We trust admins with the proverbial “keys to the kingdom” and direct access to the company’s most sensitive data, but are we doing enough to ensure data security and compliance?
Root, domain admin and super user are all accounts with elevated privileges that give users full control over the systems they are managing. Account compromise or misuse of escalated privileges pose a significant threat. These elevated privileges increase the risk associated with these accounts and require additional safeguards such as user behavior monitoring and alerting.
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...ObserveIT
ObserveIT's Marc Potter presents a comprehensive look at identifying and managing your risky users in an IT environment.
This presentation was given at ISACA Orlando on Tuesday, March 17, 2015.
This document discusses how user activity monitoring can improve data protection by monitoring the activities of application users, administrators, and external vendors. It notes that most data breaches involve unauthorized access to applications containing sensitive data by business users, who outnumber IT administrators 20 to 1. Traditional security tools like firewalls, identity and access management, and data loss prevention software fall short for monitoring application users. The presentation promotes a user activity monitoring solution that records users' screens and activities, profiles their behavior, generates real-time alerts of anomalous behavior, and integrates with security information and event management systems.
The document describes ObserveIT software that records and replays terminal, Citrix, and console user sessions. It provides key details about the company, product capabilities, customer base, benefits, and technical architecture. Specifically, it allows compliance auditing by tracking all access, remote vendor monitoring, and root cause analysis through playback of exact user actions. The software has a global presence and is deployed across industries for security, compliance, troubleshooting, and SLA validation.
Announcing ObserveIT v 6.7: The leading solution for insider threat and compliance just got better.
ObserveIT helps you manage the most fickle security variable: people. We provide configurable smart alerts and irrefutable video logs of vendors, privileged users, or high risk users who breach security policies and put your organization at risk.
Version 6.7 further enhances monitoring and investigation capabilities and ensures your organization will continue to comply worldwide standards.
Enhanced insider threat library with 180 out-of-the-box smart alerts
Detection of data exfiltration attempts via print jobs
User identity anonymization for enhanced privacy
Complete monitoring of user activity on Mac endpoints
Enhanced Integration capabilities with Splunk, QRadar, ArcSight and LogRhythm.
Learn how ObserveIT can help your organization with data security, forensic investigations, and internal audits. We’ll review the key use cases of user activity monitoring and walk through a full product demonstration.
Version 6.7 further enhances monitoring and investigation capabilities and ensures your organization will continue to comply worldwide standards (whether it’s PCI, SOX, HIPAA, NERC, FFIEC, FISMA or FERPA):
- Enhanced insider threat library with 180 out-of-the-box smart alerts
- Anonymization for enhanced user privacy
- Complete monitoring of user activity on Mac endpoints
- Detection of data exfiltration attempts via print jobs
- Enhanced integration capabilities with Splunk, QRadar, ArcSight and LogRhythm.
ObserveIT Software acts like a "security camera" for your servers, it will allow you to watch with full video playback every step your 3rdparty contractors, developers or IT administrators takes on your servers – exactly as they happen.
Watch full video playback of Remote Desktop, Citrix and VMWare Sessions
View sessions in real time or from historical recordings
Quickly find any user action, without playing back the entire session
Prevent Insider Threats with User Activity MonitoringObserveIT
Gain the visibility and context you need to detect abnormal behavior, get a clear picture of the risk insiders present, and stop them from becoming a threat.
You'll learn how to Prevent Insider Threats with ObserveIT:
Observe who’s doing what and distinguish insider abuse from legitimate use Detect abnormal user behavior indicative of insiders becoming threats Prevent users from putting your business at risk
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...ObserveIT
ObserveIT's Marc Potter presents a comprehensive look at identifying and managing your risky users in an IT environment.
This presentation was given at ISACA Orlando on Tuesday, March 17, 2015.
This document discusses how user activity monitoring can improve data protection by monitoring the activities of application users, administrators, and external vendors. It notes that most data breaches involve unauthorized access to applications containing sensitive data by business users, who outnumber IT administrators 20 to 1. Traditional security tools like firewalls, identity and access management, and data loss prevention software fall short for monitoring application users. The presentation promotes a user activity monitoring solution that records users' screens and activities, profiles their behavior, generates real-time alerts of anomalous behavior, and integrates with security information and event management systems.
The document describes ObserveIT software that records and replays terminal, Citrix, and console user sessions. It provides key details about the company, product capabilities, customer base, benefits, and technical architecture. Specifically, it allows compliance auditing by tracking all access, remote vendor monitoring, and root cause analysis through playback of exact user actions. The software has a global presence and is deployed across industries for security, compliance, troubleshooting, and SLA validation.
Announcing ObserveIT v 6.7: The leading solution for insider threat and compliance just got better.
ObserveIT helps you manage the most fickle security variable: people. We provide configurable smart alerts and irrefutable video logs of vendors, privileged users, or high risk users who breach security policies and put your organization at risk.
Version 6.7 further enhances monitoring and investigation capabilities and ensures your organization will continue to comply worldwide standards.
Enhanced insider threat library with 180 out-of-the-box smart alerts
Detection of data exfiltration attempts via print jobs
User identity anonymization for enhanced privacy
Complete monitoring of user activity on Mac endpoints
Enhanced Integration capabilities with Splunk, QRadar, ArcSight and LogRhythm.
Learn how ObserveIT can help your organization with data security, forensic investigations, and internal audits. We’ll review the key use cases of user activity monitoring and walk through a full product demonstration.
Version 6.7 further enhances monitoring and investigation capabilities and ensures your organization will continue to comply worldwide standards (whether it’s PCI, SOX, HIPAA, NERC, FFIEC, FISMA or FERPA):
- Enhanced insider threat library with 180 out-of-the-box smart alerts
- Anonymization for enhanced user privacy
- Complete monitoring of user activity on Mac endpoints
- Detection of data exfiltration attempts via print jobs
- Enhanced integration capabilities with Splunk, QRadar, ArcSight and LogRhythm.
ObserveIT Software acts like a "security camera" for your servers, it will allow you to watch with full video playback every step your 3rdparty contractors, developers or IT administrators takes on your servers – exactly as they happen.
Watch full video playback of Remote Desktop, Citrix and VMWare Sessions
View sessions in real time or from historical recordings
Quickly find any user action, without playing back the entire session
Prevent Insider Threats with User Activity MonitoringObserveIT
Gain the visibility and context you need to detect abnormal behavior, get a clear picture of the risk insiders present, and stop them from becoming a threat.
You'll learn how to Prevent Insider Threats with ObserveIT:
Observe who’s doing what and distinguish insider abuse from legitimate use Detect abnormal user behavior indicative of insiders becoming threats Prevent users from putting your business at risk
1) Zero Trust is a security model that does not inherently trust anything inside or outside its perimeter and instead verifies anything and everything trying to connect to its systems before granting access.
2) Traditional security models rely on physical or logical network boundaries to define what is trusted, but this is ineffective as users and devices can no longer be trusted once inside these boundaries.
3) The core tenants of Zero Trust include secure all communication, grant least permission, grant access to single resources at a time, make access policies dynamic, collect and use data to improve security, monitor assets, and periodically re-evaluate trust.
Most organizations recognize the benefits of single sign-on (SSO): Users love it because they have only one password to remember; security teams love it because they can require that one password to be strong; and management loves it because it boosts productivity while reducing password reset calls.
But how secure is your SSO? A great user experience sometimes means sacrificing security. And even the strongest passwords won’t protect you from the misuse of stolen credentials.
Discuss the shortcomings of traditional SSO and how an adaptive approach can strengthen security while still delivering an amazing user experience.
This document discusses Privilege Identity Management (PIM) at Asurion. It provides an overview of why Asurion deployed a PIM program to better manage privileged accounts and identities. Previously, privileged account information was tracked through methods like sticky notes, spreadsheets, and wikis, and accounts were not properly monitored or access controlled. The presentation outlines Asurion's past issues, current PIM practices like using a secure password vault and auditing, and future goals to further improve privileged identity governance.
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/stop-evil-protect-endpoint/
Endpoint types and rapidly increasing in both number and diversity. For many organizations, endpoint exposure is treated as a lower priority risk.
In this presentation from the webinar of SANS faculty fellow and industry-recognized security expert, Dr. Eric Cole, learn:
- How adversaries target and exploit endpoints
- Ways of protecting and securing endpoints
- How to effectively implement least privilege, application control, and authentication
- Creative techniques to detect the adversary via behavior analytics
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
In this presentation from his webinar, Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, explores IoT architectures, the different types of credentials in an IoT system, the common challenges with IoT credential management, and what you can do to mitigate the risks of credential-based attacks.
You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/5-crazy-mistakes-administrators-make-iot-system-credentials/
This document discusses the importance of managing privileged accounts and outlines CyberArk's solution for privileged account security. It notes that privileged accounts exist across all IT systems and are the primary targets of attacks. The facts show that breaches are inevitable and nearly all involve stolen credentials. CyberArk's solution protects, detects, and responds to threats through an enterprise password vault, privileged session monitoring, and threat analytics. It enables control and visibility of privileged access across an organization's diverse IT environments and accounts.
Microsoft Advanced Threat Analytics (ATA) is a behavioral analytics platform that detects advanced security threats and insider threats in enterprise networks. It analyzes Active Directory network traffic and events using machine learning to establish normal user behavior and detect anomalies. When installed, ATA automatically starts learning and profiling entities. It identifies normal behavior and looks for abnormal activities that could indicate security risks or attacks based on tactics used by attackers. Any suspicious activities are presented on a timeline with details on who was involved, what happened, when, and how to investigate and respond. ATA helps enterprises detect threats that evade other security tools and prioritize responses.
Privileged Activity Monitoring
Shell Control Box is an activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise tool with the widest protocol coverage on the market. It is completely independent from clients and servers - integrating seamlessly into existing infrastructures.
The document discusses identity and access management strategies for defending against advanced persistent threats (APTs). It outlines how APTs typically progress through four phases - reconnaissance, initial entry, escalation of privileges, and continuous exploitation. It then proposes a "defense-in-depth" approach using identity and access management capabilities to make initial penetration difficult, reduce privilege escalation, limit damage from compromised accounts, and aid in early detection and forensic investigation. Specific capabilities discussed include identity governance, least privilege access, shared account management, session recording, server hardening, and advanced authentication.
La mayor parte de las brechas de datos son debidas al uso indebido de credenciales privilegiadas. Los invitamos a conocer el enfoque de CyberArk, en esta presentación de Carolina Bozza.
Carolina será una de los presentadores en nuestro evento "EL ATAQUE INTERNO", el próximo 6 de mayo. El link de inscripción es:
https://eventioz.com.ar/e/el-ataque-interno?utm_source=eventioz&utm_medium=emailtrans&utm_campaign=ez_invite_recipient&utm_content=button_cta&source=orevem
Los esperamos!!
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Lacoon Mobile Security
This document discusses practical attacks against virtual desktop infrastructure (VDI) solutions. It begins with introductions to the presenters and an overview of mobile VDI. It then outlines four threats: 1) using a remote access Trojan to keylog credentials, 2) directly grabbing credentials from an Android device, 3) screen scraping on Android, and 4) man-in-the-middle session hijacking on iOS. It argues that a layered mobile security approach is needed to protect VDI, including device assessment, reducing attack surfaces, threat detection, and risk mitigation.
Pour prioriser efficacement vos efforts, vous devez d'abord comprendre vos applications - ses composantes clés
et ses domaines de vulnérabilité. Considérez les plates-formes sur lesquelles l'application réside ; les données
qui transitent entre un utilisateur et une application ; le DNS qui résout l'adresse IP pour accéder à l'application; les serveurs Web et d'application ; et les API associées qui sont utilisées par d'autres applications et systèmes.
F5 améliore de façon unique la stratégie de sécurité que votre entreprise souhaite adopter avec des solutions et des services de sécurité définis par des politiques et des contrôles robustes et simplifie la gestion efficace des facteurs de risque qui sont en constante évolution. « Si vous voulez protéger les outils qui pilotent votre business, cela signifie protéger les
applications qui les font fonctionner »
Karim ZGUIOUI - Systems Engineer North Africa - F5
Microsoft's information protection solutions help organizations protect sensitive data throughout its lifecycle, both inside and outside the organization. These solutions classify, label, and protect data across devices, cloud services, and on-premises environments with a unified approach. The solutions also monitor use and control of protected data and can revoke access. Microsoft is working to improve the user experience of these solutions by integrating them more fully into native Office clients and providing a unified policy for information protection across Office and Azure.
This document discusses CyberArk's privileged account security solutions. It begins by noting CyberArk's growth and customer base. It then explains that organizations have many more privileged accounts than employees across various systems. The document outlines CyberArk's approach to delivering a new critical security layer of privileged account security. It describes CyberArk's privileged account security solution and components like the privileged password vault. Finally, it provides examples of how least privilege principles and application control can help prevent cyber attacks when combined.
This was a summary of the IT Risk and Control functions presented during the Heirs Holdings Internal Auditors meeting to enable the Internal Auditors have insight and acquire the basic knowledge of how to manage the risk that IT can pose to their various businesses or Company within the HH Group.
Cybersecurity - Keeping Your Business ProtectedRobert E Jones
Veterans in Business (VIB) Network Conference
Left Brain Professionals Inc.
All businesses face cybersecurity issues. Defense contractors must meet the requirements outlined in NIST (SP) 800-171 R1 by December 31, 2017. Learn best practices all businesses can use to secure their networks and protect their data. We guarantee you’ll walk away with tools you can easily implement today.
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
1) Hackers gain initial access to networks through techniques like exploiting vulnerabilities, password spraying, or phishing. They then work to gain elevated privileges on internal systems.
2) Once hackers have higher level access, they use that privilege to scan for valuable data and credentials to access other parts of the network. Their goal is widespread access across the network.
3) With control over many systems, hackers implant backdoors to maintain long-term access and control networks from a central command point while evading detection. Companies need comprehensive defenses, data awareness, and protection policies to detect and respond to network intrusions.
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
The document discusses two-factor authentication (2FA) and the Salesforce Authenticator app. It begins with an agenda and introduction to 2FA, explaining that 2FA provides an extra layer of security beyond a password. The bulk of the document then focuses on demonstrating the ease of setup of the Salesforce Authenticator app for 2FA, including a two-step setup process and features like viewing authentication requests and automating approvals. It concludes by noting additional security features and tools available for administrators.
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
In this Slideshare from the webinar of CQURE Academy Security Expert, Krystian Zieja, you will gain insights into:
- How sudo really works and what information we need to know before using it
- Working with sudo logging and using sudo in combination with a central logging server as a security control
- Session recording and replaying to analyze user behavior
- The enterprise-wide sudoers file management
-How to preventing common pitfalls of sudo configuration
- LDAP Integration
- Best practices for sudo usage
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/sudo-mode-part-2-privilege-mistakes-dismantle-entire-enterprise/
The document discusses strategies for defending against ransomware attacks. It begins by noting the increasing threat of ransomware, with over 390,000 new variants detected daily. The Rig exploit kit is highlighted as a major delivery method, exploiting vulnerabilities in browsers and plugins. The document emphasizes the importance of patching browsers, Java, and Flash to reduce attack surfaces. It then outlines the typical ransomware attack cycle and recommends stopping the cycle earlier by using application control to block unknown applications, privilege management to limit lateral movement, and memory injection protection. A multi-layered defense incorporating patching, application control, privilege management, and memory injection protection is recommended to prevent, detect, and remediate ransomware attacks.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
1) Zero Trust is a security model that does not inherently trust anything inside or outside its perimeter and instead verifies anything and everything trying to connect to its systems before granting access.
2) Traditional security models rely on physical or logical network boundaries to define what is trusted, but this is ineffective as users and devices can no longer be trusted once inside these boundaries.
3) The core tenants of Zero Trust include secure all communication, grant least permission, grant access to single resources at a time, make access policies dynamic, collect and use data to improve security, monitor assets, and periodically re-evaluate trust.
Most organizations recognize the benefits of single sign-on (SSO): Users love it because they have only one password to remember; security teams love it because they can require that one password to be strong; and management loves it because it boosts productivity while reducing password reset calls.
But how secure is your SSO? A great user experience sometimes means sacrificing security. And even the strongest passwords won’t protect you from the misuse of stolen credentials.
Discuss the shortcomings of traditional SSO and how an adaptive approach can strengthen security while still delivering an amazing user experience.
This document discusses Privilege Identity Management (PIM) at Asurion. It provides an overview of why Asurion deployed a PIM program to better manage privileged accounts and identities. Previously, privileged account information was tracked through methods like sticky notes, spreadsheets, and wikis, and accounts were not properly monitored or access controlled. The presentation outlines Asurion's past issues, current PIM practices like using a secure password vault and auditing, and future goals to further improve privileged identity governance.
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/stop-evil-protect-endpoint/
Endpoint types and rapidly increasing in both number and diversity. For many organizations, endpoint exposure is treated as a lower priority risk.
In this presentation from the webinar of SANS faculty fellow and industry-recognized security expert, Dr. Eric Cole, learn:
- How adversaries target and exploit endpoints
- Ways of protecting and securing endpoints
- How to effectively implement least privilege, application control, and authentication
- Creative techniques to detect the adversary via behavior analytics
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
In this presentation from his webinar, Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, explores IoT architectures, the different types of credentials in an IoT system, the common challenges with IoT credential management, and what you can do to mitigate the risks of credential-based attacks.
You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/5-crazy-mistakes-administrators-make-iot-system-credentials/
This document discusses the importance of managing privileged accounts and outlines CyberArk's solution for privileged account security. It notes that privileged accounts exist across all IT systems and are the primary targets of attacks. The facts show that breaches are inevitable and nearly all involve stolen credentials. CyberArk's solution protects, detects, and responds to threats through an enterprise password vault, privileged session monitoring, and threat analytics. It enables control and visibility of privileged access across an organization's diverse IT environments and accounts.
Microsoft Advanced Threat Analytics (ATA) is a behavioral analytics platform that detects advanced security threats and insider threats in enterprise networks. It analyzes Active Directory network traffic and events using machine learning to establish normal user behavior and detect anomalies. When installed, ATA automatically starts learning and profiling entities. It identifies normal behavior and looks for abnormal activities that could indicate security risks or attacks based on tactics used by attackers. Any suspicious activities are presented on a timeline with details on who was involved, what happened, when, and how to investigate and respond. ATA helps enterprises detect threats that evade other security tools and prioritize responses.
Privileged Activity Monitoring
Shell Control Box is an activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise tool with the widest protocol coverage on the market. It is completely independent from clients and servers - integrating seamlessly into existing infrastructures.
The document discusses identity and access management strategies for defending against advanced persistent threats (APTs). It outlines how APTs typically progress through four phases - reconnaissance, initial entry, escalation of privileges, and continuous exploitation. It then proposes a "defense-in-depth" approach using identity and access management capabilities to make initial penetration difficult, reduce privilege escalation, limit damage from compromised accounts, and aid in early detection and forensic investigation. Specific capabilities discussed include identity governance, least privilege access, shared account management, session recording, server hardening, and advanced authentication.
La mayor parte de las brechas de datos son debidas al uso indebido de credenciales privilegiadas. Los invitamos a conocer el enfoque de CyberArk, en esta presentación de Carolina Bozza.
Carolina será una de los presentadores en nuestro evento "EL ATAQUE INTERNO", el próximo 6 de mayo. El link de inscripción es:
https://eventioz.com.ar/e/el-ataque-interno?utm_source=eventioz&utm_medium=emailtrans&utm_campaign=ez_invite_recipient&utm_content=button_cta&source=orevem
Los esperamos!!
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Lacoon Mobile Security
This document discusses practical attacks against virtual desktop infrastructure (VDI) solutions. It begins with introductions to the presenters and an overview of mobile VDI. It then outlines four threats: 1) using a remote access Trojan to keylog credentials, 2) directly grabbing credentials from an Android device, 3) screen scraping on Android, and 4) man-in-the-middle session hijacking on iOS. It argues that a layered mobile security approach is needed to protect VDI, including device assessment, reducing attack surfaces, threat detection, and risk mitigation.
Pour prioriser efficacement vos efforts, vous devez d'abord comprendre vos applications - ses composantes clés
et ses domaines de vulnérabilité. Considérez les plates-formes sur lesquelles l'application réside ; les données
qui transitent entre un utilisateur et une application ; le DNS qui résout l'adresse IP pour accéder à l'application; les serveurs Web et d'application ; et les API associées qui sont utilisées par d'autres applications et systèmes.
F5 améliore de façon unique la stratégie de sécurité que votre entreprise souhaite adopter avec des solutions et des services de sécurité définis par des politiques et des contrôles robustes et simplifie la gestion efficace des facteurs de risque qui sont en constante évolution. « Si vous voulez protéger les outils qui pilotent votre business, cela signifie protéger les
applications qui les font fonctionner »
Karim ZGUIOUI - Systems Engineer North Africa - F5
Microsoft's information protection solutions help organizations protect sensitive data throughout its lifecycle, both inside and outside the organization. These solutions classify, label, and protect data across devices, cloud services, and on-premises environments with a unified approach. The solutions also monitor use and control of protected data and can revoke access. Microsoft is working to improve the user experience of these solutions by integrating them more fully into native Office clients and providing a unified policy for information protection across Office and Azure.
This document discusses CyberArk's privileged account security solutions. It begins by noting CyberArk's growth and customer base. It then explains that organizations have many more privileged accounts than employees across various systems. The document outlines CyberArk's approach to delivering a new critical security layer of privileged account security. It describes CyberArk's privileged account security solution and components like the privileged password vault. Finally, it provides examples of how least privilege principles and application control can help prevent cyber attacks when combined.
This was a summary of the IT Risk and Control functions presented during the Heirs Holdings Internal Auditors meeting to enable the Internal Auditors have insight and acquire the basic knowledge of how to manage the risk that IT can pose to their various businesses or Company within the HH Group.
Cybersecurity - Keeping Your Business ProtectedRobert E Jones
Veterans in Business (VIB) Network Conference
Left Brain Professionals Inc.
All businesses face cybersecurity issues. Defense contractors must meet the requirements outlined in NIST (SP) 800-171 R1 by December 31, 2017. Learn best practices all businesses can use to secure their networks and protect their data. We guarantee you’ll walk away with tools you can easily implement today.
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
1) Hackers gain initial access to networks through techniques like exploiting vulnerabilities, password spraying, or phishing. They then work to gain elevated privileges on internal systems.
2) Once hackers have higher level access, they use that privilege to scan for valuable data and credentials to access other parts of the network. Their goal is widespread access across the network.
3) With control over many systems, hackers implant backdoors to maintain long-term access and control networks from a central command point while evading detection. Companies need comprehensive defenses, data awareness, and protection policies to detect and respond to network intrusions.
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
The document discusses two-factor authentication (2FA) and the Salesforce Authenticator app. It begins with an agenda and introduction to 2FA, explaining that 2FA provides an extra layer of security beyond a password. The bulk of the document then focuses on demonstrating the ease of setup of the Salesforce Authenticator app for 2FA, including a two-step setup process and features like viewing authentication requests and automating approvals. It concludes by noting additional security features and tools available for administrators.
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
In this Slideshare from the webinar of CQURE Academy Security Expert, Krystian Zieja, you will gain insights into:
- How sudo really works and what information we need to know before using it
- Working with sudo logging and using sudo in combination with a central logging server as a security control
- Session recording and replaying to analyze user behavior
- The enterprise-wide sudoers file management
-How to preventing common pitfalls of sudo configuration
- LDAP Integration
- Best practices for sudo usage
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/sudo-mode-part-2-privilege-mistakes-dismantle-entire-enterprise/
The document discusses strategies for defending against ransomware attacks. It begins by noting the increasing threat of ransomware, with over 390,000 new variants detected daily. The Rig exploit kit is highlighted as a major delivery method, exploiting vulnerabilities in browsers and plugins. The document emphasizes the importance of patching browsers, Java, and Flash to reduce attack surfaces. It then outlines the typical ransomware attack cycle and recommends stopping the cycle earlier by using application control to block unknown applications, privilege management to limit lateral movement, and memory injection protection. A multi-layered defense incorporating patching, application control, privilege management, and memory injection protection is recommended to prevent, detect, and remediate ransomware attacks.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
This document discusses using a programmable USB device called a USB Rubber Ducky to conduct an attack. It describes using the Rubber Ducky to deploy a Metasploit payload to get system access, then using Mimikatz to dump passwords from memory and obtain a domain admin account. With that level of access, an attacker could copy sensitive source code, delete or manipulate organizational data, fully control user accounts, and install malware through Group Policy. The document suggests defining a whitelist of authorized devices and increasing employee awareness as ways to mitigate such an attack.
This document outlines an attack scenario using a programmable USB keyboard to gain domain admin access and steal software source code from a company. It describes using a USB Rubber Ducky device pre-programmed with PowerShell commands to deploy a Metasploit payload and extract credentials from the LSASS process using Mimikatz. This would allow taking over a domain admin account, copying source code, deleting data, and fully controlling the network. The document suggests mitigations like whitelisting authorized devices and increasing social engineering awareness.
The document discusses advanced persistent threats and privileged identity challenges. It provides background on the speaker, including their qualifications and experience. It then covers topics like what privileged accounts are, how system administrators operate, insider threats, case studies of security breaches involving privileged accounts, and compliance and regulatory issues around privileged identity management. Solutions discussed include implementing policies, processes, and technology to better control and monitor privileged access.
Network Security - Real and Present DangersPeter Wood
Peter Wood is the CEO of First Base Technologies, an ethical hacking firm. He gave a presentation on the results of penetration tests his company conducted on various organizations in the past year. The most common vulnerabilities found included weak passwords, unpatched systems, misconfigured firewalls and services exposing sensitive information. He emphasized that many of these issues have persisted for years and can be easily exploited to gain full access to systems and data. He provided recommendations for organizations to improve security such as enforcing stronger passwords, regular patching, limiting access to sensitive systems and data, and monitoring networks.
Expand Your Control of Access to IBM i Systems and DataPrecisely
This document discusses expanding control of access to IBM i systems and data. It begins with some logistical information about the webcast. The presentation will discuss myths about IBM i security, exit points and access methods, examples of security issues, and how Syncsort can help with security. The agenda includes discussing the myth that IBM i is secure by nature, reviewing exit points and access methods, providing examples, and explaining how Syncsort can help manage security risks. Overall, the document aims to educate about security risks on IBM i and how third party solutions can help address vulnerabilities from various access methods and improve overall security.
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
The document discusses protecting databases from insider threats using MongoDB encryption. It describes how insider threats are on the rise and how privileged users can bypass traditional security to access sensitive data. The solution presented is using Vormetric transparent encryption to encrypt MongoDB databases, which applies encryption and access controls without changes to applications or the database. Key benefits include field-level encryption, blocking administrative users' access to raw data, and centralized key management on a separate device from encrypted data.
The document provides guidelines for secure coding. It discusses the evolution of software markets and increased security threats. Common web attacks like injection, broken authentication, and sensitive data exposure are explained. The OWASP Top 10 list of vulnerabilities is reviewed. The document emphasizes the importance of secure coding practices like input validation, output encoding, and using components with no known vulnerabilities. Following a secure coding lifestyle can help developers write more secure code and protect against attacks.
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
Understanding how emerging standards like OAuth and OpenID Connect impact federation
Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience.
This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards.
You Will Learn
Best practices for federating identity across mobile and cloud
How emerging identity federation standards will impact your infrastructure
How to implement an identity-centric API security and management infrastructure
Presenters
Ehud Amiri
Director, Product Management, CA Technologies
Francois Lascelles
Chief Architect, Layer 7
This document discusses privileged identity and session management. It begins by outlining some ground-level realities of how system administrators operate and common insider threats. It then discusses compliance regulations related to privileged accounts. The rest of the document defines different types of privileged accounts, outlines the scope of the problem of managing privileged accounts, and provides examples of privileged access needed for application-to-application communication. It concludes by advocating for a comprehensive privileged identity and session management platform and controls framework to help isolate and protect privileged credentials and activities.
Application security meetup k8_s security with zero trust_29072021lior mazor
The "K8S security with Zero Trust" Meetup is about K8s posture Management and runtime protection, ways to secure your software supply chain, Managing Attack Surface reduction, and How to secure K8s with Zero-Trust.
This document summarizes the top 10 mobile security risks according to the OWASP Mobile Security Project. It introduces the mobile threat model and discusses each of the top 10 risks, including weak server-side controls, insecure data storage, insufficient transport layer protection, unintentional data leakage, poor authentication and authorization, broken cryptography, client-side injection, security decisions via untrusted inputs, improper session handling, and lack of binary protections. Best practices for addressing these risks are also provided.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Extreme is the only company in the industry that takes an architectural approach to bringing products to market (from R&D to product release). Everything we do and create is a part of this Software Defined Architecture [SDA]. Wireless LAN, Wired LAN, Data Center -- It starts with highly reliable, high performance infrastructure. This is our heritage and we have always been outstanding at this: WiFi, Campus LAN all the way to the Data Center. (Ranging from your user to the applications they consume.)
ExtremeXOS -- On top of this, we use a single consistent and differentiated OS call EXOS. (next gen HW will run on EXOS). Lots of companies make high performance hardware, so to truly offer value added differentiation; we include an integrated layer of software into our architecture.
Network Management & BYOD -- We fully integrate management across our entire portfolio. We are very proud that in only 5 months, NetSight became the management platform for the entire portfolio. This was an emphatic message to the market that we take a different approach aligned to our SDA. NetSight has a single, integrated database for all aspects of management. This streamlines operations, enables dynamic management and removes the manual aspect of correlating information.
Application Analytics -- Purview offers application layer analytics, so you can understand what is happening on your network, you can optimize your environment, help increase productivity and measure adoption. Purview allows you to deliver both tactical and strategic information to make better more rapid business decisions.
Finally, we offer orchestration across the entire architecture. Whether that infrastructure is multi-vendor or not. Orchestration within the data center is available across virtualized workloads and consolidated storage and compute. Extreme is the only company in the industry committed to this type of integration, backward compatibility and openness to support technology partners and third party vendors. Many in the industry have grown through M&A, successfully so, however it has led to a portfolio with lots of products that are not integrated through management or orchestration. Each time you add a product, it increases your complexity with the introduction of a new disparate management tool.
Data Center Aggregation/Core Switch
The proposed solution must provide a high-density chassis based switch solution that meets the requirements provided below. Your response should describe how your offering would meet these requirements. Vendors must provide clear and concise responses, illustrations can be provided where appropriate. Any additional feature descriptions for your offering can be provided, if applicable.
• Must offer a chassis-based switch solution that provides eight I/O module slots, two management module slots and four fabric module slots. Must support a variety of I/O modules providing support for 1GbE, 10GbE, 40GbE and 100GbE interfaces. Please describe the recommended switching solution and the available I/O modules.
• Switch must offer switching capacity up to 20.48 Tbps. Please describe the performance levels for the recommended switching solution.
• Switch system must support high availability for the hardware preventing single points of failure. Please describe the high availability features.
• It is preferred that the 10 Gigabit Ethernet modules will also be able to accept standard Gigabit SFP transceivers. Please describe the capability of your switch.
• Must support an N+1 redundant power supplies
• Must support N+1 redundant fan trays
• Must support a modular operating system that is common across the entire switching profile. Please describe the OS and advantages.
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Insider Threat Law: Balancing Privacy and ProtectionObserveIT
Explore the legal parameters of implementing an insider threat program, including the application of employee monitoring tools. Learn how to protect your corporate assets while respecting the privacy of your employees.
Employee monitoring rules – who, what, when, where, how and why
Employee privacy rights
Lawful employee screening procedures
Employee investigation rules
About Presenter
Shawn Thompson, J.D.
Over 15 years’ experience investigating, prosecuting, and managing insider threats.
Senior Litigation Attorney, Department of Defense
Insider Threat Program Manager, Department of Defense
Assistant General Counsel, Federal Bureau of Investigation
Board Member, National Insider Threat Special Interest Group
Special Assistant United States Attorney, United States Department of Justice
Vice President, Enterprise Security Risk Management, InfoTeK Corporation
How to Implement an Insider Threat ProgramObserveIT
Developing an insider threat management program is a difficult task without a process or structure to follow. This critical action becomes even more challenging without formal experience managing insider threats. Additionally, the lack of a understanding and consensus of what properly constitutes an “insider threat program” leads to confusion and misguided efforts .
In this webinar, the author of the upcoming Guide will provide an overview and this much needed framework and clarity for developing your insider threat management program (ITMP) by discussing the following:
-Context and definition of an ITMP
-The primary objectives of an ITMP
-The Initial Operating Capability and Full Operating Capability components of a holistic ITMP
-The fundamental concepts of an ITMP
-11 step process for developing a robust ITMP program
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...ObserveIT
This slideshow from this webinar will help insider threat program managers, security officers and others involved in insider threat detection to proactively interview an insider threat and communicate with Human Resources.
After this webinar, you will know:
How to prepare for an insider threat discussion with an employee or contractor
How to provide an insider threat incident rating to determine the correct action
How to work with your HR department both before and after an incident
You will also walk away with a sample conversation plan and sample questions to ask an insider threat.
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
What in the world does insider threat have to do with the GDPR?
In this webinar, Neira Jones, one of Britain’s most well-known information security professionals, will discuss the major challenges presented by the new European General Data Protection Regulation (GDPR) with an emphasis on Insider Threats.
After viewing this informational webinar, you will understand:
• The new risk landscape and how working with European businesses will change
• The definition of insider threat and how it impacts the required preparations for the new GDPR
• Malicious vs. Unintentional risks
• How to enforce policies using ad-hoc education
• How the new regulation will force companies and employees into less risky behaviours
The document discusses the process of designing and building a new community center that will provide services and activities for local residents. Stakeholders were engaged to understand the needs and desires of the community. An architect was hired to develop plans for the facility based on input from stakeholders. The building is expected to open next year after construction is completed.
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
The use of insider threat management software has grown dramatically over the last two years, but we’ve only started to scratch the surface of innovation. This presentation will not only show you where insider threat technology is today, but also where's it's headed over the next 18 months. See what’s capable with leading insider threat software and how it can be applicable for your organization.
Eric Cole probably the last person on earth you’d expect to encourage making insider threat a C-level priority after devoting a decade of his career to external threat and endpoint security, as the for CTO of McAfee and Chief Scientist for Lockheed Martin. But sometimes the best advice comes from the least expected places.
How to Build an Insider Threat Program in 30 Minutes ObserveIT
People are the core of your business, but they are also responsible for 90% of security incidents. There is no patch for people. To reduce the likelihood of insider threats, you need the right people, process and technology to make it happen.
Join our upcoming webinar and learn how to own the insider threat program at your company.
After this webinar you’ll know:
Terminology – what are the buzzwords (Insider Threat)
People – who needs to be involved to make it happen (exec team, legal, HR, etc.)
Process – how do you operationalize an insider threat program
Technology— how Insider Threat Management solutions work (ObserveIT)
About the speaker:
Jim Henderson is the CEO of TopSecretProtection.com and InsiderThreatDefense.com. Jim is a renowned Insider Threat Defense Program Training (ITDP) Course Instructor and has 15 years of hands-on experience developing successful Counterespionage-Insider Threat Defense Programs.
Insider Threats: Out of Sight, Out of Mind?ObserveIT
Three sentences summarizing the document:
The document discusses how user activity monitoring software from ObserveIT can help organizations prevent insider threats by collecting, detecting, and responding to suspicious user behavior and activity across employees, privileged users, third parties, and other user groups to gain visibility into potential insider risks before they become threats. ObserveIT provides real-time monitoring, user activity logs, session replay and shutdown, and integration with other security tools to help customers comply with regulations and secure systems like EHR platforms from insider data theft or misuse. The presentation includes examples of how ObserveIT has helped customers monitor privileged healthcare users and third party vendor access to detect policy violations and block negligent or malicious insider activities.
Xerox’s well known Affiliated Computer Services (ACS) division provides IT and data services in nearly 100 countries, and has taken a new approach to improve the security of their business-critical application that transforms government documents into digital records.
In 2014 there were 761 data breaches that compromised over 83 million records. The healthcare industry experienced the most breaches with 322, followed by business with 249 breaches. The largest and most expensive breaches included Home Depot, which spent $43 million on associated costs from over 56 million credit cards being breached; JPMorgan Chase, which spent $250 million annually on security improvements after a large financial breach; and the University of Maryland, which spent $6.2 million on credit monitoring and expects total costs of $20-30 million.
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
The document discusses managing risk from users with privileged access. It outlines Marc Potter's background in security and his role at ObserveIT. The agenda covers the current and future state of managing risk, how CA Privileged Management helps, and 3 steps to reduce user risk: 1) Identify access risk from business users, contractors and IT admins, 2) Monitor for and alert on suspicious activity, and 3) Investigate and remediate issues. The document provides examples of high-risk users and privileged tasks. It promotes identifying, monitoring and addressing access risks from users to help secure systems, data and applications.
3 Tips for Managing Risky User Activity in 2015ObserveIT
This document summarizes three tips for managing risky user activity in 2015 presented by David Monahan and Dimitri Vlachos. The tips are: 1) identify different types of user risks like malicious insiders or duped users, 2) adopt a user-centric security strategy using user activity monitoring to better understand risks, and 3) simplify compliance by providing auditors with detailed reports of all user activities on systems and applications. Traditional administrator monitoring and logging provides an incomplete picture, while user focused monitoring can help protect users and the business by providing more context around security incidents.
Whitepaper: User Audit Options for Linux and SolarisObserveIT
A variety of methods exist for auditing user activity in UNIX and Linux environments. This whitepaper looks at the 5 most popular methods for auditing. Each method is described, along with actionable tips for how to make the best use of each method. In addition, guidance is provided to show what type of auditing each method is best suited for.
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT
ObserveIT acts like a security camera on your servers, generating video recording and text audit logs of every action the user performs. ObserveIT captures all activity, even for applications that do not produce their own internal logs. Every action performed by remote vendors, developers, sysadmins and business users is tied to a video recording, providing bulletproof forensic evidence. ObserveIT is the deal solution for 3rd Party Vendor
Monitoring and PCI/HIPAA/SOX/ISO Compliance Accountability, with a simple and direct solution for PCI Requirements #8, #10 and #12.
Case Study - Auditing remote access of employees at a leading financial insti...ObserveIT
In order to prepare the bank for emergency situations, during which the bank employees would have to work as "tele-commuters", the bank has prepared a Remote-Access-Plan (RAP). As part of this ambitious plan, the remotely employees go through a Citrix gateway, which guarantees safe and secure access. Bank Leumi had to record and monitor this activity in order to comply with the banking regulations.
Bank Leumi integrated ObserveIT solutions and created an audited gateway. This way, all the remote users' activities would be recorded for future possible audit.
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryObserveIT
"We enjoy showing off to our customers that every user action is recorded. This increases confidence all around."
Rick Beecroft,
Area Manager, Americas and Pacific Rim
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
3. WHO IS OBSERVEIT?
HQ Boston, MA / R&D Tel Aviv, Israel
Founded 2006
1,200+ Customers Worldwide
$20M Invested by Bain Capital
The leading provider of User
Behavior Monitoring for Application
Users, Admins and External Vendors
4. APPLICATION ACCESS
App Admins App Users
PRIVILEGED ACCESS
(Windows Admins, root,
DBAs, System Admins,…)
(Developers, IT Contractors,
Network Admin,…)
Shared Accounts Named Accounts
Entitlement changes
Logging Utilization
5. PRIVILEGED ACCESS: THE ‘ROOT’
OF TODAY’S BIGGEST BREACHES
78.8M affected by
Anthem breach, DBA
account
compromised
56M affected by
Home Depot Breach,
Privilege Escalation
to Blame
76M affected by
JPMorgan Chase
breach, obtained
admin privileges
6. Penetrate
Establish
Foothold
Open shell and run
commands to learn
orientation:
• Who Am I?
• Host name
• Location of directory
service
Escalate
Privileges
Move Laterally
Complete
Mission
Uploads and executes
malicious software
Scan memory for active
sessions and extract
passwords
Hackers attacks:
• URL Interpretation
• Input Validation
• SQL Injection
• Impersonation
• Buffer Overflow
LETS EXAMINE AN ATTACK
Hackers Log into AD
to get a targeted list
of machines
Hackers leverage
credentials to
compromise data on
machines
13. REGISTRY EDITOR
Edit and Modify Specific Values
• Firewalls
• User Access Control
• Applications / Software
• Windows Components
14. UNSECURE ‘SHELL’
TELNET suffers from security
problems.
TELNET requires a login name
and password (when
exchanging text).
Hackers can easily eavesdrop
using snooper software to
capture a login name and the
corresponding password
even if it is encrypted.
TELNET has been largely
replaced by the more secure
SSH protocol.
22. Challenge:
The Board of Directors of Ally Bank established a Privileged User Access (PUA)
project for all sessions that are accessing data on 160 servers in-scope for PCI and
SOX compliance.
Their 5,000 privileged users represented a significant risk in their organization, so
they are rolling out Password vaulting (Lieberman) and needed to implement a
monitoring program in parallel
Solution:
Needed a monitoring system to collect, alert, and report on the specific use of
applications, functions, or access to specific information
23. Challenge:
Needed to comply with SOX, HIPAA, PCI mandates surrounding the audit and
logging of privileged access to 1,130 servers.
SOX, HIPAA, PCI mandates must include a date/time stamp as well as proof of
what happened in all privileged sessions on regulated servers.
Solution:
Holistic view of configuration changes across environment
Real-time alerts and data exported to SIEM (IBM Qradar)
Reports centered around privileged access as a whole
Editor's Notes
What privileged user activities should be closely monitored and alerted upon
What’s happening in all admins sessions and even for actions that do not generate logs
How to see if users are accessing information they shouldn’t be in critical systems or deleting files
How to identify which users are remotely accessing your systems or changing permissions
ObserveIT can alert on
Terminal creation
Tool upload via FTP
Shell command execution
ObserveIT will alert on
Surrogate to root
Commands running as root
Data Exfiltration
Hackers Exploit Your AWS WebServer via SQL Injection
Hackers open shell & run commands for orientation & to discover host name & location of AD / directory service
Hackers upload & execute malicious software to scan memory for active sessions and extract passwords
Hackers Log into AD to get a targeted list of machines
Hackers leverage credentials to compromise data on machines
Malware Distribution
Hackers Exploit Your AWS WebServer via SQL Injection
Hackers open shell & run commands for orientation & to discover host name & location of AD / directory service
Hackers uploads malware to the server
Hacker modifies JSP pages to distribute the malicious software
Hacker cleans the audit files to cover their tracks
Monitoring Privileged Users is a key part of a Privileged Identity Management initiative. Let’s explore the three major components of Privileged Identity Management:
Provisioning & Governance
Controlling the complete lifecycle of who has access to your critical systems is critical and that is where provisioning comes in. The ability to report on who has access to these systems is where governance solutions come in.
Password Vaults
We all know how important protecting privileged account passwords is and this is where Password Vaults come in. We all know how dangerous it is when privileged users are using sticky notes to remember admin passwords for shared accounts.
User Monitoring
Controlling who has access is absolutely a critical need. And protecting the passwords is also critically important, but they both lack the ability to monitor and auditing what users actually do this access and passwords they have. Further, password vaults introduce increased complexity and single points of failure and because of this are often only deployed to protect a select number of servers.
ObserveIT fills a critical missing component required to meet compliance regulations, detecting and stopping data breaches, and deterring careless and malicious activity and monitoring all Privildeged users with the ability to extend this visibility easily to your entire user population.
Integrations
ObserveIT integrates with provisioning and Passwords Vaults to provide monitoring of all user activity and behavior across the entire lifecyle of your privileged users.
--click to next slide---
Create new system users, access files, authorize network activity, and change system settings.
cron jobs
Config. Change:
Embedded Scripts (innocent script story)
Unsecure ‘shell’ (telnet on legacy appliances – SSH is much more secure and passwords are encrypted over the wire)
Unauthorized access (to configuration files) & run commands that they are not supposed to be
Unapproved ‘setuid’
Escalating Privileges
Pass-the Hash
‘rm’ ‘cp’ with ‘sudo’
Installing “backdoors”
“leapfrog” logins
Legacy systems like routers and phone systems and other applications – like IP address in router
Systems still have a place in the business and if your privileged users still need to access telnet sessions we can monitor
1) Sudo into root shell - A sudo allows an admin to delegate authority to give selected users the ability to run commands as a root or another user. ObserveIT alerts if someone is running a sudo command to interactively open a root shell that does not require a root password. Traditionally, it is difficult to track user actions because in shell you are not limited to a specific command but with ObserveIT it’s simple.
2) Update root cron jobs - A cron is a time-based scheduler program that enables UNIX users to automatically execute commands or scripts at a specific time and date. Cron jobs are used for scheduling tasks to run on the server. ObserveIT alerts when the –e option is used with root permissions to modify cron jobs that will later run with root permissions, enabling potential backdoor user activity at a later date.
3) Edit sudoers files - The sudoers file controls who can run specific commands as specific users on specific machines and can also control special actions like whether you need a password for particular commands. ObserveIT alerts when the sudoers file is edited, as this could enable unauthorized root permissions for the user.
4) Changing a program to a setuid programs (possible backdoor) – Setuid short for “set user ID upon execution” are UNIX access rights flags that allow users to run programs with temporarily elevated privileges in order to perform a specific task. ObserveIT alerts when a user tries to change a program to a “setuid” program (which automatically provides root permissions while the program runs), since this could enable potential backdoor user activity.
5) Opening generic root shell – root shell is one of the main targets of hackers since they can then run whatever command they want, under full authority and it is very hard to track what they do when they get it, ObserveIT can track when a regular user opens a root shell so it can be monitored to make sure is a legitimate action, and commands done under the sensitive shell can be monitored.
6) Creating local user with duplicate user ID - ObserveIT alerts when a user with privileged permissions creates a new user with the same ID as an existing user. The newly-created user could login with his/her own password and perform actions as if they were performed by a different user (especially suspicious for power users like root)
7) Su into root shell with no password - In UNIX, the “root” user has control over the machine. An attacker will want to obtain a shell prompt so that any command can be entered that will execute with root privileges. ObserveIT alerts when a regular user runs a program that opens a root shell using "sudo su". The user will not be asked for the root user password and will have root user permissions without knowing the root password.
Here, a low-level user is seen running the Ping command twice, once normally and once with a special parameter, LetMeIn. The second version actually provides this low-level user with root-level permissions for this session:
At this point, this user can do almost anything on the machine, from stealing sensitive data to crashing the system.
It is actually rather easy to deploy this kind of backdoor; only a few short lines of C code are required, like this:
This code shows how the Ping command is modified to run normally, unless the LetMeIn parameter is specified on the command line. When this parameter is invoked, the normally-harmless Ping command opens a root-level shell for the user running it. (The printf commands are included for illustrative purposes and would not be included in real-life usage of this exploit.)
An alert was generated by the system in response to the user executing a sudo comment to give himself root permissions. The administrators received this alert by email and also in the console. Here, we see the details of the alert shown in an overlay shown within a video recording of the action itself:
Watching a video at the moment that an alert was generated makes it explicitly clear what the user was doing, and if it warrants further attention.
For the second alert – generated when the user executed the Ping backdoor exploit – we see the level of detailed “behind the scenes” information provided to administrators. While the session video does not show the system-level effects of that modified Ping command, the user activity log presents all the underlying system commands very clearly.
OIT Reps: Angela Halliwell, Daniel Petri, Alex Ellis
Deal details: $298,500 for 615 multi-platform server agents
Lead source: Existing customer (already have 450 server agents deployed)
Use cases: Primary – Audit and Compliance Secondary – Threat Management
Customer Summary: Publicly traded NYSE: CI, Industry: Managed Health Care, $32.4 billion in annual revenue with 35,000 employees worldwide, 80 million global customer relationships, sales in more than 30 countries, Cigna is a global health services company dedicated to helping people improve their health, well-being, and sense of security. All products and services are provided exclusively through operating subsidiaries of Cigna Corporation. Products and services include an integrated suite of health services, such as medical, dental, behavioral health, pharmacy and vision benefits, and other related products including group disability life, and accident coverage.
Main players:
Deb Cody - CISO (executive sponsor)
John Shepard – Director, Information Protection (economic buyer) – reports to Deb, Chris’s peer
Linda Bird – Manager, Information Protection Security Engineering (technical buyer) – reports to John
Christina Fryman – Manager, Audit & Compliance, Access Management & Governance (primary consumer of OIT data/reports) – reports to John
Carmine D’Uva – IAM product support (influencer – hands on, deploys new agents)
Chris Lockery – Director, Information Protection – runs Threat Management Team & Forensics – reports to Deb, John’s peer
Edmond Mac – Incident Response & Forensics – reports to Chris
Jim Jeffers – Incident Response & Forensics – reports to Chris
Mac Edmond – Incident Response & Forensics – reports to Chris
Tyse Water – Incident Response & Forensics – reports to Chris
Main Driver: Compliance/Audit and enable business securely – Trust But Verify. OIT provides Access Mgmt & Governance with the attestation they need to comply with SOX, HIPAA, PCI mandates to include a date/time stamp as well as proof of business approval. They are monitoring privileged users with privileged access; for example, who on the App team should have access to service accounts? They verify, spot check, and provide reporting to Christina. The second phase of their deployment will involve Chris Lockery and the Threat Mgmt Team now that we have alerting and can be used more proactively.
Environment: Server environment is mostly Windows which are first priority because they hold high value assets, then mid-range Unix and Linux. Deployment to US first then Glasgow/EUR and APAC, all done by Carmine out of Philly site. Workstations are mostly Windows but their small percentage of Mac users is rapidly growing. For ticketing, they use HP Service Manager and we’ve manually integrated with their SIEM, IBM QRadar, via a week of onsite PS delivered by Daniel Petri. They also use CA Controlminder and SYMC DLP solution.
Issues/Challenges: John Shepard and Linda Bird are good, strong fans of OIT and really understand the value that we bring. I’ve been able to develop good coaching relationships with both but haven’t yet developed either one in to a true “champion” in the sense that without consensus and collaboration, neither of them could have pulled the trigger to get a Q4 deal done, which is not ideal. They were non-committal on timeline all through Q3 and early Q4 so I expected this to be a 2015 deal and didn’t feel like I had accurate forecasting ability on this one. There has not been a time-specific driver so it was challenging to push them faster or create a catalyst to buy.
How it was won: We provide, as a team, a ton of attention to this account and it pays off. We worked very closely with John, Linda, Christina and Carmine starting in May to get all of their licenses upgraded and deployed to non-prod then prod via a very detailed, rigorous process (Daniel held their hands quite a bit!) with the expectation that if success criteria were met, expansion globally would be a next step to cover HVA’s first and then mid-tier second. We had some challenges along the way but this team is extremely communicative and detailed with requests to sales, support, and product management for feature requests. We coordinated several calls and meetings and included Avi, Gaby and Micky to ensure that their extensive input to roadmap was captured and documented and that every issue or concern was resolved. We committed to doing their QRadar integration and had to reset a few times but because the communication had been so consistent, we weathered hiccups pretty.
This is a classic case of being in the right place to grab year end budget flush! The day before Thanksgiving Linda and John called and asked if I wanted an early holiday gift -- $300K of use-or-lose budget for server licenses. WooHOO! Of note, they specifically said that they thought about parsing it out across a handful of vendors but that they ultimately decided to give it all to us. Cigna is a large and important customer to OIT and it’s clear to me that they feel very well taken care of by a broad “One-OIT” Team including those mentioned already plus Tal, Yaniv, Dimitri, Matt Z, Gaby, Avi, Makesh, and more.
Next steps:
Continue working closely with our primary contacts to get these licenses deployed.
Webinar and Case Study including joint marketing with QRadar team
Partner with Chris Lockery to get Threat Management Team comfortable with integrating OIT in to the suite of tools they use for Incident Response and Forensics to ensure that this leads to a workstation opportunity next.
Introduce Deb Cody, CISO, to Paul Brady next time she’s in Boston or coordinate Paul to meet her in Philadelphia or a CT site.