthZ
§ Create ticket, etc.
Orchestrated Response:
Web-Scale SESSION STORE
20. Automated Security Configuration
§ User Access and Behaviour Modelling.
§ Applications Access Monitor with Data Sensitivity Risk.
§ Device/User correlation
and tracking.
§ Audit Capture: location,
duration, application
sensitivity, devices.
Continuous Monitoring
BEYOND TRADITIONAL SECURITY TOOLS
21. OrchIS:
Orchestrated Response WORKFLOWS
IIAM Features:
§ Adaptable security workflow that aligns business processes with security requirements.
§ Adaptive Risk based Response: limit transactions based on risk profile of user, session, device, and
application.
§ Adaptable workflows for
policies, authentication,
authorization and more.
§ Propagates rule-sets to
existing mixed-vendor
security platforms.
22. Orchestrated Response
How to say “No” without saying “No”
§ Adaptive Access Control
§ Step up Authentication
§ PEP redirect
§ Increase Auditing
§ Behavioral Anomalies
§ Workflow Based Authorization
§ Increase Access while reducing Transactional Risk
23. Workflow:
AUTHORIZATION
Correlation of User/Device/Session
§ Seamless Many to Many Mapping
§ Able to instantiate complex business logic
Complex AuthN/AuthZ Policies
§ Zero Day Vulnerability Protection
§ Block all IE 11 access
§ Allow only Android 4.2.2
§ Untrusted Device Validation
§ Send IOS through Multiple levels of Auth
Incorporate Additional Data Elements
§ Service layer API set is mapped to a business
process and (possibly) multiple separate low level
RESTful APIs
§ Customer business processes can be inserted and/or
extend default services
§ Customizable field validation in BPE
24. Simplified Management
§ Enable Businesses and Applications to adapt to changing threat landscape.
§ Provide Best Practice Security Workflows that align with Business Processes and
Regulations/Compliance.
§ Audit capture of location, duration, application, sensitivity, and devices.
Automated Deployment
§ Rapid Deployment based on Data Classification provides foundation for Business Agility.
§ Drag and Drop Assembly of Security Components.
Orchestrated Response
§ Adaptive Access Control provides dynamic policy enforcement.
§ ‘Defend the gaps’ by combining Data Security feeds, devices, behaviours and Identity
Management into the access control decisions.
OrchIS:
ORCHESTRATED INTELLIGENT SECURITY
26. Device Trust:
WHERE?
Device Validation via Network Data
§ IP
§ Geo Location
§ Wi-Fi Networks
§ SIM ID (Signature Based)
§ Serial Number
§ Android ID
§ MAC
§ Network Devices (MDM/Nac)
§ Dozens of other Attributes
27. Nathanael Coffing, CEO / VP Business Development
ncoffing@syntegrity.com | (360) 410-6397
29. Identity as the Core
Core Business Mandate: Increase
Access while Reducing Transactional
Risk
§ In a world of excessive options
personalization becomes everything..
§ Applications require Access
§ Sound Security Platforms
§ Simplify new feature rollout
§ Time to Market
30. Perimeter-less
Federation
Cloud / SaaS
BYOD, Mobility
Employees & Partners
Perimeter
Federation
Employees
Perimeter
Attributes
Context
Stateless
Consumers
Perimeter-less
Federation
Cloud / SaaS
SCALE
Enterprise
IoT
Consumer
SCOPE
IIAM
CAPABILIT
Y
Constrained Expansive
OrchIS:
IDENTITY AT THE CORE
IIAM Features: System Optimization and
Precision
§ Architected for transactions beyond the
perimeter: Cloud, SAAS, BYOD, Mobile.
§ Orchestrated transactional security via Adaptive
Access Response.
§ Web-Scale Session Management scales to the
billions of users, devices, sessions.
§ Capture access and user behaviour heuristics
and enforce security through a fraud prevention
risk engine.
§ Business Coordinated Response handling.
Business win: Identity Solutions capture contextual meta-data
on user’s what/where/when/how.