This document discusses Privilege Identity Management (PIM) at Asurion. It provides an overview of why Asurion deployed a PIM program to better manage privileged accounts and identities. Previously, privileged account information was tracked through methods like sticky notes, spreadsheets, and wikis, and accounts were not properly monitored or access controlled. The presentation outlines Asurion's past issues, current PIM practices like using a secure password vault and auditing, and future goals to further improve privileged identity governance.

1. Privilege Identity Management
08.27.15
Asurion_Confidential

2. 2Asurion_Confidential
Asurion IAM
Introduction of PIM
Why PIM at Asurion
The Past
The Present
The Future
Agenda

3. 3Asurion_Confidential
What is Identity and Access Management (IAM) at Asurion?
Identity Management: The systems and processes of managing enterprise digital identities. This
includes automated user and entitlement provisioning and management, as well as the oversight process
around user rights and entitlements including automated attestation.
Authentication Management: The systems and processes of managing authentication of both internal
and external identities and resources. This includes processes to audit and report on such authentications.
Directory Management: The systems and processes to store digital identities. This includes mainly
LDAP stores and the strategy and schema of such stores.
PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital certificates.
Asurion IAM

4. 4Asurion_Confidential
What is Privilege Identity Management (PIM)?
Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the
special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as
an Information Security and governance tool to help companies in meeting compliance regulations and to
prevent internal data breaches through the use of privileged accounts.
Managing the password of and who uses any account that has elevated rights on any
system.
Where the accounts are used
Who has access to the account information
Creation of the accounts
Automated password rotations
Auditing of what the accounts do.
What is PIM?

5. 5Asurion_Confidential
Why did Asurion deploy a PIM program?
IAM Program started in April 2014 but did not focus on anything but bellybuttons
Need to focus on Properly Managed Accounts:
The account complies with our password policy
The account is not used for anything other than intended purpose
The account can only be used by those authorized to do so
The account is monitored for compliance
PIM and Asurion

6. 6Asurion_Confidential
What Asurion looked like before PIM:
AD contacts
Sticky notes
Excel spreadsheets
Onboarding documentation
Wiki and SharePoint
Not updated always
Everyone knew passwords
Passwords never changed
The Past

7. 7Asurion_Confidential
What Asurion looks like today:
Secure Password Vault
Auditing of check in/out
The Present

8. 8Asurion_Confidential
Where is Asurion headed:
Local Admin Accounts
Appliance and HW Accounts
Directory Service Accounts
Programmatic Account Retrieval
Session Management
The Future

9. 9Asurion_Confidential
What have we learned so far:
Need to focus on PIM separately
Scope, keep it simple
Need to understand where accounts are used
Organization is key
Baby steps
Potential to break everything
Lessons Learned

10. Asurion_Confidential
PRIVILEGE IDENTITY MANAGEMENT
08.27.15
Matt Chambers
Principal, IAM
matt.chambers@asurion.com
Thank you.

11. WHO IS OBSERVEIT?
 HQ Boston, MA / R&D Tel Aviv, Israel
 Founded 2006
 1,200+ Customers Worldwide
 $20M Invested by Bain Capital
The Leading Provider Of
User Activity Monitoring To
Mitigate Insider Threats

12. INSIDER THREAT LANDSCAPE
THIRD-PARTIES
PRIVILEGED USERS
EMPLOYEES

13. CHALLENGE WITH ADDRESSING INSIDER THREATS
“It’s Hard to Distinguish
Abuse from Legitimate Use”
3 out of 4 InfoSec professionals say
260,000+
members

14. INSIDER THREAT INTELLIGENCE WITH OBSERVEIT

15. INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
Collect
DetectRespond
• User Behavior Analytics
• Activity Alerting
• User Risk Scoring
• Visual User Recording
• Application Marking
• User Activity Logs
• Live Session Replay
• Interact With Users
• Shutdown Sessions
UNDERSTAND FIELD-LEVEL
APPLICATION USAGE
DETECT DATA MISUSE
AND APPLICATION ABUSE
INVESTIGATE RISKY USER
BEHAVIOR AND INTENT
USERS

16. Audit and Compliance
Employees
________________________
Data Extraction
and Fraud
Application
Access, Call
Centers, and
Watchlists
Third-parties
________________________
IP Theft and
Service Availability
Contractors,
Remote
Vendors,
Outsourced IT
Privileged Users
________________________
Access Abuse and
Data Privacy
Help Desk,
DBAs, HPAs,
SoD and Sys
Admins
COMPLETE COVERAGE WITH OBSERVEIT
Audit Controls for PCI / PII / PHI Data, Monitoring
Privileged and 3rd Party Access, Alerting for Access
to Sensitive systems

17. PRIVILEGED USER INTELLIGENCE
UNIX / LINUX Windows DBAs
Network Help Desk Programmers
WireShark PuTTY
Toad
RDPWinSCP
Reg EditorCMD PowerShell
DR JavaSSH
Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts
AD
SQL PLUS

18. CUSTOMER EXAMPLES
Monitoring Privileged Access PCI
 Monitoring internal privileged users
with access to PCI systems
 Detect unauthorized configuration
changes
 Meeting internal and external audit
Monitoring Privileged Users for
PCI/SOX
 Monitoring privileged users with access
to over 60 PCI/SOX applications
 Real-time monitoring of unauthorized
account creation and firewall changes
 Integrated with Lieberman Password
Vault and Avatier identity provisioning

19. THANK YOU