Downloaded 27 times
Uploaded byProlifics
Identity intelligence: Threat-aware Identity and Access Management
The document discusses the rising threat of insider breaches in organizations, which often result from negligence rather than malicious intent, costing companies an average of $750,000 annually. It emphasizes the importance of identity intelligence in managing risks associated with user activity and integrating security intelligence to detect threats, insider fraud, and ensure appropriate access controls. The text also highlights the evolution of security management from static, compliance-driven processes to dynamic, real-time analytics capable of providing actionable insights.
More Related Content
Similar to Identity intelligence: Threat-aware Identity and Access Management
![[Webinar] Supercharging Security with Behavioral Analytics](https://cdn.slidesharecdn.com/ss_thumbnails/sept19forresterintersetwebinarfinal1-180924190339-thumbnail.jpg?width=640&height=640&fit=bounds)
Identity intelligence: Threat-aware Identity and Access Management
- 1. CONNECT WITH US: IT:Customized to Your Advantage Identity Intelligence THREAT-AWARE IDENTITY AND ACCESS MANAGEMENT RUSSELL TAIT Practice Director, Security Public | Copyright © 2014 Prolifics
- 2. CONNECT WITH US: Insider incidents cost companies an average of $750,000 per year – Employees, contractors, partners exploiting weak identity controls Insider negligence, rather than malicious behavior is often the cause – Shared passwords, weak passwords, passwords on Post-its Source: IBM and Ponemon Survey of 265 C-Level Executives, Feb 2012, “The Source of Greatest Risk to Sensitive Data” Insider Breaches Are On The Rise 2Public | Copyright © 2014 Prolifics
- 3. CONNECT WITH US: ITSecurity’s Dirty Secret Network & Perimeter Internal & Web Access Security Threats & Security Spending Are Unbalanced % of Attacks % of Dollars 75% 10% 25% 90% Security Damage Security Spending of All Damaging Attacks on Information Security Originate from Inside Trusted Boundaries75% 3Public | Copyright © 2014 Prolifics
- 4. CONNECT WITH US: SecurityAnalytics Is Maturing What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization and analytics of the data generated by systems, applications and infrastructure that impacts the IT security and risk posture of an enterprise. What is Identity Intelligence? Identity Intelligence --noun 1. the actionable insight to manage risks and threats from user activity. The application of analytical monitoring to entitlements, policies, and access events, in the context of identity risk profiles. 4Public | Copyright © 2014 Prolifics
- 5. CONNECT WITH US: Identity/Accessto Identity Intelligence Future: Assurance Security management Content driven Dynamic, context-based Real-time, actionable alerting Today: Administration Operational management Compliance driven Static, Trust-based Reporting/Monitoring is forensic Monitor Everything 5Public | Copyright © 2014 Prolifics
- 6. CONNECT WITH US: TraditionalSIEM Provides Identity Intelligence Adds What When Who Activities Results Behaviors What was done Is it OK for THIS user? Is this user who I think it is? Outside bad guys Inside careless guys Inside guys doing bad things Identity Intelligence Provides Human Context 6Public | Copyright © 2014 Prolifics
- 7. CONNECT WITH US: ExtensiveData Sources Deep Intelligence Exceptionally Accurate and Actionable Insight+ = High Priority Offenses Event Correlation Activity Baselining & Anomaly Detection Offense Identification Database Activity Servers & Hosts User Activity Vulnerability Info Configuration Info Security Devices Network & Virtual Activity Application Activity Detecting threats Consolidating data silos Detecting insider fraud Predicting risks against your business Addressing regulatory mandates Security Intelligence: Integrating Across IT Silos 7Public | Copyright © 2014 Prolifics
- 8. CONNECT WITH US: Identityenriched security intelligence: Technical features – Retrieves user identity data including ID mapping (from an enterprise ID to multiple application user IDs) and user attributes (groups, roles, departments, entitlements). – Queries data (events, flows, offenses, assets) relative to an enterprise user ID and mapped application user IDs – Selects user identities for easy creation of correlation rules – Reports on all the activities (using different appliance user IDs) of an enterprise user Use cases – Privileged user activity monitoring (V7.2) – Terminated employee access detection – Separation of duty violation detection – User account recertification – Ensuring appropriate access control setting – Backdoor access detection Identity Repository C/C ++ appl s Oth er Security Access Manager for eBusiness Security Identity Manager Databases Operating Systems DatabasesDatabases Operating Systems Operating Systems ApplicationsApplications Networks & Physical Access • Identity mapping data and user attributes • SIM/SAM Server logs • Application logs QRadar – IAM Integration 8Public | Copyright © 2014 Prolifics
- 9. CONNECT WITH US: QRadarRules Engine New Rules Engine tests query Reference Sets and Maps : 9Public | Copyright © 2014 Prolifics
- 10. CONNECT WITH US: ContactUS 10 www.prolifics.com 310.748.2457 russell.tait@prolifics.com Public | Copyright © 2014 Prolifics
Editor's Notes
- #8 Chevron - 2 billion log and events per day reduced to 25 high priority offenses. Automating the policy monitoring and evaluation process for configuration changes in the infrastructure. Real-time monitoring of all network activity, in addition to PCI mandates
- #9 QRadar now supports integrations with our IAM solution beyond SIM/SAM logs. Qradar has built in uses cases for retrieving identity data for use cases such as privileged user activity monitoring and terminated employee access detection, to name just a couple.