Upload
others
View
21
Download
0
Embed Size (px)
Citation preview
Privileged Attack Vectors:
Building Effective
Defense Strategies
Morey J. Haber
Chief Technology Officer
Agenda
• The Threat Landscape
• Sample Cases
• What is Privileged Access
Management?
• Twelve Steps to Privilege Security
• BeyondTrust
The Threat Landscape
The Infonomics of Data Breaches
The Cyber Attack Chain
1. Perimeter
Exploitation
2. Privilege Hijacking
& Escalation
3. Lateral Movement
& Exfiltration
Attacker exploits asset
vulnerabilities to gain entry
… hijacks privileges or
leverages stolen/cracked
passwords
… and compromises other
network resources.
Vulnerable
Systems
Unmanaged Credentials
and Excessive Privileges
Limited
Visibility
How Are Threat Actors Gaining Privileges ?
• Guessing
• Dictionary attacks
• Brute Force
• Pass the Hash
• Security questions
• Password resets
• Vulnerabilities
• Misconfigurations
• Exploits
• Malware
• Social engineering
• MFA flaws
• Default credentials
• Anonymous
• Predictable
• Shared credentials
• Temporary
• Reused
Insider Threats External Threats Hidden Threats
Sample Cases
EMPLOYEES AND OTHER INSIDERS
HAVE UNNECESSARY ACCESS
Employees, vendors and other insiders are often given
excessive access to systems and data – and that access
can go unmonitored.
Source: Verizon 2017 Data Breach Investigations Report
88% of cases, attackers compromise an organization using
definable patterns established as early as 2014
Privilege abuse was behind 81% of insider misuse incidents.
Source: Verizon 2017 Data Breach Investigations Report
CREDENTIALS ARE SHARED
AND UNMANAGED
Passwords are created and shared, but aren’t audited,
monitored or managed with discipline or accountability.
IT ASSETS COMMUNICATE
UNCHECKED
Desktops, laptops, servers and applications communicate and
open paths to sensitive assets and data.
Source: Verizon 2015 Data Breach Investigations Report
99% of successful attacks leverage known vulnerabilities
Privileged Access
Management
Privileged Access Management
• Provides an integrated approach to
enterprise password management
• Enforces least privilege on all endpoints with-
out compromising productivity or security
• Ensures administrator and root compliance
on Unix, Linux, Windows and Mac
• Identifies high-risk users and assets by
teaming behavioral analytics and risk data
with security intelligence from best-of-breed
security solutions
• Achieves unified visibility over accounts,
applications, and assets that they protect
ENTERPRISE
PASSWORD
MANAGEMENT
PRIVILEGE
MANAGEMENT
SESSION
MANAGEMENT
ADVANCED
REPORTING &
ANALYTICS
USER
BEHAVIOR
MONITORING
ACTIVE
DIRECTORY
BRIDGING
Privileged
Access
Management
Twelve Steps to Privilege
Security
Step 1: Improve Accountability for Privileged Passwords
Asset Based:
• Privileged account discovery
• Develop permissions model
• Rotate passwords and keys
• Workflow process and auditing
• Define session monitoring
• Segmentation
• User behavior analysis
Step 2: Implement Least Privilege on Endpoints
• Remove administrator rights
• Implement standard user permissions
• Enforce application control
• Eliminate multiple accounts
• Context-aware rules
• Session monitoring
• Privileged file monitoring
• Layered, multifactor authentication
• Auditing of privileged access
Asset & User Based: Windows & Mac OSX (Desktop, Laptop, Notebook,
Tablet, Virtual, etc.)
Step 3: Leverage Application Risk Levels
• Limit application privileges to users and
assets based on documentable risks
• Vulnerabilities, unmanaged,
unauthorized, and privileged
• Measure risk for applications executed
by user and asset
Step 4: Implement Least Privilege on Servers
Script & Command Auditing
• Scripts, commands & shells
• Session monitoring
• Keystroke logging
• Application logging
Privileges
• Auditing
• Context aware
• Application risk analysis
• Segmentation
Industry Standards
• Authentication
• Ticketing
• API integration
• Searching
• Alerting
Step 5: Privilege Management on Network Devices
• Default or common passwords that are not configured correctly
• Shared credentials across multiple devices for management simplicity
• Excessive password ages due to fear of changing or lack of management
capabilities
• Compromised or insider accounts making changes to allow exfiltration of data
• Outsourced devices and infrastructure where changes in personnel, contracts,
and tools expose credentials to unaccountable individuals
Step 6: Privilege Management for Virtual and Cloud
Cloud-Agnostic – Private or Public
• License flexibility
• Asset inventory integration
• Docker and container aware
• Discover online and offline instances
• Leverage hypervisor APIs
• Agent technologies
• Respects OA and application hardening
• Fully automated for passwords & API
• Auditing, reporting and change-aware
• Proxy access
• Session management
Step 7: Privilege Management for IoT, IIoT, ICS,SCADA
Zones
Internet
Public
Private
Air-Gapped
Segmentation
Users
Servers
DMZ
Guest
Dumb Devices
Device Type & Risk
IoT IIoT ICS SCADA
Communications and Restricted Lateral Movement
Privileged Access
Step 8: Privilege Automation for DevOps
• Only allow approved assets; identify unacceptable variations
• Identify security risks and automatically remediate them
• Ensure configuration hardening
• Eliminate all locations for hard-coded credentials
• Platform-agnostic, from cloud to on premise
• Limit all users, including privileged access, in the DevOps
automated workflow
• Provide security and performance visibility to ensure security and
automation success
Step 9: Privilege Management Unification
Correlate Data Between Disciplines Correlate Data for Risks
Threat Analytics Pivot Privileged Data
Profile Assets, Users,
and ApplicationsRBAC and Grouping
Workflow and Process Validation Third-Party Integration
ENTERPRISE
PASSWORD
MANAGEMENT
PRIVILEGE
MANAGEMENT
SESSION
MANAGEMENT
ADVANCED
REPORTING &
ANALYTICS
USER
BEHAVIOR
MONITORING
ACTIVE
DIRECTORY
BRIDGING
Step 10: Privileged Account Integration
Step 11: Privileged Auditing and Recovery
• Audit and roll back changes and identify who, what, where,
and when they were performed.
• Restore from the Active Directory recycle bin without having
to extract backups.
• Audit, report, and recover across a complex Windows or
heterogeneous environments.
Step 12: Integrate the Identity Access Stack
Morey J. Haber
• 20+ years security experience
• Articles on Secure World, Dark Reading, CSO
Online, etc.
• Author of “Privileged Attack Vectors: Building
Effective Cyber-Defense Strategies to Protect
Organizations” & ”Asset Attack Vectors”
(covering Vulnerability Management) – both
available from Apress Media
PROVEN
13,000+ customers
worldwide; extensive
partner community
COMPLETE
Comprehensive,
integrated, intelligent PAM
LEADER
Gartner, Forrester,
KuppingerCole
INNOVATIVE
30+ years of privilege
security firsts +
expansive roadmap
Infrastructure
Endpoints
Secure Remote
Access
Secure credentials with
Privileged Identity and
manage sessions with
Privileged Access
Empower and protect your
service desk with the most
secure Remote Support
software
Password & Session
Management
Gain accountability over
shared accounts
Eliminate hard-coded
passwords
Monitor privileged sessions
and user behavior
Enforce appropriate
credential usage
Eliminate Admin\root rights
Enforce Application &
command control
Efficiently delegate Windows,
Mac, Unix & Linux privileges
and elevate
Enforce appropriate use
Risk based privilege decisions
Privilege
Management
On-Premise
PowerBroker Privileged Access Management Platform
Cloud Hybrid
Table1. PASM Vendors and Their Key Capabilities
PAM Industry Leader
Leader: Forrester PIM Wave, 2016 Leader: Gartner Market Guide for PAM, 2017