Transcript Privileged Accounts

CyberArk
Security for the Heart of the Enterprise
Bogdan Tobol
Regional Sales Director North/Eastern Europe
1
Anunak Attack Summary
Breach Overview
 Target: Financial institutions
 Attacker: Anunak cybercrime ring
 Motivation: Monetary
 Goal: Steal money directly from banks
 Outcome: >$25M stolen since 2H 2014
What Happened?
 Anunak launched targeted attacks against
several banks
 Gained privileged access to systems
 Transferred money to outside accounts
 Compromised ATMs to steal cash
2
Large US Retailer: March 2014 Attack Summary
COMPANY OVERVIEW
Industry
Retail
Employees
27,000
Headquarters
USA
WHAT HAPPENED?
 Early 2014: 260,000 credit cards stolen from a
large US retailer went up for sale
 Early 2015: The same retailer announced a
second intrusion to POS systems
3
Sony Pictures Entertainment Breach Summary
Company Overview
 Industry: Media/Entertainment
 Revenue: $8 billion
 Employees: 6,500
 Headquarters: California, US
What Happened:
 What was taken: IP, IT information,
employee PII, and more
 Alleged threat actor: North Korea
 Likely motivation: Brand damage
 Impact: Complete loss of IT control,
brand damage, pulled movie
premier
4
Privileged Accounts are Targeted in All
Advanced Attacks
“…100% of breaches
involved stolen
credentials.”
Mandiant, M-Trends and APT1 Report
5
“APT intruders…prefer to
leverage privileged accounts
where possible, such as Domain
Administrators, service accounts
with Domain privileges, local
Administrator accounts, and
privileged user accounts.”
Privileged Credentials are Everywhere
Privileged Accounts
Routers, Firewalls, Hypervisors,
Databases, Applications
Power Plants,
Factory Floors
Routers, Firewalls, Servers,
Databases, Applications
WiFi Routers, Smart TVs
Laptops, Tablets,
Smartphones
6
Privilege is At The Center of the Attack Lifecycle
Typical Lifecycle of a Cyber Attack
7
Hijacked Credentials Put the Attacker in Control
Compromised Privileged Accounts
Routers, Firewalls, Hypervisors,
Databases, Applications
Power Plants,
Factory Floors
Routers, Servers,
Databases, Applications
Enable attackers to:
Firew
• Bypass
security controls & monitoring
all
• Access all of the data on the device
• Disrupt normal operation of the device
• Cause physical damage
Laptops, Tablets,
Smartphones
8
WiFi Routers, Smart TVs
CyberArk Breaks the Attack Chain
9
CyberArk Delivers a New Critical Security Layer
PERIMETER SECURITY
SECURITY CONTROLS INSIDE THE NETWORK
MONITORING
PRIVILEGED ACCOUNT SECURITY
10
Privilege Account Security Across the Stack
Data
Data
Security
Applications
Application
Security
End-point
End Point
Security
Network
Network
Security
11
Privileged
Account
Security
Solving The Privileged Account Security Problem
Threats
Audit &
Compliance
▪ Advanced, External Threats
▪ Securing Application Credentials
▪ Insider Threats
▪ Securing Shared Admin Accounts
▪ Control & Accountability for
Privileged Users
▪ Compliance Reporting
▪ Monitor & Record Privileged
Activity
12
▪ Remote User Access Control
Comprehensive Controls on Privileged Activity
Lock Down
Credentials
Isolate & Control
Sessions
Continuously
Monitor
Protect privileged
passwords and SSH
keys
Prevent malware
attacks and control
privileged access
Implement continuous
monitoring across all
privileged accounts
Enterprise Password Vault
SSH Key Manager
Application Identity Manager
13
Privileged Session Manager
On-Demand Privileges Unix
OPM Windows
Privileged Threat Analytics
The Problem: Users with admin rights can…
▪ Install kernel-mode root kits
▪ Install system-level level key loggers
▪ Install Malicious ActiveX controls, including IE and Explorer extensions
▪ Install spyware and adware
▪ Install malware; “Pass-the-Hash” exploits
▪ Install and start services
▪ Stop existing services (such as the firewall)
▪ Access data belonging to other users
▪ Cause code to run whenever anybody else logs on to that system
▪ Replace OS and other program files with Trojan horses
▪ Disable/uninstall anti-virus
▪ Create and modify user accounts
▪ Reset local passwords
▪ Render the machine unbootable
▪ And more…
14
Pain varies based on role and current state of
admin privilege management
Scenario:
Users have local admin rights
Local admin rights are removed
Buyer:
Operations Team
• Desktop Engineering
• IT Planning and
Engineering
• Director of IT
Security Team
• Security Analyst
Pain: Spends lots of timing fixing
damage and remediating incidents on
users’ laptops
How much time and effort do you spend
responding to endpoint incidents?
Pain: Limited ability to protect the
organizations due to a giant,
unmanaged attack surface
Pain: Handles consistent help desk calls
as users need privileges to install and run
approved applications
How do you handle events that generally
require local admin rights?
Pain: Forced to manage ‘privilege creep,’
as users regain local admin rights to run
business applications
• Security Architect
• Director of IT Security
15
How many security incidents could you
prevent each year by eliminating local
admin rights?
How do you revoke local admin rights
once they are no longer needed by
business users?
Recap: Least Privilege + App Control = Reduced Risk
Least Privilege
Application Control
•
Limit privileges for business and
administrative users
•
Only allow whitelisted, trusted
applications
•
Gap: Malicious applications that don’t
need privileges can still get in
•
Gap: Applications that require privileges
requires users to have local admin priv.
Combined – least privilege and application control enable organizations to
reduce the attack surface and block the progression of malware-based attacks
16
Privileged Accounts are Targeted in All
Advanced Attacks
“Anything that involves
serious intellectual property
will be contained in highly secure
systems and privileged accounts
are the only way hackers can
get in.”
Avivah Litan, Vice President and Distinguished
Analyst at Gartner, 2012
17
Can We Really Isolate All Critical Networks?
▪ The assumption that all critical network
could be isolated is very problematic:
￭
￭
￭
Removable media
Mistakes and temporary connections
Remote access
▪ How do we design a truly secure
remote access system?
▪ A design that will also help secure
against the first two types of threat
18
Securing Access Into the ICS/OT Network
Corporate
Network
VPN
Web
Portal
DMZ firewall
Third party
vendor
Supervisor
DMZ
PSM
ICS firewall
Session
Recording
Password
ICS
Network
Vault
Databases
19
UNIX
Servers
Windows
Servers
Routers
& Switches
SCADA
Devices
Anti Virus &
Content Filtering
SSH Keys: A Critical Privileged Account Problem
SSH keys are commonly used by
users and machines to access
Privileged Accounts. They are
an attack vector commonly used
to gain access to critical systems.
51%
*Source: Ponemon Institute
20
of companies report being impacted
by SSH key related compromises*
Layers of Security in the Digital Vault
Hierarchical
Encryption
Vault Safes
Tamper-Proof
Auditability
Comprehensive
Monitoring
Session
Encryption
Segregation of
Duties
Firewall
21
Authentication
Sensitive Information Management
Easy, Secure and Compliant File Sharing
SHARE
Sensitive documents between users
AUTOMATE
File transfers between
applications
22
AUDIT
File sharing and access to
sensitive documents
CyberArk Overview
Trusted experts in privileged account
security
• 1,900 privileged account security customers
56%
• 40% of Fortune 100
GROWTH
Approach privileged accounts as a
security challenge
40%
GROWTH
• Designed and built from the ground up for security
30%
GROWTH
Twelve years of innovation in privileged
account controls, monitoring and
analytics
• First with vault, first with monitoring, first with analytics
• Over 100 software engineers, multiple patents
Only comprehensive privileged account
security solution
• One solution, focused exclusively on privileged accounts
• Enterprise-proven
23
2011
2012
2013
2014
IDC Names CyberArk the PAM Market Leader
“CyberArk is the PAM
pure-play “big gorilla”
with the most revenue
and largest customer base.”
SOURCE: "IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor
Assessment”, by Pete Lindstrom , December 2014, IDC Document #253303
24
Trusted by Customers Worldwide
Over 1,900 Global Customers
40% of Fortune 100
19% of Global 2000
25
Thank you
26