Submit Search
Upload
Privileged accesss management for den csa user group CA Technologies
•
Download as PPTX, PDF
•
1 like
•
409 views
T
Trish McGinity, CCSK
Follow
Privileged accesss management for den csa user group CA Technologies
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 30
Download now
Recommended
Privleged Access Management
Privleged Access Management
Lance Peterman
Privileged identity management
Privileged identity management
Nis
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
Privileged Access Management - 2016
Privileged Access Management - 2016
Lance Peterman
Secure Management of Privileged Passwords
Secure Management of Privileged Passwords
Hitachi ID Systems, Inc.
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
Ryan Gallavin
CyberArk
CyberArk
Jimmy Sze
Responsible User Empowerment: Enabling Privileged Access Management
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
Recommended
Privleged Access Management
Privleged Access Management
Lance Peterman
Privileged identity management
Privileged identity management
Nis
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
Privileged Access Management - 2016
Privileged Access Management - 2016
Lance Peterman
Secure Management of Privileged Passwords
Secure Management of Privileged Passwords
Hitachi ID Systems, Inc.
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
Ryan Gallavin
CyberArk
CyberArk
Jimmy Sze
Responsible User Empowerment: Enabling Privileged Access Management
Responsible User Empowerment: Enabling Privileged Access Management
Enterprise Management Associates
The Essentials | Privileged Access Management
The Essentials | Privileged Access Management
Ryan Gallavin
Managing privileged account security
Managing privileged account security
Raleigh ISSA
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
How to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile Environments
danb02
Privileged Access Manager POC Guidelines
Privileged Access Manager POC Guidelines
Hitachi ID Systems, Inc.
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
CA Technologies
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
cisoplatform
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
BeyondTrust
Rsa archer training
Rsa archer training
Global Online Trainings
The 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access Management
banerjeea
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
Aujas
SAP Identity Management Overview
SAP Identity Management Overview
SAP Technology
Iraje brochure v17 master
Iraje brochure v17 master
Mechsoft Technologies LLC
Tech Talk: Privileged Account Management Maturity Model
Tech Talk: Privileged Account Management Maturity Model
CA Technologies
Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
The Path to IAM Maturity
The Path to IAM Maturity
Jerod Brennen
The Future of Enterprise Identity Management
The Future of Enterprise Identity Management
OneLogin
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Imperva
kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
More Related Content
What's hot
The Essentials | Privileged Access Management
The Essentials | Privileged Access Management
Ryan Gallavin
Managing privileged account security
Managing privileged account security
Raleigh ISSA
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Erni Susanti
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
How to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile Environments
danb02
Privileged Access Manager POC Guidelines
Privileged Access Manager POC Guidelines
Hitachi ID Systems, Inc.
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
CA Technologies
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
cisoplatform
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
BeyondTrust
Rsa archer training
Rsa archer training
Global Online Trainings
The 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access Management
banerjeea
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
Aujas
SAP Identity Management Overview
SAP Identity Management Overview
SAP Technology
Iraje brochure v17 master
Iraje brochure v17 master
Mechsoft Technologies LLC
Tech Talk: Privileged Account Management Maturity Model
Tech Talk: Privileged Account Management Maturity Model
CA Technologies
Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
The Path to IAM Maturity
The Path to IAM Maturity
Jerod Brennen
The Future of Enterprise Identity Management
The Future of Enterprise Identity Management
OneLogin
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Imperva
What's hot
(20)
The Essentials | Privileged Access Management
The Essentials | Privileged Access Management
Managing privileged account security
Managing privileged account security
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber Ark
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
How to Build Security and Risk Management into Agile Environments
How to Build Security and Risk Management into Agile Environments
Privileged Access Manager POC Guidelines
Privileged Access Manager POC Guidelines
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Tech Talk: Defense In Depth Privileged Access Management for Hybrid Enterprises
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
Rsa archer training
Rsa archer training
The 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access Management
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
SAP Identity Management Overview
SAP Identity Management Overview
Iraje brochure v17 master
Iraje brochure v17 master
Tech Talk: Privileged Account Management Maturity Model
Tech Talk: Privileged Account Management Maturity Model
Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
The Path to IAM Maturity
The Path to IAM Maturity
The Future of Enterprise Identity Management
The Future of Enterprise Identity Management
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Viewers also liked
kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud
Virginia Mushkatblat
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Splunk
Business Redefined – Managing Information Explosion, Data Quality and Compliance
Business Redefined – Managing Information Explosion, Data Quality and Compliance
Capgemini
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
Informatica Cloud Winter 2016 Release Webinar
Informatica Cloud Winter 2016 Release Webinar
Informatica Cloud
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
Yolanta Beresna
Informatica Cloud Summer 2016 Release Webinar Slides
Informatica Cloud Summer 2016 Release Webinar Slides
Informatica Cloud
Informatica Products and Usage
Informatica Products and Usage
BigClasses Com
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
Amazon Web Services
Viewers also liked
(12)
kill-chain-presentation-v3
kill-chain-presentation-v3
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Business Redefined – Managing Information Explosion, Data Quality and Compliance
Business Redefined – Managing Information Explosion, Data Quality and Compliance
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Informatica Cloud Winter 2016 Release Webinar
Informatica Cloud Winter 2016 Release Webinar
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
Informatica Cloud Summer 2016 Release Webinar Slides
Informatica Cloud Summer 2016 Release Webinar Slides
Informatica Products and Usage
Informatica Products and Usage
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
Similar to Privileged accesss management for den csa user group CA Technologies
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
apidays
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
Imperva
Msp deck v1.0
Msp deck v1.0
AccelOps
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
CA Technologies
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
Imperva
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...
CA Technologies
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Symantec Brasil
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
CA Technologies
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
manoharparakh
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
manoharparakh
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
EMC
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
Similar to Privileged accesss management for den csa user group CA Technologies
(20)
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
Msp deck v1.0
Msp deck v1.0
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
Privileged Access Management (PAM)
Privileged Access Management (PAM)
Simplified Identity Management and Governance from One UI — The CA Identity S...
Simplified Identity Management and Governance from One UI — The CA Identity S...
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
More from Trish McGinity, CCSK
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
Privacy 101
Privacy 101
Trish McGinity, CCSK
Cloud Seeding
Cloud Seeding
Trish McGinity, CCSK
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
Trish McGinity, CCSK
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
Trish McGinity, CCSK
GDPR Overview
GDPR Overview
Trish McGinity, CCSK
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
Trish McGinity, CCSK
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
Trish McGinity, CCSK
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
Trish McGinity, CCSK
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Trish McGinity, CCSK
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
Trish McGinity, CCSK
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
Trish McGinity, CCSK
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
Ed Rios - New ncc brief
Ed Rios - New ncc brief
Trish McGinity, CCSK
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Trish McGinity, CCSK
Davitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Trish McGinity, CCSK
More from Trish McGinity, CCSK
(16)
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Privacy 101
Privacy 101
Cloud Seeding
Cloud Seeding
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
GDPR Overview
GDPR Overview
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Ed Rios - New ncc brief
Ed Rios - New ncc brief
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Davitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Recently uploaded
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Recently uploaded
(20)
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Privileged accesss management for den csa user group CA Technologies
1.
Privileged Access Management Breaking
The Kill Chain Tabish Tanzeem, CISSP Sr. Principal Consultant November 2016
2.
2 © 2015
CA. ALL RIGHTS RESERVED. Agenda STATISTICS AND INCIDENTS WHAT ARE PRIVILEGED USERS? WHAT IS THE CHALLENGE? TOP 10 PAM BEST PRACTICES MATURITY MODEL
3.
3 © 2015
CA. ALL RIGHTS RESERVED. Intersecting Forces Yield A Sea Change
4.
4 © 2015
CA. ALL RIGHTS RESERVED. The Hybrid Enterprise Management Plane Ongoing Infrastructure Changes Introduce New Control Points, Risks Hybrid Enterprise Software Defined Data Center SDDC Console & APIs SaaS Applications SaaS Consoles & APIs Public Cloud - IaaS Cloud Console & APIs Traditional Data Center Mainframe, Windows, Linux, Unix, Networking Enterprise Admin Tools New Management Plane
5.
5 © 2015
CA. ALL RIGHTS RESERVED. Easier Access and Escalating Risks Cybercrime – Target – 70 million credit cards stolen – Home Depot - 56 million credit cards stolen – JP Morgan Chase – 76 million account records stolen Material Impact to Operations – CodeSpaces - forced out of business – Sony Pictures – extensive disruption – German Steel Mill – physical damage – Saudi Aramco – physical systems damage and business disruption Cyberespionage – Anthem – 80 million personal records stolen – Forbes.com and unidentified health insurer – targeted (defense contractors, government workers) information gathering of individual data
6.
6 © 2015
CA. ALL RIGHTS RESERVED. Economic Losses Are Staggering Net Losses: Estimating the Global Loss of Cybercrime (Intel Security – June 2014). Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the annual cost to the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow. $400 Billion Global Losses from Cybercrime $300 Billion Global Drug Trafficking Revenue $300 Billion GDP of Singapore $3 Trillion Global Economic Impact of Cybercrime in 10 Years - McKinsey, World Economic Forum
7.
7 © 2015
CA. ALL RIGHTS RESERVED. The Common Thread? “Stealing and exploiting privileged accounts is a critical success factor for attackers in 100 percent of all advanced attacks, regardless of attack origin.” - Cybersheath Security Report, May 2014
8.
8 © 2015
CA. ALL RIGHTS RESERVED. Privileged Account Management Facts Privileged Accounts Exist Across Every Aspect of IT Privileged Accounts Grow in Numbers Everyday Existing Models of Managing Privileged Accounts Fall Short Every Major Breach Has Involved A Privileged Account Your Critically Valuable Privileged Accounts Are Targets!
9.
9 © 2015
CA. ALL RIGHTS RESERVED. Hacker Malware/APT Privileged Accounts: The Emerging Front Line On Premise Employees/Partners • Systems Admins • Network Admins • DB Admins • Application Admins Partners Systems/NW/DB/Application Admins Employees Systems/NW/DB/A pplication Admins Public Cloud Apps Apps VMware Administrator AWS Administrator Microsoft Office 365 Administrator Internet Organizations typically have 3-4x more Privileged Accounts and Credentials than Employees!
10.
10 © 2015
CA. ALL RIGHTS RESERVED. 1. On-Boarding/Off-Boarding Process 2. Least Privilege Everything 3. Strong Authentication 4. Separate Authentication from Access Control 5. Protect Privileged Account Credentials 6. Eliminate Anonymous Activity 7. Implement Extra Protections for Sensitive Assets 8. Alert/Respond to Attempted Policy Violations 9. Log and Record Everything 10. Mind the Virtualization Gap May 2014 © Copyright 2014, Xceedium, Inc. 10 Top 10 List Best Practices for Privileged Identity Management
11.
11 © 2015
CA. ALL RIGHTS RESERVED. On-boarding – Identity verification & background checks – Entitlement management – Credential/multi-factor authentication device issuance – Approvals and workflow – Certification/Attestation Off-boarding – Reliable – Timely – Complete May 2014 © Copyright 2014, Xceedium, Inc. 11 #1 On/Off-Boarding Process Best Practices for Privileged Identity Management
12.
12 © 2015
CA. ALL RIGHTS RESERVED. Least Privilege Everything – Least device/system access – Least functional access Console CLI FTP API – Least command level Drop, telnet, reboot… May 2014 © Copyright 2014, Xceedium, Inc. 12 #2 Least Privilege Best Practices for Privileged Identity Management Zero Trust Model Start with no access Add layers/systems as needed Role-based
13.
13 © 2015
CA. ALL RIGHTS RESERVED.May 2014 © Copyright 2014, Xceedium, Inc. 13 #3 Strong Authentication Best Practices for Privileged Identity Management OTP Smart Card Integrated User Authentication Roles Network Systems Database Virtual Credentials CRL/OCSP Server Active Directory SaaS IaaS Federal Government Mandate – OMB 11-11 – PPD 21 – PIV/CAC required for all administrative access Commercial – Best Practice for High Risk Environments Strong Multi-factor Authentication Password Safe
14.
14 © 2015
CA. ALL RIGHTS RESERVED. Old School – Perimeter-based – Hard-crunchy outside… – Authentication was a proxy for Authorization “Grass huts with steel doors…” Separate authentication and authorization – Authentication to the privileged identity management system establishes identity, only – No intrinsic access to resources – Authorization based on roles and responsibilities; enforced by PIM system May 2014 © Copyright 2014, Xceedium, Inc. 14 #4 Authentication ≠ Authorization Best Practices for Privileged Identity Management Protected Environment Servers Databases Network Other Systems Credential Safe Enterprise Directory SaaS IaaS AuthZ, FGA Control Command
15.
15 © 2015
CA. ALL RIGHTS RESERVED. Privileged credentials and access are implicated in every attack – Phishing – Credential/Privilege misuse – Stolen third-party credentials – Default passwords Control and manage credentials – Encrypted storage and use – Automated rotation and update One-time passwords – Eliminate physical access via proxy – Supported by backup and “break glass” capabilities May 2014 © Copyright 2014, Xceedium, Inc. 15 #5 Protect Credentials Best Practices for Privileged Identity Management
16.
16 © 2015
CA. ALL RIGHTS RESERVED. Shared administrative accounts are endemic across IT – Administrative convenience – Technology constraints (root, admin…) Enables anonymous, unattributed access – Easy to hide malicious activity – Complicates troubleshooting and forensic examination – Compliance/audit violations Map individual user activity and access to shared accounts in logs and recordings May 2014 © Copyright 2014, Xceedium, Inc. 16 #6 Eliminate Anonymous Access Best Practices for Privileged Identity Management
17.
17 © 2015
CA. ALL RIGHTS RESERVED. Cloud Environments – Operational Risks – Financial Risks – Security Risks Defense in Depth – Strengthen legacy UID and password mechanism – Key management – Implement multi-factor authentication, biometrics – Additional monitoring, audit of privileged user sessions w/ publication of results – HSM for key protection – physical or virtual options May 2014 © Copyright 2014, Xceedium, Inc. 17 #7 Extra Protections Best Practices for Privileged Identity Management
18.
18 © 2015
CA. ALL RIGHTS RESERVED. Alerts – Warnings and reminders to individuals – Events to SIEM/SOC Proactive Controls – Enforced White/Black Lists – Enforced Limits on Permissions and Rights – Interception of Prohibited Commands – Session Termination – Account Suspension May 2014 © Copyright 2014, Xceedium, Inc. 18 #8 Alert/Block Policy Violations Best Practices for Privileged Identity Management
19.
19 © 2015
CA. ALL RIGHTS RESERVED.May 2014 © Copyright 2014, Xceedium, Inc. 19 #9 Log & Record Everything Best Practices for Privileged Identity Management CERT Insider Threat Center: In more than 70% of the IP theft cases, insiders stole information within 30 days of announcing their resignation. • RDP/Graphical Sessions • Shell/CLI Sessions • API Access • Logging/SIEM/SOC • Highlight attempted policy/access control violations • Publish audit results
20.
20 © 2015
CA. ALL RIGHTS RESERVED. API-based access growing basis for DevOps Rebuild/Replace rather than re-configure Management API’s offer powerful capabilities, but: – Shared keys/credentials – Limited attribution – Limited logging and recording – All the access control issues of traditional user accounts Requires dedicated capabilities for controlling, monitoring, and recording access; credential protection May 2014 © Copyright 2014, Xceedium, Inc. 20 #10 Mind the API Gap Best Practices for Privileged Identity Management
21.
21 © 2015
CA. ALL RIGHTS RESERVED. Privilege: Core of the Breach Kill Chain Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access • Weak Authentication/Default Passwords • Stolen/Compromised Credentials • Poor Password/Key Management • Shared Accounts/Lack of Attribution • Authentication = Access Control • No Limits on Lateral Movement • No Limits on Commands • Lack of Monitoring/Analysis
22.
22 © 2015
CA. ALL RIGHTS RESERVED. Break The Kill Chain: Strong Authentication Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Strong Authentication • AD/LDAP Integration • Multifactor Hardware/Software • PIV/CAC Card Support • SAML • Login Restriction • Origin IP • Time of Day Strong AuthN
23.
23 © 2015
CA. ALL RIGHTS RESERVED. Break The Kill Chain: Prevent Unauthorized Access Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Zero Trust – Deny All, Permit by Exception • Role-Based Privileged User Access Limits • Privileged User Single Sign on • Command Filtering • Leapfrog Prevention • Proactive Policy Violation Prevention Zero Trust Access
24.
24 © 2015
CA. ALL RIGHTS RESERVED. Break The Kill Chain: Improve Forensics, Deter Violations Network Perimeter EXTERNAL THREATS INTERNAL THREATS C&C, Data/IP Exfiltration Wreak HavocElevate Privilege Lateral Movement, Reconnaissance Threat Actor Trusted Insider Gain/Expand Access Wreak HavocElevate Privilege Lateral Movement, Reconnaissance • Continuous monitoring and logging • Warnings, Session Termination, Alerts • DVR-like recording and playback of sessions • Activity Log Reporting • Privileged Account Use Attribution • SIEM/SYSLOG Analytics Log, Deter
25.
25 © 2015
CA. ALL RIGHTS RESERVED. Privileged Access Management Maturity Levels ADHOC BASELINE MANAGED ADVANCED Review Redefine Optimize
26.
26 © 2015
CA. ALL RIGHTS RESERVED. Privileged Access Management Focus Areas Privileged Users/Shared Accounts – root, oradba, sapadmin, cisco enable, Windows local admin, named admin accts, SaaS/IaaS admin accts Service & Application Accounts – COTS App Accounts, App Servers, DevOps Systems, Scheduled Tasks, Batch Jobs, Scripts Activity Monitoring – SIEM, Network Monitoring, Change Management, Session Recording, Analytics Identity Management Integration – CA Identity Suite, Oracle IAM, SailPoint, IBM ID Mgt Fine Grained Tools – CA PAM SC, Symantec CSP, Dell UPM, PowerBroker, ViewFinity
27.
27 © 2015
CA. ALL RIGHTS RESERVED. Privileged Access Management Maturity Model Level 1: Adhoc/Manual Level 2: Baseline Level 3: Managed Level 4: Advanced Privileged User/Shared Accounts Service & Application Accounts Monitoring & Threat Detection Identity Management Integration Fine-grained Controls/SoD Manual Controls For Priv. Accounts Structured Controls Basic Vault Account Inventory SDLC Integration Credential Vault with RBAC Central Password Policies Account Discovery MFA Passwordless (SAML/OAUTH/TGS) Cloud/SaaS/SDN Integration HSM Integration Ad Hoc Application Account Management Hard Coded Passwords Manual Application Account Management Centralized Application Account Management Eliminate Hardcoded Passwords REST API Integration Governed Application Account Management DevOps Integration Ad Hoc Audit & Controls Activity Monitoring Decentralized Activity logging SIEM Integration Acct Attribution SNMP Alerting Session Recording Dual Authorization Meta-Data Service Desk Integration Analytics Integration Manual Process For Priv. Access Automated Privileged Identity Mgmt. Integrated Privileged Access Requests Basic Governance Fully Delegated Administration Governed Privileged Access w/SoD Open Source Tools and Scripts Decentralized Tools (Silos) Command Filtering Restricted Shell Leap Frog Prevention Centrally Managed Kernel Interceptor with Cred Vault Integration
28.
28 © 2015
CA. ALL RIGHTS RESERVED. Critical Questions Do you have an inventory of privileged accounts? – Operational and Application…custom scripts? Do you have a record of who has access to passwords? How is access to privileged accounts granted? Are privileged accounts included in the SDLC process? – What about 3rd Party Developers and Contractors? How often do you change privileged account passwords? What is your process for changing privileged account passwords? How do you track privileged account use? How do you grant emergency access to privileged accounts? Do you require a change ticket for privileged account use? Are segregation of duties enforced on privileged accts? Is there a certification process for privileged accounts? How are new privileged accounts created? How are privileged accounts retired? Is MFA required to access privileged accounts? Any fine grain controls in place to restrict the scope of privileged acct, if so what and how are they managed? How are cloud based privileged accounts managed? Is privileged account use monitored for suspicious activity? And through out your hybrid enterprise?
29.
29 © 2015
CA. ALL RIGHTS RESERVED. Conclusions and Recommendations Privileged identity must be a highly protected core asset (process & technology) A Zero-Trust model should be adopted for all privileged access (including applications); Some process re-engineering is a reasonable trade-off for the additional security and risk mitigation Next generation PIM platforms will make this more manageable, but defense in depth is still required Organizations need to employ Protection, Detection, and Response Frameworks specifically focused on Privileged Identities (and associated keys)
30.
Sr. Principal Consultant Tabish.tanzeem@ca.com @TabishTanzeemCA Tabish
Tanzeem slideshare.net/CAInc linkedin.com/pub/noam-dror/0/34b/82b/ ca.com/Security Q&A
Download now