Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

From Strategy To Tactics - Targeting And Protecting Privileged Accounts

155 views

Published on

Talking about the recent breaches both strategically and tactically.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

From Strategy To Tactics - Targeting And Protecting Privileged Accounts

  1. 1. SESSION ID: #RSAC Lavi Lazarovitz From Strategy to Tactics: Targeting and Protecting Privileged Accounts GPS1-F01 Security Researcher Cyberark @LaviLazarovitz
  2. 2. #RSAC Squirrels Vs. Hackers * https://www.washingtonpost.com/news/the-switch/wp/2016/01/12/are-squirrels-a-bigger-threat-to-the-power-grid-than-hackers/ 2
  3. 3. #RSAC Cyber Squirrels http://www.bayd.info/pictures-5412-squirrel_hacker.html 3
  4. 4. #RSAC Perimeter Compromise Spear-phishing 1 Endpoints infected 2 Attackers gain access 3 Reconnaissance 4 4
  5. 5. #RSAC Lateral Movement 5
  6. 6. #RSAC The Reality The Reality Outside: The Reality Inside: Attackers cut power Operators could not interfere 6
  7. 7. #RSAC The Role of Privileged Accounts Initial foothold IT to OT Shutdown power 1 2 3 7
  8. 8. #RSAC The End (Of The Heist) 8
  9. 9. #RSAC Swift System SWIFTNet 6.1+ billion FIN messages 99.999% SWIFTNet availability 99.999% FIN availability 11,000+ Institutions connected to SWIFT 200+ Countries & territories connected 9
  10. 10. #RSAC The Compromised Path PERIMETER ITNETWORK SWIFT-CONNECTED SYSTEMS RTGS SNL 32 compromised machines 10
  11. 11. #RSAC The Execution SWIFT- CONNECTED SYSTEMS SWIFTNet USFEDSWIFT SYSTEMS SNL SNL 11
  12. 12. #RSAC The Role of Privileged Accounts Initial foothold IT to Swift Execute orders 1 2 3 12
  13. 13. #RSAC The Strategy “With regard to narrow passes, if you can occupy them first, let them be strongly garrisoned and await the advent of the enemy.” Sun Tzu 13
  14. 14. #RSAC DEMO
  15. 15. #RSAC Highly Threatening Accounts The Root Cause
  16. 16. #RSAC 10% 50% 100% Low Medium High Network Risk Benchmark
  17. 17. #RSAC 17% 44% 39% Low risk: <10% Medium risk: 10-50% High risk: >50% Those Are Our Networks
  18. 18. #RSAC Narrowing The Pass #1 Domain accounts Local accounts One-time passwords Zoning credentials 18
  19. 19. #RSAC Narrowing The Pass #2 - Passwords Eliminate common passwords
  20. 20. #RSAC Narrowing The Pass #2 - Passwords Introducing Easy-Peasy https://github.com/CyberArkLabs/EasyPeasy
  21. 21. #RSAC WiFi Routers, Smart TVs Privileged Service Accounts Routers, Firewalls, Hypervisors, Databases, Applications Routers, Firewalls, Servers, Databases, Applications Laptops, Tablets, Smartphones Power Plants, Factory Floors Narrowing The Pass #3 – Service Accounts
  22. 22. #RSAC WiFi Routers, Smart TVs Compromised Privileged Service Accounts Laptops, Tablets, Smartphones Power Plants, Factory Floors Routers, Firewalls, Hypervisors, Databases, Applications Routers, Firewalls, Servers, Databases, Applications Narrowing The Pass #3 – Service Accounts
  23. 23. #RSAC Narrowing The Pass #3 – Service Accounts Crackable service accounts Introducing Risky-SPNs https://github.com/CyberArkLabs/RiskySPN
  24. 24. #RSAC Strategy to Tactics Respond Respond live to malicious activity Protect Secure and manage privileged credentials Monitor Monitor privileged accounts usage
  25. 25. #RSAC Strategy to Tactics Narrow the passes, monitor and respond Privileged Accounts 25
  26. 26. #RSAC Q&A 26
  27. 27. #RSAC Thank You Lavi.Lazarovitz Security research @Cyberark Lavi.Lazarovitz@cyberark.com

×