ObserveIT, profile picture
Uploaded byObserveIT
PPTX, PDF558 views

ObserveIT Webinar: Privileged Identity Management

This document discusses Privilege Identity Management (PIM) at Asurion. It provides an overview of why Asurion deployed a PIM program to better manage privileged accounts and identities. Previously, privileged account information was tracked through methods like sticky notes, spreadsheets, and wikis, and accounts were not properly monitored or access controlled. The presentation outlines Asurion's past issues, current PIM practices like using a secure password vault and auditing, and future goals to further improve privileged identity governance.

Embed presentation

Downloaded 17 times
Privilege Identity Management 08.27.15 Asurion_Confidential
2Asurion_Confidential Asurion IAM Introduction of PIM Why PIM at Asurion The Past The Present The Future Agenda
3Asurion_Confidential What is Identity and Access Management (IAM) at Asurion? Identity Management: The systems and processes of managing enterprise digital identities. This includes automated user and entitlement provisioning and management, as well as the oversight process around user rights and entitlements including automated attestation. Authentication Management: The systems and processes of managing authentication of both internal and external identities and resources. This includes processes to audit and report on such authentications. Directory Management: The systems and processes to store digital identities. This includes mainly LDAP stores and the strategy and schema of such stores. PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Asurion IAM
4Asurion_Confidential What is Privilege Identity Management (PIM)? Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts. Managing the password of and who uses any account that has elevated rights on any system. Where the accounts are used Who has access to the account information Creation of the accounts Automated password rotations Auditing of what the accounts do. What is PIM?
5Asurion_Confidential Why did Asurion deploy a PIM program? IAM Program started in April 2014 but did not focus on anything but bellybuttons Need to focus on Properly Managed Accounts: The account complies with our password policy The account is not used for anything other than intended purpose The account can only be used by those authorized to do so The account is monitored for compliance PIM and Asurion
6Asurion_Confidential What Asurion looked like before PIM: AD contacts Sticky notes Excel spreadsheets Onboarding documentation Wiki and SharePoint Not updated always Everyone knew passwords Passwords never changed The Past
7Asurion_Confidential What Asurion looks like today: Secure Password Vault Auditing of check in/out The Present
8Asurion_Confidential Where is Asurion headed: Local Admin Accounts Appliance and HW Accounts Directory Service Accounts Programmatic Account Retrieval Session Management The Future
9Asurion_Confidential What have we learned so far: Need to focus on PIM separately Scope, keep it simple Need to understand where accounts are used Organization is key Baby steps Potential to break everything Lessons Learned
Asurion_Confidential PRIVILEGE IDENTITY MANAGEMENT 08.27.15 Matt Chambers Principal, IAM matt.chambers@asurion.com Thank you.
WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats
INSIDER THREAT LANDSCAPE THIRD-PARTIES PRIVILEGED USERS EMPLOYEES
CHALLENGE WITH ADDRESSING INSIDER THREATS “It’s Hard to Distinguish Abuse from Legitimate Use” 3 out of 4 InfoSec professionals say 260,000+ members
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT Collect DetectRespond • User Behavior Analytics • Activity Alerting • User Risk Scoring • Visual User Recording • Application Marking • User Activity Logs • Live Session Replay • Interact With Users • Shutdown Sessions UNDERSTAND FIELD-LEVEL APPLICATION USAGE DETECT DATA MISUSE AND APPLICATION ABUSE INVESTIGATE RISKY USER BEHAVIOR AND INTENT USERS
Audit and Compliance Employees ________________________ Data Extraction and Fraud Application Access, Call Centers, and Watchlists Third-parties ________________________ IP Theft and Service Availability Contractors, Remote Vendors, Outsourced IT Privileged Users ________________________ Access Abuse and Data Privacy Help Desk, DBAs, HPAs, SoD and Sys Admins COMPLETE COVERAGE WITH OBSERVEIT Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access to Sensitive systems
PRIVILEGED USER INTELLIGENCE UNIX / LINUX Windows DBAs Network Help Desk Programmers WireShark PuTTY Toad RDPWinSCP Reg EditorCMD PowerShell DR JavaSSH Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts AD SQL PLUS
CUSTOMER EXAMPLES Monitoring Privileged Access PCI  Monitoring internal privileged users with access to PCI systems  Detect unauthorized configuration changes  Meeting internal and external audit Monitoring Privileged Users for PCI/SOX  Monitoring privileged users with access to over 60 PCI/SOX applications  Real-time monitoring of unauthorized account creation and firewall changes  Integrated with Lieberman Password Vault and Avatier identity provisioning
THANK YOU

More Related Content

PPTX
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
byObserveIT
 
PPTX
Insider Threat Summit - The Future of Insider Threat Detection
byObserveIT
 
PPTX
Insider Threats: Out of Sight, Out of Mind?
byObserveIT
 
PPTX
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
PPTX
Prevent Insider Threats with User Activity Monitoring
byObserveIT
 
PPTX
Insider Threat Law: Balancing Privacy and Protection
byObserveIT
 
PPT
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
byCybera Inc.
 
PDF
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
byObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
byObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
byObserveIT
 
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
Prevent Insider Threats with User Activity Monitoring
byObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
byObserveIT
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
byCybera Inc.
 
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 

What's hot

PPTX
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
PPTX
How to Implement an Insider Threat Program
byObserveIT
 
PDF
Detecting-Preventing-Insider-Threat
byMike Saunders
 
PDF
5 Signs you have an Insider Threat
byLancope, Inc.
 
PPTX
10 Critical Corporate Cyber Security Risks
byHeimdal Security
 
PDF
Identify and Stop Insider Threats
byLancope, Inc.
 
PDF
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
PPT
The insider versus external threat
byzhihaochen
 
PDF
Cybersecurity Risk Management for Financial Institutions
bySarah Cirelli
 
PPTX
Insider Threat Solution from GTRI
byZivaro Inc
 
PPTX
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PDF
The Accidental Insider Threat
byMurray Security Services
 
PPSX
Insider threats and countermeasures
byKAMRAN KHALID
 
PDF
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
PDF
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
byInnovation Network Technologies: InNet
 
PPTX
Insider threat v3
byLancope, Inc.
 
PDF
Data Security in Healthcare
byQuick Heal Technologies Ltd.
 
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
How to Implement an Insider Threat Program
byObserveIT
 
Detecting-Preventing-Insider-Threat
byMike Saunders
 
5 Signs you have an Insider Threat
byLancope, Inc.
 
10 Critical Corporate Cyber Security Risks
byHeimdal Security
 
Identify and Stop Insider Threats
byLancope, Inc.
 
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
The insider versus external threat
byzhihaochen
 
Cybersecurity Risk Management for Financial Institutions
bySarah Cirelli
 
Insider Threat Solution from GTRI
byZivaro Inc
 
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider Threat Detection Recommendations
byAlienVault
 
The Accidental Insider Threat
byMurray Security Services
 
Insider threats and countermeasures
byKAMRAN KHALID
 
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
byInnovation Network Technologies: InNet
 
Insider threat v3
byLancope, Inc.
 
Data Security in Healthcare
byQuick Heal Technologies Ltd.
 

Similar to ObserveIT Webinar: Privileged Identity Management

PPTX
Co p
byAllyn McGillicuddy
 
PDF
Co p
byAllyn McGillicuddy
 
PPTX
2013 12 18 webcast - building the privileged identity management business case
bypmcbrideva1
 
PDF
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
PDF
digital strategy and information security
byProf. Jacques Folon (Ph.D)
 
PDF
Compliance & Identity access management
byProf. Jacques Folon (Ph.D)
 
PPTX
Sailpoint Online Training on IAM overview
byITJobZone.biz
 
PPTX
Privileged accesss management for den csa user group CA Technologies
byTrish McGinity, CCSK
 
PDF
Revisiting Privileged Access in Today's Threat Landscape
byLance Peterman
 
PDF
Solvit identity is the new perimeter
byS.E. CTS CERT-GOV-MD
 
PPTX
PIM And PAM Security Understanding the Difference.pptx
byBluechipComputerSyst
 
PDF
Iraje brochure v17 master
byMechsoft Technologies LLC
 
PDF
Iraje brochure v17 master
byMechsoft Technologies LLC
 
PDF
Iraje brochure v17 master
byMechsoft Technologies LLC
 
PDF
Business Impact of Identity Management In Information Technology
byInternational Journal of Modern Research in Engineering and Technology
 
PDF
CISSP Domain 05 Identity and Access Management (IAM).pdf
bygealehegn
 
PPTX
ciso-workshop-3-identity-protection.pptx
byelyas44
 
PDF
Identity and Access Intelligence
byTim Bell
 
PDF
Introduction to Identity Management
byHitachi ID Systems, Inc.
 
PDF
The current state of access management
byElimity
 
Co p
byAllyn McGillicuddy
 
Co p
byAllyn McGillicuddy
 
2013 12 18 webcast - building the privileged identity management business case
bypmcbrideva1
 
Identity & Access Management for Securing DevOps
byEryk Budi Pratama
 
digital strategy and information security
byProf. Jacques Folon (Ph.D)
 
Compliance & Identity access management
byProf. Jacques Folon (Ph.D)
 
Sailpoint Online Training on IAM overview
byITJobZone.biz
 
Privileged accesss management for den csa user group CA Technologies
byTrish McGinity, CCSK
 
Revisiting Privileged Access in Today's Threat Landscape
byLance Peterman
 
Solvit identity is the new perimeter
byS.E. CTS CERT-GOV-MD
 
PIM And PAM Security Understanding the Difference.pptx
byBluechipComputerSyst
 
Iraje brochure v17 master
byMechsoft Technologies LLC
 
Iraje brochure v17 master
byMechsoft Technologies LLC
 
Iraje brochure v17 master
byMechsoft Technologies LLC
 
Business Impact of Identity Management In Information Technology
byInternational Journal of Modern Research in Engineering and Technology
 
CISSP Domain 05 Identity and Access Management (IAM).pdf
bygealehegn
 
ciso-workshop-3-identity-protection.pptx
byelyas44
 
Identity and Access Intelligence
byTim Bell
 
Introduction to Identity Management
byHitachi ID Systems, Inc.
 
The current state of access management
byElimity
 

More from ObserveIT

PPTX
Observe it v67 webinar v5
byObserveIT
 
PPTX
ObserveIT Version 6.7 Release Highlights
byObserveIT
 
PPTX
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
byObserveIT
 
PPTX
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
byObserveIT
 
PPTX
Cloud Security Allianz Webinar
byObserveIT
 
PPTX
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
PPTX
Why Insider Threat is a C-Level Priority
byObserveIT
 
PPTX
Ins and outs of ObserveIT
byObserveIT
 
PPTX
Super User or Super Threat?
byObserveIT
 
PPTX
Data Protection Webinar
byObserveIT
 
PPTX
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
byObserveIT
 
PDF
Xerox: Improving Data & App Security
byObserveIT
 
PPTX
2014: The Year of the Data Breach
byObserveIT
 
PPTX
3 steps to 4x the risk coverage of CA ControlMinder
byObserveIT
 
PDF
3 Tips for Managing Risky User Activity in 2015
byObserveIT
 
PDF
Whitepaper: User Audit Options for Linux and Solaris
byObserveIT
 
PDF
ObserveIT Brochure - Like a Security Camera on your Servers
byObserveIT
 
PDF
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
byObserveIT
 
PDF
Case Study - Auditing remote access of employees at a leading financial insti...
byObserveIT
 
PDF
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
byObserveIT
 
Observe it v67 webinar v5
byObserveIT
 
ObserveIT Version 6.7 Release Highlights
byObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
byObserveIT
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
byObserveIT
 
Cloud Security Allianz Webinar
byObserveIT
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
Why Insider Threat is a C-Level Priority
byObserveIT
 
Ins and outs of ObserveIT
byObserveIT
 
Super User or Super Threat?
byObserveIT
 
Data Protection Webinar
byObserveIT
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
byObserveIT
 
Xerox: Improving Data & App Security
byObserveIT
 
2014: The Year of the Data Breach
byObserveIT
 
3 steps to 4x the risk coverage of CA ControlMinder
byObserveIT
 
3 Tips for Managing Risky User Activity in 2015
byObserveIT
 
Whitepaper: User Audit Options for Linux and Solaris
byObserveIT
 
ObserveIT Brochure - Like a Security Camera on your Servers
byObserveIT
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
byObserveIT
 
Case Study - Auditing remote access of employees at a leading financial insti...
byObserveIT
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
byObserveIT
 

Recently uploaded

PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
How Does AI Improve Location-Based Mobile App Development for Businesses.pdf
byNet-Craft.com
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PDF
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
PPTX
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
PDF
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PDF
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
DOCX
How to Change Classic SharePoint to Modern SharePoint (An Updated Guide)
bySharepoint Designs
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
How Does AI Improve Location-Based Mobile App Development for Businesses.pdf
byNet-Craft.com
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
SecureChain AI (SCAI) Token – Smart Contract Security Audit Report by EtherAu...
byEtherAuthority
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
How to Change Classic SharePoint to Modern SharePoint (An Updated Guide)
bySharepoint Designs
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 

ObserveIT Webinar: Privileged Identity Management

  • 1.
  • 2.
    2Asurion_Confidential Asurion IAM Introduction ofPIM Why PIM at Asurion The Past The Present The Future Agenda
  • 3.
    3Asurion_Confidential What is Identityand Access Management (IAM) at Asurion? Identity Management: The systems and processes of managing enterprise digital identities. This includes automated user and entitlement provisioning and management, as well as the oversight process around user rights and entitlements including automated attestation. Authentication Management: The systems and processes of managing authentication of both internal and external identities and resources. This includes processes to audit and report on such authentications. Directory Management: The systems and processes to store digital identities. This includes mainly LDAP stores and the strategy and schema of such stores. PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Asurion IAM
  • 4.
    4Asurion_Confidential What is PrivilegeIdentity Management (PIM)? Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts. Managing the password of and who uses any account that has elevated rights on any system. Where the accounts are used Who has access to the account information Creation of the accounts Automated password rotations Auditing of what the accounts do. What is PIM?
  • 5.
    5Asurion_Confidential Why did Asuriondeploy a PIM program? IAM Program started in April 2014 but did not focus on anything but bellybuttons Need to focus on Properly Managed Accounts: The account complies with our password policy The account is not used for anything other than intended purpose The account can only be used by those authorized to do so The account is monitored for compliance PIM and Asurion
  • 6.
    6Asurion_Confidential What Asurion lookedlike before PIM: AD contacts Sticky notes Excel spreadsheets Onboarding documentation Wiki and SharePoint Not updated always Everyone knew passwords Passwords never changed The Past
  • 7.
    7Asurion_Confidential What Asurion lookslike today: Secure Password Vault Auditing of check in/out The Present
  • 8.
    8Asurion_Confidential Where is Asurionheaded: Local Admin Accounts Appliance and HW Accounts Directory Service Accounts Programmatic Account Retrieval Session Management The Future
  • 9.
    9Asurion_Confidential What have welearned so far: Need to focus on PIM separately Scope, keep it simple Need to understand where accounts are used Organization is key Baby steps Potential to break everything Lessons Learned
  • 10.
    Asurion_Confidential PRIVILEGE IDENTITY MANAGEMENT 08.27.15 MattChambers Principal, IAM matt.chambers@asurion.com Thank you.
  • 11.
    WHO IS OBSERVEIT? HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats
  • 12.
  • 13.
    CHALLENGE WITH ADDRESSINGINSIDER THREATS “It’s Hard to Distinguish Abuse from Legitimate Use” 3 out of 4 InfoSec professionals say 260,000+ members
  • 14.
  • 15.
    INSIDER THREAT INTELLIGENCEWITH OBSERVEIT Collect DetectRespond • User Behavior Analytics • Activity Alerting • User Risk Scoring • Visual User Recording • Application Marking • User Activity Logs • Live Session Replay • Interact With Users • Shutdown Sessions UNDERSTAND FIELD-LEVEL APPLICATION USAGE DETECT DATA MISUSE AND APPLICATION ABUSE INVESTIGATE RISKY USER BEHAVIOR AND INTENT USERS
  • 16.
    Audit and Compliance Employees ________________________ DataExtraction and Fraud Application Access, Call Centers, and Watchlists Third-parties ________________________ IP Theft and Service Availability Contractors, Remote Vendors, Outsourced IT Privileged Users ________________________ Access Abuse and Data Privacy Help Desk, DBAs, HPAs, SoD and Sys Admins COMPLETE COVERAGE WITH OBSERVEIT Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access to Sensitive systems
  • 17.
    PRIVILEGED USER INTELLIGENCE UNIX/ LINUX Windows DBAs Network Help Desk Programmers WireShark PuTTY Toad RDPWinSCP Reg EditorCMD PowerShell DR JavaSSH Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts AD SQL PLUS
  • 18.
    CUSTOMER EXAMPLES Monitoring PrivilegedAccess PCI  Monitoring internal privileged users with access to PCI systems  Detect unauthorized configuration changes  Meeting internal and external audit Monitoring Privileged Users for PCI/SOX  Monitoring privileged users with access to over 60 PCI/SOX applications  Real-time monitoring of unauthorized account creation and firewall changes  Integrated with Lieberman Password Vault and Avatier identity provisioning
  • 19.

Editor's Notes

  • #13 We have over invested in Firewalls, A/V, DLP…. And yet, we still only have half the picture, we don’t understand what it is our users are actually doing.
  • #14 And this is the challenge we have with Insider Threat – we don’t know what are users do with the access they have, and we Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
  • #15 With 6.0 we add Insider Threat Intelligence to our User Activity Monitoring Solution to Cover the full scope of insider threat.
  • #16 Let’s talk about Insider Threat Intelligence with ObserveIT and what makes us so special and different. First, we are focused, from the group up, on the USER – and Insider Threats are at their core a People Problem. This approach allows provides a clear picture of the risk users present and enable you to do something about it. Our Insider Threat Intelligence takes a 3-step approach to protecting companies against Insider Threats. We collect all user activity leveraging our agent technology and provide essentially screen scrapes all activity and index the textual information on the screen. This includes “Collecting” the information need to distinguish abuse from legitimate use via Visual Screen Recording Technology, and transcribe what’s taking place into User Activity Logs. Next, we have unique capabilities to detect risky insider activity with rule-based User Behavior Analytics, and Activity Alerting. Finally, we can take action and quickly respond to users putting your business at risk with Live Session Response and Session Shutdown.
  • #17 We apply our Insider Threat Intelligence across the full scope of Insider Threats: Employees, Privileged users and even trusted third-parties. When dealing with Employees most customers are concerned data extraction and fraudulent activity within core applications. The use case can range from monitoring call center employees to individuals on HR Watch-lists. With Privileged Users, we see customer looking to see if users are abusing their access or concerned about data leakage. It can range from Help Desk user to DBAs to enforcing Segregation of Duties. We also see a lot of customers looking to track all High Privilege Accounts like system admins on all their servers. Third-parties is a big one and where our roots tie back too. Most customers are monitoring third-parties to trust, but verify their work and make sure IP isn’t leaving with them or that they aren’t bring down any servers. We see customers monitoring Contractors, Remote Vendors to Completely Outsourced IT shops. Underpinning all of these groups is Audit and Compliance – whether it’s to satisfy Audit controls or map to a Security Framework.
  • #18 Exchange Admins!! Today we see a lot of customers handing out root privileges like after-dinner mints. And when it comes to Privileged user monitoring, customer are concerned with unauthorized changes or access, admins abusing their privileges or what users are doing with local accounts. Unauthorized Changes Entitlement changes Creation of Local Accounts Password resets Abusing Privileges Admin / “Root” logins Lateral Movement ‘rm’ ‘cp’ with ‘sudo’ Creating “backdoors” ‘leapfrog’ logins Unnecessary Access Unauthorized access Unsecure ‘shell’ Unapproved ‘setuid’
  • #19  “ObserveIT provides unparalleled visibility into what our privileged users are doing within our sensitive systems” – Michael Holder, Global Head of IAM