SlideShare ist ein Scribd-Unternehmen logo

Solvit identity is the new perimeter

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

Identity is the ‘New’ Perimeter Cristi Iliescu, Technical Director, SolvIT Networks

Technologie
1 von 37
Downloaden Sie, um offline zu lesen
Identity is the ‘New’ Perimeter Technical Director, SolvIT Networks cristi.iliescu@solvit.ro Cristi Iliescu
 Short overview on security evolution  Current trends and challenges  Pragmatic solutions for security implementation  SolvIT and CA Technologies short overview AGENDA 2 Copyright © 2013 CA. All rights reserved.
1st Generation Gates, Guns, Guards Management Time 2nd Generation Reactive Security 3rd Generation Security as an Enabler 4th Generation Proactive Security and Accountability Evolution of Security Copyright © 2013 CA. All rights reserved. www.ca.com USER 5th Generation IT Service Security
CLOUD COMPUTING SOCIAL NETWORK BIG DATA ANALYTICS MOBILE DEVICE INTERNET OF THINGS Blurring of work & personal brought on by Consumerization of IT Trends impacting security 4 Copyright © 2013 CA. All rights reserved. www.ca.com Externalization of the business Sensitive data and applications – accessible anytime, anywhere Loss of Identity Control Loss of Data Control
Traditional Enterprise with Network Perimeter 5 Copyright © 2013 CA. All rights reserved. www.ca.com Cloud Apps/Platforms & Web Services SaaS Enterprise Apps On Premise Mobile employee Customer Partner User Internal Employee …and remote employees …and cloud applications …and external users VPN Network Perimeter GOOGLE
Traditional Enterprise with Network Perimeter 6 Copyright © 2013 CA. All rights reserved. www.ca.com Cloud Apps/Platforms & Web Services SaaS Enterprise Apps On Premise Mobile employee Customer Partner User Internal Employee …and remote employees …and cloud applications …and external users Network Perimeter is gone! GOOGLE
security threats as we know them are changing The traditional dangers IT security teams have been facing - and overcoming - for years are being replaced by a far more hazardous, advanced form of attacks: Advanced Persistent Threats The financial impact of a threat cannot be underestimated. RSA SecurID Hack In 2011, an APT compromised the systems containing information about RSA SecurID two-factor authentication tokens, including the values the company uses to generate one- time passwords.1 Operation Aurora Hackers stole sensitive intellectual property, including source code, from Google, Adobe, and other high-profile companies using highly sophisticated, well-coordinated techniques.2
how an Advanced Persistent Threat works Nearly every APT follows four phases: Reconnaissance 1 An investigation into the organization’s weaknesses, which often includes domain queries and port and vulnerability scans. Initial Entry 2 Discovered exposures are exploited and a foothold in the target network is established using sophisticated technical methods or social engineering techniques, such as spear phishing. Escalation of Privileges 3 Following initial penetration, hackers work to acquire more rights and gain control over additional systems - and install a “back door” that makes future access easier. Continuous Exploitation 4 Once control has been established, the assailant will be able to continuously identify, compromise and exploit sensitive data. And since the third and fourth stages often occur over a matter of years, detecting an APT can be incredibly difficult. Copyright © 2013 CA. All rights reserved. www.ca.com
A defense-in-depth strategy extends traditional perimeter and system security with identity and access management tools, providing protection against APTs across all four phases of the attack. Reconnaissance Initial Entry Perimeter security Server hardening Capture and review server and device audit logs Anti-virus Escalation of Continuous Privileges Exploitation Shared account management Least privilege access Session recording Unexpected andPhishing protection externalized security Virtualization security Employee education Identity management and governance Advanced authentication Data controls 07 Copyright © 2013 CA. All rights reserved. www.ca.com
CA Security defense-in-depth is the key to stopping APTs Successful protection against APTs should complement traditional perimeter and What’s needed, then, is “defense-in-depth,” a strategy that complements traditional security solutions with such identity and access management capabilities as: infrastructure security measures, so the organization is able to: • Make the initial penetration difficult • Reduce the potential for privilege escalation in the event an account is compromised • Limit the damage that can be done by a compromised account • Detect suspicious activity early in the intrusion attempt • Gather the information forensic investigators need to determine what damage occurred, when and by whom shared account management least privilege access session recording server hardening Centralized Web Security virtualization security identity management and governance advanced authentication data controls Copyright © 2013 CA. All rights reserved. www.ca.com
 Carefully protecting user identities is an essential step in minimizing the effectiveness of an APT attack. To this end, identity management and governance functionality must be able to:  Provision Identities and account based on strict security policies and approval process  De-provision and de-authorize identities as soon as an individual leaves the company  Find and remove orphaned, or unused, identities Identity Management and Governance
 Identity Administration and Provisioning – Automate the creation and management of user identities – And their access rights to applications and data – Delegate user administration – Manage entitlements – Provide user self service capabilities CA IdentityMinder 12 October 3, 2013 Security Management Copyright © 2008 CA. All rights reserved.
CA Identity Minder – How it works 1. Account, entitlement or password change requests sent either through automated feeds, requests from delegated administrators or users. 2. CA IdentityMinder initiates an approval workflow, determines impact to targets systems and initiates changes on impacted target systems 3. Changes to target systems are automatically executed 4. All changes are audited and reviewed by security and audit personnel CA Identity Lifecycle Management Copyright © 2009 CA Process Steps CA Role & Compliance Manager
Any server that hosts sensitive information must be configured in a way that protects it from being compromised by an APT. This should include:  Access should not be treated as an “all or nothing” decision. Instead, individuals should be given the credentials required to accomplish their assigned tasks. (least privelege access)  Limit the number of people who have access to privileged accounts by providing emergency account access (shared account management)  Tracking what actions are being performed by privileged accounts is a critical (session recording) Server Protection
 Using a firewall to control communications, restrict packets and block unsecure protocols  Employing application whitelisting to allow only explicitly specified executions and installations  Defining a specific set of actions for high-risk applications  Preventing changes to log files  Monitoring the integrity of key files  Controlling access to files and processes Server Protection (part 2)
CA Control Minder 16
 Access to privileged accounts is often “all or nothing”—an unnecessary security risk that leads to users with more privileges than they need.  Manage privileged user access after login. Control what access users have based on their individual identity, even when using a shared administrative account.  Reduces risk by providing administrators with only the minimum privileges they need to do their jobs. Fine-Grained Access Controls 17
Shared Account Password Management  Privileged accounts, such as ‘root’ on UNIX and ‘Administrator’ on Windows, are often shared, reducing accountability.  Control access to privileged, administrative accounts with password storage and automatic login capabilities. This is the starting point for most privileged identity  Reduces the risk of unauthorized users gaining access to privileged accounts. Prevents password sharing. 18
 Track all user actions to determine what occurred and “who did what” in an investigation. Not all user activities are recorded and many applications do not produce logs, reducing accountability and making forensic investigations difficult.  Makes it simple to find out “who did what” in a forensic investigation, using an understandable video instead of searching through incomprehensible log files. User Activity Reporting / Video Session Recording 19
 Managing user accounts and access on individual UNIX and Linux servers is an administrative burden that can lead to errors and oversights.  Authenticate users on UNIX and Linux systems to Microsoft Active Directory.  Automatic user login for Unix/linux  Integration with Windows Event Log UNIX Authentication Bridging 20
 Virtualization adds a new infrastructure layer that must be secured—the hypervisor.  Manage privileged users on VMware, while providing virtualization-aware automation of security controls on virtual machines. Virtualization adds a new infrastructure layer that must be secured—the hypervisor. 21
Two-factor authentication and risk-based evaluations help to protect against the initial penetration of an APT by denying or detecting inappropriate access attempts. To be as effective as possible, advanced authentication capabilities should include: • Software-based, two-factor credentials that vary by device • Versatile authentication methods that can be matched to a specific scenario • Rules that adjust to protect against different APT tactics • Device identification, geo-location, IP blacklisting and case management for suspicious activities • The ability to step up authentication when stronger identity assurance is required Advanced Authentication and Centralized Web Access 22 Copyright © 2013 CA. All rights reserved. www.ca.com
Application Layer User Store Operating System Security Layer  High security administration costs  Expensive coding and maintenance  Poor user experience  No centralized security enforcement  No standardized security process  No central auditing capability EmployeesEmployees Administrators PartnersExecutives Customers End Users Web security administration the current state 23 CA Solutions for Web Access Security Overview Copyright © 2012 CA. All rights reserved. Intranet JDoe Active Directory E-Commerce John Doe A23JJ4 LDAP SCM JD456912 Oracle OID ERP / HR PKI Cert Oracle RDBMS Portal John Doe SQL 2008 Partner Extranet Johnd SunONE LDAP CMS John_D Siemens DirX
 Reduced security administration costs  Minimized coding and maintenance  Much improved user experience  Centralized security enforcement  Standardized security process  Unified central auditing CA SiteMinder Cloud/Outsourced services Standards based Federation Centralized Administration of Web access with CA SiteMinder 24 CA Solutions for Web Access Security Overview Copyright © 2012 CA. All rights reserved. Siemens DirX Oracle OID SunONE LDAP Oracle RDBMS Active Directory SQL 2008LDAP Application Layer User Store Operating System Security Layer Intranet E-Commerce Portal ERP / HR CMS Partner Extranet SCM EmployeesEmployees Administrators PartnersExecutives Customers End Users
 Restrict access by user, role, groups, dynamic groups, or exclusions  Fine-grained authorization at the file, page, or object level  Determine access based on location, time, & authentication context  Send static, dynamic (SQL queries), or profile attributes in responses  Redirect users based on type of authentication or authorization failure policy-based authorization 25 Copyright © 2013 CA. All rights reserved. SITEMINDER RESPONSE CUSTOMIP ADDRESSTIMEUSER IDENTITY OR ROLE SITEMINDER RULE SITEMINDER VARIABLES What? Who? Optional Conditions Action Action that Results from Processing External Factors Network Restriction Time Restriction Is the User Included or Excluded? Describes the Resource Being Accessed Request Characteristics SiteMinder Policy
Authentication Management Broad Support for Authentication Systems & Technologies Methods  Passwords  Two factor tokens  X.509 certificates  Passwords over SSL  Smart cards  SAML & WS-Federation/ADFS  Combination of methods  Forms-based  Custom methods  Full CRL & OCSP support  Biometric devices Management  Authentication Levels  Type of authentication for given application  Directory chaining  Configured fallbacks to other authentication schemes  SSO Zones
Web access control and advanced authentication Capabilities 1. Authentication 2. Single sign-on 3. Policy-based authorization 4. Auditing and reporting 5. Web service security 6. Identity federation Customer Citizen Employee Partner Websites Back-end Transactions Audit Logs Partner Website 1 2 3 4 5 6 Benefits  Improved user experience  Reduced risk  Greater administrative efficiency  Increased agility
Since the end goal of any APT is to steal sensitive information, having firm control over this data is a core component of a successful defense. To safeguard these assets, data must be: • Classified according to sensitivity and type - at access, in use, in motion,at rest, etc. • Controlled as it is transferred between sources, such as email and physical drives Information Control 28 Copyright © 2013 CA. All rights reserved. www.ca.com
Data Loss Prevention 29 Copyright © 2013 CA. All rights reserved. www.ca.com
Identity Aware Policies 30 Copyright © 2013 CA. All rights reserved.
a holistic approach to security reduces risk The concept of defense-in-depth is an essential component of any proactive, holistic APT protection strategy. The techniques supporting this approach work in concert to enable you to build and apply a security model that allows or denies actions based on business rules, data sensitivity and specific types of behavior. Because this model can be applied uniformly across platforms and separated from operating system security, it provides an effective means of preventing and detecting APTs. As such, defense in-depth helps your organization stay one step ahead of APTs and reduce the effects such an attack can have on the business and its employees, customers and partners.
about the solutions from CA Technologies CA security solutions are comprised of a broad, comprehensive and integrated suite of capabilities that simplifies operations and reduces the total cost of management across cloud, on-premise, virtual, physical, distributed and mainframe environments - helping you significantly increase business agility. Unlike traditional solutions, the CA suite controls not only user identities and the availability of critical IT resources, but also access to sensitive information assets. This provides more layers of security than conventional solutions - and helps to reduce the risk of breaches, minimize information loss and simplify compliance audits. These offerings are complemented by a range of cloud-based identity services, which give you the flexibility to deploy security services how and when you choose, so you can adopt cloud or hybrid models in a way that fits your unique needs. The CA Identity and Access Management suite covers the following areas: • Identity Management and Governance • Privileged Identity Management and Virtualization Security • Advanced Authentication • Data Protection • Cloud Security • Secure Single Sign-On and Access Management 13
Company Introduction Market Entry •April 27, 2005 in Bucharest, Romania Strategic Positioning • Leading provider of IT Management & Security and Business Solutions International Positioning Representative offices in: •Bucharest, Romania •Belgrade, Serbia •Sofia, Bulgaria •Chisinau, Republic of Moldova Main Markets •Europe and Middle East Registration Number J40/7907/2005 VAT Number RO 17534593 Facts •25 highly qualified IT specialists with more than 150 certifications •Experience in large projects implementation •More than 60 clients in 9 countries over the years
Republic of Moldova Greece Bulgaria Turkey Romania Serbia References (1) Banking
Telecom Romania Grecia Industry Romania Serbia Greece References (2)
Government & Public Administration Republic of Moldova Bulgaria Saudi Arabia Cyprus Romania Serbia Insurance Romania References (3)
questions & answers

Empfohlen

System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security TrainingBryan Len
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 

Empfohlen

System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security TrainingBryan Len
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)S.E. CTS CERT-GOV-MD
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)S.E. CTS CERT-GOV-MD
 

Weitere ähnliche Inhalte

Was ist angesagt?

National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

Was ist angesagt? (20)

National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 

Andere mochten auch

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Den Reymer
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Den Reymer
 

Andere mochten auch (7)

Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - Vasu
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017
 

Ähnlich wie Solvit identity is the new perimeter

Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliJürgen Ambrosi
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertChapter247 Infotech
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptxMiteshVyas16
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 

Ähnlich wie Solvit identity is the new perimeter (20)

Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentali
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expert
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Is4560
Is4560Is4560
Is4560
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
VISULOX-Summary-SN
VISULOX-Summary-SNVISULOX-Summary-SN
VISULOX-Summary-SN
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls Paper
 

Mehr von S.E. CTS CERT-GOV-MD

Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiS.E. CTS CERT-GOV-MD
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)S.E. CTS CERT-GOV-MD
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesS.E. CTS CERT-GOV-MD
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională deS.E. CTS CERT-GOV-MD
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrS.E. CTS CERT-GOV-MD
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIS.E. CTS CERT-GOV-MD
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?S.E. CTS CERT-GOV-MD
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesS.E. CTS CERT-GOV-MD
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesS.E. CTS CERT-GOV-MD
 

Mehr von S.E. CTS CERT-GOV-MD (14)

Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Kürzlich hochgeladen

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Kürzlich hochgeladen (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Solvit identity is the new perimeter

  • 1. Identity is the ‘New’ Perimeter Technical Director, SolvIT Networks cristi.iliescu@solvit.ro Cristi Iliescu
  • 2.  Short overview on security evolution  Current trends and challenges  Pragmatic solutions for security implementation  SolvIT and CA Technologies short overview AGENDA 2 Copyright © 2013 CA. All rights reserved.
  • 3. 1st Generation Gates, Guns, Guards Management Time 2nd Generation Reactive Security 3rd Generation Security as an Enabler 4th Generation Proactive Security and Accountability Evolution of Security Copyright © 2013 CA. All rights reserved. www.ca.com USER 5th Generation IT Service Security
  • 4. CLOUD COMPUTING SOCIAL NETWORK BIG DATA ANALYTICS MOBILE DEVICE INTERNET OF THINGS Blurring of work & personal brought on by Consumerization of IT Trends impacting security 4 Copyright © 2013 CA. All rights reserved. www.ca.com Externalization of the business Sensitive data and applications – accessible anytime, anywhere Loss of Identity Control Loss of Data Control
  • 5. Traditional Enterprise with Network Perimeter 5 Copyright © 2013 CA. All rights reserved. www.ca.com Cloud Apps/Platforms & Web Services SaaS Enterprise Apps On Premise Mobile employee Customer Partner User Internal Employee …and remote employees …and cloud applications …and external users VPN Network Perimeter GOOGLE
  • 6. Traditional Enterprise with Network Perimeter 6 Copyright © 2013 CA. All rights reserved. www.ca.com Cloud Apps/Platforms & Web Services SaaS Enterprise Apps On Premise Mobile employee Customer Partner User Internal Employee …and remote employees …and cloud applications …and external users Network Perimeter is gone! GOOGLE
  • 7. security threats as we know them are changing The traditional dangers IT security teams have been facing - and overcoming - for years are being replaced by a far more hazardous, advanced form of attacks: Advanced Persistent Threats The financial impact of a threat cannot be underestimated. RSA SecurID Hack In 2011, an APT compromised the systems containing information about RSA SecurID two-factor authentication tokens, including the values the company uses to generate one- time passwords.1 Operation Aurora Hackers stole sensitive intellectual property, including source code, from Google, Adobe, and other high-profile companies using highly sophisticated, well-coordinated techniques.2
  • 8. how an Advanced Persistent Threat works Nearly every APT follows four phases: Reconnaissance 1 An investigation into the organization’s weaknesses, which often includes domain queries and port and vulnerability scans. Initial Entry 2 Discovered exposures are exploited and a foothold in the target network is established using sophisticated technical methods or social engineering techniques, such as spear phishing. Escalation of Privileges 3 Following initial penetration, hackers work to acquire more rights and gain control over additional systems - and install a “back door” that makes future access easier. Continuous Exploitation 4 Once control has been established, the assailant will be able to continuously identify, compromise and exploit sensitive data. And since the third and fourth stages often occur over a matter of years, detecting an APT can be incredibly difficult. Copyright © 2013 CA. All rights reserved. www.ca.com
  • 9. A defense-in-depth strategy extends traditional perimeter and system security with identity and access management tools, providing protection against APTs across all four phases of the attack. Reconnaissance Initial Entry Perimeter security Server hardening Capture and review server and device audit logs Anti-virus Escalation of Continuous Privileges Exploitation Shared account management Least privilege access Session recording Unexpected andPhishing protection externalized security Virtualization security Employee education Identity management and governance Advanced authentication Data controls 07 Copyright © 2013 CA. All rights reserved. www.ca.com
  • 10. CA Security defense-in-depth is the key to stopping APTs Successful protection against APTs should complement traditional perimeter and What’s needed, then, is “defense-in-depth,” a strategy that complements traditional security solutions with such identity and access management capabilities as: infrastructure security measures, so the organization is able to: • Make the initial penetration difficult • Reduce the potential for privilege escalation in the event an account is compromised • Limit the damage that can be done by a compromised account • Detect suspicious activity early in the intrusion attempt • Gather the information forensic investigators need to determine what damage occurred, when and by whom shared account management least privilege access session recording server hardening Centralized Web Security virtualization security identity management and governance advanced authentication data controls Copyright © 2013 CA. All rights reserved. www.ca.com
  • 11.  Carefully protecting user identities is an essential step in minimizing the effectiveness of an APT attack. To this end, identity management and governance functionality must be able to:  Provision Identities and account based on strict security policies and approval process  De-provision and de-authorize identities as soon as an individual leaves the company  Find and remove orphaned, or unused, identities Identity Management and Governance
  • 12.  Identity Administration and Provisioning – Automate the creation and management of user identities – And their access rights to applications and data – Delegate user administration – Manage entitlements – Provide user self service capabilities CA IdentityMinder 12 October 3, 2013 Security Management Copyright © 2008 CA. All rights reserved.
  • 13. CA Identity Minder – How it works 1. Account, entitlement or password change requests sent either through automated feeds, requests from delegated administrators or users. 2. CA IdentityMinder initiates an approval workflow, determines impact to targets systems and initiates changes on impacted target systems 3. Changes to target systems are automatically executed 4. All changes are audited and reviewed by security and audit personnel CA Identity Lifecycle Management Copyright © 2009 CA Process Steps CA Role & Compliance Manager
  • 14. Any server that hosts sensitive information must be configured in a way that protects it from being compromised by an APT. This should include:  Access should not be treated as an “all or nothing” decision. Instead, individuals should be given the credentials required to accomplish their assigned tasks. (least privelege access)  Limit the number of people who have access to privileged accounts by providing emergency account access (shared account management)  Tracking what actions are being performed by privileged accounts is a critical (session recording) Server Protection
  • 15.  Using a firewall to control communications, restrict packets and block unsecure protocols  Employing application whitelisting to allow only explicitly specified executions and installations  Defining a specific set of actions for high-risk applications  Preventing changes to log files  Monitoring the integrity of key files  Controlling access to files and processes Server Protection (part 2)
  • 17.  Access to privileged accounts is often “all or nothing”—an unnecessary security risk that leads to users with more privileges than they need.  Manage privileged user access after login. Control what access users have based on their individual identity, even when using a shared administrative account.  Reduces risk by providing administrators with only the minimum privileges they need to do their jobs. Fine-Grained Access Controls 17
  • 18. Shared Account Password Management  Privileged accounts, such as ‘root’ on UNIX and ‘Administrator’ on Windows, are often shared, reducing accountability.  Control access to privileged, administrative accounts with password storage and automatic login capabilities. This is the starting point for most privileged identity  Reduces the risk of unauthorized users gaining access to privileged accounts. Prevents password sharing. 18
  • 19.  Track all user actions to determine what occurred and “who did what” in an investigation. Not all user activities are recorded and many applications do not produce logs, reducing accountability and making forensic investigations difficult.  Makes it simple to find out “who did what” in a forensic investigation, using an understandable video instead of searching through incomprehensible log files. User Activity Reporting / Video Session Recording 19
  • 20.  Managing user accounts and access on individual UNIX and Linux servers is an administrative burden that can lead to errors and oversights.  Authenticate users on UNIX and Linux systems to Microsoft Active Directory.  Automatic user login for Unix/linux  Integration with Windows Event Log UNIX Authentication Bridging 20
  • 21.  Virtualization adds a new infrastructure layer that must be secured—the hypervisor.  Manage privileged users on VMware, while providing virtualization-aware automation of security controls on virtual machines. Virtualization adds a new infrastructure layer that must be secured—the hypervisor. 21
  • 22. Two-factor authentication and risk-based evaluations help to protect against the initial penetration of an APT by denying or detecting inappropriate access attempts. To be as effective as possible, advanced authentication capabilities should include: • Software-based, two-factor credentials that vary by device • Versatile authentication methods that can be matched to a specific scenario • Rules that adjust to protect against different APT tactics • Device identification, geo-location, IP blacklisting and case management for suspicious activities • The ability to step up authentication when stronger identity assurance is required Advanced Authentication and Centralized Web Access 22 Copyright © 2013 CA. All rights reserved. www.ca.com
  • 23. Application Layer User Store Operating System Security Layer  High security administration costs  Expensive coding and maintenance  Poor user experience  No centralized security enforcement  No standardized security process  No central auditing capability EmployeesEmployees Administrators PartnersExecutives Customers End Users Web security administration the current state 23 CA Solutions for Web Access Security Overview Copyright © 2012 CA. All rights reserved. Intranet JDoe Active Directory E-Commerce John Doe A23JJ4 LDAP SCM JD456912 Oracle OID ERP / HR PKI Cert Oracle RDBMS Portal John Doe SQL 2008 Partner Extranet Johnd SunONE LDAP CMS John_D Siemens DirX
  • 24.  Reduced security administration costs  Minimized coding and maintenance  Much improved user experience  Centralized security enforcement  Standardized security process  Unified central auditing CA SiteMinder Cloud/Outsourced services Standards based Federation Centralized Administration of Web access with CA SiteMinder 24 CA Solutions for Web Access Security Overview Copyright © 2012 CA. All rights reserved. Siemens DirX Oracle OID SunONE LDAP Oracle RDBMS Active Directory SQL 2008LDAP Application Layer User Store Operating System Security Layer Intranet E-Commerce Portal ERP / HR CMS Partner Extranet SCM EmployeesEmployees Administrators PartnersExecutives Customers End Users
  • 25.  Restrict access by user, role, groups, dynamic groups, or exclusions  Fine-grained authorization at the file, page, or object level  Determine access based on location, time, & authentication context  Send static, dynamic (SQL queries), or profile attributes in responses  Redirect users based on type of authentication or authorization failure policy-based authorization 25 Copyright © 2013 CA. All rights reserved. SITEMINDER RESPONSE CUSTOMIP ADDRESSTIMEUSER IDENTITY OR ROLE SITEMINDER RULE SITEMINDER VARIABLES What? Who? Optional Conditions Action Action that Results from Processing External Factors Network Restriction Time Restriction Is the User Included or Excluded? Describes the Resource Being Accessed Request Characteristics SiteMinder Policy
  • 26. Authentication Management Broad Support for Authentication Systems & Technologies Methods  Passwords  Two factor tokens  X.509 certificates  Passwords over SSL  Smart cards  SAML & WS-Federation/ADFS  Combination of methods  Forms-based  Custom methods  Full CRL & OCSP support  Biometric devices Management  Authentication Levels  Type of authentication for given application  Directory chaining  Configured fallbacks to other authentication schemes  SSO Zones
  • 27. Web access control and advanced authentication Capabilities 1. Authentication 2. Single sign-on 3. Policy-based authorization 4. Auditing and reporting 5. Web service security 6. Identity federation Customer Citizen Employee Partner Websites Back-end Transactions Audit Logs Partner Website 1 2 3 4 5 6 Benefits  Improved user experience  Reduced risk  Greater administrative efficiency  Increased agility
  • 28. Since the end goal of any APT is to steal sensitive information, having firm control over this data is a core component of a successful defense. To safeguard these assets, data must be: • Classified according to sensitivity and type - at access, in use, in motion,at rest, etc. • Controlled as it is transferred between sources, such as email and physical drives Information Control 28 Copyright © 2013 CA. All rights reserved. www.ca.com
  • 29. Data Loss Prevention 29 Copyright © 2013 CA. All rights reserved. www.ca.com
  • 30. Identity Aware Policies 30 Copyright © 2013 CA. All rights reserved.
  • 31. a holistic approach to security reduces risk The concept of defense-in-depth is an essential component of any proactive, holistic APT protection strategy. The techniques supporting this approach work in concert to enable you to build and apply a security model that allows or denies actions based on business rules, data sensitivity and specific types of behavior. Because this model can be applied uniformly across platforms and separated from operating system security, it provides an effective means of preventing and detecting APTs. As such, defense in-depth helps your organization stay one step ahead of APTs and reduce the effects such an attack can have on the business and its employees, customers and partners.
  • 32. about the solutions from CA Technologies CA security solutions are comprised of a broad, comprehensive and integrated suite of capabilities that simplifies operations and reduces the total cost of management across cloud, on-premise, virtual, physical, distributed and mainframe environments - helping you significantly increase business agility. Unlike traditional solutions, the CA suite controls not only user identities and the availability of critical IT resources, but also access to sensitive information assets. This provides more layers of security than conventional solutions - and helps to reduce the risk of breaches, minimize information loss and simplify compliance audits. These offerings are complemented by a range of cloud-based identity services, which give you the flexibility to deploy security services how and when you choose, so you can adopt cloud or hybrid models in a way that fits your unique needs. The CA Identity and Access Management suite covers the following areas: • Identity Management and Governance • Privileged Identity Management and Virtualization Security • Advanced Authentication • Data Protection • Cloud Security • Secure Single Sign-On and Access Management 13
  • 33. Company Introduction Market Entry •April 27, 2005 in Bucharest, Romania Strategic Positioning • Leading provider of IT Management & Security and Business Solutions International Positioning Representative offices in: •Bucharest, Romania •Belgrade, Serbia •Sofia, Bulgaria •Chisinau, Republic of Moldova Main Markets •Europe and Middle East Registration Number J40/7907/2005 VAT Number RO 17534593 Facts •25 highly qualified IT specialists with more than 150 certifications •Experience in large projects implementation •More than 60 clients in 9 countries over the years
  • 36. Government & Public Administration Republic of Moldova Bulgaria Saudi Arabia Cyprus Romania Serbia Insurance Romania References (3)