Courion Corporation , profile picture
Uploaded byCourion Corporation
PPTX, PDF261 views

Detect, Deter, and Remediate Cyber Risk

This document discusses intelligent identity and access governance. It notes that over 80% of breaches involve compromised accounts, and the average time accounts are compromised before detection is over 200 days. This leaves a need for access intelligence and analytics to more quickly detect and remediate access risks. The document introduces Access Insight, a tool from Courion that uses access analytics to identify issues like unused accounts, separation of duties violations, and accounts of terminated employees within hours of analyzing an organization's identity data. This helps reduce attack surfaces and detect and disrupt threats before losses occur.

Embed presentation

Downloaded 10 times
1 Intelligent Identity and Access Governance Deter, Detect, and Remediate Breaches Before Business Loss Tuesday, December 8, 2015Venkat Rajaji, VP Product Management Chris Sullivan, GM Intelligence/Analytics
2 What you do is important! 1982 2008 2013
3 10x Market All Use Cases – Highest CS – Delivering on intelligent IGA
4 Deter, Detect & Remediate Access Risk with Speed, Efficiency & Efficacy
5 What are we talking about??????  IGA – Identity and access governance  IAM – Identity and access management  IDM – Identity management  I-* – Intelligent *  Identity  Access  Governance  Intelligence
6 So what’s the problem?
7 of breaches used compromised accounts
8 Days that accounts were found to be compromised in breach investigations
9 of budgets are spent on the perimeter
10 This leaves a burning need for
11 Root Cause Problem Area  Real Risk  Regulatory Risk Treatment  IPS  SEIM  Firewalls  AV Access Control  Information  Processes
12 Access is Complicated…  Identity  Accounts  Entitlements  Roles  Applications
13 Separation of Duties
14 Privileged Access
15 The Complexity Challenge POLICIES RESOURCES ACTIVITIES RIGHTS IDENTITIES PROVISIONING GOVERNANCE Identities Resources Rights Policy Activity Total
16 High Months or Never The OODA (Speed) Chasm PROVISIONING GOVERNANCE Low Days Observe Orient Act Decide Observe Orient Act Decide
17 The Management Gap
18 “By year-end 2020, identity analytics and intelligence (IAI) tools will deliver direct business value in 60% of enterprises, up from <5% today.” Intelligent IAM
19 • Access (Cyber) Intelligence/Analytics ACSC
20 A Short but Important Tangent IMPACT LIKELIHOODRISK
21
22 Access Insight™ = Value in Hours  Reduces Attack Surface • Large US bank  3,435 active accounts have never been used  640 SoD violations  53 administrative accounts for terminated staff • Similar findings:  Insurance  Retail  Healthcare  Detects and Disrupts Before Loss
23 The New OODA Chasm PROVISIONING GOVERNANCE Low Days Observe Orient Act Decide Low Minutes High Fidelity Observe Orient Act Decide Continuous Process Improvement
24 Chris Sullivan GM, Intelligence/Analytics csullivan@Courion.com Venkat Rajaji VP, Product Management/Marketing vrajaji@Courion.com

More Related Content

PDF
Enterprise Identity and Access Management Use Cases
byWSO2
 
PDF
Case study: Single Sign On | SSO Solution - Happiest Minds
byHappiest Minds Technologies
 
PDF
Information Security
byBrian Hacker
 
PDF
Issala exec-forum-opening-150604
byISSA LA
 
PDF
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
PDF
Augmate connect summary
byEtheralabs
 
PDF
What is still missed for security real life facts
byAladdin Dandis
 
PPTX
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
byShawn Tuma
 
Enterprise Identity and Access Management Use Cases
byWSO2
 
Case study: Single Sign On | SSO Solution - Happiest Minds
byHappiest Minds Technologies
 
Information Security
byBrian Hacker
 
Issala exec-forum-opening-150604
byISSA LA
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
byXenith Document Systems Ltd
 
Augmate connect summary
byEtheralabs
 
What is still missed for security real life facts
byAladdin Dandis
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
byShawn Tuma
 

What's hot

PPTX
Balancing User Experience with Secure Access Control in Healthcare
bySecureAuth
 
PDF
Fintech & Blockchain
byIndSightsResearchSG
 
PPTX
Introduction to ENT (Entity Network Translation)
byENT Technologies
 
PPTX
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
byPiyushHipparkar
 
PDF
Next Generation Cyber Security
byIan McGregor
 
PPT
Risk Management — Visual Ids Countermeasures
bySheloeloe
 
PPT
[null] Iso 27001 a business view by Sripathi
byPrajwal Panchmahalkar
 
PPTX
Are You Being Anti-Social
byNetIQ
 
PDF
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
byForgeRock
 
PPTX
Identity Summit 2015: 2Keys Canadian Digital Identity
byForgeRock
 
PPTX
Bring Your Own Identity
byNetIQ
 
PPTX
Inventory management software
byCyber Security Infotech Pvt. Ltd.
 
PDF
Applying Innovative Tools for GDPR Success
byForgeRock
 
PDF
Cross border - off-shoring and outsourcing privacy sensitive data
byUlf Mattsson
 
PDF
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
PPTX
Wearable technologies, privacy and intellectual property rights
byGiulio Coraggio
 
Balancing User Experience with Secure Access Control in Healthcare
bySecureAuth
 
Fintech & Blockchain
byIndSightsResearchSG
 
Introduction to ENT (Entity Network Translation)
byENT Technologies
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
byPiyushHipparkar
 
Next Generation Cyber Security
byIan McGregor
 
Risk Management — Visual Ids Countermeasures
bySheloeloe
 
[null] Iso 27001 a business view by Sripathi
byPrajwal Panchmahalkar
 
Are You Being Anti-Social
byNetIQ
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
byForgeRock
 
Identity Summit 2015: 2Keys Canadian Digital Identity
byForgeRock
 
Bring Your Own Identity
byNetIQ
 
Inventory management software
byCyber Security Infotech Pvt. Ltd.
 
Applying Innovative Tools for GDPR Success
byForgeRock
 
Cross border - off-shoring and outsourcing privacy sensitive data
byUlf Mattsson
 
Identity Live Sydney: Intelligent Authentication
byForgeRock
 
Wearable technologies, privacy and intellectual property rights
byGiulio Coraggio
 

Viewers also liked

PPTX
Privileged Access Management (PAM)
bydanb02
 
PPTX
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
byLance Peterman
 
PDF
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
byCA Technologies
 
PPTX
Identity intelligence: Threat-aware Identity and Access Management
byProlifics
 
PPTX
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
byIBM Sverige
 
PPTX
Vendor Landscape: Security Information and Event Management
byInfo-Tech Research Group
 
PDF
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
byAndris Soroka
 
PPTX
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
byForgeRock
 
PDF
Tech Talk: Real-time Identity Analytics – Improving Performance through Incre...
byCA Technologies
 
PPTX
ISACA Webcast Featuring SuperValu - Tackling Security and Compliance Barri…
byOracleIDM
 
PPTX
Extending the 20 critical security controls to gap assessments and security m...
byJohn M. Willis
 
PDF
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
byCloudIDSummit
 
PDF
Spam Detection with a Content-based Random-walk Algorithm (SMUC'2010)
byJavier Ortega
 
Privileged Access Management (PAM)
bydanb02
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
byLance Peterman
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
byCA Technologies
 
Identity intelligence: Threat-aware Identity and Access Management
byProlifics
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
byIBM Sverige
 
Vendor Landscape: Security Information and Event Management
byInfo-Tech Research Group
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
byAndris Soroka
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
byForgeRock
 
Tech Talk: Real-time Identity Analytics – Improving Performance through Incre...
byCA Technologies
 
ISACA Webcast Featuring SuperValu - Tackling Security and Compliance Barri…
byOracleIDM
 
Extending the 20 critical security controls to gap assessments and security m...
byJohn M. Willis
 
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
byCloudIDSummit
 
Spam Detection with a Content-based Random-walk Algorithm (SMUC'2010)
byJavier Ortega
 

Similar to Detect, Deter, and Remediate Cyber Risk

PDF
Compliance & Identity access management
byProf. Jacques Folon (Ph.D)
 
PDF
The Role of IGA Identity Governance in Strengthening Your Organizations Cyber...
bySecurity Compliance Corporation
 
PDF
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
byBigML, Inc
 
PDF
Complicate, detect, respond: stopping cyber attacks with identity analytics
byCA Technologies
 
PDF
Capgemini ses - security po v (gr)
byGord Reynolds
 
PPTX
Ensuring Security and Compliance with Identity Access Governance
byBert Blevins
 
PPT
The Business Of Identity, Access And Security V1.0
bytheonassiokas
 
PDF
digital strategy and information security
byProf. Jacques Folon (Ph.D)
 
PPTX
Smart Identity for the Hybrid Multicloud World
byKatherine Cola
 
PDF
Intelligence Driven Identity and Access Management
byEMC
 
PDF
Secure Identity: The Future is Now
byLane Billings
 
PDF
Why IAM is the Need of the Hour
byTechdemocracy
 
PPT
EDUCAUSE_SEC10_Apr2010_Fed_Seminar_Final.ppt
byPreethamS41
 
PPTX
Phishing: How to get off the hook using Intelligent IAM
byCourion Corporation
 
PDF
Material de apoyo Un replanteamiento masivo de la seguridad.
byUniversidad Cenfotec
 
PPTX
Information security
byWilliam Moore
 
PDF
Identity and Access Intelligence
byTim Bell
 
PDF
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
byMicro Focus
 
PDF
Webinar: Enable Insight Driven Data Risk Assessments with AI
byLucidworks
 
PDF
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
byCloudIDSummit
 
Compliance & Identity access management
byProf. Jacques Folon (Ph.D)
 
The Role of IGA Identity Governance in Strengthening Your Organizations Cyber...
bySecurity Compliance Corporation
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
byBigML, Inc
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
byCA Technologies
 
Capgemini ses - security po v (gr)
byGord Reynolds
 
Ensuring Security and Compliance with Identity Access Governance
byBert Blevins
 
The Business Of Identity, Access And Security V1.0
bytheonassiokas
 
digital strategy and information security
byProf. Jacques Folon (Ph.D)
 
Smart Identity for the Hybrid Multicloud World
byKatherine Cola
 
Intelligence Driven Identity and Access Management
byEMC
 
Secure Identity: The Future is Now
byLane Billings
 
Why IAM is the Need of the Hour
byTechdemocracy
 
EDUCAUSE_SEC10_Apr2010_Fed_Seminar_Final.ppt
byPreethamS41
 
Phishing: How to get off the hook using Intelligent IAM
byCourion Corporation
 
Material de apoyo Un replanteamiento masivo de la seguridad.
byUniversidad Cenfotec
 
Information security
byWilliam Moore
 
Identity and Access Intelligence
byTim Bell
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
byMicro Focus
 
Webinar: Enable Insight Driven Data Risk Assessments with AI
byLucidworks
 
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
byCloudIDSummit
 

More from Courion Corporation

PPTX
4 ways to defend against internal attacks
byCourion Corporation
 
PDF
Building a culture of security
byCourion Corporation
 
PPTX
10 Things to Watch for in 2016
byCourion Corporation
 
PDF
Buyers Guide for Governance
byCourion Corporation
 
PPTX
Access Assurance in the Cloud
byCourion Corporation
 
PPTX
Courion Survey Findings: Access Risk Attitudes
byCourion Corporation
 
PPTX
Assessing the Risk of Identity and Access
byCourion Corporation
 
4 ways to defend against internal attacks
byCourion Corporation
 
Building a culture of security
byCourion Corporation
 
10 Things to Watch for in 2016
byCourion Corporation
 
Buyers Guide for Governance
byCourion Corporation
 
Access Assurance in the Cloud
byCourion Corporation
 
Courion Survey Findings: Access Risk Attitudes
byCourion Corporation
 
Assessing the Risk of Identity and Access
byCourion Corporation
 

Recently uploaded

PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PPTX
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PPTX
Code Assessment Tools .pptx
byCodexpro
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
PDF
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PPTX
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
PPTX
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PPTX
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
Code Assessment Tools .pptx
byCodexpro
 
Custom chat gpt integration services.pptx
byChetu
 
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
Coding Assessment Tools .pdf
byCodexpro
 
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 

Detect, Deter, and Remediate Cyber Risk

Editor's Notes

  • #2 We all know what IGA is. How about Intelligence? - One definition is: Intelligence is like teenage sex.. lot's of people talk'n bout it, not a lot of people doin it.. even fewer doin it well. We think about it like a data driven decision systems. Think air traffic controls.. On a typical day, 40MM people are floating in small metal tubes over London and they have never run into each other. This is not something that humans can do. What happens if that data driven decision engine stops? Plan B, manual, is slow and scary
  • #3 This is why we are so passionate about this stuff. It’s not just data, it’s process.. It is physical. RSA – national security Target – money Sony – Guardians of Peace (probably NC) – more than a year. Extortion. Asymmetric AM – they hacked one of their competitors. TSP – 1982 3KT TNT. – access to SCADA 2008 – Russia invade Georgia – access to key governmental systems 1 hr before tanks rolled. Iranian nuclear facility – Stuxnet – 21 Jan 2013. – Access to SCADA
  • #4 Right now we are in the IGA space and we’re pretty good at it. “Access Assurance Suite was the only product to consistently perform well across every product scenario within this Magic Quadrant's evaluation criteria, in contrast with the other vendors' products that each had poor results in several of the evaluated product scenarios.” Reference customers reported satisfaction with the product, and support is among the highest of all vendors evaluated. All reference customers indicated that they were highly likely to recommend the product to others. “Its uniquely differentiated marketing message emphasizes analytics for "intelligent" IAM and resonates with customers and prospects“
  • #5 What are we really trying to accomplish.
  • #6 If ur not from this industry, there’s lots of buzz words. Think about the meaning and ask… Identity – associated with a role or a need… Intelligence – brain enhancement – like air traffic control.
  • #7 Beaches that use compromised accounts
  • #8 Beaches that use compromised accounts
  • #9 Days that accounts were found to be compromised in breach investigations
  • #10 Spent on protecting the perimeter.
  • #11 There is a burning need for intelligent IGA but…
  • #16 Regulations require us to provision the minimum necessary access and then review that on the order of months to years. Operating. But if you consider the problem.. Who has access to what, how did they get that access, what are they accessing? When? There’s trillions of changing relationships to consider. And hackers take days.. 16 in the case of RSA. 12 in the case of target. According to the speaker notes, the median company here is about 5000.. Anyone in that range?
  • #17 They are so far inside our ooda loop that most times we only find out when someone else tells us.. You get a call from the NSA that says we just found joint strike fighter designs on a PC in china or from the FBI that says someone just posted a block of 70 million high quality credit cards and the one thing that they have in common is that they were used at Target.
  • #18 No Access Management Discipline (Look up KPI for dummies and use examples like networks). Good quotes on KPIs
  • #20 Clockwise from 3 o’clock. Bottom: Real data warehouse and data scientist. Real BI tool (UX for large, complex data sets). Top IGA domain expertise Cyber domain expertise w/ ACSC (http://www.acscenter.org/) to harden our own defences and to gain domain expertise to feed into AI
  • #22 Make the connections View business risk in an intuitive visual format Drill-down to understand identify & access issues creating risk Click to evaluate & remediate
  • #23 Let’s talk about the magnitude of what this means.. Just to give you an idea of the narrative. Continuous, Comprehensive, Historic of Access