SlideShare ist ein Scribd-Unternehmen logo
1 von 37
Downloaden Sie, um offline zu lesen
From	
  Governance	
  to	
  
Virtualiza2on:	
  
The	
  Expanding	
  Arena	
  of	
  
Privileged	
  Iden2ty	
  Management	
  
Russell	
  Miller	
  
Director,	
  Solu0ons	
  Marke0ng	
  
2	
  
Agenda	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
è  The	
  Challenge	
  of	
  Privileged	
  Iden22es	
  
è  The	
  State	
  of	
  Virtualiza2on	
  Security	
  
è  Privileged	
  Iden2ty	
  Governance	
  
è  Social	
  Media	
  
è  Q&A	
  
Edward	
  Snowden	
  was	
  a	
  privileged	
  user	
  on	
  key	
  NSA	
  
systems	
  
	
  
“When	
  you’re	
  in	
  posi2ons	
  of	
  
privileged	
  access,	
  like	
  a	
  systems	
  
administrator	
  for	
  these	
  sort	
  of	
  
intelligence	
  community	
  agencies,	
  
you’re	
  exposed	
  to	
  a	
  lot	
  more	
  
informa2on	
  on	
  a	
  broader	
  scale	
  
than	
  the	
  average	
  employee.”	
  	
  
-­‐	
  Edward	
  Snowden	
  
Source:	
  hSp://www.guardian.co.uk/world/2013/jun/09/edward-­‐snowden-­‐nsa-­‐whistleblower-­‐surveillance?guni=Network%20front:network-­‐front%20full-­‐
width-­‐1%20bento-­‐box:Bento%20box:Posi2on1	
  
3	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Privileged	
  iden00es	
  pose	
  a	
  par0cularly	
  significant	
  threat	
  to	
  
network	
  and	
  data	
  security	
  
All-­‐Powerful	
  
Access	
  
Lack	
  of	
  
Accountability	
  
Risk	
  
§  Unrestricted	
  
“root”	
  or	
  
“Administrator”	
  
access	
  
§  No	
  segrega2on	
  
of	
  du2es	
  
§  Use	
  of	
  shared	
  
accounts	
  
§  Poor	
  log	
  integrity	
  
and	
  quality	
  
Virtualiza0on	
  magnifies	
  these	
  challenges!	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  4	
  
The	
  Problem	
  With	
  Privileged	
  Iden00es	
  
There	
  are	
  three	
  types	
  of	
  insider	
  threats	
  and	
  two	
  primary	
  
principles	
  to	
  apply	
  to	
  mi0gate	
  the	
  risk	
  
§  Deter	
  malicious	
  
insiders	
  
§  Trace	
  ac0ons	
  to	
  
individuals	
  
§ Limit	
  damage	
  done	
  
by	
  a	
  malicious	
  or	
  
exploited	
  insider	
  
§ “Stop	
  Stupid!”	
  
Implement	
  
Least	
  Privilege	
  
Access	
  
Ensure	
  
Accountability	
  
Types	
  of	
  
Insider	
  Threats	
  
Exploited	
  
Insiders	
  
Malicious	
  
Insiders	
  
Careless	
  
Insiders	
  
?	
  
Ac0ons	
  to	
  Take	
  
5	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
There	
  are	
  many	
  real-­‐world	
  –	
  and	
  public	
  –	
  examples	
  of	
  
insiders	
  causing	
  significant	
  damage	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  6	
  
hSp://www.wired.com/threatlevel/2008/07/sf-­‐city-­‐charged/	
  
hSp://www.theregister.co.uk/2011/02/28/bri2sh_airlines_it_expert_convicted/	
  
hSp://www.darkreading.com/security/news/212903570/it-­‐worker-­‐indicted-­‐for-­‐sefng-­‐malware-­‐bomb-­‐at-­‐fannie-­‐mae.html	
  
hSp://www.darkreading.com/authen2ca2on/167901072/security/security-­‐management/229100384/a-­‐glaring-­‐lesson-­‐in-­‐shared-­‐passwords.html	
  
hSp://www.infosecurity-­‐magazine.com/view/18237/insider-­‐data-­‐breach-­‐costs-­‐bank-­‐of-­‐america-­‐over-­‐10-­‐million-­‐says-­‐secret-­‐service/	
  
hSp://www.eweek.com/security-­‐watch/former-­‐gucci-­‐employee-­‐indicted-­‐for-­‐it-­‐rampage.html	
  
hSp://www.darkreading.com/security/news/223800029/ex-­‐tsa-­‐employee-­‐indicted-­‐for-­‐tampering-­‐with-­‐database-­‐of-­‐terrorist-­‐suspects.html	
  
The	
  stages	
  of	
  an	
  external	
  aPack	
  
§  Basic	
  research	
  
§  Domain	
  
queries	
  
§  Port	
  scans	
  
§  Vulnerability	
  
scans	
  
§  “Spear	
  
Phishing”	
  
§  Social	
  
Engineering	
  
§  Zero	
  day	
  
vulnerability	
  
exploita0on	
  
§  OS	
  &	
  
applica0on	
  
vulnerability	
  
exploita0on	
  
§  Administra0ve	
  
access	
  
§  Compromise	
  of	
  
new	
  systems	
  
§  Con0nuous	
  
export	
  of	
  
sensi0ve	
  data	
  
§  Effect	
  service	
  
availability	
  
§  Covering	
  of	
  
tracks	
  
§  Rootkits	
  
Reconnaissance	
   Ini0al	
  Entry	
  
Escala0on	
  of	
  
Privileges	
  
Con0nuous	
  
Exploita0on	
  
Stages	
  of	
  an	
  External	
  APack	
  
7	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Tradi0onal	
  perimeter	
  and	
  infrastructure	
  security	
  
capabili0es	
  only	
  address	
  part	
  of	
  the	
  problem!	
  
Perimeter	
  security	
  
An0-­‐virus	
  
Phishing	
  protec0on	
  
Server	
  hardening	
  
Capture	
  and	
  review	
  server	
  and	
  device	
  audit	
  logs	
  
Reconnaissance	
   Ini0al	
  Entry	
  
Escala0on	
  of	
  
Privileges	
  
Con0nuous	
  
Exploita0on	
  
8	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Stages	
  of	
  an	
  External	
  APack	
  
Content-­‐aware	
  iden0ty	
  &	
  access	
  management	
  bolster	
  an	
  
APT	
  defense!	
  
Log	
  and	
  audit	
  privileged	
  user	
  ac0vity	
  
Perimeter	
  security	
  
Least	
  privilege	
  access	
  
An0-­‐virus	
  
Phishing	
  protec0on	
  
Employee	
  educa0on	
  
Virtualiza0on	
  security	
  
Externalized/	
  
unexpected	
  security	
  
Server	
  hardening	
  
Shared	
  account	
  management	
  
Capture	
  and	
  review	
  server	
  and	
  device	
  audit	
  logs	
  
Data	
  controls	
  &	
  analysis	
  
Advanced	
  authen0ca0on	
  &	
  fraud	
  preven0on	
  
Iden0ty	
  &	
  Access	
  Governance	
  
Capabili0es	
  of	
  CA	
  Security	
  
Reconnaissance	
   Ini0al	
  Entry	
  
Escala0on	
  of	
  
Privileges	
  
Con0nuous	
  
Exploita0on	
  
9	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Stages	
  of	
  an	
  External	
  APack	
  
Effec0ve	
  Privileged	
  Iden0ty	
  Management	
  requires	
  a	
  
comprehensive	
  solu0on	
  
Privileged	
  
Iden0ty	
  
Management	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  10	
  
Hypervisor	
  
VM	
   VM	
   VM	
  
Shared	
  Account	
  
Management	
  
Fine-­‐
Grained	
  
Access	
  
Controls	
  
User	
  Ac2vity	
  
Repor2ng	
  /	
  
Session	
  Recording	
  
UNIX	
  
Authen2ca2on	
  
Bridging	
  
Virtualiza2on	
  
Security	
  
11	
  
Agenda	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
è  The	
  Challenge	
  of	
  Privileged	
  Iden22es	
  
è  The	
  State	
  of	
  Virtualiza2on	
  Security	
  
è  Privileged	
  Iden2ty	
  Governance	
  
è  Social	
  Media	
  
è  Q&A	
  
Jason	
  Cornish,	
  former	
  Shionogi	
  Pharma	
  IT	
  Staffer	
  
Pled	
  guilty	
  to	
  Feb	
  ‘11	
  computer	
  intrusion	
  
A	
  recent	
  incident	
  demonstrates	
  the	
  real-­‐world	
  poten0al	
  
for	
  damage	
  in	
  a	
  virtual	
  environment	
  
–  Wiped	
  out	
  88	
  virtual	
  servers	
  	
  
on	
  15	
  VMware	
  hosts:	
  email,	
  	
  
order	
  tracking,	
  financial,	
  	
  
&	
  other	
  services	
  
–  Shionogi’s	
  opera2ons	
  frozen	
  for	
  days	
  
§  unable	
  to	
  ship	
  product	
  
§  unable	
  to	
  issue	
  checks	
  
§  unable	
  to	
  send	
  email	
  
All	
  of	
  this	
  was	
  accomplished	
  from	
  a	
  McDonald’s	
  
12	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Virtualiza0on	
  has	
  many	
  clear	
  benefits,	
  but	
  also	
  many	
  
o[en-­‐ignored	
  risks	
  
Capital	
  and	
  opera2onal	
  cost	
  savings	
  
Great	
  availability	
  /	
  recovery	
  
Ease	
  of	
  disaster	
  recovery	
  
Hardware	
  independence	
  
Improved	
  service	
  levels	
  
New	
  class	
  of	
  privileged	
  iden22es	
  on	
  the	
  
hypervisor	
  
Greater	
  impact	
  of	
  aSack	
  or	
  
misconfigura2on	
  
New	
  compliance	
  requirements	
  
Dynamic	
  environment	
  leads	
  to	
  oversights	
  
Easy	
  copying	
  of	
  virtual	
  machines	
  
Virtual	
  Sprawl	
  
Posi0ves	
   Nega0ves/Risks	
  
What	
  happens	
  when	
  an	
  
organiza0on	
  goes	
  virtual?	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  13	
  
New	
  class	
  of	
  privileged	
  iden00es	
  on	
  the	
  hypervisor	
  
14	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Greater	
  impact	
  of	
  aPack	
  or	
  misconfigura0on	
  
15	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
New	
  compliance	
  requirements	
  
NIST	
  SP	
  800-­‐125:	
  Guide	
  to	
  Security	
  
for	
  Full	
  Virtualiza0on	
  Technologies	
  	
  
Payment	
  Card	
  Industry	
  (PCI)	
  PCI-­‐DSS	
  
2.0,	
  Virtualiza0on	
  Guidelines	
  
16	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Dynamic	
  environment	
  can	
  lead	
  to	
  oversights	
  
17	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Copying	
  a	
  virtual	
  machine	
  image	
  is	
  equivalent	
  to	
  stealing	
  a	
  
server	
  from	
  a	
  datacenter	
  
18	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Virtual	
  Sprawl	
  
19	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Securing	
  virtual	
  environments	
  requires	
  “the	
  
fundamentals”	
  as	
  well	
  as	
  a	
  game-­‐changing	
  capability	
  
Least	
  Privilege	
  
Access	
  
Infrastructure	
  
Hardening	
  
Shared	
  Account	
  
Management	
  
User	
  Ac0vity	
  
Repor0ng	
  
Virtualiza0on-­‐Aware	
  
Automa0on	
  of	
  	
  
Security	
  Controls	
  
New!	
  
Security	
  fundamentals	
  that	
  now	
  need	
  to	
  
be	
  applied	
  to	
  the	
  hypervisor	
  
20	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
21	
  
Agenda	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
è  The	
  Challenge	
  of	
  Privileged	
  Iden22es	
  
è  The	
  State	
  of	
  Virtualiza2on	
  Security	
  
è  Privileged	
  Iden2ty	
  Governance	
  
è  Social	
  Media	
  
è  Q&A	
  
The	
  need	
  for	
  Privileged	
  Iden0ty	
  Governance	
  
Orphaned	
  Accounts	
  
Reduce	
  Audit	
  Burden	
  
Gain	
  Visibility	
  into	
  Privileged	
  
Account	
  Usage	
  
Privilege	
  Creep	
  
22	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Address	
  these	
  needs	
  by	
  combining	
  governance,	
  
management	
  and	
  monitoring	
  capabili0es	
  
Priv.	
  Iden0ty	
  Governance	
   Privileged	
  Iden0ty	
  Mgmt.	
   User	
  Ac0vity	
  Repor0ng	
  
§  User	
  Mgmt.	
  
§  Workflow	
  
§  Cer2fica2on	
  
§  Fine-­‐grained	
  
access	
  controls	
  
§  Shared	
  account	
  
management	
  
§  Video	
  recording	
  
§  Analy2cs	
  and	
  
searchability	
  
ID	
  
Gov.	
  
23	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
What	
  Privileged	
  Iden0ty	
  Governance	
  can	
  tell	
  you	
  
How	
  can	
  they	
  
get	
  access?	
  
How	
  to	
  control	
  
access	
  
What	
  was	
  
accessed	
  and	
  
when?	
  
What	
  can	
  
people	
  access?	
  
24	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Iden0ty	
  Governance	
  and	
  Role	
  Management	
  
Iden0ty	
  
Governance	
  
Role	
  
Management	
  
Monitor	
  access	
  rights	
  with	
  reports/dashboards	
  
Discover	
  and	
  propose	
  poten2al	
  roles	
  based	
  on	
  
access	
  paSerns	
  and	
  organiza2onal	
  characteris2cs	
  
Establish	
  centralized	
  segrega2on	
  of	
  du2es	
  and	
  other	
  
business	
  and	
  regulatory	
  iden2ty	
  policies	
  
Discover	
  business	
  structure	
  and	
  turn	
  millions	
  of	
  
access	
  rights	
  into	
  100’s	
  of	
  roles	
  
Adapt	
  model	
  as	
  business	
  changes	
  
Automate	
  en2tlements	
  cer2fica2on	
  for	
  users,	
  roles	
  
and	
  resources	
  
25	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Use	
  analy0cs	
  to	
  iden0fy	
  privileged	
  users	
  
26	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Iden00es	
   Systems	
  
Users	
  IDs	
  should	
  be	
  correlated	
  to	
  iden0fy	
  mul0ple	
  IDs	
  
belonging	
  to	
  the	
  same	
  person	
  –	
  and	
  cleaned	
  up!	
  
Russ.Miller	
   MILLERR	
   RMIL04	
   RBM102	
  
Name:	
  Russell	
  Miller	
  
Employee	
  ID:	
  rmiller123	
  
Loca2on:	
  Boston	
  
Etc.	
  
1	
   Audit	
  Privilege	
  Quality	
  
2	
   Detect	
  Excep2ons	
  
3	
   Unique	
  ID	
  correla2on	
  
4	
   Clean-­‐up	
  
27	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Cer0fica0on	
  	
  should	
  include	
  usage	
  informa0on	
  to	
  iden0fy	
  
suspicious	
  ac0vi0es	
  
28	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
How	
  you	
  can	
  get	
  there!	
  
	
  
Collect	
  Account	
  &	
  
En0tlement	
  Info	
  
Analyze	
  IDs	
  
&	
  
En0tlements	
  
Administer	
  
&	
  Control	
  
Accounts	
  
Audit	
  &	
  
Cer0fy	
  
Accounts	
  
Steps	
  to	
  Govern	
  Privileged	
  Iden00es	
  
29	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
System	
  
Accounts	
  
Service	
  
Accounts	
  
Shared	
  
Accounts	
  
Named	
  
Accounts	
  
The	
  business	
  value	
  of	
  Privileged	
  Iden0ty	
  Governance	
  
Prevent	
  breaches	
  due	
  to	
  improper	
  Admin	
  ac2ons	
  
or	
  data	
  exposure	
  
	
  
Reduce	
  the	
  burden	
  of	
  audit	
  and	
  compliance	
  efforts	
  
	
  
Improve	
  efficiency	
  of	
  iden2ty	
  compliance	
  &	
  
processes	
  	
  	
  
	
  
Gain	
  visibility	
  into	
  administrator	
  access	
  and	
  actual	
  
usage	
  
2	
  
3	
  
1	
  
4	
  
30	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
31	
  
Agenda	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
è  The	
  Challenge	
  of	
  Privileged	
  Iden22es	
  
è  The	
  State	
  of	
  Virtualiza2on	
  Security	
  
è  Privileged	
  Iden2ty	
  Governance	
  
è  Social	
  Media	
  
è  Q&A	
  
Social	
  media	
  accounts	
  are	
  privileged	
  iden00es!	
  
32	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Insider	
  Threat	
   External	
  Threat	
  
33	
  
Confusion	
  between	
  personal	
  and	
  corporate	
  TwiPer	
  
accounts	
  –	
  controls	
  are	
  needed!	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
34	
  
Agenda	
  
Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
è  The	
  Challenge	
  of	
  Privileged	
  Iden22es	
  
è  The	
  State	
  of	
  Virtualiza2on	
  Security	
  
è  Privileged	
  Iden2ty	
  Governance	
  
è  Social	
  Media	
  
è  Q&A	
  
Ques0ons?	
  
35	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  
Appendix	
  
Legal	
  No0ce	
  
Copyright	
  ©	
  2013	
  CA.	
  	
  All	
  rights	
  reserved.	
  Linux®	
  is	
  the	
  registered	
  trademark	
  of	
  Linus	
  Torvalds	
  in	
  the	
  U.S.	
  and	
  other	
  countries.	
  	
  All	
  
trademarks,	
  trade	
  names,	
  service	
  marks	
  and	
  logos	
  referenced	
  herein	
  belong	
  to	
  their	
  respec2ve	
  companies.	
  No	
  unauthorized	
  use,	
  
copying	
  or	
  distribu2on	
  permiSed.	
  	
  
	
  
	
  
37	
   Copyright	
  ©	
  2013	
  CA.	
  All	
  rights	
  reserved.	
  

Weitere ähnliche Inhalte

Was ist angesagt?

GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010Jorge Sebastiao
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Marco Morana
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
NetIQ Customer Success Story - a2a
NetIQ Customer Success Story - a2aNetIQ Customer Success Story - a2a
NetIQ Customer Success Story - a2aNetIQ
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityKeith Redman
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012   slideshare versionUlf mattsson webinar jun 7 2012   slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 

Was ist angesagt? (20)

GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1Owasp atlanta-ciso-guidevs1
Owasp atlanta-ciso-guidevs1
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
NetIQ Customer Success Story - a2a
NetIQ Customer Success Story - a2aNetIQ Customer Success Story - a2a
NetIQ Customer Success Story - a2a
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
JP Morgan Paper
JP Morgan PaperJP Morgan Paper
JP Morgan Paper
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
SEC Alert
SEC AlertSEC Alert
SEC Alert
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information Insecurity
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012   slideshare versionUlf mattsson webinar jun 7 2012   slideshare version
Ulf mattsson webinar jun 7 2012 slideshare version
 

Ähnlich wie CIS13: From Governance to Virtualization: The Expanding Arena of Privileged Identity Management

How to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksHow to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksSecret Double Octopus
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloudNicholas Chia
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc   the next breach target and how oracle can help - nyougKey note in nyc   the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepIvanti
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2rpark31
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor FiorimTI Safe
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business casepmcbrideva1
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio RosaTI Safe
 
Year of pawnage - Ian trump
Year of pawnage  - Ian trumpYear of pawnage  - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data
3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data
3 Strategies for Data Privacy Compliance: Securing Your Sensitive DataSolarWinds
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 

Ähnlich wie CIS13: From Governance to Virtualization: The Expanding Arena of Privileged Identity Management (20)

How to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap NetworksHow to Meet MFA Mandates in Air Gap Networks
How to Meet MFA Mandates in Air Gap Networks
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc   the next breach target and how oracle can help - nyougKey note in nyc   the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
 
2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case2013 12 18 webcast - building the privileged identity management business case
2013 12 18 webcast - building the privileged identity management business case
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Year of pawnage - Ian trump
Year of pawnage  - Ian trumpYear of pawnage  - Ian trump
Year of pawnage - Ian trump
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data
3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data
3 Strategies for Data Privacy Compliance: Securing Your Sensitive Data
 
A6704d01
A6704d01A6704d01
A6704d01
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 

Mehr von CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Kürzlich hochgeladen

20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 

Kürzlich hochgeladen (20)

20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 

CIS13: From Governance to Virtualization: The Expanding Arena of Privileged Identity Management

  • 1. From  Governance  to   Virtualiza2on:   The  Expanding  Arena  of   Privileged  Iden2ty  Management   Russell  Miller   Director,  Solu0ons  Marke0ng  
  • 2. 2   Agenda   Copyright  ©  2013  CA.  All  rights  reserved.   è  The  Challenge  of  Privileged  Iden22es   è  The  State  of  Virtualiza2on  Security   è  Privileged  Iden2ty  Governance   è  Social  Media   è  Q&A  
  • 3. Edward  Snowden  was  a  privileged  user  on  key  NSA   systems     “When  you’re  in  posi2ons  of   privileged  access,  like  a  systems   administrator  for  these  sort  of   intelligence  community  agencies,   you’re  exposed  to  a  lot  more   informa2on  on  a  broader  scale   than  the  average  employee.”     -­‐  Edward  Snowden   Source:  hSp://www.guardian.co.uk/world/2013/jun/09/edward-­‐snowden-­‐nsa-­‐whistleblower-­‐surveillance?guni=Network%20front:network-­‐front%20full-­‐ width-­‐1%20bento-­‐box:Bento%20box:Posi2on1   3   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 4. Privileged  iden00es  pose  a  par0cularly  significant  threat  to   network  and  data  security   All-­‐Powerful   Access   Lack  of   Accountability   Risk   §  Unrestricted   “root”  or   “Administrator”   access   §  No  segrega2on   of  du2es   §  Use  of  shared   accounts   §  Poor  log  integrity   and  quality   Virtualiza0on  magnifies  these  challenges!   Copyright  ©  2013  CA.  All  rights  reserved.  4   The  Problem  With  Privileged  Iden00es  
  • 5. There  are  three  types  of  insider  threats  and  two  primary   principles  to  apply  to  mi0gate  the  risk   §  Deter  malicious   insiders   §  Trace  ac0ons  to   individuals   § Limit  damage  done   by  a  malicious  or   exploited  insider   § “Stop  Stupid!”   Implement   Least  Privilege   Access   Ensure   Accountability   Types  of   Insider  Threats   Exploited   Insiders   Malicious   Insiders   Careless   Insiders   ?   Ac0ons  to  Take   5   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 6. There  are  many  real-­‐world  –  and  public  –  examples  of   insiders  causing  significant  damage   Copyright  ©  2013  CA.  All  rights  reserved.  6   hSp://www.wired.com/threatlevel/2008/07/sf-­‐city-­‐charged/   hSp://www.theregister.co.uk/2011/02/28/bri2sh_airlines_it_expert_convicted/   hSp://www.darkreading.com/security/news/212903570/it-­‐worker-­‐indicted-­‐for-­‐sefng-­‐malware-­‐bomb-­‐at-­‐fannie-­‐mae.html   hSp://www.darkreading.com/authen2ca2on/167901072/security/security-­‐management/229100384/a-­‐glaring-­‐lesson-­‐in-­‐shared-­‐passwords.html   hSp://www.infosecurity-­‐magazine.com/view/18237/insider-­‐data-­‐breach-­‐costs-­‐bank-­‐of-­‐america-­‐over-­‐10-­‐million-­‐says-­‐secret-­‐service/   hSp://www.eweek.com/security-­‐watch/former-­‐gucci-­‐employee-­‐indicted-­‐for-­‐it-­‐rampage.html   hSp://www.darkreading.com/security/news/223800029/ex-­‐tsa-­‐employee-­‐indicted-­‐for-­‐tampering-­‐with-­‐database-­‐of-­‐terrorist-­‐suspects.html  
  • 7. The  stages  of  an  external  aPack   §  Basic  research   §  Domain   queries   §  Port  scans   §  Vulnerability   scans   §  “Spear   Phishing”   §  Social   Engineering   §  Zero  day   vulnerability   exploita0on   §  OS  &   applica0on   vulnerability   exploita0on   §  Administra0ve   access   §  Compromise  of   new  systems   §  Con0nuous   export  of   sensi0ve  data   §  Effect  service   availability   §  Covering  of   tracks   §  Rootkits   Reconnaissance   Ini0al  Entry   Escala0on  of   Privileges   Con0nuous   Exploita0on   Stages  of  an  External  APack   7   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 8. Tradi0onal  perimeter  and  infrastructure  security   capabili0es  only  address  part  of  the  problem!   Perimeter  security   An0-­‐virus   Phishing  protec0on   Server  hardening   Capture  and  review  server  and  device  audit  logs   Reconnaissance   Ini0al  Entry   Escala0on  of   Privileges   Con0nuous   Exploita0on   8   Copyright  ©  2013  CA.  All  rights  reserved.   Stages  of  an  External  APack  
  • 9. Content-­‐aware  iden0ty  &  access  management  bolster  an   APT  defense!   Log  and  audit  privileged  user  ac0vity   Perimeter  security   Least  privilege  access   An0-­‐virus   Phishing  protec0on   Employee  educa0on   Virtualiza0on  security   Externalized/   unexpected  security   Server  hardening   Shared  account  management   Capture  and  review  server  and  device  audit  logs   Data  controls  &  analysis   Advanced  authen0ca0on  &  fraud  preven0on   Iden0ty  &  Access  Governance   Capabili0es  of  CA  Security   Reconnaissance   Ini0al  Entry   Escala0on  of   Privileges   Con0nuous   Exploita0on   9   Copyright  ©  2013  CA.  All  rights  reserved.   Stages  of  an  External  APack  
  • 10. Effec0ve  Privileged  Iden0ty  Management  requires  a   comprehensive  solu0on   Privileged   Iden0ty   Management   Copyright  ©  2013  CA.  All  rights  reserved.  10   Hypervisor   VM   VM   VM   Shared  Account   Management   Fine-­‐ Grained   Access   Controls   User  Ac2vity   Repor2ng  /   Session  Recording   UNIX   Authen2ca2on   Bridging   Virtualiza2on   Security  
  • 11. 11   Agenda   Copyright  ©  2013  CA.  All  rights  reserved.   è  The  Challenge  of  Privileged  Iden22es   è  The  State  of  Virtualiza2on  Security   è  Privileged  Iden2ty  Governance   è  Social  Media   è  Q&A  
  • 12. Jason  Cornish,  former  Shionogi  Pharma  IT  Staffer   Pled  guilty  to  Feb  ‘11  computer  intrusion   A  recent  incident  demonstrates  the  real-­‐world  poten0al   for  damage  in  a  virtual  environment   –  Wiped  out  88  virtual  servers     on  15  VMware  hosts:  email,     order  tracking,  financial,     &  other  services   –  Shionogi’s  opera2ons  frozen  for  days   §  unable  to  ship  product   §  unable  to  issue  checks   §  unable  to  send  email   All  of  this  was  accomplished  from  a  McDonald’s   12   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 13. Virtualiza0on  has  many  clear  benefits,  but  also  many   o[en-­‐ignored  risks   Capital  and  opera2onal  cost  savings   Great  availability  /  recovery   Ease  of  disaster  recovery   Hardware  independence   Improved  service  levels   New  class  of  privileged  iden22es  on  the   hypervisor   Greater  impact  of  aSack  or   misconfigura2on   New  compliance  requirements   Dynamic  environment  leads  to  oversights   Easy  copying  of  virtual  machines   Virtual  Sprawl   Posi0ves   Nega0ves/Risks   What  happens  when  an   organiza0on  goes  virtual?   Copyright  ©  2013  CA.  All  rights  reserved.  13  
  • 14. New  class  of  privileged  iden00es  on  the  hypervisor   14   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 15. Greater  impact  of  aPack  or  misconfigura0on   15   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 16. New  compliance  requirements   NIST  SP  800-­‐125:  Guide  to  Security   for  Full  Virtualiza0on  Technologies     Payment  Card  Industry  (PCI)  PCI-­‐DSS   2.0,  Virtualiza0on  Guidelines   16   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 17. Dynamic  environment  can  lead  to  oversights   17   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 18. Copying  a  virtual  machine  image  is  equivalent  to  stealing  a   server  from  a  datacenter   18   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 19. Virtual  Sprawl   19   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 20. Securing  virtual  environments  requires  “the   fundamentals”  as  well  as  a  game-­‐changing  capability   Least  Privilege   Access   Infrastructure   Hardening   Shared  Account   Management   User  Ac0vity   Repor0ng   Virtualiza0on-­‐Aware   Automa0on  of     Security  Controls   New!   Security  fundamentals  that  now  need  to   be  applied  to  the  hypervisor   20   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 21. 21   Agenda   Copyright  ©  2013  CA.  All  rights  reserved.   è  The  Challenge  of  Privileged  Iden22es   è  The  State  of  Virtualiza2on  Security   è  Privileged  Iden2ty  Governance   è  Social  Media   è  Q&A  
  • 22. The  need  for  Privileged  Iden0ty  Governance   Orphaned  Accounts   Reduce  Audit  Burden   Gain  Visibility  into  Privileged   Account  Usage   Privilege  Creep   22   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 23. Address  these  needs  by  combining  governance,   management  and  monitoring  capabili0es   Priv.  Iden0ty  Governance   Privileged  Iden0ty  Mgmt.   User  Ac0vity  Repor0ng   §  User  Mgmt.   §  Workflow   §  Cer2fica2on   §  Fine-­‐grained   access  controls   §  Shared  account   management   §  Video  recording   §  Analy2cs  and   searchability   ID   Gov.   23   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 24. What  Privileged  Iden0ty  Governance  can  tell  you   How  can  they   get  access?   How  to  control   access   What  was   accessed  and   when?   What  can   people  access?   24   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 25. Iden0ty  Governance  and  Role  Management   Iden0ty   Governance   Role   Management   Monitor  access  rights  with  reports/dashboards   Discover  and  propose  poten2al  roles  based  on   access  paSerns  and  organiza2onal  characteris2cs   Establish  centralized  segrega2on  of  du2es  and  other   business  and  regulatory  iden2ty  policies   Discover  business  structure  and  turn  millions  of   access  rights  into  100’s  of  roles   Adapt  model  as  business  changes   Automate  en2tlements  cer2fica2on  for  users,  roles   and  resources   25   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 26. Use  analy0cs  to  iden0fy  privileged  users   26   Copyright  ©  2013  CA.  All  rights  reserved.   Iden00es   Systems  
  • 27. Users  IDs  should  be  correlated  to  iden0fy  mul0ple  IDs   belonging  to  the  same  person  –  and  cleaned  up!   Russ.Miller   MILLERR   RMIL04   RBM102   Name:  Russell  Miller   Employee  ID:  rmiller123   Loca2on:  Boston   Etc.   1   Audit  Privilege  Quality   2   Detect  Excep2ons   3   Unique  ID  correla2on   4   Clean-­‐up   27   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 28. Cer0fica0on    should  include  usage  informa0on  to  iden0fy   suspicious  ac0vi0es   28   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 29. How  you  can  get  there!     Collect  Account  &   En0tlement  Info   Analyze  IDs   &   En0tlements   Administer   &  Control   Accounts   Audit  &   Cer0fy   Accounts   Steps  to  Govern  Privileged  Iden00es   29   Copyright  ©  2013  CA.  All  rights  reserved.   System   Accounts   Service   Accounts   Shared   Accounts   Named   Accounts  
  • 30. The  business  value  of  Privileged  Iden0ty  Governance   Prevent  breaches  due  to  improper  Admin  ac2ons   or  data  exposure     Reduce  the  burden  of  audit  and  compliance  efforts     Improve  efficiency  of  iden2ty  compliance  &   processes         Gain  visibility  into  administrator  access  and  actual   usage   2   3   1   4   30   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 31. 31   Agenda   Copyright  ©  2013  CA.  All  rights  reserved.   è  The  Challenge  of  Privileged  Iden22es   è  The  State  of  Virtualiza2on  Security   è  Privileged  Iden2ty  Governance   è  Social  Media   è  Q&A  
  • 32. Social  media  accounts  are  privileged  iden00es!   32   Copyright  ©  2013  CA.  All  rights  reserved.   Insider  Threat   External  Threat  
  • 33. 33   Confusion  between  personal  and  corporate  TwiPer   accounts  –  controls  are  needed!   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 34. 34   Agenda   Copyright  ©  2013  CA.  All  rights  reserved.   è  The  Challenge  of  Privileged  Iden22es   è  The  State  of  Virtualiza2on  Security   è  Privileged  Iden2ty  Governance   è  Social  Media   è  Q&A  
  • 35. Ques0ons?   35   Copyright  ©  2013  CA.  All  rights  reserved.  
  • 37. Legal  No0ce   Copyright  ©  2013  CA.    All  rights  reserved.  Linux®  is  the  registered  trademark  of  Linus  Torvalds  in  the  U.S.  and  other  countries.    All   trademarks,  trade  names,  service  marks  and  logos  referenced  herein  belong  to  their  respec2ve  companies.  No  unauthorized  use,   copying  or  distribu2on  permiSed.         37   Copyright  ©  2013  CA.  All  rights  reserved.