Мнение эксперта: Лучшие практики борьбы с внешними и внутренними угрозами информационной безопасности

1. IT Security trend: integrated
APT-IGA solution
Vladislav Shapiro
Director of Identity Practice – IGA
Dell/Immersion Technology Services (ITS)

2. Discussion points
• Current state of affairs in IT Security
• How IGA can compliment ATP solution
• Basics of Identity Governance Administration
• Connecting the dots: agile I-G-A
• Conclusions

3. Current State of
Affairs in IT
Security

4. IT Security realities of today
• Change of focus: from protection the perimeter (external only) to
the governance of the whole infrastructure (internal and external)
• Change of mentality: from “castle under siege” to “enemy is
already here”
• Main external goal: advanced threat protection (ATP)
• Main internal goal: IGA – Identity Governance and Administration
• Shift from pure technical-based to business and human factor
focused solutions

5. WHO ARE THE “BAD GUYS”?

6. APTs
Trojans
Zero-days Phishing
1980s 1990s 2000s 2010s
Anti-spam, Anti-spyware Anti-malware
Data Loss
Filtering
URL
Filtering
Worms,
Bots
Spyware
Spam
Grey-listing
Behavioral
Analysis
Heuristics
Whitelisting
Defense Offense
Melissa
CodeRed
Birth of
Anti-Virus
Mobile
Threats
Rootkits
EVOLUTION OF MALWARE

7. APT-NEW THREAT LANDSCAPE
Cyber-espionage
and Cybercrime
Advanced
Persistent Threats
Zero-day
Targeted Attacks
Dynamic Trojans
Stealth Bots
Cybercrime
Disruption Spyware/
Worms
Viruses
Bots
2005 2007 2009 2011 2013
Damage of Attacks
New Threat
Landscape
Dynamic,
Polymorphic Malware
Coordinated Persistent
Threat Actors
Multi-Vector Attacks Multi-Staged Attacks

9. ATTACKS ALWAYS RELY ON INTERNAL PROCESS FLAWS
• No established business process for granting rights to individuals
• Lack of governance, access controls and monitoring
• No actionable reporting
IGA SHOULD BE READY FOR ADVANCED THREATS

10. How IGA can
compliment ATP
solution

11. Current process gaps
• Pre-incident preparation gaps – no abilities to configure business
workflows ( information, lights-off, restoring the pre-incident status-quo
after fixing issues, etc.) for actions in case of advanced threat
attack discovery
• Detection gap – no identity information behind user account
affected by incident
• Triage gap – not clear who has access to the affected data or device,
and what kind of other entitlements the affected individual has
• Data collection gap – currently there is no IGA data available for ATP,
like identity attributes, organizational structure, business rules,
affected data governance information, etc.
• Take action gaps – no workflows to be triggered based on the
discovery, just manual processes; no ability to have two-way
communications with data owners, application admins and
governance people and entities
• Report gaps – cannot include IGA data into report, no ability to
automate report generation and delivery, no actionable reports.

12. How to cover the gaps
• Install Dell One Identity Manager (D1IM) as the central IGA authority
• Configure D1IM set of AT response business workflows for each IR
Framework element
• Integrate D1IM with ATP solution for:
• Identity Data Synchronization
• XML data feeds from ATP for activation AT response workflows
• D1IM approval and fulfillment workflow calls to ATP solution
• D1IM object risk calculations and attestations
• Joint device and other resource management
• Joint reporting: using ATP solution data in D1IM reports and notifications

13. IGA
ATP
Best response practice: ATP+ IGA
13
Pre-Incident
Preparation
Detect Triage
Status Reporting
Collect Data:
- Volatile Data
- Forensic Dup.
- Network Traffic
Perform
Analysis
Take Action:
Admin and
Legal
Reporting
Incident Occurs: Point-In-Time or Ongoing
Remediation: Technical Recovery from the Incident
Identity Governance and Administration central authority
Data
feed
Data
feed
Data
feed
Data
feed
Account checks Access freeze Risk-based
Targets/Applications/Devices
provisioning
Notifications, access restore and
provisioning
Identity
Data
Sync
Data
feed

14. Basics of Identity
Governance and
Administration
(IGA)

15. Three dimensions of IGA
• I - Identity Management
• G - Governance, Risk and Compliance (GRC)
• A – Administration – Access Management and Provisioning
Main challenge:
Make all three components connected to work as one

16. Three forces of IGA in your enterprise
• Identity owners (HR, Identity suppliers) - I
–Responsibilities: manage identities, organization charts
– Goal: make sure that identity and organization information is up to
date
• Business owners (C-level managers, PM, compliance officers) - G
–Responsibilities: manage all business-related matters, including
governance, risk and compliance
– Goal: make business successful and customers happy
• Technology owners (System admins, DB admins, etc.) - A
–Responsibilities: support business with technology
– Goal: All systems should be up and running 24-7 with no downtime

17. Identity Posture - how to evaluate
• Identity Posture is about how connected and in-sync three forces are
– Three forces collaboration
– Maturity of each force
• Identity Posture is about measuring maturity of
– Identity model
– Governance model
– Administration model
• Identity Posture is about how enterprise can handle CHANGES
– Identity updates
– Governance processes restructuring
– Administration redesigning

18. Connecting the
dots – agile IGA

19. Connected I-G-A goal – be agile
• All elements are connected into one solution where each responsible person is a contributor
to the system
• Each contributor has means to configure his/her own IGA elements within his knowledge
• IGA project should have short length phases with clear achievable milestones
19
I G
Identity Governance Administration
G G
A A

20. Identity - Identity Goal - Enterprise Visibility
Managers should easily see
all the entitlements of an
employee in one clear view
• Actionable
• All logical, physical
systems, resources and
assets.

21. Identity goal – separate business and technical views
• Business view • Technical view

22. Governance goal – give dashboard views for current status visibility
Managers should easily find the overall
and specific status of requests and
processes in the system

23. Governance goal - Access granting history audit
People responsible for auditing should be able to see the history of assigning
access and entitlements to the individuals

24. Governance goal – Approval Workflow builder
Approval workflows should be built by the same people who are responsible for
the granting process using regular tools, not scripts

25. Conclusions

26. IGA-ATP integration solution advantages
• One vision – one solution
• Full protection for customers
– Covering internal and external threats
– Holistic view of the security posture
• End-to-end business process
– Detection, triage and mitigation via business workflows
– Governance and provisioning as steps of the same process
– Proactive reporting and actions to eliminate gaps in policies
• One global view on IT security data
– Central repository for IGA and ATP
– Seamless data exchange between IGA and ATP tools
– Joint administration and managing