This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
The Essentials | Privileged Access ManagementRyan Gallavin
SSH is nearly ubiquitous in today’s enterprises, and is the predominant tool for managing unix and linux servers, and the applications and data that they host. Poor practices around the deployment and management of the SSH infrastructure could easily leave your enterprise vulnerable to a breach. Are you in control?
The Essentials | Privileged Access ManagementRyan Gallavin
SSH is nearly ubiquitous in today’s enterprises, and is the predominant tool for managing unix and linux servers, and the applications and data that they host. Poor practices around the deployment and management of the SSH infrastructure could easily leave your enterprise vulnerable to a breach. Are you in control?
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Identity Governance: Not Just For ComplianceIBM Security
View on-demand presentation: http://securityintelligence.com/events/identity-governance-not-just-for-compliance/
Did you know that proper identity governance will make your organization more secure? Between Separation of Duty violations, entitlement creep and insider threats, user IDs are the doorway to your organization and identity governance can be the deadbolt.
Join this webinar to learn how you can employ identity governance to not only simplify your audit process, but to safeguard your entire organization.
Learn what a modern architecture looks like. It accepts any identity, authenticates users, and asserts those identities to any cloud, mobile, web, or network resource without requiring directory migration or duplication.
Learn from security experts at Deloitte how you can rethink your architecture with a fresh outlook that meets the needs of your agile enterprise.
Microsoft Power Platform Governance with RunpipeRunpipe
www.runpipe.com
This Slide Deck is designed for anyone responsible for the governance and adoption of Power Apps and Power Automate and Power Bi in a large organisations.
It will list all the features, tools and practices available in the Power Platform to help you monitor, protect and support your data and applications, while also enabling and encouraging innovation from your makers.
It shares top tips and best practice suggestions for governance, security and monitoring, and strategies employed by customers to enable digital transformation with the Power Platform.
Runpipe provides an intuitive platform that brings together security, governance and enablement for multiple Low-Code Platforms, all in one place.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Identity Governance: Not Just For ComplianceIBM Security
View on-demand presentation: http://securityintelligence.com/events/identity-governance-not-just-for-compliance/
Did you know that proper identity governance will make your organization more secure? Between Separation of Duty violations, entitlement creep and insider threats, user IDs are the doorway to your organization and identity governance can be the deadbolt.
Join this webinar to learn how you can employ identity governance to not only simplify your audit process, but to safeguard your entire organization.
Learn what a modern architecture looks like. It accepts any identity, authenticates users, and asserts those identities to any cloud, mobile, web, or network resource without requiring directory migration or duplication.
Learn from security experts at Deloitte how you can rethink your architecture with a fresh outlook that meets the needs of your agile enterprise.
Microsoft Power Platform Governance with RunpipeRunpipe
www.runpipe.com
This Slide Deck is designed for anyone responsible for the governance and adoption of Power Apps and Power Automate and Power Bi in a large organisations.
It will list all the features, tools and practices available in the Power Platform to help you monitor, protect and support your data and applications, while also enabling and encouraging innovation from your makers.
It shares top tips and best practice suggestions for governance, security and monitoring, and strategies employed by customers to enable digital transformation with the Power Platform.
Runpipe provides an intuitive platform that brings together security, governance and enablement for multiple Low-Code Platforms, all in one place.
Challenges of Mobile HR framework and programJinen Dedhia
If you have taken a Mobile program for mobilizing HR/LMS or any other system then here is an insight for the practioners on challenges they can expect their way.
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
Everything is famously code-integrated today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps, etc. With all this code around, security is more of a challenge than ever. A central pillar of security is identity access management (IAM): the technology that protects logins and controls access. In fact, this too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and sensitive data access control. To maintain security across devices, IAM code must be wherever it’s needed, when it’s needed, and automated, just like any other code. And the better we do this, the more safeguarded we all are with our ubiquitous computers.
CA Unified Infrastructure Management for z Systems: Get a Holistic View of Yo...CA Technologies
Discover how CA Unified Infrastructure Management for z Systems helps you gain a holistic view of business services that span mobile to mainframe. Whether you’re part of your organization’s central IT operations team or a seasoned mainframe expert, you’ll want to join us for this in-depth session and see how mainframe storage, network, z/OS® and z/VM® metrics can now be fed into this powerful single pane of glass environment using these lightweight, easy to install probes. Learn how to build custom dashboards and set alerts with the useful alarms that can be used out of the box. Don’t miss this opportunity to discover how you can empower your IT operations staff to monitor your mainframe as part of your overall IT infrastructure, freeing up z Systems® specialists to resolve issues more quickly and lower your overall MTTR.
For more information, please visit http://cainc.to/Nv2VOe
Today's cloud implementations require a different approach to monitoring. This presentation discusses the mindset required and discusses logging and monitoring strategies and tools.
This document presents best practices for deploying and operating an identity management infrastructure. It builds on Hitachi ID’s years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
The document is organized as follows:
• Overview: Defining Identity Management:
Some basic definitions that help clarify the subsequent material.
• Long Term Commitment:
Identity management is more accurately described as a change in the IT organization and business processes than a finite project. Deployment can reasonably be expected to continue indefinitely, with more features and integrations are added over time.
• Focus on Business Drivers:
Given the long-term investment in identity management, it makes sense to identify and focus the highest priority business drivers first.
• Deliver Early and Often:
To minimize project risk and to ensure a positive return on investment, it is essential to deliver tangible results early in the project, and keep delivering new benefits regularly.
• Usability and Adoption:
Identity management is focused on the user – a human being represented on multiple IT systems, by a combination of identity attributes and privileges. It follows that user adoption is a prerequisite to success.
• Critical Path and Common nterdependencies:
Some integrations and features depend on others. This section identifies major interdependencies, which impact project timelines.
• Project Management Methodology:
A typical methodology for delivering a given project milestone.
• Typical Timeline and Deliverables:
Pulling all of the above together, a sample project timeline is developed, step-by-step.
Security is an important factor in IT project management. This presentation highlights security implications in delivering IT projects by focusing on project management processes, and Software Development Life Cycle. This also highlights how to implement security in Waterfall and Agile delivery methods. In addition, this presentation details delivering quality software by aligning project level strategies with organization’s security strategy and process.
Presented on June 2015 at ISSA, Durham, NC, USA.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Powering Realtime Decision Engines in Finance and Healthcare using Open Sour...Greg Makowski
http://www.kdd.org/kdd2015/industry-gov-talks.html
Financial services and healthcare companies could be the biggest beneficiaries of big data. Their realtime decision engines can be vastly improved by leveraging the latest advances in big data analytics. However, these companies are challenged in leveraging Open Software Systems (OSS). This presentation covers how, in collaboration with financial services and healthcare institutions, we built an OSS project to deliver a realtime decisioning engine for their respective applications. I will address two key issues. First, I will describe the strategy behind our hiring process to attract millennial big data developers and the results of this endeavor. Second, I will recount the collaboration effort that we had with our large clients and the various milestones we achieved during that process. I will explain the goals regarding big data analysis that our large clients presented to us and how we accomplished those goals. In particular, I will discuss how we leveraged open source to deliver a realtime decisioning software product called Kamanja to these institutions. An advantage of developing applications in Kamanja is that it is already integrated with Hadoop, Kafka for realtime data streaming, HBase and Cassandra for NoSQL data storage. I will talk about how these companies benefited from Kamanja and some of challenges we had in the design of this software. I will provide quantifiable improvements in key metrics driven by Kamanja and interesting, unsolved problems/challenges that need to be addressed for faster and wider adoption of OSS by these companies.
The Cloud offers great opportunity for disruption in the business world by offering ways to create, test, and deploy applications with greater reach and more simplicity than ever before. Come learn about the Cloud and how Rocket MV is helping you get SaaS-y with capabilities such as Account Based Licensing, RESTful APIs, and micro-services.
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
Office 365 Seguro? Sym, Cloud!
1-Estratégia de Segurança da Symantec
2-VIP & SAM for Office 365
3-DLP for Office 365
4-Email Security.cloud
Be Aware Webinar acontece todas as quartas às 10h30. Curta nossa página no Facebook e acompanhe a programação
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1. Harnessing Privileged Access
Management (PAM) to Defend Core
Digital Assets Against a Breach
By Dan Blum, Doug Moench and Doug Simmons
October 16, 2015
1Copyright (c) 2015 Security Architects, LLC
2. Today’s Speakers
Copyright (c) 2015 Security Architects, LLC 2
Expert in security,
privacy, cloud
computing and identity
management
Ex-Gartner Golden Quill
award-winning VP and
Distinguished Analyst
Founding partner of
Burton Group
CISSP specializing in Security
and Risk Management
strategies and architectures,
identity management
solutions, and federation
technologies. Over 30 years
experience documenting
current state environments
and developing
recommendations for
improving infrastructure.
Dan Blum
Principal Consultant
Doug Moench
Senior IAM and Security Consultant
Doug Simmons
Principal Consultant
Focuses on IT security, risk
management and IAM. Has
performed hundreds of
engagements for large
enterprise clients in multiple
vertical industries including
financial services, health care,
higher education, federal and
state government,
manufacturing, aerospace,
energy, utilities and critical
infrastructure.
3. Why PAM?
Copyright (c) 2015 Security Architects, LLC 3
Source: Information is Beautiful (Breach visualizations)
Many of
these could
have been
prevented or
delayed
4. A Clear and Present Danger…
Copyright (c) 2015 Security Architects, LLC 4
Common
attack
paths
At least
make the
attackers
work for it!
Are too
bloody
easy
5. About Us
• We are a consulting firm dedicated to helping
organizations plan, specify and develop security
programs, policies and technology solutions.
Copyright (c) 2015 Security Architects, LLC 5
About
Us
Clients
Enterprise Security Teams
Cloud service providers (CSPs)
Other Audiences
Areas of Expertise
Cloud
Security
Identity and
Privacy
Endpoint
Security
Cyber
Security
7. What is PAM?
• Privileged Account Management (PAM)
Copyright (c) 2015 Security Architects, LLC 7
A set of technologies that allow organizations to identify,
secure, and monitor accounts that have elevated privileges in
order to minimize risks and ensure compliance.
PAM is also sometimes referred to as:
Privileged User Management
Privileged Identity Management
Privileged Access Management
8. Privileged Accounts are the
Oil that Lubricates IT
Copyright (c) 2015 Security Architects, LLC 8
Root and admin
Network admin
Domain admin
DBA
Other “superusers”
Shared accounts
Service accounts*
What they’re for
NOS devices
DNS/DHCP servers
Firewalls
Routers, and switches
Domain controllers
Virtual machine admin
IaaS
Databases, applications
What they do
Love them or hate them you
can’t run IT without them
Operations: start/stop
services, run jobs, or
generate reports
Configuration, updates,
maintenance, patches,
tuning, troubleshooting
Develop applications,
administer applications
connect applications
* For apps!
9. PAM Business Drivers
• Reduce risk of breaches:
• Compliance drivers
– Maintain internal control
• PAM specifically mentioned in PCI DSS, SOX, NERC/CIP, and some
local/regional regulations
– Simplify auditing and reporting
– Detect/prevent Separation-Of-Duties (SOD) violations
Copyright (c) 2015 Security Architects, LLC 9
10. Core Features
Password vault
Fine-grain privilege control
Session manager
Application credential
management
Copyright (c) 2015 Security Architects, LLC 10
Ancillary Services
Discovery Services
Role Management
Policy Engine
Logging and Auditing
Platform flexibility
Physical and virtual platforms
Local or cloud-based
Remote session protocols
Holds PAM accounts,
managed credentials,
policies, logs
Other
considerations
Availability and performance
12. Password Vault
• Contains accounts for privileged users
• Contains policies for managed
resources
• Encrypts and stores passwords, SSH
keys, policies and logs
• Allows users to check-out/reserve a
credential
• Changes credentials on managed
resources after use
• Provides management console for
centralized policy administration
• Deployed as software on a physical
server, virtual machine, or appliance
Copyright (c) 2015 Security Architects, LLC
12
Privileged User and
Admin Credentials
Vault
Admins
Passwords/SSH Keys
Must be hardened!
Must maintain high availability!
13. Session Manager
• Session management
mechanisms to control access to
resources
• Enables monitoring, logging, and
recording of administrative
activities
• Role management and policy
enforcement capabilities, SOD
rules
• Generate alerts for policy
exceptions
• Emergency access mechanisms
to bypass normal operations
when needed.
Copyright (c) 2015 Security Architects, LLC 13
• Roles
• Policies
• SOD Rules
• Filters
• ACLs
Logging
and
Recording
Roles
Policies
SOD
Rules
Filters
ACLs
SOC
Monitoring
Session Management
RDP, SSH, VNC,
PCoIP, NX
Privileged Users Admins
Target Resources
(Network, Systems)
14. Fined-Grained Privilege Control
• Establish more granular filters to
limit administrative activities.
• Often includes agents installed
within clients or target servers
(similar to desktop management
or AD Bridge tools).
Copyright (c) 2015 Security Architects, LLC 14
Target Infrastructure
Resources
(Network, Systems)
Server agent
to enforce
Fine-grained
privileges
Privileged Users Admins
Client agent for
some apps (i.e.
Active Directory)
15. Application Credential
Manager
• Identify, store, and rotate
application credentials and SSH
keys in the password vault
• Eliminate the need to hard-code
authentication information
– Use a simple API call instead
• May support caching to minimize
performance impacts
• Commonly supported interfaces
and protocols include:
– HTTP and HTTPS
– SOAP/XML
– Java
– VBScript
– C/C++
– PowerShell
Copyright (c) 2015 Security Architects, LLC 15
Applications
UserID/
Password
SSH
Keys
Other
credential
Target Resources
(Network, Systems)
API
Password
Vault
Local
Cache
Local
Cache
Local
Cache
Secure Key
Exchange
PW/Key
Rotation
API Call
16. PAM Market Landscape
• Relatively small niche, but growing rapidly
~$500 million annually, 32% rate
• Market leaders (in share + core features)
• More market players around the world
• Differentiators
High availability, platform + multi-tenancy support, workflow
integration and SoD features, credential management, SIEM
integration, session recording features
Copyright (c) 2015 Security Architects, LLC 16
Beyond Trust
CA
CyberArk
Dell
Lieberman Software
Exceedium
17. The PAM Map
Copyright (c) 2015 Security Architects, LLC 17
Hitachi ID Systems
BeyondTrust
CA, Centrify
Dell, Enforcize,
IBM, Lieberman,
ManageEngine,
Micro Focus,
Observe IT,
Oracle, SecureLink,
Thypotics, Xceedium
CyberArk
Raz-Lee Security
Pitbull Software
Wallix
Osirium
Balait
MasterSAM
Applecross
SSH Communications
Security
NRI Secure
* Some names shortened, or omitted for space
* Source: Gartner list of 2015 PAM vendors
Arcon
18. Deploying PAM: Key Issues
• Getting and keeping stakeholder buy-in
• Creating high availability, disaster recovery
and “break glass” procedures that work
• Integrating with identity, workflow and
monitoring infrastructures
• Phasing in functionality on your schedule
rather than the vendors
• Locking in favorable professional services and
product support
Copyright (c) 2015 Security Architects, LLC 18
19. Getting and Keeping
Stakeholder Buy-in
“Nobody implements our product because they want to. They do
it because someone is telling them they have to.”
– Philip Lieberman, in an informal conversation with us, about 4 years
ago
Recommendations
– Follow ALL recommendations in coming slides to make
PAM as transparent as possible for IT and the business
– Involve IT and business stakeholders and representatives
from all affected teams in project phasing and process
development
– Develop a communications and support package for all
privileged users and administrators that will be affected
Copyright (c) 2015 Security Architects, LLC 19
20. Maintain High Availability
• Eliminate single points of failure
• Deploy high-availability password vault
– Active-active or active-passive failover, stretch cluster or PAM-
replication across sites
– Create and test DR plans
• Estimate and measure usage, size appropriately, utilize with
load balancers for all PAM components
• Have “break glass” processes to keep IT running in the event
any part of PAM fails
• Prevent or detect any abuse of “back doors”
Copyright (c) 2015 Security Architects, LLC 20
21. Other Critical
Recommendations
• Thoroughly plan and design
integration with identity, workflow
and monitoring infrastructures
• Phase in functionality on your
schedule, not the vendor’s sales
quotas
– Calibrate phasing to your
infrastructure maturity level
• Lock in favorable professional
services and product support
terms
Copyright (c) 2015 Security Architects, LLC 21
22. Conclusion
• PAM deployments can range from basic password
vaults to advanced application hardening, session
monitoring and analytics
• Although the market is relatively mature, few
enterprises have deployed the technology outside
niches to their full IT environment
• Don’t over-reach or you’ll get thrown on the defensive
with internal constituencies
• The good news: An effective PAM deployment is likely
to resolve some of your audit and compliance issues –
as well as prevent many breach scenarios
Copyright (c) 2015 Security Architects, LLC 22