Weitere ähnliche Inhalte Ähnlich wie Identity intelligence: Threat-aware Identity and Access Management (20) Kürzlich hochgeladen (20) Identity intelligence: Threat-aware Identity and Access Management1. CONNECT WITH US:
IT: Customized to Your Advantage
Identity Intelligence
THREAT-AWARE IDENTITY AND ACCESS MANAGEMENT
RUSSELL TAIT
Practice Director, Security
Public | Copyright © 2014 Prolifics
2. CONNECT WITH US:
Insider incidents cost companies an
average of $750,000 per year
– Employees, contractors, partners
exploiting weak identity controls
Insider negligence, rather than malicious
behavior is often the cause
– Shared passwords, weak passwords,
passwords on Post-its
Source: IBM and Ponemon Survey of 265 C-Level Executives, Feb 2012, “The Source of Greatest Risk to Sensitive Data”
Insider Breaches Are On The Rise
2Public | Copyright © 2014 Prolifics
3. CONNECT WITH US:
IT Security’s Dirty Secret
Network &
Perimeter
Internal
&
Web Access
Security Threats & Security Spending Are Unbalanced
% of Attacks % of Dollars
75%
10%
25%
90%
Security
Damage
Security
Spending
of All Damaging Attacks on Information Security
Originate from Inside Trusted Boundaries75%
3Public | Copyright © 2014 Prolifics
4. CONNECT WITH US:
Security Analytics Is Maturing
What is Security Intelligence?
Security Intelligence
--noun
1. the real-time collection, normalization and analytics of the data
generated by systems, applications and infrastructure that
impacts the IT security and risk posture of an enterprise.
What is Identity Intelligence?
Identity Intelligence
--noun
1. the actionable insight to manage risks and threats from user
activity. The application of analytical monitoring to entitlements,
policies, and access events, in the context of identity risk profiles.
4Public | Copyright © 2014 Prolifics
5. CONNECT WITH US:
Identity/Access to Identity Intelligence
Future: Assurance
Security management
Content driven
Dynamic, context-based
Real-time, actionable alerting
Today: Administration
Operational management
Compliance driven
Static, Trust-based
Reporting/Monitoring is forensic
Monitor Everything
5Public | Copyright © 2014 Prolifics
6. CONNECT WITH US:
Traditional SIEM Provides Identity Intelligence Adds
What
When
Who
Activities
Results
Behaviors
What was done
Is it OK for THIS user?
Is this user who I think it is?
Outside bad guys Inside careless guys
Inside guys doing bad things
Identity Intelligence Provides Human Context
6Public | Copyright © 2014 Prolifics
7. CONNECT WITH US:
Extensive Data
Sources
Deep
Intelligence
Exceptionally Accurate and
Actionable Insight+ =
High Priority Offenses
Event Correlation
Activity Baselining &
Anomaly Detection
Offense
Identification
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
Detecting threats
Consolidating data silos
Detecting insider fraud
Predicting risks against your business
Addressing regulatory mandates
Security Intelligence: Integrating Across IT Silos
7Public | Copyright © 2014 Prolifics
8. CONNECT WITH US:
Identity enriched security intelligence:
Technical features
– Retrieves user identity data including ID mapping
(from an enterprise ID to multiple application user
IDs) and user attributes (groups, roles, departments,
entitlements).
– Queries data (events, flows, offenses, assets)
relative to an enterprise user ID and mapped
application user IDs
– Selects user identities for easy creation of
correlation rules
– Reports on all the activities (using different
appliance user IDs) of an enterprise user
Use cases
– Privileged user activity monitoring (V7.2)
– Terminated employee access detection
– Separation of duty violation detection
– User account recertification
– Ensuring appropriate access control setting
– Backdoor access detection
Identity
Repository
C/C
++
appl
s
Oth
er
Security Access Manager
for eBusiness
Security Identity
Manager
Databases
Operating
Systems
DatabasesDatabases
Operating
Systems
Operating
Systems
ApplicationsApplications
Networks &
Physical Access
• Identity mapping data and
user attributes
• SIM/SAM Server logs
• Application logs
QRadar – IAM Integration
8Public | Copyright © 2014 Prolifics
9. CONNECT WITH US:
QRadar Rules Engine
New Rules Engine tests query Reference Sets and Maps :
9Public | Copyright © 2014 Prolifics
10. CONNECT WITH US:
Contact US
10
www.prolifics.com
310.748.2457
russell.tait@prolifics.com
Public | Copyright © 2014 Prolifics
Hinweis der Redaktion Chevron - 2 billion log and events per day reduced to 25 high priority offenses. Automating the policy monitoring and evaluation process for configuration changes in the infrastructure. Real-time monitoring of all network activity, in addition to PCI mandates
QRadar now supports integrations with our IAM solution beyond SIM/SAM logs.
Qradar has built in uses cases for retrieving identity data for use cases such as privileged user activity monitoring and terminated employee access detection, to name just a couple.