SlideShare a Scribd company logo

ObserveIT Webinar: Privileged Identity Management

Download as PPTX, PDF
ObserveIT
ObserveIT

A look into the Insider Threat Landscape: Privileged Users, Third-Parties & Employees.

Software
1 of 19
Privilege Identity Management 08.27.15 Asurion_Confidential
2Asurion_Confidential Asurion IAM Introduction of PIM Why PIM at Asurion The Past The Present The Future Agenda
3Asurion_Confidential What is Identity and Access Management (IAM) at Asurion? Identity Management: The systems and processes of managing enterprise digital identities. This includes automated user and entitlement provisioning and management, as well as the oversight process around user rights and entitlements including automated attestation. Authentication Management: The systems and processes of managing authentication of both internal and external identities and resources. This includes processes to audit and report on such authentications. Directory Management: The systems and processes to store digital identities. This includes mainly LDAP stores and the strategy and schema of such stores. PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Asurion IAM
4Asurion_Confidential What is Privilege Identity Management (PIM)? Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts. Managing the password of and who uses any account that has elevated rights on any system. Where the accounts are used Who has access to the account information Creation of the accounts Automated password rotations Auditing of what the accounts do. What is PIM?
5Asurion_Confidential Why did Asurion deploy a PIM program? IAM Program started in April 2014 but did not focus on anything but bellybuttons Need to focus on Properly Managed Accounts: The account complies with our password policy The account is not used for anything other than intended purpose The account can only be used by those authorized to do so The account is monitored for compliance PIM and Asurion
6Asurion_Confidential What Asurion looked like before PIM: AD contacts Sticky notes Excel spreadsheets Onboarding documentation Wiki and SharePoint Not updated always Everyone knew passwords Passwords never changed The Past
7Asurion_Confidential What Asurion looks like today: Secure Password Vault Auditing of check in/out The Present
8Asurion_Confidential Where is Asurion headed: Local Admin Accounts Appliance and HW Accounts Directory Service Accounts Programmatic Account Retrieval Session Management The Future
9Asurion_Confidential What have we learned so far: Need to focus on PIM separately Scope, keep it simple Need to understand where accounts are used Organization is key Baby steps Potential to break everything Lessons Learned
Asurion_Confidential PRIVILEGE IDENTITY MANAGEMENT 08.27.15 Matt Chambers Principal, IAM matt.chambers@asurion.com Thank you.
WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats
INSIDER THREAT LANDSCAPE THIRD-PARTIES PRIVILEGED USERS EMPLOYEES
CHALLENGE WITH ADDRESSING INSIDER THREATS “It’s Hard to Distinguish Abuse from Legitimate Use” 3 out of 4 InfoSec professionals say 260,000+ members
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT Collect DetectRespond • User Behavior Analytics • Activity Alerting • User Risk Scoring • Visual User Recording • Application Marking • User Activity Logs • Live Session Replay • Interact With Users • Shutdown Sessions UNDERSTAND FIELD-LEVEL APPLICATION USAGE DETECT DATA MISUSE AND APPLICATION ABUSE INVESTIGATE RISKY USER BEHAVIOR AND INTENT USERS
Audit and Compliance Employees ________________________ Data Extraction and Fraud Application Access, Call Centers, and Watchlists Third-parties ________________________ IP Theft and Service Availability Contractors, Remote Vendors, Outsourced IT Privileged Users ________________________ Access Abuse and Data Privacy Help Desk, DBAs, HPAs, SoD and Sys Admins COMPLETE COVERAGE WITH OBSERVEIT Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access to Sensitive systems
PRIVILEGED USER INTELLIGENCE UNIX / LINUX Windows DBAs Network Help Desk Programmers WireShark PuTTY Toad RDPWinSCP Reg EditorCMD PowerShell DR JavaSSH Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts AD SQL PLUS
CUSTOMER EXAMPLES Monitoring Privileged Access PCI  Monitoring internal privileged users with access to PCI systems  Detect unauthorized configuration changes  Meeting internal and external audit Monitoring Privileged Users for PCI/SOX  Monitoring privileged users with access to over 60 PCI/SOX applications  Real-time monitoring of unauthorized account creation and firewall changes  Integrated with Lieberman Password Vault and Avatier identity provisioning
THANK YOU

Recommended

Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 

Recommended

Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
David Mai, MBA
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
Quick Heal Technologies Ltd.
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
Evolveum
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
Gord Reynolds
 

More Related Content

What's hot

How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 

What's hot (19)

How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 

Similar to ObserveIT Webinar: Privileged Identity Management

20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
ijtsrd
 

Similar to ObserveIT Webinar: Privileged Identity Management (20)

Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
 
USING BEHAVIOR TO IMPROVE SECURITY AND ENHANCE RELATIONSHIPS
USING BEHAVIOR TO IMPROVE SECURITY AND ENHANCE RELATIONSHIPSUSING BEHAVIOR TO IMPROVE SECURITY AND ENHANCE RELATIONSHIPS
USING BEHAVIOR TO IMPROVE SECURITY AND ENHANCE RELATIONSHIPS
 
Get your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPRGet your Enterprise Ready for GDPR
Get your Enterprise Ready for GDPR
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Dynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAPDynamics - Administre sus usuarios, roles y perfiles en SAP
Dynamics - Administre sus usuarios, roles y perfiles en SAP
 
Build Your Career With Sailpoint Training.pdf
Build Your Career With Sailpoint Training.pdfBuild Your Career With Sailpoint Training.pdf
Build Your Career With Sailpoint Training.pdf
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
How to Plan an Effective IAM Strategy
How to Plan an Effective IAM StrategyHow to Plan an Effective IAM Strategy
How to Plan an Effective IAM Strategy
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity Management
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
Sailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptxSailpoint Identity IQ Online Training.pptx
Sailpoint Identity IQ Online Training.pptx
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 

More from ObserveIT

Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
ObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
ObserveIT
 

More from ObserveIT (20)

Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release Highlights
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz Webinar
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveIT
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection Webinar
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App Security
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your Servers
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
 
Case Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at PelephoneCase Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at Pelephone
 

Recently uploaded

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 

Recently uploaded (20)

Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 

ObserveIT Webinar: Privileged Identity Management

  • 2. 2Asurion_Confidential Asurion IAM Introduction of PIM Why PIM at Asurion The Past The Present The Future Agenda
  • 3. 3Asurion_Confidential What is Identity and Access Management (IAM) at Asurion? Identity Management: The systems and processes of managing enterprise digital identities. This includes automated user and entitlement provisioning and management, as well as the oversight process around user rights and entitlements including automated attestation. Authentication Management: The systems and processes of managing authentication of both internal and external identities and resources. This includes processes to audit and report on such authentications. Directory Management: The systems and processes to store digital identities. This includes mainly LDAP stores and the strategy and schema of such stores. PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Asurion IAM
  • 4. 4Asurion_Confidential What is Privilege Identity Management (PIM)? Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts. Managing the password of and who uses any account that has elevated rights on any system. Where the accounts are used Who has access to the account information Creation of the accounts Automated password rotations Auditing of what the accounts do. What is PIM?
  • 5. 5Asurion_Confidential Why did Asurion deploy a PIM program? IAM Program started in April 2014 but did not focus on anything but bellybuttons Need to focus on Properly Managed Accounts: The account complies with our password policy The account is not used for anything other than intended purpose The account can only be used by those authorized to do so The account is monitored for compliance PIM and Asurion
  • 6. 6Asurion_Confidential What Asurion looked like before PIM: AD contacts Sticky notes Excel spreadsheets Onboarding documentation Wiki and SharePoint Not updated always Everyone knew passwords Passwords never changed The Past
  • 7. 7Asurion_Confidential What Asurion looks like today: Secure Password Vault Auditing of check in/out The Present
  • 8. 8Asurion_Confidential Where is Asurion headed: Local Admin Accounts Appliance and HW Accounts Directory Service Accounts Programmatic Account Retrieval Session Management The Future
  • 9. 9Asurion_Confidential What have we learned so far: Need to focus on PIM separately Scope, keep it simple Need to understand where accounts are used Organization is key Baby steps Potential to break everything Lessons Learned
  • 10. Asurion_Confidential PRIVILEGE IDENTITY MANAGEMENT 08.27.15 Matt Chambers Principal, IAM matt.chambers@asurion.com Thank you.
  • 11. WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats
  • 13. CHALLENGE WITH ADDRESSING INSIDER THREATS “It’s Hard to Distinguish Abuse from Legitimate Use” 3 out of 4 InfoSec professionals say 260,000+ members
  • 14. INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
  • 15. INSIDER THREAT INTELLIGENCE WITH OBSERVEIT Collect DetectRespond • User Behavior Analytics • Activity Alerting • User Risk Scoring • Visual User Recording • Application Marking • User Activity Logs • Live Session Replay • Interact With Users • Shutdown Sessions UNDERSTAND FIELD-LEVEL APPLICATION USAGE DETECT DATA MISUSE AND APPLICATION ABUSE INVESTIGATE RISKY USER BEHAVIOR AND INTENT USERS
  • 16. Audit and Compliance Employees ________________________ Data Extraction and Fraud Application Access, Call Centers, and Watchlists Third-parties ________________________ IP Theft and Service Availability Contractors, Remote Vendors, Outsourced IT Privileged Users ________________________ Access Abuse and Data Privacy Help Desk, DBAs, HPAs, SoD and Sys Admins COMPLETE COVERAGE WITH OBSERVEIT Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access to Sensitive systems
  • 17. PRIVILEGED USER INTELLIGENCE UNIX / LINUX Windows DBAs Network Help Desk Programmers WireShark PuTTY Toad RDPWinSCP Reg EditorCMD PowerShell DR JavaSSH Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts AD SQL PLUS
  • 18. CUSTOMER EXAMPLES Monitoring Privileged Access PCI  Monitoring internal privileged users with access to PCI systems  Detect unauthorized configuration changes  Meeting internal and external audit Monitoring Privileged Users for PCI/SOX  Monitoring privileged users with access to over 60 PCI/SOX applications  Real-time monitoring of unauthorized account creation and firewall changes  Integrated with Lieberman Password Vault and Avatier identity provisioning

Editor's Notes

  1. We have over invested in Firewalls, A/V, DLP…. And yet, we still only have half the picture, we don’t understand what it is our users are actually doing.
  2. And this is the challenge we have with Insider Threat – we don’t know what are users do with the access they have, and we Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
  3. With 6.0 we add Insider Threat Intelligence to our User Activity Monitoring Solution to Cover the full scope of insider threat.
  4. Let’s talk about Insider Threat Intelligence with ObserveIT and what makes us so special and different. First, we are focused, from the group up, on the USER – and Insider Threats are at their core a People Problem. This approach allows provides a clear picture of the risk users present and enable you to do something about it. Our Insider Threat Intelligence takes a 3-step approach to protecting companies against Insider Threats. We collect all user activity leveraging our agent technology and provide essentially screen scrapes all activity and index the textual information on the screen. This includes “Collecting” the information need to distinguish abuse from legitimate use via Visual Screen Recording Technology, and transcribe what’s taking place into User Activity Logs. Next, we have unique capabilities to detect risky insider activity with rule-based User Behavior Analytics, and Activity Alerting. Finally, we can take action and quickly respond to users putting your business at risk with Live Session Response and Session Shutdown.
  5. We apply our Insider Threat Intelligence across the full scope of Insider Threats: Employees, Privileged users and even trusted third-parties. When dealing with Employees most customers are concerned data extraction and fraudulent activity within core applications. The use case can range from monitoring call center employees to individuals on HR Watch-lists. With Privileged Users, we see customer looking to see if users are abusing their access or concerned about data leakage. It can range from Help Desk user to DBAs to enforcing Segregation of Duties. We also see a lot of customers looking to track all High Privilege Accounts like system admins on all their servers. Third-parties is a big one and where our roots tie back too. Most customers are monitoring third-parties to trust, but verify their work and make sure IP isn’t leaving with them or that they aren’t bring down any servers. We see customers monitoring Contractors, Remote Vendors to Completely Outsourced IT shops. Underpinning all of these groups is Audit and Compliance – whether it’s to satisfy Audit controls or map to a Security Framework.
  6. Exchange Admins!! Today we see a lot of customers handing out root privileges like after-dinner mints. And when it comes to Privileged user monitoring, customer are concerned with unauthorized changes or access, admins abusing their privileges or what users are doing with local accounts. Unauthorized Changes Entitlement changes Creation of Local Accounts Password resets Abusing Privileges Admin / “Root” logins Lateral Movement ‘rm’ ‘cp’ with ‘sudo’ Creating “backdoors” ‘leapfrog’ logins Unnecessary Access Unauthorized access Unsecure ‘shell’ Unapproved ‘setuid’
  7. “ObserveIT provides unparalleled visibility into what our privileged users are doing within our sensitive systems” – Michael Holder, Global Head of IAM