This document discusses multifactor authentication for critical business users. It begins by providing context that organizations are multifactoring access but breaches are still occurring. It then outlines how a privileged session manager and multifactor authentication can be used to securely manage privileged accounts and shared credentials. The presentation concludes by discussing how to apply these techniques to business units and maintain credential hygiene.

1. CONFIDENTIAL INFORMATION
MULTIFACTOR ENABLEMENT FOR
CRITICAL BUSINESS USERS
1

2. CONFIDENTIAL INFORMATION
Phil Li – National Customer Success Manager
5 years w/ CYBR – 200+ enterprise customers
Andy Thompson – National Customer Success
Manager
SPEAKERS
2

3. CONFIDENTIAL INFORMATION
Organizations are multi factoring everything…
Breaches are still happening!!! Why?!?
CONTEXT
5

4. CONFIDENTIAL INFORMATION
SECURE SAAS ADMINS AND PRIVILEGED BUSINESS USERS
Systematically Address
Organization’s Top
Control Goals Manage *NIX SSH Keys
Control and Secure
Infrastructure Accounts
Eliminate Irreversible
Network Takeover Attacks
Limit Lateral Movement
Protect Credentials for
Third-Party Applications
Defend DevOps Secrets in the
Cloud and On-Premises
Secure SaaS Admins and
Privileged Business Users

5. CONFIDENTIAL INFORMATION 7
SHARED IDS FOR BUSINESS USERS
John
Sarah
Dave
Tom
Generic User
P@5w0rd

6. CONFIDENTIAL INFORMATION
User
Accounts
LOB
Accounts
CXOs
Social Media
Service/
App Accounts
Root
Accounts
Domain
Admin
Accounts
Database
Accounts
Local Admin
Accounts
Database
Admin
IT Help
Desk
Unix Admin.App
Admin
System
Admin
Service
Admin
3XMORE
Privileged accounts than employees
THE EXPANDING ATTACK SURFACE

7. CONFIDENTIAL INFORMATION
SIMPLIFIED WORKFLOW
10

8. CONFIDENTIAL INFORMATION
MAINTAIN SECURITY
11

9. CONFIDENTIAL INFORMATION
V10 – ENHANCED AND SIMPLIFIED UI
12

10. CONFIDENTIAL INFORMATION
V10 – ENHANCED AND SIMPLIFIED UI
13

11. CONFIDENTIAL INFORMATION
BUSINESS ACCOUNTS
14

12. CONFIDENTIAL INFORMATION
WHAT YOU NEED TO KNOW ABOUT
ATTACKERS
15
Source: MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™)
https://attack.mitre.org/wiki/Main_Page

13. CONFIDENTIAL INFORMATION
STARTS WITH INFECTION
17

14. CONFIDENTIAL INFORMATION
STARTS WITH INFECTION
18

15. CONFIDENTIAL INFORMATION
SOCIAL ENGINEERING TOOLKIT – CREDENTIAL HARVESTER
19

16. CONFIDENTIAL INFORMATION
CREDENTIAL HARVESTER
20

17. CONFIDENTIAL INFORMATION
CREDENTIAL DUMPING (AS SEEN WITH EPM)
21

18. CONFIDENTIAL INFORMATION
ATTACKER’S TECHNIQUES – CREDENTIAL STUFFING
22

19. CONFIDENTIAL INFORMATION
BEST PRACTICES FOR DEFENSE
23

20. CONFIDENTIAL INFORMATION 24
APPLY MFA VIA PRIVILEGED SESSION MANAGER
John
Sarah
Dave
Tom
Generic User
P@5w0rd
Vault
PSM
PVWA
BLOCK MALWARE FROM GETTING IN
BLOCK CREDENTIALS FROM GETTING OUT

21. CONFIDENTIAL INFORMATION
CREDENTIAL PROTECTION AND MANAGEMENT
25
BUSINESS
RESOURCES
CYBERARK WEB PORTAL
PASSWORD
ROTATION
SECURE
STORAGE

22. CONFIDENTIAL INFORMATION
CYBERARK MARKETPLACE
26

23. CONFIDENTIAL INFORMATION
Sprint
 Interview Business Users (in order)
 Finance
 Social Media
 Cloud Consoles
 HR
rename for success
 Multi Factor enable Business apps
through PSM using the Marketplace
Marathon
 Apply MFA to additional business units
 Rotate Credentials
 Create Programmatic system to onboard
HYGIENE FOR BUSINESS USERS
27

24. CONFIDENTIAL INFORMATION
QUESTIONS?
28

25. Proprietary and Confidential. Do Not Distribute. © 2018 Optiv Inc. All Rights Reserved.
CYBERARK IN
PRACTICE FROM THE EXPERTISE OF OPTIV

26. CONFIDENTIAL INFORMATION
Proprietary and Confidential. Do Not Distribute. © 2018 Optiv Inc. All Rights Reserved.

27. CONFIDENTIAL INFORMATION
IAM PROGRAM OVERVIEW – PLAN, BUILD, RUN
PLAN BUILD RUN
Implementation Phases (Multiple Iterations)
• Architecture and Design
• Product Installation and Configuration
• Implementation and Engineering
• Customization
Post Go-Live
Support
• Rollout Planning
• Staffing
Strategy
• Understand pain
• Gain consensus
• Prioritize
• Maturity
• Create
actionable
roadmap
The Details
• Detailed
Requirements
• Use Cases
• Detailed
Implementation
Roadmap
Start thinking
about product(s)
to solve problems
Acquire
product(s)

28. CONFIDENTIAL INFORMATION
FOCUS ON
IDENTITY-
DEFINED
SOLUTIONS
IAM
FOCUS ON
IDENTITY-
DEFINED
SOLUTIONS
SIEM
IAM

29. CONFIDENTIAL INFORMATION
Proprietary and Confidential. Do Not Distribute. © 2018 Optiv Inc. All Rights Reserved.
Leverage single sign-on and
MFA
Implement an access
governance program to review
access & accounts
PAM with
MFA and IGA
Technologies