SlideShare una empresa de Scribd logo

kill-chain-presentation-v3

Descargar como PPTX, PDF
S
Shawn Croswell
1 de 30
Privileged Identity – The Core of the Kill Chain Shawn Croswell, CISSP Senior Security Engineer scroswell@xceedium.com @shawncroswell on Twitter
© Copyright 2015, Xceedium, Inc. 2 Introducing Xceedium Best Overall IT Company Best Privileged Access Management Solution Best Privileged Access Management Solution Gold: Innovations in Cloud Security Silver: Innovations in Privileged Identity Management  Leading Privileged Identity Management solution for hybrid enterprises  Global Fortune 1000 and US government customer base  Headquartered in Herndon, VA  Flagship Product - Xsuite® February 2015
 High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed Symantec Internet Security Threat Report 2014 © Copyright 2015, Xceedium, Inc. 3 2013 – Year of the Mega Breach 62% Increase in Breaches (YoY) 552 Million Identities Compromised February 2015
 High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed February 2015 © Copyright 2015, Xceedium, Inc. 4 2013 – Year of the Mega Breach 40% Population of South Korea had personal data exposed 150 Million Records compromised in a single breach (Adobe)
95% Percent of all attacks on enterprise networks are a result of spearfishing attempts Percent of scanned public websites contained a vulnerabilities that could be exploited 77%  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed SANS/Symantec © Copyright 2015, Xceedium, Inc. 5 2013 – Year of the Mega Breach February 2015
 3 of top 10 breaches of all time  Home Depot - 56 million credit cards stolen ($4.3 billion loss in market cap) • Compromised privileged credentials used to deploy custom malware on self-checkout systems  CodeSpaces - forced out of business • Privileged credential breach of AWS account  Sony Pictures –pulled movie release • Unprecedented waterfall effect 6 2014 – High Profile Breaches Accelerate © Copyright 2015, Xceedium, Inc.February 2015
The Common Thread? “Stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all advanced attacks, regardless of attack origin.”
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 10+ Years of Global Breach • * Source- February 2015 © Copyright 2015, Xceedium, Inc. Adobe 152,000,000 AOL 2,400,000 JP Morgan Chase 76,000,000 Community Health Services Gmail Sony AOL 92,000,000 Ebay 145,000,000 Home Depot 56,000,000 Mozilla Japan Airlines Target 70,000,000 Staple sUPS Evernote 50,000,000 NASDAQ Niemen Marcus Korea Credit Bureau European Central Bank Telcom Telcom Telcom Telcom Telcom TelcomTelcom Telcom Telcom Telcom Telcom Telcom Telcom Living Social 50,000,000 Massive American Business Hack 160,000,000 Sony PSN 77,000,000 UbiSoft Ubuntu Telcom Court Ventures 200,000,000 Zappos 24,000,000 Compass Bank Citigroup TJ Maxx 94,000,000 VA 26,500,000 Monster.com KDDI Fidelity Bank US Military 76,000,000 AOL 20,000,000 Card systems Solutions AT&T Telcom Telcom Jefferson County Telcom Telcom Apple Telcom NHS VA Dept Health Telcom US Nat Guard Telcom Telcom Heartland 130,000,000 RockYou! 32,000,000 Telcom CheckFree Telcom US Military Telcom Telcom AT&T JP Morgan Telcom Telcom Telcom Telcom Anthem 80,000,000
Hacker Malware/APT © Copyright 2013, Xceedium, Inc. 9 What is Privileged Access? On Premise Employees/Partners • Systems Admins • Network Admins • DB Admins • Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/A pplication Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator Internet
© Copyright 2015, Xceedium, Inc. 10 Who are Privileged Users? Ponemon Institute, June 2014 February 2015
11 Existing Security Layers Have Been Breached Melissa, Code Red, etc. Mvdoom, Bagle, DM5, etc. Zeus, Aurora, Conflicker, etc. Stuxnet, GitHub, NSA, etc. “Over 90% of enterprises today have already been breached with active malware networks running” -- Ponemon Institute 2013 Annual Worldwide IT Security Spend – Gartner 2014 $28 Billion February 2015 © Copyright 2015, Xceedium, Inc.
Privilege: Core of the Breach Kill Chain Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access • Weak Authentication/Default Passwords • Stolen/Compromised Credentials • Poor Password/Key Management • Shared Accounts/Lack of Attribution • Authentication = Access Control • No Limits on Lateral Movement • No Limits on Commands • Lack of Monitoring/Analysis February 2015
February 2015 © Copyright 2015, Xceedium, Inc. 13 KPMG Corroborates Breach Stats
Component Customers that Reported using this Security Measure Breach Rate Firewall 212 100% IDS/IPS 119 100% Web proxy 138 100% Network anti-virus 75 100% Endpoint AV 169 100% Other anti-malware 33 100% February 2015 © Copyright 2015, Xceedium, Inc. 14 As Does FireEye Over 1,200 trial deployments and 6 months of data show: Mandiant/FireEye, 2014
 If breach is the rule, not the exception  And privileged identity is at the core of the breach kill chain  Then privileged identity needs to be an enterprise’s most protected asset 15 PIM – A New Security Imperative We need a new security layer! February 2015 © Copyright 2015, Xceedium, Inc.
Break The Kill Chain: Strong Authentication Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Strong Authentication • AD/LDAP Integration • Multifactor Hardware/Software • PIV/CAC Card Support • SAML • Login Restriction • Origin IP • Time of Day © Copyright 2015, Xceedium, Inc. 16February 2015
Break The Kill Chain: Prevent Unauthorized Access Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Zero Trust – Deny All, Permit by Exception • Role-Based Privileged User Access Limits • Privileged User Single Sign on • Command Filtering • Leapfrog Prevention • Proactive Policy Violation Prevention © Copyright 2015, Xceedium, Inc. 17February 2015
Break The Kill Chain: Improve Forensics, Deter Violations Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Continuous monitoring and logging • Warnings, Session Termination, Alerts • DVR-like recording and playback of sessions • Activity Log Reporting • Privileged Account Use Attribution • SIEM/SYSLOG Analytics © Copyright 2015, Xceedium, Inc. 18February 2015
Vault & Manage Credentials Attribute Identity for Shared Accounts (e.g., Root/Admin) Always Record Sessions and Metadata Continuously Monitor and Enforce Policy Federate Identity and Attributes Activity (SSO) Restrict Access to Authorized Systems Positively Authenticate Users 19 Xsuite In Action © Copyright 2015, Xceedium, Inc.February 2015
February 2015 © Copyright 2015, Xceedium, Inc. 20 Don’t Mistake Compliance for Security The Target Timeline
February 2015 © Copyright 2015, Xceedium, Inc. 21 Mandiant Recommends PIM for PCI DSS 3.0 Mandiant 2014 Threat Report
 Continuous Diagnostics and Mitigation (CDM) • $6 Billion BPA for IT security • Phase 2 requires PIM  NIST 800-53r4  FedRAMP v2 February 2015 © Copyright 2015, Xceedium, Inc. 22 US FedGov Requires PIM
February 2015 © Copyright 2015, Xceedium, Inc. 23 Forrester – PIM Requirements for Cloud
February 2015 © Copyright 2015, Xceedium, Inc. 24 Gartner – PIM Requirements for Cloud
February 2015 © Copyright 2015, Xceedium, Inc. 25 Gartner – PIM Requirements for Virtualization
© Copyright 2015, Xceedium, Inc. 26 Privileged Identity Management A Necessary New Security Layer February 2015 Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
© Copyright 2015, Xceedium, Inc. 27 Privileged Identity Management A Necessary New Security Layer February 2015 Enterprise Management Plane • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Privileged Accounts and Credentials Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
Next Generation Privileged Identity Management Introducing Xsuite® New Enterprise Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Identity Integration Enterprise-Class Core Hardware Appliance AWS AMIOVF Virtual Appliance Unified Policy Management © Copyright 2015, Xceedium, Inc. 28February 2015
 Privileged identity must be a highly protected core asset (process & technology)  A Zero-Trust model should be adopted for all privileged access (including applications); Some process re-engineering is a reasonable trade-off for the additional security and risk mitigation  Next generation PIM platforms will make this more manageable, but defense in depth is still required  Organizations need to employ Protection, Detection, and Response Frameworks specifically focused on Privileged Identities (and associated keys) that span the new Hybrid Enterprise Best Practices for PIM February 2015 © Copyright 2015, Xceedium, Inc. 29
2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-636-5803 Contact Us linkedin.com/company/xceedium @Xceedium info@xceedium.com facebook.com/xceedium

Recomendados

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 

Recomendados

Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
DNIF
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
CA Technologies
 

Más contenido relacionado

La actualidad más candente

Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
Anne Oikarinen
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 

La actualidad más candente (20)

Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 

Similar a kill-chain-presentation-v3

Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
Mark Interrante
 
Presentation security build for v mware
Presentation security build for v mwarePresentation security build for v mware
Presentation security build for v mware
solarisyourep
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 

Similar a kill-chain-presentation-v3 (20)

Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
Security Opening Keynote Address: Security Drives DIGITAL TRANSFORMATION in...
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
 
Retail Week: Cloud Security
Retail Week: Cloud SecurityRetail Week: Cloud Security
Retail Week: Cloud Security
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startups
 
Presentation security build for v mware
Presentation security build for v mwarePresentation security build for v mware
Presentation security build for v mware
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 

kill-chain-presentation-v3

  • 1. Privileged Identity – The Core of the Kill Chain Shawn Croswell, CISSP Senior Security Engineer scroswell@xceedium.com @shawncroswell on Twitter
  • 2. © Copyright 2015, Xceedium, Inc. 2 Introducing Xceedium Best Overall IT Company Best Privileged Access Management Solution Best Privileged Access Management Solution Gold: Innovations in Cloud Security Silver: Innovations in Privileged Identity Management  Leading Privileged Identity Management solution for hybrid enterprises  Global Fortune 1000 and US government customer base  Headquartered in Herndon, VA  Flagship Product - Xsuite® February 2015
  • 3.  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed Symantec Internet Security Threat Report 2014 © Copyright 2015, Xceedium, Inc. 3 2013 – Year of the Mega Breach 62% Increase in Breaches (YoY) 552 Million Identities Compromised February 2015
  • 4.  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed February 2015 © Copyright 2015, Xceedium, Inc. 4 2013 – Year of the Mega Breach 40% Population of South Korea had personal data exposed 150 Million Records compromised in a single breach (Adobe)
  • 5. 95% Percent of all attacks on enterprise networks are a result of spearfishing attempts Percent of scanned public websites contained a vulnerabilities that could be exploited 77%  High profile breaches spanned the globe • Target, Adobe, Facebook, LinkedIn, Groupon Taiwan, LivingSocial, Evernote, Supervalu, …  Target was the poster child • 40 million credit cards stolen • $4 billion loss in market cap • 46% loss in 4Q profits • CEO, 7 board directors removed SANS/Symantec © Copyright 2015, Xceedium, Inc. 5 2013 – Year of the Mega Breach February 2015
  • 6.  3 of top 10 breaches of all time  Home Depot - 56 million credit cards stolen ($4.3 billion loss in market cap) • Compromised privileged credentials used to deploy custom malware on self-checkout systems  CodeSpaces - forced out of business • Privileged credential breach of AWS account  Sony Pictures –pulled movie release • Unprecedented waterfall effect 6 2014 – High Profile Breaches Accelerate © Copyright 2015, Xceedium, Inc.February 2015
  • 7. The Common Thread? “Stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all advanced attacks, regardless of attack origin.”
  • 8. 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 10+ Years of Global Breach • * Source- February 2015 © Copyright 2015, Xceedium, Inc. Adobe 152,000,000 AOL 2,400,000 JP Morgan Chase 76,000,000 Community Health Services Gmail Sony AOL 92,000,000 Ebay 145,000,000 Home Depot 56,000,000 Mozilla Japan Airlines Target 70,000,000 Staple sUPS Evernote 50,000,000 NASDAQ Niemen Marcus Korea Credit Bureau European Central Bank Telcom Telcom Telcom Telcom Telcom TelcomTelcom Telcom Telcom Telcom Telcom Telcom Telcom Living Social 50,000,000 Massive American Business Hack 160,000,000 Sony PSN 77,000,000 UbiSoft Ubuntu Telcom Court Ventures 200,000,000 Zappos 24,000,000 Compass Bank Citigroup TJ Maxx 94,000,000 VA 26,500,000 Monster.com KDDI Fidelity Bank US Military 76,000,000 AOL 20,000,000 Card systems Solutions AT&T Telcom Telcom Jefferson County Telcom Telcom Apple Telcom NHS VA Dept Health Telcom US Nat Guard Telcom Telcom Heartland 130,000,000 RockYou! 32,000,000 Telcom CheckFree Telcom US Military Telcom Telcom AT&T JP Morgan Telcom Telcom Telcom Telcom Anthem 80,000,000
  • 9. Hacker Malware/APT © Copyright 2013, Xceedium, Inc. 9 What is Privileged Access? On Premise Employees/Partners • Systems Admins • Network Admins • DB Admins • Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/A pplication Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator Internet
  • 10. © Copyright 2015, Xceedium, Inc. 10 Who are Privileged Users? Ponemon Institute, June 2014 February 2015
  • 11. 11 Existing Security Layers Have Been Breached Melissa, Code Red, etc. Mvdoom, Bagle, DM5, etc. Zeus, Aurora, Conflicker, etc. Stuxnet, GitHub, NSA, etc. “Over 90% of enterprises today have already been breached with active malware networks running” -- Ponemon Institute 2013 Annual Worldwide IT Security Spend – Gartner 2014 $28 Billion February 2015 © Copyright 2015, Xceedium, Inc.
  • 12. Privilege: Core of the Breach Kill Chain Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access • Weak Authentication/Default Passwords • Stolen/Compromised Credentials • Poor Password/Key Management • Shared Accounts/Lack of Attribution • Authentication = Access Control • No Limits on Lateral Movement • No Limits on Commands • Lack of Monitoring/Analysis February 2015
  • 13. February 2015 © Copyright 2015, Xceedium, Inc. 13 KPMG Corroborates Breach Stats
  • 14. Component Customers that Reported using this Security Measure Breach Rate Firewall 212 100% IDS/IPS 119 100% Web proxy 138 100% Network anti-virus 75 100% Endpoint AV 169 100% Other anti-malware 33 100% February 2015 © Copyright 2015, Xceedium, Inc. 14 As Does FireEye Over 1,200 trial deployments and 6 months of data show: Mandiant/FireEye, 2014
  • 15.  If breach is the rule, not the exception  And privileged identity is at the core of the breach kill chain  Then privileged identity needs to be an enterprise’s most protected asset 15 PIM – A New Security Imperative We need a new security layer! February 2015 © Copyright 2015, Xceedium, Inc.
  • 16. Break The Kill Chain: Strong Authentication Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Strong Authentication • AD/LDAP Integration • Multifactor Hardware/Software • PIV/CAC Card Support • SAML • Login Restriction • Origin IP • Time of Day © Copyright 2015, Xceedium, Inc. 16February 2015
  • 17. Break The Kill Chain: Prevent Unauthorized Access Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Zero Trust – Deny All, Permit by Exception • Role-Based Privileged User Access Limits • Privileged User Single Sign on • Command Filtering • Leapfrog Prevention • Proactive Policy Violation Prevention © Copyright 2015, Xceedium, Inc. 17February 2015
  • 18. Break The Kill Chain: Improve Forensics, Deter Violations Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Continuous monitoring and logging • Warnings, Session Termination, Alerts • DVR-like recording and playback of sessions • Activity Log Reporting • Privileged Account Use Attribution • SIEM/SYSLOG Analytics © Copyright 2015, Xceedium, Inc. 18February 2015
  • 19. Vault & Manage Credentials Attribute Identity for Shared Accounts (e.g., Root/Admin) Always Record Sessions and Metadata Continuously Monitor and Enforce Policy Federate Identity and Attributes Activity (SSO) Restrict Access to Authorized Systems Positively Authenticate Users 19 Xsuite In Action © Copyright 2015, Xceedium, Inc.February 2015
  • 20. February 2015 © Copyright 2015, Xceedium, Inc. 20 Don’t Mistake Compliance for Security The Target Timeline
  • 21. February 2015 © Copyright 2015, Xceedium, Inc. 21 Mandiant Recommends PIM for PCI DSS 3.0 Mandiant 2014 Threat Report
  • 22.  Continuous Diagnostics and Mitigation (CDM) • $6 Billion BPA for IT security • Phase 2 requires PIM  NIST 800-53r4  FedRAMP v2 February 2015 © Copyright 2015, Xceedium, Inc. 22 US FedGov Requires PIM
  • 23. February 2015 © Copyright 2015, Xceedium, Inc. 23 Forrester – PIM Requirements for Cloud
  • 24. February 2015 © Copyright 2015, Xceedium, Inc. 24 Gartner – PIM Requirements for Cloud
  • 25. February 2015 © Copyright 2015, Xceedium, Inc. 25 Gartner – PIM Requirements for Virtualization
  • 26. © Copyright 2015, Xceedium, Inc. 26 Privileged Identity Management A Necessary New Security Layer February 2015 Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
  • 27. © Copyright 2015, Xceedium, Inc. 27 Privileged Identity Management A Necessary New Security Layer February 2015 Enterprise Management Plane • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Privileged Accounts and Credentials Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Hybrid Enterprise
  • 28. Next Generation Privileged Identity Management Introducing Xsuite® New Enterprise Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools • Vault Credentials • Centralized Authentication • Federated Identity • Privileged Single Sign-on • Role-Based Access Control • Monitor & Enforce Policy • Record Sessions and Metadata • Full Attribution A New Security Layer - Control and Audit All Privileged Access Identity Integration Enterprise-Class Core Hardware Appliance AWS AMIOVF Virtual Appliance Unified Policy Management © Copyright 2015, Xceedium, Inc. 28February 2015
  • 29.  Privileged identity must be a highly protected core asset (process & technology)  A Zero-Trust model should be adopted for all privileged access (including applications); Some process re-engineering is a reasonable trade-off for the additional security and risk mitigation  Next generation PIM platforms will make this more manageable, but defense in depth is still required  Organizations need to employ Protection, Detection, and Response Frameworks specifically focused on Privileged Identities (and associated keys) that span the new Hybrid Enterprise Best Practices for PIM February 2015 © Copyright 2015, Xceedium, Inc. 29
  • 30. 2214 Rock Hill Road, Suite 100 Herndon, VA 20170 Phone: 866-636-5803 Contact Us linkedin.com/company/xceedium @Xceedium info@xceedium.com facebook.com/xceedium