SlideShare a Scribd company logo

Change Management: Security's Friend or Foe?

Download as PPTX, PDF
ObserveIT
ObserveIT

How often have you as a security professional looked at the change management process and said, “gosh I hate doing this?” More times than you can count? Change management has been the bane of many technologists existence. Unintended consequences from administrative changes are a leading cause of security incidents and breaches. Join our webinar with Larry Whiteside Jr., Chief Security Officer at LCRA, to learn how he approaches keeping an organization that operates in over 58 counties in Texas secure while constantly adapting to change. In this webinar you'll learn: How to implement security best practices to allow rapid business change with complete accountability How to be notified in real-time about suspicious or out-of-policy changes that dramatically increase your company's risk How to integrate user activity monitoring and change management to provide a fully automated platform for secure change management

Software
1 of 20
CHANGE MANAGEMENT: SECURITY’S FRIEND OR FOE? Larry Whiteside Jr. / Chief Security Officer Sponsored by:
AGENDA  Who am I and why do I care  The History of Change  Who is making your changes  Security’s Relationship with Change Management  Breach and Change Management  Security’s role in Change Governance  Possible measurements that will positively impact your security posture Ask Questions in GoToWebinar!
WHO AM I / WHY DO I CARE?  Over 20 years Cyber Security/ Risk Management / Physical Security  C-Level Security Executive across many verticals  DoD, Federal, Financial Services, Healthcare, Energy/Utilities  Consulting in many verticals  Education, Healthcare, Financial Services  Community Involvement  Co-Founder of International Consortium of Minority Cyber Security Professionals (ICMCP), ISSA, ASIS, OWASP, Security Advisor Alliance (SAA)  Speaking and Writing  SC Magazine, CSO Online, RSA Conference, Gartner Security Conference, industry webinars, securitycurrent.com, SecureWorld, Evanta CISO Summit, and many others Larry Whiteside Jr. Chief Security Officer
THE HISTORY OF CHANGE 1980s • Change Management as a discipline began to emerge driven by leading consulting firms 1990s • Industries undergoing significant and rapid change in areas such as IT began highlighting the benefits of Change Management programs on a broader scale • ITIL, LEAN, etc… 2000s • Widespread acceptance of Change Management as a business competency for leading change • Marked increase from 34% in 2003 to 72% in 2011 1980s1990s2000s
WHO IS MAKING CHANGES?  Outsiders (Third-parties: IT contractors & consultants)  Shared Accounts (Windows Admins, root, DBAs, System Admins,…)  Named Accounts (Developers, IT Contractors, Network Admin,…)  Service Accounts  Local Account / Credentials  Windows / UNIX system administrator  Help Desk administrator (password changes/access to files etc. )
SECURITY’S RELATIONSHIP WITH CHANGE MANAGEMENT  You should want certain questions answered  IT is responsible, but Security must hold them accountable
BREACHES AND CHANGE MANAGEMENT  3 of 7 Phases of Cyber Kill chain impact config and change management  Stage #3 Delivery  Stage #4 Exploitation  Stage #5 Installation  Malicious internal users  Configuration mistakes by authorized people  If security is monitoring change and configuration, these changes can be identified
SECURITY’S ROLE IN CHANGE GOVERNANCE  Know your systems and environment  Security should know about more than just FW changes  Do you check adherence to patch policy (if you even have a patch policy)?  If a change is made by a legitimate or non-legitimate admin can you determine what it was?  How many outages have you had due to undocumented changes?
METRICS THAT WILL POSITIVELY IMPACT YOUR SECURITY POSTURE  Patch Policy adherence  Unauthorized changes  Changes processes which caused outages  FW changes processed Other High Risk Scenarios:  Remote connections / ‘leapfrog’ logins  Changes via Embedded Scripts (‘rm’ ‘cp’ with ‘sudo’ )  Changes to Active Directory (Password Resets, Adding Users, Changing Groups, Modifying Access, etc.)  Changes within Registry Editor such as Edit or Modify Specific Values (Firewalls, User Access Control, Applications / Software, Windows Components)
TAKEAWAYS AND RECOMMENDATIONS  Know your environment  Get involved in your change process  If you don’t have one, help create one  Find others already doing change and config management and copy models that work (adapt and change things to fit your particular business)  No need to recreate the wheel  Create metrics that matter and impact security
THANK YOU! CHECKOUTUSER ACTIVITY MONITORING! @LARRYWHITESIDE Q&A After brief Intro to ObserveIT
WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The leading provider of User Activity Monitoring for Employees, Privileged Users and Third-party Vendors
Capture User Activity Logging for all user actions Video-like Playback Instant Notification Rule-Based Analytics Report & Audit Real-Time Drill Down User Interaction Kill Sessions USER ACTIVITY MONITORING Collect Know Act
Escalated privileges _____________________________________________________ USER ACTIVITY MONITORING & CHANGE MANAGEMENT: Configuration changes _____________________________________________________  Embedded Scripts  Unsecure ‘shell’  Unauthorized access  Unapproved ‘setuid’  Lateral Movement  ‘rm’ ‘cp’ with ‘sudo’  Creating “backdoors”  ‘leapfrog’ logins
“ONE SCREENCAPTUREISWORTH A THOUSAND LOGS” COLLECT: 100% VISIBILITY
“PROACTIVELYINVESTIGATERISKYUSERACTIVITY” Real-time Alerts  Who?  Did what?  On which computer?  When?  From which client? KNOW: INSTANT NOTIFICATION
“PREVENTRISKYACTIVITY” ACT: STOP INSIDER THREATS Real-Time Drill Down User Interaction  Message  Warn Kill Sessions
Audit and Compliance WHO’S BEING OBSERVED? Employees __________________________________________ Third-parties __________________________________________ Privileged Users __________________________________________ SOX EU Data Protection Reform HIPAA  Healthcare (PHI) data  Customer (PII) data  Employee data  Company data  Financial data  Intellectual property  Sales & marketing data
HOW IT WORKS
Q&A

Recommended

Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?ObserveIT
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveITObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5ObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...ObserveIT
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionObserveIT
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT
 

Recommended

Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?ObserveIT
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveITObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5ObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...ObserveIT
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionObserveIT
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz WebinarObserveIT
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringObserveIT
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection WebinarObserveIT
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...ObserveIT
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App SecurityObserveIT
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachObserveIT
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015ObserveIT
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisObserveIT
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...ObserveIT
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...ObserveIT
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryObserveIT
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 

More Related Content

More from ObserveIT

ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz WebinarObserveIT
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringObserveIT
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection WebinarObserveIT
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...ObserveIT
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App SecurityObserveIT
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachObserveIT
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015ObserveIT
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisObserveIT
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...ObserveIT
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...ObserveIT
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryObserveIT
 

More from ObserveIT (20)

ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz Webinar
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection Webinar
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App Security
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your Servers
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
 

Recently uploaded

What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 

Recently uploaded (20)

What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 

Change Management: Security's Friend or Foe?

  • 1. CHANGE MANAGEMENT: SECURITY’S FRIEND OR FOE? Larry Whiteside Jr. / Chief Security Officer Sponsored by:
  • 2. AGENDA  Who am I and why do I care  The History of Change  Who is making your changes  Security’s Relationship with Change Management  Breach and Change Management  Security’s role in Change Governance  Possible measurements that will positively impact your security posture Ask Questions in GoToWebinar!
  • 3. WHO AM I / WHY DO I CARE?  Over 20 years Cyber Security/ Risk Management / Physical Security  C-Level Security Executive across many verticals  DoD, Federal, Financial Services, Healthcare, Energy/Utilities  Consulting in many verticals  Education, Healthcare, Financial Services  Community Involvement  Co-Founder of International Consortium of Minority Cyber Security Professionals (ICMCP), ISSA, ASIS, OWASP, Security Advisor Alliance (SAA)  Speaking and Writing  SC Magazine, CSO Online, RSA Conference, Gartner Security Conference, industry webinars, securitycurrent.com, SecureWorld, Evanta CISO Summit, and many others Larry Whiteside Jr. Chief Security Officer
  • 4. THE HISTORY OF CHANGE 1980s • Change Management as a discipline began to emerge driven by leading consulting firms 1990s • Industries undergoing significant and rapid change in areas such as IT began highlighting the benefits of Change Management programs on a broader scale • ITIL, LEAN, etc… 2000s • Widespread acceptance of Change Management as a business competency for leading change • Marked increase from 34% in 2003 to 72% in 2011 1980s1990s2000s
  • 5. WHO IS MAKING CHANGES?  Outsiders (Third-parties: IT contractors & consultants)  Shared Accounts (Windows Admins, root, DBAs, System Admins,…)  Named Accounts (Developers, IT Contractors, Network Admin,…)  Service Accounts  Local Account / Credentials  Windows / UNIX system administrator  Help Desk administrator (password changes/access to files etc. )
  • 6. SECURITY’S RELATIONSHIP WITH CHANGE MANAGEMENT  You should want certain questions answered  IT is responsible, but Security must hold them accountable
  • 7. BREACHES AND CHANGE MANAGEMENT  3 of 7 Phases of Cyber Kill chain impact config and change management  Stage #3 Delivery  Stage #4 Exploitation  Stage #5 Installation  Malicious internal users  Configuration mistakes by authorized people  If security is monitoring change and configuration, these changes can be identified
  • 8. SECURITY’S ROLE IN CHANGE GOVERNANCE  Know your systems and environment  Security should know about more than just FW changes  Do you check adherence to patch policy (if you even have a patch policy)?  If a change is made by a legitimate or non-legitimate admin can you determine what it was?  How many outages have you had due to undocumented changes?
  • 9. METRICS THAT WILL POSITIVELY IMPACT YOUR SECURITY POSTURE  Patch Policy adherence  Unauthorized changes  Changes processes which caused outages  FW changes processed Other High Risk Scenarios:  Remote connections / ‘leapfrog’ logins  Changes via Embedded Scripts (‘rm’ ‘cp’ with ‘sudo’ )  Changes to Active Directory (Password Resets, Adding Users, Changing Groups, Modifying Access, etc.)  Changes within Registry Editor such as Edit or Modify Specific Values (Firewalls, User Access Control, Applications / Software, Windows Components)
  • 10. TAKEAWAYS AND RECOMMENDATIONS  Know your environment  Get involved in your change process  If you don’t have one, help create one  Find others already doing change and config management and copy models that work (adapt and change things to fit your particular business)  No need to recreate the wheel  Create metrics that matter and impact security
  • 12. WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The leading provider of User Activity Monitoring for Employees, Privileged Users and Third-party Vendors
  • 13. Capture User Activity Logging for all user actions Video-like Playback Instant Notification Rule-Based Analytics Report & Audit Real-Time Drill Down User Interaction Kill Sessions USER ACTIVITY MONITORING Collect Know Act
  • 14. Escalated privileges _____________________________________________________ USER ACTIVITY MONITORING & CHANGE MANAGEMENT: Configuration changes _____________________________________________________  Embedded Scripts  Unsecure ‘shell’  Unauthorized access  Unapproved ‘setuid’  Lateral Movement  ‘rm’ ‘cp’ with ‘sudo’  Creating “backdoors”  ‘leapfrog’ logins
  • 15. “ONE SCREENCAPTUREISWORTH A THOUSAND LOGS” COLLECT: 100% VISIBILITY
  • 16. “PROACTIVELYINVESTIGATERISKYUSERACTIVITY” Real-time Alerts  Who?  Did what?  On which computer?  When?  From which client? KNOW: INSTANT NOTIFICATION
  • 17. “PREVENTRISKYACTIVITY” ACT: STOP INSIDER THREATS Real-Time Drill Down User Interaction  Message  Warn Kill Sessions
  • 18. Audit and Compliance WHO’S BEING OBSERVED? Employees __________________________________________ Third-parties __________________________________________ Privileged Users __________________________________________ SOX EU Data Protection Reform HIPAA  Healthcare (PHI) data  Customer (PII) data  Employee data  Company data  Financial data  Intellectual property  Sales & marketing data
  • 20. Q&A

Editor's Notes

  1. Data Leakage Protection Solution How does the product work with accessing certain applications or files, or areas within an application – how granular can we get, etc Use for applications installed and also web-based applications
  2. Config. Change: Embedded Scripts (innocent script story) Unsecure ‘shell’ (telnet on legacy appliances – SSH is much more secure and passwords are encrypted over the wire) Unauthorized access (to configuration files) & run commands that they are not supposed to be Unapproved ‘setuid’ Escalating Privileges Pass-the Hash ‘rm’ ‘cp’ with ‘sudo’ Installing “backdoors” “leapfrog” logins
  3. You’ll know what’s happening inside all of your applications– even applications that do not generate logs There is a huge benefit for reviewing alerts visually. When reviewing alerts in Slideshow mode, you can immediately understand critical User Context that is never available in log-based alerting systems: What other application data was the user exposed to? What other Windows or Applications were open? The State of the Windows taskbar including tray icons (is something missing or disabled?) On Unix/Linux: What were the previous commands that the user ran? What output they produced? How does the shell prompt look like? As we say: One screenshot is worth a thousand logs! Generate our own logs across all apps We capture all user activity regardless of where your users are or how they access applications, systems and data We capture this activity in a video-like format – you SEE exactly what the users are doing Video playback is great, but you can’t sit there and watch hours of videos, so we translate all user activity into User Activity Logs that you can search, report on and analyze
  4. You’ll know if users are “snooping” or viewing information they shouldn’t be like SS# or customer records The Rule Editor is Simple yet Powerful. you can easily define new Alert Rules, duplicate and modify existing rules. Every rule can contain all risky aspects of your monitored users – so normally you need only ONE rule per scenario. You can define: WHO are the users involved, WHAT is the risky activity that they performed, ON WHICH COMPUTER, WHEN (week days, holidays, time of day?) and FROM WHICH CLIENT COMPUTER they are connected? A comprehensive list of possible User Activities provides a quick & easy way to define risky user behavior - such as: Specific applications or processes ran by the user Websites and URLs being visited, Executed SQL statements, Unix/Linux commands, arguments and command line switches being used – and much more! In addition, your alert-response process can be tailored by defining the severity of each rule, as well as the audience and timing of email notifications.
  5. Application User Monitoring: ObserveIT user activity monitoring provides visibility within applications so you have a complete audit trail and proactive detection of suspicious or out of policy user behavior. From large copy operations to exporting reports, you’re able to proactively investigate data extraction processes, unnecessary access to information and the usage of unauthorized cloud applications (e.g. Dropbox, WeTransfer, SnagIt). Whether it is SAP, EPIC, GuideWire, Pega systems – just to name a few industry specific critical applications - we provide coverage for any application – home grown, SaaS, off-the-self…. Privileged User Monitoring: ObserveIT provides a complete privileged user monitoring solution that integrates with the other key components of a privileged identity management solution. Compliance regulations put stringent requirements about the ability to audit and report on privileged user activity with the access they have to critical sets of data (PHI, PII, employee data, company data….) External Vendor Monitoring: External vendors are one of the highest risk user groups that companies have to hold accountable and audit for compliance regulations. Whether third-party contractors are accessing via jump servers, citrix, vpn or direct access, ObserveIT provides the audit, reporting and real-time analytics you need to leverage the benefit of contractors without sacrificing the security, compliance or control. Underpinning all of these use cases is audit and compliance. Having complete audit history of all user activity and real time detection of user threats is a key requirement for meeting today’s growing list of compliance needs.