e-DMZ Products Overview


Published on

e-DMZ Security is an award-winning provider of privileged access control solutions for today’s enterprises looking to control, audit and record privilege sessions such as remote administrators, vendors or privileged internal access.

Its Total Privileged Access Management (TPAM) suite is a modular, cost-effective solution for privileged user, privileged identity and privileged access control. Built on the award winning Password Auto Repository™ (PAR) and eGuardPost™ appliances, TPAM delivers security and compliance across all market verticals with over 350 installs in over 17 countries world-wide. Customers include many of the world’s largest enterprises in banking, insurance, pharmaceutical, manufacturing and more.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

e-DMZ Products Overview

  1. 1. Solution Overview Best Regulatory Compliance Solution Best Password Management Solution Mach 2010
  2. 2. Company Overview <ul><li>Founded in 2001 </li></ul><ul><li>Compliance Driven Security Solutions for…. </li></ul><ul><ul><li>Shared Account/Service Account Password Management (SAPM*) </li></ul></ul><ul><ul><li>Remote Vendor Access </li></ul></ul><ul><ul><li>Developer Access to Production </li></ul></ul><ul><ul><li>Superuser Privilege Management (SUPM*) </li></ul></ul><ul><li>Proven Solutions Deployed Across ALL Market Verticals </li></ul><ul><ul><li>Over 350 installations world-wide including… </li></ul></ul><ul><ul><ul><li>4 of top 10 Forbes Ranked Enterprises </li></ul></ul></ul><ul><ul><ul><li>3 of top 5 Largest Financial Services </li></ul></ul></ul><ul><ul><ul><li>Leading enterprises in Manufacturing, Financial, Services, Telecommunications, Pharmaceutical/Chemical, Healthcare and more.. </li></ul></ul></ul><ul><ul><ul><li>SC Awards 2010 “Best Regulatory Compliance Solution” Finalist </li></ul></ul></ul><ul><li>Privately Held Profitable w/Organic Growth </li></ul><ul><ul><li>Headquartered in Delaware </li></ul></ul><ul><ul><li>R&D Center in Raleigh NC </li></ul></ul><ul><ul><li>7x24x365 eDMZ Support Operations </li></ul></ul><ul><ul><li>World-wide Partnerships </li></ul></ul>* Gartner defined terms & markets
  3. 3. Introducing TPAM <ul><li>Total Privileged Access Management (TPAM) Suite </li></ul><ul><ul><li>A product Suite designed to solve security and compliance issues associated with privileged users and privileged access </li></ul></ul><ul><ul><li>Modular design allows flexibility to grow </li></ul></ul><ul><ul><ul><li>Start with required base modules </li></ul></ul></ul><ul><ul><ul><li>Add additional modules as needs change </li></ul></ul></ul>
  4. 4. Introducing TPAM <ul><li>TPAM is built on either or Password Auto Repository™ (PAR) or eGuardPost™ base appliances </li></ul><ul><li>From either platform you can enable additional modules as needed </li></ul><ul><ul><li>Buy what you need today </li></ul></ul><ul><ul><li>Expand if needed in the future </li></ul></ul>
  5. 5. Privileged Password Management <ul><li>Privileged Accounts are typically UBIQUITOUS </li></ul><ul><li>Unlike “User” accounts, no individual association </li></ul><ul><ul><li>Many times have known default passwords </li></ul></ul><ul><li>Privileged Accounts exist in every system, network device, database, etc. </li></ul><ul><li>Privileged Accounts have extensive ACCESS and CONTROL </li></ul><ul><ul><li>Many times full system access and control </li></ul></ul><ul><ul><li>Configuration and audit controls </li></ul></ul><ul><li>Regulatory and Compliance AUDIT ISSUES </li></ul><ul><ul><li>Privileged/Shared/Service/Application account management growing audit area </li></ul></ul><ul><ul><li>What was acceptable yesterday is NOT accepted today </li></ul></ul>Issues and Challenges
  6. 6. Privileged Password Management <ul><li>Enterprise Requirement </li></ul><ul><li>Secure </li></ul><ul><li>Dual release control </li></ul><ul><li>Change Controls </li></ul><ul><li>Enterprise Integration </li></ul><ul><li>TPAM Suite/PPM Module </li></ul><ul><li>Extensive built-in security </li></ul><ul><ul><li>Password encrypted via RSA Bsafe </li></ul></ul><ul><ul><li>Full Disk encryption via Guardian Edge </li></ul></ul><ul><ul><li>Embedded hardware firewall </li></ul></ul><ul><ul><li>Purpose built appliance </li></ul></ul><ul><li>Dual or more release controls </li></ul><ul><li>Extensive configurable change control </li></ul><ul><ul><li>Time based (every X days) </li></ul></ul><ul><ul><li>Last-use based </li></ul></ul><ul><ul><li>Force change </li></ul></ul><ul><li>Extensive integration with </li></ul><ul><ul><li>Strong authentication solutions </li></ul></ul><ul><ul><li>Active Directory </li></ul></ul><ul><ul><li>Ticketing systems </li></ul></ul>
  7. 7. Privileged Password Management <ul><li>Enterprise Requirement </li></ul><ul><li>Effective workflow </li></ul><ul><li>Ease of deployment & integration </li></ul><ul><li>TPAM Suite/PPM Module </li></ul><ul><li>TPAM Workflow values </li></ul><ul><ul><li>Web-base client access </li></ul></ul><ul><ul><li>Role-based </li></ul></ul><ul><ul><li>Dual authorization controls </li></ul></ul><ul><ul><li>eMail based notifications </li></ul></ul><ul><ul><li>Robust small screen support </li></ul></ul><ul><ul><li>Robust CLI/API </li></ul></ul><ul><li>Installed & configure in one day </li></ul><ul><ul><li>Drop-in appliance </li></ul></ul><ul><ul><li>Client/agentless deployment </li></ul></ul><ul><ul><li>Tight integration w/AD </li></ul></ul><ul><ul><li>Import via .csv </li></ul></ul><ul><ul><li>Full API/CLI </li></ul></ul><ul><ul><li>Audit, SNMP, Syslog </li></ul></ul>Small screen support example
  8. 8. Privileged Password Management <ul><li>Enterprise Requirement </li></ul><ul><li>Individual Accountability </li></ul><ul><li>TPAM Suite/PPM Module </li></ul><ul><li>Assured via PPM </li></ul><ul><ul><li>Configuration options to limit password release to one admin at a time. </li></ul></ul><ul><ul><li>Last-use change control assures unique passwords each release </li></ul></ul><ul><ul><li>Dual authorization controls </li></ul></ul>PPM delivers individual accountability to shared admin and other accounts
  9. 9. Workflow – Password Request Initiate Password Request Filter & Select Account(s) Enter Date/Time/Duration/Reason Password is needed Optional ticket field. Can be active (check ticket) or passive. Retrieve Password
  10. 10. Workflow – Small Screen Hyperlink Format Initiate Request * Small screen support configured on a per user basis Filter Request or view most recent Select Password. Quick Request automatically submits with default reason “Request from mobile device” Enter ticket number (if required) and submit to get password Password retrieved from handheld.
  11. 11. Application Password Management <ul><li>Embedded/Hard-coded passwords represent an often “hidden” exposure </li></ul><ul><ul><li>Accounts/passwords known to programmers </li></ul></ul><ul><ul><li>Back-door accounts </li></ul></ul><ul><li>Application requirements can vary widely </li></ul><ul><ul><li>Continuous A2A connectivity </li></ul></ul><ul><ul><li>Transaction A2A connectivity </li></ul></ul>Issues and Challenges
  12. 12. Application Password Management <ul><li>Enterprise Requirement </li></ul><ul><li>Replace Embedded Passwords </li></ul><ul><li>Support “High Demand” transaction type applications </li></ul><ul><li>TPAM Suite/APM Module </li></ul><ul><li>Full API/CLI </li></ul><ul><ul><li>C/C++ </li></ul></ul><ul><ul><li>Java </li></ul></ul><ul><ul><li>.NET </li></ul></ul><ul><ul><li>Perl </li></ul></ul><ul><li>PAR Cache </li></ul><ul><ul><li>Add-on capability </li></ul></ul><ul><ul><li>Available as Cache appliance or VM </li></ul></ul><ul><ul><li>Supports central or distributed needs </li></ul></ul><ul><ul><li>Over 500 requests/second </li></ul></ul>
  13. 13. Privileged Session Management <ul><li>Compliance often drives the need to know WHAT was done during certain privileged or sensitive access – do you need to know exactly what as done by: </li></ul><ul><ul><li>Remote Vendors? </li></ul></ul><ul><ul><li>Outsourced service providers? </li></ul></ul><ul><ul><li>Developers granted access to production systems? </li></ul></ul><ul><ul><li>Fire-call activities? </li></ul></ul><ul><ul><li>Users or admins accessing sensitive resources or applications (Financial/Sox servers, HR, etc.) </li></ul></ul><ul><li>Certain access demands higher audit and control </li></ul><ul><li>Need to restrict direct resource access </li></ul>Issues and Challenges
  14. 14. Privileged Session Management <ul><li>Enterprise Requirement </li></ul><ul><li>Fine grain access control </li></ul><ul><li>Connection controls </li></ul><ul><li>Session Audit </li></ul><ul><li>TPAM Solution/PSM Module </li></ul><ul><li>User control point </li></ul><ul><ul><li>Limits resource view based on role </li></ul></ul><ul><li>Full control over connections </li></ul><ul><ul><li>Dual authorization controls </li></ul></ul><ul><ul><li>Session time limits </li></ul></ul><ul><ul><li>Alarm notification session overrun </li></ul></ul><ul><ul><li>Manual session termination options </li></ul></ul><ul><li>Unmatched session audit </li></ul><ul><ul><li>Audit/log all connection requests, approvals </li></ul></ul><ul><ul><li>FULL session recording with DVR replay </li></ul></ul>
  15. 15. Privileged Session Management <ul><li>Enterprise Requirement </li></ul><ul><li>Strong Audit </li></ul><ul><li>TPAM Suite/PSM Module </li></ul><ul><li>Unmatched session audit </li></ul><ul><ul><li>Audit/log all connection requests, approvals </li></ul></ul><ul><ul><li>FULL session recording with DVR replay </li></ul></ul>DVR Style Replay Control Full Session Recording and Replay of ALL activities
  16. 16. Workflow – Session Request Request a session connection Select from a list of systems and accounts the specific user has authorization to request connections too. Enter date/time/duration of connection request. Can request for future date/time to allow advanced approval if under dual authorization control. Once connection approved (or auto approved) simply CONNECT!
  17. 17. Workflow – Session Request User connected and performs required work Session can be configured for interactive or auto-login EVERY action on the target system will be recorded (Keystrokes, mouse, links, etc.) If user session extends beyond requested time, configurable alert notifications of session overrun can be sent Active sessions can be manually terminated by authorized administrators Connection proxy created to selected System and Account
  18. 18. Workflow – Session Replay Session recordings are kept local or can be automatically archived. Stored sessions can be searched based on date, system, account, user and/or ticket number Once selected, REPLAY SESSION will retrieve session and replay.
  19. 19. Workflow - Session Replay All session activity is recorded and viewable Via session replay. Recording are NOT AVI type files – recording size is compressed and VERY manageable. DVR- Style controls allow control of replay of Recorded sessions.
  20. 20. Privileged Command Management <ul><li>Strong compliance need to restrict Superuser privilege access </li></ul><ul><ul><li>Need to grant superuser rights without full superuser control </li></ul></ul><ul><li>Need to restrict what remote vendors or services providers can do </li></ul><ul><li>Reduction in staff driving a need to “do more with less” </li></ul><ul><ul><li>Need to delegate certain privileged functions without granting total privileged control </li></ul></ul><ul><li>Need support across both Unix and Windows platforms </li></ul>Issues and Challenges
  21. 21. Privileged Command Management <ul><li>Enterprise Requirement </li></ul><ul><li>Superuser Privilege Management (SUPM) </li></ul><ul><li>Support multi-platform environments </li></ul><ul><li>TPAM Solution/PCM Module </li></ul><ul><li>SUPM Values </li></ul><ul><ul><li>Command level access controls </li></ul></ul><ul><ul><li>No ability to execute outside of command limit </li></ul></ul><ul><ul><li>Record all activity </li></ul></ul><ul><li>TPAM supports PCM for: </li></ul><ul><ul><li>Unix </li></ul></ul><ul><ul><li>Windows </li></ul></ul><ul><ul><li>Others (coming in future release) </li></ul></ul>Session Restricted to Single Command (this example Computer Management) No other Windows functions available
  22. 22. Workflow – Command Management Commands are added via the Privileged Command Management Tool.
  23. 23. Workflow – Command Limited Session Same workflow as normal session request. Same workflow as normal session request
  24. 24. Workflow – Command Limited Session Session is to back-end target/account (Windows A3/e22egp) via PCM, user session is established and user is placed into the specific “command”. In this example, Computer Management. No access to other target commands, menu’s, etc. is allowed. The session will only exist within the context of the specific command (eg. Computer Management). Once the user exits the command, the session is immediately terminated.
  25. 25. TPAM Summary
  26. 26. Deployment Overview
  27. 27. Deployment Options <ul><li>Central deployment of all TPAM management functions </li></ul><ul><ul><li>Configuration </li></ul></ul><ul><ul><li>Release controls </li></ul></ul><ul><ul><li>Change controls </li></ul></ul><ul><ul><li>Audit </li></ul></ul>Central TPAM Deployment
  28. 28. Deployment Options <ul><li>Business Unit/Geographical control </li></ul><ul><li>License flexibility – can support central or BU license purchase agreements </li></ul>De-centralized TPAM Management
  29. 29. Deployment Options <ul><li>Central configuration control and audit </li></ul><ul><li>Distributed (local) password check/change via DPA </li></ul><ul><ul><li>Only require SSH from PAR to PAR DPA </li></ul></ul><ul><ul><li>All check/change connectivity (SSH, RDP, etc.) internal to the datacenter/location* </li></ul></ul>Distributed Privileged Password Management
  30. 30. Sample Customers
  31. 31. Sample Customers