Privileged Account Management - Keep your logins safe
1. Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Privileged Account Management (PAM)
Jens Albrecht
B.Sc. Electrical Engineering
Presales Cyber Security
jens.albrecht@ingrammicro.com
Brunnmatt 14
CH-6330 Cham
Privileged access perfectly protected
2. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 2
• Human (Domain Administrator, CxO, Web Portals…)
• Non-human (Service Account, SU, root, Web Master, Router)
• They access, control and manage IT environments / services
• Are targets for IT attacks to get system access to compromise
CIA (Confidentiality, Integrity, Availability)
What are Privileged Accounts?
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
3. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 3
• Use very long and complex passwords
• Change passwords periodically
• Share passwords only on a secure way (better don’t share)
• Monitor and audit the Account usage
This is difficult to implement
How to protect Privileged Accounts?
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
4. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 4
• Define password policies for privileged accounts
• Automatically changes passwords for privileged accounts
• Doesn’t allow privileged accounts to be directly shared
• Monitors and records sessions for privileged account activity
Can be done very easily with a PAM system
How Privileged Account Management helps you?
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
5. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 5
• The Windows password expires after a period or a date
• A new Windows password will be automatically generated
• E.g. the jump account for Windows RDP sessions
Example 1: Automatically change passwords
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
6. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 6
• The PAM system provides an RDP launcher for autologin
• The Windows password isn’t visible for the operator
• E.g. to access Domain Controllers
Example 2: Use PAM for autologin for RDP
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
7. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 7
• The PAM systems starts the Web Password Filler for autologin
• The password will not be shown to the operator
• E.g. access to any web portals
Example 3: Use PAM for autologin to web portals
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
8. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 8
• The PAM systems provides session recording
• RDP, Web, PuTTY
• Video on DB or disk
Example 4: Use PAM for Auditing / Compliance
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
9. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 9
• We’ve chosen Secret Server from world leader
www.thycotic.com
Our PAM solution for you
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
10. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 10
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Fully-featured PAM
solution available
both on-premises
and in the cloud
Secret Server
Establish
Vault
Discover
Unknown Accounts
Manage
Secrets
Delegate
Access
Control
Sessions
11. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 11
• With Thycotic, your start into PAM is made easily
Our PAM solution for you
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
12. 1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 12
• Get in touch with us and get your free Thycotic consultancy
• Start a trial / PoC / Rapid Prototyp in your lab / production
• Discover Privileged Accounts in your environment and manage
them with the PAM system. Start with Windows Accounts.
• Your contact for PAM: jens.albrecht@ingrammicro.com
Your next steps for PAM
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
13. Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Realize the Promise of Technology
Editor's Notes
Privileged accounts are everywhere in the IT environment. They give IT the building blocks for managing vast networks of hardware and software that power the information-driven world. Yet for most people, they’re invisible.
This gives you the basics of privileged account management (PAM) — understanding privileged accounts, what they do, and why it’s so important to protect access to them as the “keys to the kingdom” of your growing information empires.
The typical user of a privileged account is a system administrator (sysadmin) responsible for managing an environment or an IT administrator of specific software or hardware.
Sensitive data and critical functions are concentrated in business applications such as ERP, HR, and CRM systems. Users of these applications aren’t IT staff and aren’t using domain admin accounts. They do, however, have privileged access and many opportunities to increase risk.
Business users are notoriously poor at protecting passwords. People often use the same password across multiple applications and share credentials with others. People use the same password for personal use as for business use, which expands the attack surface.
When attackers compromise a privileged account, they can perform malicious activity, steal sensitive information, commit financial fraud, and often remain undetected for weeks or months at a time. Most cybersecurity breaches go undetected for more than 200 days.
thycotic.com Why Choose Thycotic Stay Ahead Of Attackers. Prepare For Audits. Protect What Matters Most. Thycotic empowers more than 12.5k organizations around the globe, from small businesses to the Fortune 500, to manage privileged access. We make enterprise-grade privilege management accessible for everyone by eliminating the need for complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic than with any other privilege security tool.
thycotic.com Why Choose Thycotic Stay Ahead Of Attackers. Prepare For Audits. Protect What Matters Most. Thycotic empowers more than 12.5k organizations around the globe, from small businesses to the Fortune 500, to manage privileged access. We make enterprise-grade privilege management accessible for everyone by eliminating the need for complex security tools and prioritizing productivity, flexibility and control. You’ll achieve more with Thycotic than with any other privilege security tool.
Get in touch with Jens Albrecht jens.albrecht@ingrammicro.com / Ingram Micro Switzerland