SlideShare ist ein Scribd-Unternehmen logo

Change Management: Security's Friend or Foe?

Als PPTX, PDF herunterladen
ObserveIT
ObserveIT

How often have you as a security professional looked at the change management process and said, “gosh I hate doing this?” More times than you can count? Change management has been the bane of many technologists existence. Unintended consequences from administrative changes are a leading cause of security incidents and breaches. Join our webinar with Larry Whiteside Jr., Chief Security Officer at LCRA, to learn how he approaches keeping an organization that operates in over 58 counties in Texas secure while constantly adapting to change. In this webinar you'll learn: How to implement security best practices to allow rapid business change with complete accountability How to be notified in real-time about suspicious or out-of-policy changes that dramatically increase your company's risk How to integrate user activity monitoring and change management to provide a fully automated platform for secure change management

Software
1 von 20
CHANGE MANAGEMENT: SECURITY’S FRIEND OR FOE? Larry Whiteside Jr. / Chief Security Officer Sponsored by:
AGENDA  Who am I and why do I care  The History of Change  Who is making your changes  Security’s Relationship with Change Management  Breach and Change Management  Security’s role in Change Governance  Possible measurements that will positively impact your security posture Ask Questions in GoToWebinar!
WHO AM I / WHY DO I CARE?  Over 20 years Cyber Security/ Risk Management / Physical Security  C-Level Security Executive across many verticals  DoD, Federal, Financial Services, Healthcare, Energy/Utilities  Consulting in many verticals  Education, Healthcare, Financial Services  Community Involvement  Co-Founder of International Consortium of Minority Cyber Security Professionals (ICMCP), ISSA, ASIS, OWASP, Security Advisor Alliance (SAA)  Speaking and Writing  SC Magazine, CSO Online, RSA Conference, Gartner Security Conference, industry webinars, securitycurrent.com, SecureWorld, Evanta CISO Summit, and many others Larry Whiteside Jr. Chief Security Officer
THE HISTORY OF CHANGE 1980s • Change Management as a discipline began to emerge driven by leading consulting firms 1990s • Industries undergoing significant and rapid change in areas such as IT began highlighting the benefits of Change Management programs on a broader scale • ITIL, LEAN, etc… 2000s • Widespread acceptance of Change Management as a business competency for leading change • Marked increase from 34% in 2003 to 72% in 2011 1980s1990s2000s
WHO IS MAKING CHANGES?  Outsiders (Third-parties: IT contractors & consultants)  Shared Accounts (Windows Admins, root, DBAs, System Admins,…)  Named Accounts (Developers, IT Contractors, Network Admin,…)  Service Accounts  Local Account / Credentials  Windows / UNIX system administrator  Help Desk administrator (password changes/access to files etc. )
SECURITY’S RELATIONSHIP WITH CHANGE MANAGEMENT  You should want certain questions answered  IT is responsible, but Security must hold them accountable
BREACHES AND CHANGE MANAGEMENT  3 of 7 Phases of Cyber Kill chain impact config and change management  Stage #3 Delivery  Stage #4 Exploitation  Stage #5 Installation  Malicious internal users  Configuration mistakes by authorized people  If security is monitoring change and configuration, these changes can be identified
SECURITY’S ROLE IN CHANGE GOVERNANCE  Know your systems and environment  Security should know about more than just FW changes  Do you check adherence to patch policy (if you even have a patch policy)?  If a change is made by a legitimate or non-legitimate admin can you determine what it was?  How many outages have you had due to undocumented changes?
METRICS THAT WILL POSITIVELY IMPACT YOUR SECURITY POSTURE  Patch Policy adherence  Unauthorized changes  Changes processes which caused outages  FW changes processed Other High Risk Scenarios:  Remote connections / ‘leapfrog’ logins  Changes via Embedded Scripts (‘rm’ ‘cp’ with ‘sudo’ )  Changes to Active Directory (Password Resets, Adding Users, Changing Groups, Modifying Access, etc.)  Changes within Registry Editor such as Edit or Modify Specific Values (Firewalls, User Access Control, Applications / Software, Windows Components)
TAKEAWAYS AND RECOMMENDATIONS  Know your environment  Get involved in your change process  If you don’t have one, help create one  Find others already doing change and config management and copy models that work (adapt and change things to fit your particular business)  No need to recreate the wheel  Create metrics that matter and impact security
THANK YOU! CHECKOUTUSER ACTIVITY MONITORING! @LARRYWHITESIDE Q&A After brief Intro to ObserveIT
WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The leading provider of User Activity Monitoring for Employees, Privileged Users and Third-party Vendors
Capture User Activity Logging for all user actions Video-like Playback Instant Notification Rule-Based Analytics Report & Audit Real-Time Drill Down User Interaction Kill Sessions USER ACTIVITY MONITORING Collect Know Act
Escalated privileges _____________________________________________________ USER ACTIVITY MONITORING & CHANGE MANAGEMENT: Configuration changes _____________________________________________________  Embedded Scripts  Unsecure ‘shell’  Unauthorized access  Unapproved ‘setuid’  Lateral Movement  ‘rm’ ‘cp’ with ‘sudo’  Creating “backdoors”  ‘leapfrog’ logins
“ONE SCREENCAPTUREISWORTH A THOUSAND LOGS” COLLECT: 100% VISIBILITY
“PROACTIVELYINVESTIGATERISKYUSERACTIVITY” Real-time Alerts  Who?  Did what?  On which computer?  When?  From which client? KNOW: INSTANT NOTIFICATION
“PREVENTRISKYACTIVITY” ACT: STOP INSIDER THREATS Real-Time Drill Down User Interaction  Message  Warn Kill Sessions
Audit and Compliance WHO’S BEING OBSERVED? Employees __________________________________________ Third-parties __________________________________________ Privileged Users __________________________________________ SOX EU Data Protection Reform HIPAA  Healthcare (PHI) data  Customer (PII) data  Employee data  Company data  Financial data  Intellectual property  Sales & marketing data
HOW IT WORKS
Q&A

Empfohlen

Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?
ObserveIT
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveIT
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
ObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
ObserveIT
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release Highlights
ObserveIT
 

Empfohlen

Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?
ObserveIT
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveIT
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
ObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
ObserveIT
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release Highlights
ObserveIT
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz Webinar
ObserveIT
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
ObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection Webinar
ObserveIT
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
ObserveIT
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App Security
ObserveIT
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
ObserveIT
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
ObserveIT
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
ObserveIT
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
ObserveIT
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...
ObserveIT
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
ObserveIT
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
WSO2
 

Weitere ähnliche Inhalte

Mehr von ObserveIT

How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
ObserveIT
 

Mehr von ObserveIT (20)

ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz Webinar
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection Webinar
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App Security
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your Servers
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
 

Kürzlich hochgeladen

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Kürzlich hochgeladen (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 

Change Management: Security's Friend or Foe?

  • 1. CHANGE MANAGEMENT: SECURITY’S FRIEND OR FOE? Larry Whiteside Jr. / Chief Security Officer Sponsored by:
  • 2. AGENDA  Who am I and why do I care  The History of Change  Who is making your changes  Security’s Relationship with Change Management  Breach and Change Management  Security’s role in Change Governance  Possible measurements that will positively impact your security posture Ask Questions in GoToWebinar!
  • 3. WHO AM I / WHY DO I CARE?  Over 20 years Cyber Security/ Risk Management / Physical Security  C-Level Security Executive across many verticals  DoD, Federal, Financial Services, Healthcare, Energy/Utilities  Consulting in many verticals  Education, Healthcare, Financial Services  Community Involvement  Co-Founder of International Consortium of Minority Cyber Security Professionals (ICMCP), ISSA, ASIS, OWASP, Security Advisor Alliance (SAA)  Speaking and Writing  SC Magazine, CSO Online, RSA Conference, Gartner Security Conference, industry webinars, securitycurrent.com, SecureWorld, Evanta CISO Summit, and many others Larry Whiteside Jr. Chief Security Officer
  • 4. THE HISTORY OF CHANGE 1980s • Change Management as a discipline began to emerge driven by leading consulting firms 1990s • Industries undergoing significant and rapid change in areas such as IT began highlighting the benefits of Change Management programs on a broader scale • ITIL, LEAN, etc… 2000s • Widespread acceptance of Change Management as a business competency for leading change • Marked increase from 34% in 2003 to 72% in 2011 1980s1990s2000s
  • 5. WHO IS MAKING CHANGES?  Outsiders (Third-parties: IT contractors & consultants)  Shared Accounts (Windows Admins, root, DBAs, System Admins,…)  Named Accounts (Developers, IT Contractors, Network Admin,…)  Service Accounts  Local Account / Credentials  Windows / UNIX system administrator  Help Desk administrator (password changes/access to files etc. )
  • 6. SECURITY’S RELATIONSHIP WITH CHANGE MANAGEMENT  You should want certain questions answered  IT is responsible, but Security must hold them accountable
  • 7. BREACHES AND CHANGE MANAGEMENT  3 of 7 Phases of Cyber Kill chain impact config and change management  Stage #3 Delivery  Stage #4 Exploitation  Stage #5 Installation  Malicious internal users  Configuration mistakes by authorized people  If security is monitoring change and configuration, these changes can be identified
  • 8. SECURITY’S ROLE IN CHANGE GOVERNANCE  Know your systems and environment  Security should know about more than just FW changes  Do you check adherence to patch policy (if you even have a patch policy)?  If a change is made by a legitimate or non-legitimate admin can you determine what it was?  How many outages have you had due to undocumented changes?
  • 9. METRICS THAT WILL POSITIVELY IMPACT YOUR SECURITY POSTURE  Patch Policy adherence  Unauthorized changes  Changes processes which caused outages  FW changes processed Other High Risk Scenarios:  Remote connections / ‘leapfrog’ logins  Changes via Embedded Scripts (‘rm’ ‘cp’ with ‘sudo’ )  Changes to Active Directory (Password Resets, Adding Users, Changing Groups, Modifying Access, etc.)  Changes within Registry Editor such as Edit or Modify Specific Values (Firewalls, User Access Control, Applications / Software, Windows Components)
  • 10. TAKEAWAYS AND RECOMMENDATIONS  Know your environment  Get involved in your change process  If you don’t have one, help create one  Find others already doing change and config management and copy models that work (adapt and change things to fit your particular business)  No need to recreate the wheel  Create metrics that matter and impact security
  • 12. WHO IS OBSERVEIT?  HQ Boston, MA / R&D Tel Aviv, Israel  Founded 2006  1,200+ Customers Worldwide  $20M Invested by Bain Capital The leading provider of User Activity Monitoring for Employees, Privileged Users and Third-party Vendors
  • 13. Capture User Activity Logging for all user actions Video-like Playback Instant Notification Rule-Based Analytics Report & Audit Real-Time Drill Down User Interaction Kill Sessions USER ACTIVITY MONITORING Collect Know Act
  • 14. Escalated privileges _____________________________________________________ USER ACTIVITY MONITORING & CHANGE MANAGEMENT: Configuration changes _____________________________________________________  Embedded Scripts  Unsecure ‘shell’  Unauthorized access  Unapproved ‘setuid’  Lateral Movement  ‘rm’ ‘cp’ with ‘sudo’  Creating “backdoors”  ‘leapfrog’ logins
  • 15. “ONE SCREENCAPTUREISWORTH A THOUSAND LOGS” COLLECT: 100% VISIBILITY
  • 16. “PROACTIVELYINVESTIGATERISKYUSERACTIVITY” Real-time Alerts  Who?  Did what?  On which computer?  When?  From which client? KNOW: INSTANT NOTIFICATION
  • 17. “PREVENTRISKYACTIVITY” ACT: STOP INSIDER THREATS Real-Time Drill Down User Interaction  Message  Warn Kill Sessions
  • 18. Audit and Compliance WHO’S BEING OBSERVED? Employees __________________________________________ Third-parties __________________________________________ Privileged Users __________________________________________ SOX EU Data Protection Reform HIPAA  Healthcare (PHI) data  Customer (PII) data  Employee data  Company data  Financial data  Intellectual property  Sales & marketing data
  • 20. Q&A

Hinweis der Redaktion

  1. Data Leakage Protection Solution How does the product work with accessing certain applications or files, or areas within an application – how granular can we get, etc Use for applications installed and also web-based applications
  2. Config. Change: Embedded Scripts (innocent script story) Unsecure ‘shell’ (telnet on legacy appliances – SSH is much more secure and passwords are encrypted over the wire) Unauthorized access (to configuration files) & run commands that they are not supposed to be Unapproved ‘setuid’ Escalating Privileges Pass-the Hash ‘rm’ ‘cp’ with ‘sudo’ Installing “backdoors” “leapfrog” logins
  3. You’ll know what’s happening inside all of your applications– even applications that do not generate logs There is a huge benefit for reviewing alerts visually. When reviewing alerts in Slideshow mode, you can immediately understand critical User Context that is never available in log-based alerting systems: What other application data was the user exposed to? What other Windows or Applications were open? The State of the Windows taskbar including tray icons (is something missing or disabled?) On Unix/Linux: What were the previous commands that the user ran? What output they produced? How does the shell prompt look like? As we say: One screenshot is worth a thousand logs! Generate our own logs across all apps We capture all user activity regardless of where your users are or how they access applications, systems and data We capture this activity in a video-like format – you SEE exactly what the users are doing Video playback is great, but you can’t sit there and watch hours of videos, so we translate all user activity into User Activity Logs that you can search, report on and analyze
  4. You’ll know if users are “snooping” or viewing information they shouldn’t be like SS# or customer records The Rule Editor is Simple yet Powerful. you can easily define new Alert Rules, duplicate and modify existing rules. Every rule can contain all risky aspects of your monitored users – so normally you need only ONE rule per scenario. You can define: WHO are the users involved, WHAT is the risky activity that they performed, ON WHICH COMPUTER, WHEN (week days, holidays, time of day?) and FROM WHICH CLIENT COMPUTER they are connected? A comprehensive list of possible User Activities provides a quick & easy way to define risky user behavior - such as: Specific applications or processes ran by the user Websites and URLs being visited, Executed SQL statements, Unix/Linux commands, arguments and command line switches being used – and much more! In addition, your alert-response process can be tailored by defining the severity of each rule, as well as the audience and timing of email notifications.
  5. Application User Monitoring: ObserveIT user activity monitoring provides visibility within applications so you have a complete audit trail and proactive detection of suspicious or out of policy user behavior. From large copy operations to exporting reports, you’re able to proactively investigate data extraction processes, unnecessary access to information and the usage of unauthorized cloud applications (e.g. Dropbox, WeTransfer, SnagIt). Whether it is SAP, EPIC, GuideWire, Pega systems – just to name a few industry specific critical applications - we provide coverage for any application – home grown, SaaS, off-the-self…. Privileged User Monitoring: ObserveIT provides a complete privileged user monitoring solution that integrates with the other key components of a privileged identity management solution. Compliance regulations put stringent requirements about the ability to audit and report on privileged user activity with the access they have to critical sets of data (PHI, PII, employee data, company data….) External Vendor Monitoring: External vendors are one of the highest risk user groups that companies have to hold accountable and audit for compliance regulations. Whether third-party contractors are accessing via jump servers, citrix, vpn or direct access, ObserveIT provides the audit, reporting and real-time analytics you need to leverage the benefit of contractors without sacrificing the security, compliance or control. Underpinning all of these use cases is audit and compliance. Having complete audit history of all user activity and real time detection of user threats is a key requirement for meeting today’s growing list of compliance needs.