Enemy from Within:
Managing and
Controlling Access
Dr. Eric Cole
Author, SANS Top 20 Critical Controls
Morey J. Haber
VP of Technology, BeyondTrust
Joe Gottlieb
SVP Corporate Development, SailPoint
Is Your Access Control Hacker Proof?
OR
Are You One Click Away From a Breach?
Dr. Eric Cole
2
The difference between a minor breach and a major breach is based off of what information the adversary was able to
obtain access to.
The question you need to ask is how effective is your access control?
3
Scenario 1 – Weak Password
SCENARIO
An attacker finds a web portal that allows access to your network. The access is based on a username and password.
Account harvesting is done via social media and password cracking is performed. A weak password is cracked to obtain access
WHAT FAILED
Password controls and policies
Monitoring and detection of password cracking
REMEDIATION
Account lockout
Strong password policy with enforcement
4
Scenario 2 – Compromised Credentials
SCENARIO
User does not properly protect their credentials and leaves their computer unlocked at a hotel, airport or coffee shop.
Adversary is able to compromise the system and gain access to both local and network based data stores
WHAT FAILED
User awareness
System lockdown
Account monitoring
REMEDIATION
Utilize multi-factor authentication
Enabled screen lockout
Limit or monitor access when connected to public networks
5
Scenario 3 – Uncontrolled Data
SCENARIO
Data is constantly copied and stored on multiple systems throughout the organization. No one has idea where the information is located except an adversary. From the DMZ the adversary is able to access and compromise sensitive information.
WHAT FAILED
Data classificationNo control of data access or permissions
REMEDIATION
Data discovery
Segmentation
Data flow analysis
6
Scenario 4 – Advanced Phishing
SCENARIO
User receives an email believing it is from their boss who is on vacation will all content being valid and legitimate but attachment contains malicious code
Since boss is away, email cannot be verified and system becomes compromised with no remediation
WHAT FAILED
Email filtering and monitoring
Controlling and managing access
Privilege escalation
REMEDIATION
Controlling access
Limiting executable content
7
Scenario 5 – Malicious External
SCENARIO
External adversary targets systems on the DMZ and compromises the server as a pivot point. From the DMZ they perform lateral movement and ultimately compromise sensitive information from the database
WHAT FAILED
Provision managementEntitlements
Timely detection
REMEDIATIONAccess control
Data classification
Data monitoring
8
Recent Major Breaches
9
Your Organization
• Resources
• Identities
• Entitlements
Interaction Between
Assets and Users
Can Represent Risk
10
Enemy from Within…
• Insider Threats
• External Threats
All Breaches and Exfiltration
of Sensitive Data Need to Leverage
Vulnerabilities and/or Privileges
11
Critical Questions for Managing RiskIdentity & Access Management (IAM) and Privileged Access Management (PAM)
Who has access
to what?
Is that access
appropriate?
Is that access being
used appropriately?
PAMIAM
12
How is that access changing over time?
How do IAM and PAM Fit Together?
Deep Controls for Privileged AccountsBroad Governance for All Accounts
CONTINUOUS MONITORING
SESSION CONTROL
ACCESS CONTROL
DISCOVERY
PROVISIONING
ACCESS CERTIFICATION
ACCESS REQUESTS
CREDENTIAL LOCK DOWN
IAM PAM
13
Combining IAM and PAM for Comprehensive Control
Broad Governance for All Accounts + Deep Controls for Privileged Accounts
CONTINUOUS MONITORING
SESSION CONTROL
ACCESS CONTROL
DISCOVERY
PROVISIONING
ACCESS CERTIFICATION
ACCESS REQUESTS
CREDENTIAL LOCK DOWN
Mobile
Devices
Security
AppliancesDatabase
s
Operating
Systems
SaaS &
Cloud
Network
DevicesDirectoriesStorageSCADAMainfram
e
14
SailPoint Identity & Access Management
15
Compliance
Manager
Lifecycle
Manager
Password
Manager
Dashboards
Reporting
Analytics
Policy
ModelIdentity
WarehouseRole
Model
Workflow
Engine
Risk
Model
3rd Party
Provisioning
Mobile Device
ManagementIT Service
Management
IT
Security
Identity
Intelligence Unified Governance
Platform
Cloud
Apps
On-prem
Apps
Directory
Services
Structured
Data
Unstructured
Data
Scenario 1:
Weak
PasswordScenario 3:
Uncontrolled
Data
Scenario 4:
Advanced
Phishing
Scenario 5:
Malicious
External
Reduce user-based risk and mitigate threats
to information assets3 Address security exposures across large,
diverse IT environments3 Comply with internal, industry and
government mandates3
The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively:
BeyondTrust Privilege Management Platform
16
Scenario 1:
Weak
Password
Scenario 2:
Compromised
Credentials
Scenario 4:
Advanced
Phishing
Scenario 5:
Malicious
External
Summary
• Attacks are increasingly proactive, sophisticated and
opportunistic
• To minimize risk, enterprises must master the complexity of
access
• IAM and PAM can be combined to achieve comprehensive
control
17
Poll
Thank you for attending
today’s webinar!
Dr. Eric Cole
Author, SANS Top 20 Critical Controls
Morey J. Haber
VP of Technology, BeyondTrust
Joe Gottlieb
SVP Corporate Development, SailPoint