7. security threats as we know
them are changing
The traditional dangers IT security teams have been facing - and
overcoming - for years are being replaced by a far more hazardous,
advanced form of attacks: Advanced Persistent Threats
The financial impact
of a threat cannot be
underestimated.
RSA SecurID Hack
In 2011, an APT compromised
the systems containing
information about RSA SecurID
two-factor authentication
tokens, including the values the
company uses to generate one-
time passwords.1
Operation Aurora
Hackers stole sensitive
intellectual property, including
source code, from Google,
Adobe, and other high-profile
companies using highly
sophisticated, well-coordinated
techniques.2
11. Carefully protecting user identities is an essential step in
minimizing the effectiveness of an APT attack. To this end,
identity management and governance functionality must be able
to:
Provision Identities and account based on strict security policies
and approval process
De-provision and de-authorize identities as soon as an individual
leaves the company
Find and remove orphaned, or unused, identities
Identity Management and Governance
14. Any server that hosts sensitive information must be configured in a
way that protects it from being compromised by an APT. This should
include:
Access should not be treated as an “all or nothing” decision. Instead,
individuals should be given the credentials required to accomplish their
assigned tasks. (least privelege access)
Limit the number of people who have access to privileged accounts by
providing emergency account access (shared account management)
Tracking what actions are being performed by privileged accounts is a
critical (session recording)
Server Protection
15. Using a firewall to control communications, restrict packets and block
unsecure protocols
Employing application whitelisting to allow only explicitly specified
executions and installations
Defining a specific set of actions for high-risk applications
Preventing changes to log files
Monitoring the integrity of key files
Controlling access to files and processes
Server Protection (part 2)
17. Access to privileged accounts is often “all or nothing”—an
unnecessary security risk that leads to users with more
privileges than they need.
Manage privileged user access after login. Control what
access users have based on their individual identity, even
when using a shared administrative account.
Reduces risk by providing administrators with only the
minimum privileges they need to do their jobs.
Fine-Grained Access Controls
17
18. Shared Account Password Management
Privileged accounts, such as ‘root’ on
UNIX and ‘Administrator’ on Windows,
are often shared, reducing
accountability.
Control access to privileged,
administrative accounts with password
storage and automatic login capabilities.
This is the starting point for most
privileged identity
Reduces the risk of unauthorized users
gaining access to privileged accounts.
Prevents password sharing.
18
19. Track all user actions to determine what occurred and “who did what” in an investigation. Not all
user activities are recorded and many applications do not produce logs, reducing accountability and
making forensic investigations difficult.
Makes it simple to find out “who did what” in a forensic investigation, using an
understandable video instead of searching through incomprehensible log files.
User Activity Reporting / Video Session Recording
19
20. Managing user accounts and access on individual UNIX and
Linux servers is an administrative burden that can lead to
errors and oversights.
Authenticate users on UNIX and Linux systems to Microsoft
Active Directory.
Automatic user login for Unix/linux
Integration with Windows Event Log
UNIX Authentication Bridging
20
21. Virtualization adds a new infrastructure layer that must be
secured—the hypervisor.
Manage privileged users on VMware, while providing
virtualization-aware automation of security controls on
virtual machines.
Virtualization adds a new infrastructure layer that must be
secured—the hypervisor.
21
26. Authentication Management
Broad Support for Authentication Systems & Technologies
Methods
Passwords
Two factor tokens
X.509 certificates
Passwords over SSL
Smart cards
SAML & WS-Federation/ADFS
Combination of methods
Forms-based
Custom methods
Full CRL & OCSP support
Biometric devices
Management
Authentication Levels
Type of authentication for given application
Directory chaining
Configured fallbacks to other authentication schemes
SSO Zones
27. Web access control and advanced
authentication
Capabilities
1. Authentication
2. Single sign-on
3. Policy-based authorization
4. Auditing and reporting
5. Web service security
6. Identity federation
Customer
Citizen
Employee
Partner
Websites
Back-end
Transactions
Audit Logs Partner Website
1
2
3
4
5
6
Benefits
Improved user experience
Reduced risk
Greater administrative efficiency
Increased agility
31. a holistic approach to security reduces risk
The concept of defense-in-depth is an essential component of any proactive, holistic APT
protection strategy. The techniques supporting this approach work in concert to enable
you to build and apply a security model that allows or denies actions based on business
rules, data sensitivity and specific types of behavior.
Because this model can be applied uniformly across platforms and separated from
operating system security, it provides an effective means of preventing and detecting
APTs. As such, defense in-depth helps your organization stay one step ahead of APTs and
reduce the effects such an attack can have on the business and its employees, customers
and partners.
32. about the solutions
from CA Technologies
CA security solutions are comprised of a broad, comprehensive and
integrated suite of capabilities that simplifies operations and reduces the
total cost of management across cloud, on-premise, virtual, physical,
distributed and mainframe environments - helping you significantly
increase business agility.
Unlike traditional solutions, the CA suite controls not only user identities
and the availability of critical IT resources, but also access to sensitive
information assets. This provides more layers of security than conventional
solutions - and helps to reduce the risk of breaches, minimize information
loss and simplify compliance audits.
These offerings are complemented by a range of cloud-based identity
services, which give you the flexibility to deploy security services how and
when you choose, so you can adopt cloud or hybrid models in a way that
fits your unique needs.
The CA Identity and Access Management suite covers the following areas:
• Identity Management and Governance
• Privileged Identity Management and Virtualization Security
• Advanced Authentication
• Data Protection
• Cloud Security
• Secure Single Sign-On and Access Management
13
33. Company Introduction
Market Entry
•April 27, 2005 in Bucharest, Romania
Strategic Positioning
• Leading provider of IT Management & Security
and Business Solutions
International Positioning
Representative offices in:
•Bucharest, Romania
•Belgrade, Serbia
•Sofia, Bulgaria
•Chisinau, Republic of Moldova
Main Markets
•Europe and Middle East
Registration Number J40/7907/2005
VAT Number RO 17534593
Facts
•25 highly qualified IT specialists with more than
150 certifications
•Experience in large projects implementation
•More than 60 clients in 9 countries over the years