Dissecting the Privileged Threat Landscape in 2017

Attackers want your crown jewels. How

do you protect your assets?

Andras Cser

VP Principal Analyst

January 14, 2017

© 2017 Forrester Research, Inc. Reproduction Prohibited3

Shift from Compliance to Information Risk in PIM buying decisions

Information

Risk

Efficiency

Compliance

Flexibility


Cyber Threat Involves Compromised Privileged Passwords

Data breaches are a huge problem

Forrester estimates that 80% of all data breaches involve misuse of

administrative privileges

Mitigate outsider attacks

API management is a must: App2App passwords are everywhere

Requires behavioral analysis

Network forensics are inadequate and slow


PIM requirements: Password Safe

Storing passwords securely

LDAP and AD discovery

High Availability

Supporting federation

App2App support

RBAC

Helpdesk integration


PIM requirements: Privileged Session Management and Recording

What you do with the password

SSH recording

Policies for who can do what on managed

sessions

Using your own tools as well as web interfaces

for your sessions

Indexing, searching, performance

OCR


PIM requirements: Host Access Control

Windows support (who can do what on Windows

endpoints

Registry change control

AWS console support

Unix support

Privilege escalation

Whitelisting/blacklisting commands


PIM requirements: Cloud Support

SaaS: business user support

SIM integration

Identity Management Integration

IaaS: Azure, AWS support

– STS

– Console

Interface intuitiveness and modernisms


PIM requirements: Strategy and Market Presence

Development plans

Customer satisfaction

Global partner ecosystem– NA

– Central and South America

– EMEA

– APAC

Solution development strength

Solution sales strength

Revenues

Revenue growth

Install base

Install base growth


PIM Wave Results


Forrester’s PIM Predictions

– IaaS and PaaS support

– SaaS form factor PIM solutions

– IoT

– Business user privileges management

– Behavioral and continuous authentication

on sessions

– Periodic rectification of privileges, access

governance, access request management

– Endpoint support growth


Cloud Pulls the CISO in Many Directions

CISO and

Security

Organization

Changes, aka

Uneven

Handshake

2. LOB

procures

cloud

services

1. Cloud

Offers

Irresistible

Benefits

5. Security

Struggles to

Reduce Cloud

Security Risks

4. Cloud

changes all

the time

3. CISO

Can’t Say

No All the

Time


General Challenges with Cloud Security

Clients still perceive cloud as less secure than on-premises

deployments

Some (many…) cloud providers do not cover security at all

Multicloud deployments are proliferating (“we have a little bit of

everything”)

Threat detection is not optional: it has to be built in

Lateral movement, data exfiltration are huge risks


General Challenges with Cloud Security

Consistent policies are a must – can’t be done without automation

Remediation of security compliance is impossible without

automation

Writing hundreds of explicit policies will not work

Need to automatically create baseline of normal behavior

Then detect anomalies from baseline

Then detect if it’s a threat or the anomaly is just part of unusual

activity


Vendor selection guidelines for PIM

PIM solutions need to cover IaaS and SaaS

API protection

Need to support:– On-prem admins

– Outsourced admins

– IaaS/PaaS/CSP admins

BCDR

IAM

Data protection in cloud workloads

SIEM/Security Analytics integration

Integration with other existing tools (CTI, etc.)

Workload separation and multi tenancy


Forrester’s PIM Predictions

– IT Ops should own PIM

– Simplify environment and make it consistent

– Treat High Availability as a priority

– Define audit logs ahead of implementation

to please auditors and compliance

– Treat your sourcing partners for system

administration as your employees, create

RBAC for them

Thank you

forrester.com

Andras Cser

+1 [email protected]

Reducing Insider

Threats with Visibility

and Control

The PowerBroker Privileged

Access Management Platform

Scott Lang,

Sr. Director, Product Marketing

Attack Chain

19

EMPLOYEES AND OTHER INSIDERS

HAVE UNNECESSARY ACCESS

Employees, vendors and other insiders are often given

excessive access to systems and data – and that access

can go unmonitored.

20

Privilege abuse was behind 66% of insider misuse incidents.

Source: Verizon 2017 Data Breach Investigations Report

CREDENTIALS ARE SHARED

AND UNMANAGED

Passwords are created and shared, but aren’t audited,

monitored or managed with discipline or accountability.

21

80% of data breaches involve the abuse or misuse of privileged

credentials. Source: Forrester Wave for Privileged Identity Management, 2017

IT ASSETS COMMUNICATE

UNCHECKED

Desktops, laptops, servers and applications communicate and

open paths to sensitive assets and data.

Source: Verizon 2017 Data Breach Investigations Report

50% of all exploitations from system vulnerabilities happen between

10 and 100 days after the vulnerability is published, with the median

around 30 days.

22

Attack Chain

XXX

X

XX

X

23

BeyondTrust is a cyber security software company that helps

organizations control their user privileges and passwords so

they can’t be used inappropriately or in a data breach.

Our platform unifies the most effective technologies for

addressing internal and external risk:

Privileged Access Management

Vulnerability Management

Threat & Behavioral Analytics

24

Endpoint

Least Privilege

Remove excessive user privileges and

control applications on endpoints

WINDOWS | MAC

Enterprise Password

Security

Provide accountability and control over

privileged credentials and sessions

APPS | DATABASES | DEVICES

SSH KEYS | CLOUD | VIRTUAL

Server Privilege

Management

Control, audit and simplify access to

business-critical systems

UNIX | LINUX | WINDOWS

ASSET & ACCOUNT

DISCOVERY

THREAT & VULNERABILITY

INTELLIGENCE &

BEHAVIORAL ANALYTICS

REPORTING &

CONNECTORS

POLICY & ACTION

RESPONSE

THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM

BeyondInsight

THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM

ASSET & ACCOUNT

DISCOVERY

THREAT & VULNERABILITY

INTELLIGENCE &

BEHAVIORAL ANALYTICS

REPORTING &

CONNECTORS

POLICY & ACTION

RESPONSE

Enterprise PasswordSecurity

Password & Session

Management Core

Asset Risk Visibility

Privileged passwords

A2A passwords and SSH keys

Integrated session management

EndpointLeast Privilege

Password & Session Management

Least Privilege Core


Windows/Mac desktop least privilege

Application control

Server Privilege Management

Password & Session Management


Active Directory Bridging

Privilege Management Core

Unix/Linux and Windows command

elevation & delegation

Integrated session monitoring & logging

BeyondInsight

PowerBroker Platform Benefits

• Zero gaps – Automatically find and manage all

accounts, assets and users

• Deep integration – Activate a network of

solutions that cooperate to solve challenges

• Better intelligence – Make more informed

privilege decisions based on vulnerability and

threat data

• Single view – Use a central policy and set of

actions for all user, account and asset security

• Faster time to value – Leverage great

reporting and connectors to export data to

systems already in place

• Consolidate vendors – Achieve greater

simplicity and lower TCO

Market ValidationPercentages of surveyed customers rating each listed

capability as differentiated from the competition or better:

80% Better Security Context

79% Reporting & Analytics

78% End-to-End PAM Capabilities

77% Flexible Deployment Options

73% Low Total Cost of Ownership

Source: 2017 TechValidate survey of BeyondTrust PAM customers

“PowerBroker has enabled us to eliminate

admin rights to workstations and servers,

which has resulted in fewer support calls

and reduced risk to our environment.”

“Thanks to Retina, we’ve moved from a

reactive security approach to a proactive

security approach.”

BeyondTrust’s “long history with large

deployments and advanced data analysis

tools should be a value to enterprises

looking to improve their vulnerability

management practices.”

28

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=AL7FutS0XddNZM&tbnid=0u7MM9nPHQXbFM:&ved=0CAgQjRwwAA&url=http://cloudtimes.org/2012/12/14/gartner-cloud-security-predictions-for-2013/&ei=I_gMUqHbKMWkyAGNtoGoBw&psig=AFQjCNEzsJ2_35M7v5OTzi66xhe_gpt5OQ&ust=1376668067707282

FINANCIALS

Privately Heldand profitable with significant growth

LOCATIONS

10 OfficesPhoenix, Leeds, Amsterdam, Boston, Dubai, Halifax,

Los Angeles, Munich, Singapore, Sydney

EMPLOYEES

> 350

CUSTOMERS

4000+Organizations world-wide,

including over half of the Fortune 100

29

PATENTS

7 Awarded10 Pending

Key Verticals: Fortune 500 Representation

30

12 of 18 Fortune 500

Commercial Banking

5 of 10 Fortune 500

Aerospace / Defense

22 of 40Fortune 500

Energy / Utility / Chemical

19 of 26Fortune 500

Tech / Software

5 of 8Fortune 500

Entertainment

15 of 33Fortune 500

Healthcare / Pharmaceuticals

13 of 35Fortune 500

Retail / Consumer

9 of 12Fortune 500

Communications

Summary:

Why PowerBroker?

• Comprehensive

• Integrated

• Intelligent

ACHIEVE END-

TO-END PRIVILEGED

ACCESS MANAGEMENT

GAIN VISIBILITY

INTO SYSTEM &

ASSET SECURITY

ALIGN WITH IAM

SOLUTIONS

UNDERSTAND

PASSWORD, USER &

ACCOUNT BEHAVIOR

SINGLE

PLATFORM

Quick Poll

Thank you for attending

today’s webinar.

Download Now!The Forrester Wave™:

Privileged Identity Management, Q3 2016

http://bit.ly/bt-pim-wave-Q32016