e-DMZ Products Overview
Upcoming SlideShare
Loading in...5
×
 

e-DMZ Products Overview

on

  • 3,703 views

e-DMZ Security is an award-winning provider of privileged access control solutions for today’s enterprises looking to control, audit and record privilege sessions such as remote administrators, ...

e-DMZ Security is an award-winning provider of privileged access control solutions for today’s enterprises looking to control, audit and record privilege sessions such as remote administrators, vendors or privileged internal access.

Its Total Privileged Access Management (TPAM) suite is a modular, cost-effective solution for privileged user, privileged identity and privileged access control. Built on the award winning Password Auto Repository™ (PAR) and eGuardPost™ appliances, TPAM delivers security and compliance across all market verticals with over 350 installs in over 17 countries world-wide. Customers include many of the world’s largest enterprises in banking, insurance, pharmaceutical, manufacturing and more.

Statistics

Views

Total Views
3,703
Views on SlideShare
3,690
Embed Views
13

Actions

Likes
0
Downloads
95
Comments
0

1 Embed 13

http://www.slideshare.net 13

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    e-DMZ Products Overview e-DMZ Products Overview Presentation Transcript

    • Solution Overview Best Regulatory Compliance Solution Best Password Management Solution Mach 2010
    • Company Overview
      • Founded in 2001
      • Compliance Driven Security Solutions for….
        • Shared Account/Service Account Password Management (SAPM*)
        • Remote Vendor Access
        • Developer Access to Production
        • Superuser Privilege Management (SUPM*)
      • Proven Solutions Deployed Across ALL Market Verticals
        • Over 350 installations world-wide including…
          • 4 of top 10 Forbes Ranked Enterprises
          • 3 of top 5 Largest Financial Services
          • Leading enterprises in Manufacturing, Financial, Services, Telecommunications, Pharmaceutical/Chemical, Healthcare and more..
          • SC Awards 2010 “Best Regulatory Compliance Solution” Finalist
      • Privately Held Profitable w/Organic Growth
        • Headquartered in Delaware
        • R&D Center in Raleigh NC
        • 7x24x365 eDMZ Support Operations
        • World-wide Partnerships
      * Gartner defined terms & markets
    • Introducing TPAM
      • Total Privileged Access Management (TPAM) Suite
        • A product Suite designed to solve security and compliance issues associated with privileged users and privileged access
        • Modular design allows flexibility to grow
          • Start with required base modules
          • Add additional modules as needs change
    • Introducing TPAM
      • TPAM is built on either or Password Auto Repository™ (PAR) or eGuardPost™ base appliances
      • From either platform you can enable additional modules as needed
        • Buy what you need today
        • Expand if needed in the future
    • Privileged Password Management
      • Privileged Accounts are typically UBIQUITOUS
      • Unlike “User” accounts, no individual association
        • Many times have known default passwords
      • Privileged Accounts exist in every system, network device, database, etc.
      • Privileged Accounts have extensive ACCESS and CONTROL
        • Many times full system access and control
        • Configuration and audit controls
      • Regulatory and Compliance AUDIT ISSUES
        • Privileged/Shared/Service/Application account management growing audit area
        • What was acceptable yesterday is NOT accepted today
      Issues and Challenges
    • Privileged Password Management
      • Enterprise Requirement
      • Secure
      • Dual release control
      • Change Controls
      • Enterprise Integration
      • TPAM Suite/PPM Module
      • Extensive built-in security
        • Password encrypted via RSA Bsafe
        • Full Disk encryption via Guardian Edge
        • Embedded hardware firewall
        • Purpose built appliance
      • Dual or more release controls
      • Extensive configurable change control
        • Time based (every X days)
        • Last-use based
        • Force change
      • Extensive integration with
        • Strong authentication solutions
        • Active Directory
        • Ticketing systems
    • Privileged Password Management
      • Enterprise Requirement
      • Effective workflow
      • Ease of deployment & integration
      • TPAM Suite/PPM Module
      • TPAM Workflow values
        • Web-base client access
        • Role-based
        • Dual authorization controls
        • eMail based notifications
        • Robust small screen support
        • Robust CLI/API
      • Installed & configure in one day
        • Drop-in appliance
        • Client/agentless deployment
        • Tight integration w/AD
        • Import via .csv
        • Full API/CLI
        • Audit, SNMP, Syslog
      Small screen support example
    • Privileged Password Management
      • Enterprise Requirement
      • Individual Accountability
      • TPAM Suite/PPM Module
      • Assured via PPM
        • Configuration options to limit password release to one admin at a time.
        • Last-use change control assures unique passwords each release
        • Dual authorization controls
      PPM delivers individual accountability to shared admin and other accounts
    • Workflow – Password Request Initiate Password Request Filter & Select Account(s) Enter Date/Time/Duration/Reason Password is needed Optional ticket field. Can be active (check ticket) or passive. Retrieve Password
    • Workflow – Small Screen Hyperlink Format Initiate Request * Small screen support configured on a per user basis Filter Request or view most recent Select Password. Quick Request automatically submits with default reason “Request from mobile device” Enter ticket number (if required) and submit to get password Password retrieved from handheld.
    • Application Password Management
      • Embedded/Hard-coded passwords represent an often “hidden” exposure
        • Accounts/passwords known to programmers
        • Back-door accounts
      • Application requirements can vary widely
        • Continuous A2A connectivity
        • Transaction A2A connectivity
      Issues and Challenges
    • Application Password Management
      • Enterprise Requirement
      • Replace Embedded Passwords
      • Support “High Demand” transaction type applications
      • TPAM Suite/APM Module
      • Full API/CLI
        • C/C++
        • Java
        • .NET
        • Perl
      • PAR Cache
        • Add-on capability
        • Available as Cache appliance or VM
        • Supports central or distributed needs
        • Over 500 requests/second
    • Privileged Session Management
      • Compliance often drives the need to know WHAT was done during certain privileged or sensitive access – do you need to know exactly what as done by:
        • Remote Vendors?
        • Outsourced service providers?
        • Developers granted access to production systems?
        • Fire-call activities?
        • Users or admins accessing sensitive resources or applications (Financial/Sox servers, HR, etc.)
      • Certain access demands higher audit and control
      • Need to restrict direct resource access
      Issues and Challenges
    • Privileged Session Management
      • Enterprise Requirement
      • Fine grain access control
      • Connection controls
      • Session Audit
      • TPAM Solution/PSM Module
      • User control point
        • Limits resource view based on role
      • Full control over connections
        • Dual authorization controls
        • Session time limits
        • Alarm notification session overrun
        • Manual session termination options
      • Unmatched session audit
        • Audit/log all connection requests, approvals
        • FULL session recording with DVR replay
    • Privileged Session Management
      • Enterprise Requirement
      • Strong Audit
      • TPAM Suite/PSM Module
      • Unmatched session audit
        • Audit/log all connection requests, approvals
        • FULL session recording with DVR replay
      DVR Style Replay Control Full Session Recording and Replay of ALL activities
    • Workflow – Session Request Request a session connection Select from a list of systems and accounts the specific user has authorization to request connections too. Enter date/time/duration of connection request. Can request for future date/time to allow advanced approval if under dual authorization control. Once connection approved (or auto approved) simply CONNECT!
    • Workflow – Session Request User connected and performs required work Session can be configured for interactive or auto-login EVERY action on the target system will be recorded (Keystrokes, mouse, links, etc.) If user session extends beyond requested time, configurable alert notifications of session overrun can be sent Active sessions can be manually terminated by authorized administrators Connection proxy created to selected System and Account
    • Workflow – Session Replay Session recordings are kept local or can be automatically archived. Stored sessions can be searched based on date, system, account, user and/or ticket number Once selected, REPLAY SESSION will retrieve session and replay.
    • Workflow - Session Replay All session activity is recorded and viewable Via session replay. Recording are NOT AVI type files – recording size is compressed and VERY manageable. DVR- Style controls allow control of replay of Recorded sessions.
    • Privileged Command Management
      • Strong compliance need to restrict Superuser privilege access
        • Need to grant superuser rights without full superuser control
      • Need to restrict what remote vendors or services providers can do
      • Reduction in staff driving a need to “do more with less”
        • Need to delegate certain privileged functions without granting total privileged control
      • Need support across both Unix and Windows platforms
      Issues and Challenges
    • Privileged Command Management
      • Enterprise Requirement
      • Superuser Privilege Management (SUPM)
      • Support multi-platform environments
      • TPAM Solution/PCM Module
      • SUPM Values
        • Command level access controls
        • No ability to execute outside of command limit
        • Record all activity
      • TPAM supports PCM for:
        • Unix
        • Windows
        • Others (coming in future release)
      Session Restricted to Single Command (this example Computer Management) No other Windows functions available
    • Workflow – Command Management Commands are added via the Privileged Command Management Tool.
    • Workflow – Command Limited Session Same workflow as normal session request. Same workflow as normal session request
    • Workflow – Command Limited Session Session is to back-end target/account (Windows A3/e22egp) via PCM, user session is established and user is placed into the specific “command”. In this example, Computer Management. No access to other target commands, menu’s, etc. is allowed. The session will only exist within the context of the specific command (eg. Computer Management). Once the user exits the command, the session is immediately terminated.
    • TPAM Summary
    • Deployment Overview
    • Deployment Options
      • Central deployment of all TPAM management functions
        • Configuration
        • Release controls
        • Change controls
        • Audit
      Central TPAM Deployment
    • Deployment Options
      • Business Unit/Geographical control
      • License flexibility – can support central or BU license purchase agreements
      De-centralized TPAM Management
    • Deployment Options
      • Central configuration control and audit
      • Distributed (local) password check/change via DPA
        • Only require SSH from PAR to PAR DPA
        • All check/change connectivity (SSH, RDP, etc.) internal to the datacenter/location*
      Distributed Privileged Password Management
    • Sample Customers
    • Sample Customers