Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

1. Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access? Robert Marti SCX207E SECURITY Product Marketing CA Technologies

2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation

3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract Many organizations have a solution to control the access and actions of privileged users. But that’s not enough for a complete privileged user management solution—you must also govern access to make sure that only the correct users have elevated privileges, and that they have only the privileges that they need. In this session, you will get an in-depth understanding of how you can reduce your risk through this capability unique to CA. Robert Marti CA Technologies Product Marketing, Manager

5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Privileged Identity and Access Are Most Frequently Exploited Attack Vectors 71% of users say they have access to data they shouldn’t. 80% of IT Professionals say their company does not enforce least privilege. 80% of all breaches utilize lost, stolen, or weak credentials. 60% of all malware uses privilege escalation or stolen credentials.

6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BIGGEST CYBER ATTACKS EXPLOIT PRIVILEGED ACCESS Creating An Expanding Radius of Data Loss DROPBOX 68M Records LINKEDIN 167M Records YAHOO 500M Records EQUIFAX 150M Records TUMBLR 65M Records

7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Excessive Access Causes Embarrassing Fraud Cases Loses 40G of source code for core products Adobe Discloses personal data for 25M customers AT&T Call Center Rogue trader aggregates privileges for a $7.8B loss Société Général Excessive Access CORRUPTS PRIVILEGED Access CORRUPTS ABSOLUTELY

8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS 77% The Reason This is Happening: Pattern is Repeatable 77% attacks Internal Credentials 30% 28% Executives & Administrators End-users with Excessive privileges GAIN ACCESS/EXPAND ELEVATE PRIVILEGE STEAL DATA THE KILL CHAIN Identity is the most frequently exploited attack vector

9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS •HITECH •GDPR •FATCA •FATCA •PSD2 •HSPD •HIPAA •POPI •201 CMR 17 •OAIC •CalOPPA •AADHAR •PCI DSS •FFIEC Where Companies Have Not Self-Regulated Others Have Imposed Requirements THE GLOBAL WEB OF PRIVACY COMPLIANCE

10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS So It Is Not Just a Technology Problem It Is a Privileged Governance Problem Privileged Access Request Streamline the request, audit and fulfillment of privileged users. Certify Privileged Access Provide audit reporting and manager attestation of user access to privileged accounts. De-provision Privileged Access When users separate from the company, remove or disable the associated privileged accounts. Remediate Excessive Access Take workflow driven action to remove excessive access.

11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Challenges to the Business Issues With Legacy IAM Solutions 64% of enterprises have no IAM monitoring tools AS A RESULT: LEGACY IAM SOLUTIONS: Focused on protecting on-premise applications 72% of enterprises do not do access review or certification Were highly customizable and required specialists 62% of enterprises have no access request process in place Had significant costs to deploy, configure, and maintain

12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Our Privileged Identity Management Solution Leverages a Defense in Depth Approach INTEGRATED OVERLAPPING CONTROLS TO REDUCE RISK Privileged Identity Management Reducing audit risk and achieving least privilege Advanced Authentication Preventing account takeover with multifactor credentials Threat Analytics for PAM Monitoring privileged activities for abnormal usage/behaviors PAM Server Control Locking down file systems and server resources Privileged Access Manager Securing privileged access and preventing lateral motion

13. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Introducing CA Privileged Access Manager § Role-based and fine-grained access control over privileged accounts § Privileged user credential protection § Monitor, audit and record privileged sessions § Multifactor authentication, single sign-on, and federation support § Support security and privacy regulations #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Lower Total Cost of Ownership Faster Time to Value Hybrid Environment Support Performance at Scale

14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Why Is Privileged Access Governance Needed? The Situation Today § Privileged Access Management (PAM) is mostly a standalone solution that implements critical security and compliance controls managing and monitoring use of sensitive access. § In most cases, it is separated from the corporate Identity Management. The Outcome § Lack of overall visibility to “who has access to what.” § Missing approval and auditing information for “why access was granted.” § Inability to enforce consistent identity policies such as Segregation Of Duties. § No risk analysis for overall user access. § Fragmented compliance with regulatory requirements (examples: ISO27002 sections 8.1.2 “ownership of assets” and 9.2.5 “review of access rights”).

15. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Introducing CA Identity Suite § Self-service identity portal § Business-friendly entitlements catalog § Proactive analytics § Deployment Xpress § Audit and compliance streamlining Privileged Identity Compliance Privileged Identity Lifecycle Management Improved Privileged Access Security COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED

16. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Identity Suite Integration With CA Privileged Access Manager How it integrates § Provides “out-of-the-box” connector for CA PAM What is does § Manages PAM Accounts and their assignments to Roles, Groups, & Devices (provisioning and de-provisioning) § Supports for local and LDAP/AD accounts § Supports for granular assignment including start/end dates, scoping and policies

17. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Identity Suite & CA PAM Integration Requesting Privileged Access What it does § Easy-to-use “shopping cart” experience for requesting PAM permissions § Workflow approvals for submitted requests § Risk analysis of a combined privileged and non-privileged access § Segregation of duties compliance check § Automated provisioning fulfillment

21. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Identity Suite & CA PAM Integration Certifying Privileged Access CA PAM Account certification Update HR reports Mitigate access risk What It Does § Automated collection of access permissions via CA Identity Suite connector § Provides “out-of-the-box” user and access certification processes for CA PAM § Easily identifies users with excessive access § Enriches experience with last login and usage logs § Automated removal of access permissions that are rejected by approvers

23. 23 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS OFFBOARDINGONBOARDING PROVISIONING SELF-SERVICE ACCESS REQUESTS RISK ANALYSIS DEPROVISIONING Privileged Identity Governance Summary of Capabilities CERTIFICATION FULL PRIVILEGED IDENTITY LIFECYCLE MANAGEMENT

25. 25 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Business Challenge: Source Code Governance at CA Technologies 3,000 engineers are using over 12 major source code management tools. Access audits were a drain on people and money. Compliance audits took more than 20,000 employee hours. OUR GOAL: Govern access to source code and improve productivity and the overall user experience OUR CHALLENGE: Manual process that was extremely costly

26. 26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Solution: CA Identity Governance • All access reviews are now performed via automation. • Incorrect access is quickly remediated. • IP controls are much easier to execute, and… • Frequent Engineering personnel changes can be handled quickly while still enforcing strong security over the source code. CA Identity GovernanceEngineers (>3,000) Manager Certifies Access Auditor Validates Certification Source Code Repositories (>5,000) Requests access Access granted CA Identity Governance validates access rights to nearly 5,000 source code repositories across all source management tools.

27. 27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Results: Significant Time & Cost Savings 75% 75% reduction in audit time via automated data collection for compliance audits 90% 90% drop in administrative overhead Engineers love the new world-class source code management ecosystem Orphan source code access quickly identified and removed Saved thousands of hours of employee time thanks to automated certification

28. 28 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME ABC123DE Magna consectet at lor ipustie modolore 11/16/2016 at 10:00 am FGH456IJ Magna consectet at lor ipustie modolore 11/17/2016 at 11:00 am FGH456IJ Magna consectet at lor ipustie modolore 11/18/2016 at 12:00 pm

29. 29 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Results: A Closer Look at the Savings 0.00 2.00 4.00 6.00 8.00 10.00 12.00 14.00 16.00 FY14 FY15 FY16 FY17 PERSON YEARS Savings in Source Code Attestation

30. 30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Security Starts With Identity Security Content Area Demo Name Name Location Control High Value Access Manage Your Software Risk Let’s Talk Upgrades Deliver Frictionless Access Security Content Area Security Content Area Security Content Area Security Content Area

Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

Recomendados

Más contenido relacionado

Was ist angesagt?

Was ist angesagt?(20)

Similar a Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?

Similar a Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access? (20)

Más de CA Technologies

Más de CA Technologies(17)

Último

Último(20)

Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged User Access?