Upload
beyondtrust
View
339
Download
0
Embed Size (px)
Citation preview
Attackers want your crown jewels. How
do you protect your assets?
Andras Cser
VP Principal Analyst
January 14, 2017
© 2017 Forrester Research, Inc. Reproduction Prohibited3
Shift from Compliance to Information Risk in PIM buying decisions
Information
Risk
Efficiency
Compliance
Flexibility
© 2017 Forrester Research, Inc. Reproduction Prohibited4
Cyber Threat Involves Compromised Privileged Passwords
Data breaches are a huge problem
Forrester estimates that 80% of all data breaches involve misuse of
administrative privileges
Mitigate outsider attacks
API management is a must: App2App passwords are everywhere
Requires behavioral analysis
Network forensics are inadequate and slow
© 2017 Forrester Research, Inc. Reproduction Prohibited5
PIM requirements: Password Safe
Storing passwords securely
LDAP and AD discovery
High Availability
Supporting federation
App2App support
RBAC
Helpdesk integration
© 2017 Forrester Research, Inc. Reproduction Prohibited6
PIM requirements: Privileged Session Management and Recording
What you do with the password
SSH recording
Policies for who can do what on managed
sessions
Using your own tools as well as web interfaces
for your sessions
Indexing, searching, performance
OCR
© 2017 Forrester Research, Inc. Reproduction Prohibited7
PIM requirements: Host Access Control
Windows support (who can do what on Windows
endpoints
Registry change control
AWS console support
Unix support
Privilege escalation
Whitelisting/blacklisting commands
© 2017 Forrester Research, Inc. Reproduction Prohibited8
PIM requirements: Cloud Support
SaaS: business user support
SIM integration
Identity Management Integration
IaaS: Azure, AWS support
– STS
– Console
Interface intuitiveness and modernisms
© 2017 Forrester Research, Inc. Reproduction Prohibited9
PIM requirements: Strategy and Market Presence
Development plans
Customer satisfaction
Global partner ecosystem– NA
– Central and South America
– EMEA
– APAC
Solution development strength
Solution sales strength
Revenues
Revenue growth
Install base
Install base growth
© 2017 Forrester Research, Inc. Reproduction Prohibited10
PIM Wave Results
© 2017 Forrester Research, Inc. Reproduction Prohibited11
Forrester’s PIM Predictions
– IaaS and PaaS support
– SaaS form factor PIM solutions
– IoT
– Business user privileges management
– Behavioral and continuous authentication
on sessions
– Periodic rectification of privileges, access
governance, access request management
– Endpoint support growth
© 2017 Forrester Research, Inc. Reproduction Prohibited1212
Cloud Pulls the CISO in Many Directions
CISO and
Security
Organization
Changes, aka
Uneven
Handshake
2. LOB
procures
cloud
services
1. Cloud
Offers
Irresistible
Benefits
5. Security
Struggles to
Reduce Cloud
Security Risks
4. Cloud
changes all
the time
3. CISO
Can’t Say
No All the
Time
© 2017 Forrester Research, Inc. Reproduction Prohibited13
General Challenges with Cloud Security
Clients still perceive cloud as less secure than on-premises
deployments
Some (many…) cloud providers do not cover security at all
Multicloud deployments are proliferating (“we have a little bit of
everything”)
Threat detection is not optional: it has to be built in
Lateral movement, data exfiltration are huge risks
© 2017 Forrester Research, Inc. Reproduction Prohibited14
General Challenges with Cloud Security
Consistent policies are a must – can’t be done without automation
Remediation of security compliance is impossible without
automation
Writing hundreds of explicit policies will not work
Need to automatically create baseline of normal behavior
Then detect anomalies from baseline
Then detect if it’s a threat or the anomaly is just part of unusual
activity
© 2017 Forrester Research, Inc. Reproduction Prohibited15
Vendor selection guidelines for PIM
PIM solutions need to cover IaaS and SaaS
API protection
Need to support:– On-prem admins
– Outsourced admins
– IaaS/PaaS/CSP admins
BCDR
IAM
Data protection in cloud workloads
SIEM/Security Analytics integration
Integration with other existing tools (CTI, etc.)
Workload separation and multi tenancy
© 2017 Forrester Research, Inc. Reproduction Prohibited16
Forrester’s PIM Predictions
– IT Ops should own PIM
– Simplify environment and make it consistent
– Treat High Availability as a priority
– Define audit logs ahead of implementation
to please auditors and compliance
– Treat your sourcing partners for system
administration as your employees, create
RBAC for them
Reducing Insider
Threats with Visibility
and Control
The PowerBroker Privileged
Access Management Platform
Scott Lang,
Sr. Director, Product Marketing
Attack Chain
19
EMPLOYEES AND OTHER INSIDERS
HAVE UNNECESSARY ACCESS
Employees, vendors and other insiders are often given
excessive access to systems and data – and that access
can go unmonitored.
20
Privilege abuse was behind 66% of insider misuse incidents.
Source: Verizon 2017 Data Breach Investigations Report
CREDENTIALS ARE SHARED
AND UNMANAGED
Passwords are created and shared, but aren’t audited,
monitored or managed with discipline or accountability.
21
80% of data breaches involve the abuse or misuse of privileged
credentials. Source: Forrester Wave for Privileged Identity Management, 2017
IT ASSETS COMMUNICATE
UNCHECKED
Desktops, laptops, servers and applications communicate and
open paths to sensitive assets and data.
Source: Verizon 2017 Data Breach Investigations Report
50% of all exploitations from system vulnerabilities happen between
10 and 100 days after the vulnerability is published, with the median
around 30 days.
22
Attack Chain
XXX
X
XX
X
23
BeyondTrust is a cyber security software company that helps
organizations control their user privileges and passwords so
they can’t be used inappropriately or in a data breach.
Our platform unifies the most effective technologies for
addressing internal and external risk:
Privileged Access Management
Vulnerability Management
Threat & Behavioral Analytics
24
Endpoint
Least Privilege
Remove excessive user privileges and
control applications on endpoints
WINDOWS | MAC
Enterprise Password
Security
Provide accountability and control over
privileged credentials and sessions
APPS | DATABASES | DEVICES
SSH KEYS | CLOUD | VIRTUAL
Server Privilege
Management
Control, audit and simplify access to
business-critical systems
UNIX | LINUX | WINDOWS
ASSET & ACCOUNT
DISCOVERY
THREAT & VULNERABILITY
INTELLIGENCE &
BEHAVIORAL ANALYTICS
REPORTING &
CONNECTORS
POLICY & ACTION
RESPONSE
THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM
BeyondInsight
THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM
ASSET & ACCOUNT
DISCOVERY
THREAT & VULNERABILITY
INTELLIGENCE &
BEHAVIORAL ANALYTICS
REPORTING &
CONNECTORS
POLICY & ACTION
RESPONSE
Enterprise PasswordSecurity
Password & Session
Management Core
Asset Risk Visibility
Privileged passwords
A2A passwords and SSH keys
Integrated session management
EndpointLeast Privilege
Password & Session Management
Least Privilege Core
Asset Risk Visibility
Windows/Mac desktop least privilege
Application control
Server Privilege Management
Password & Session Management
Asset Risk Visibility
Active Directory Bridging
Privilege Management Core
Unix/Linux and Windows command
elevation & delegation
Integrated session monitoring & logging
BeyondInsight
PowerBroker Platform Benefits
• Zero gaps – Automatically find and manage all
accounts, assets and users
• Deep integration – Activate a network of
solutions that cooperate to solve challenges
• Better intelligence – Make more informed
privilege decisions based on vulnerability and
threat data
• Single view – Use a central policy and set of
actions for all user, account and asset security
• Faster time to value – Leverage great
reporting and connectors to export data to
systems already in place
• Consolidate vendors – Achieve greater
simplicity and lower TCO
Market ValidationPercentages of surveyed customers rating each listed
capability as differentiated from the competition or better:
80% Better Security Context
79% Reporting & Analytics
78% End-to-End PAM Capabilities
77% Flexible Deployment Options
73% Low Total Cost of Ownership
Source: 2017 TechValidate survey of BeyondTrust PAM customers
“PowerBroker has enabled us to eliminate
admin rights to workstations and servers,
which has resulted in fewer support calls
and reduced risk to our environment.”
“Thanks to Retina, we’ve moved from a
reactive security approach to a proactive
security approach.”
BeyondTrust’s “long history with large
deployments and advanced data analysis
tools should be a value to enterprises
looking to improve their vulnerability
management practices.”
28
FINANCIALS
Privately Heldand profitable with significant growth
LOCATIONS
10 OfficesPhoenix, Leeds, Amsterdam, Boston, Dubai, Halifax,
Los Angeles, Munich, Singapore, Sydney
EMPLOYEES
> 350
CUSTOMERS
4000+Organizations world-wide,
including over half of the Fortune 100
29
PATENTS
7 Awarded10 Pending
Key Verticals: Fortune 500 Representation
30
12 of 18 Fortune 500
Commercial Banking
5 of 10 Fortune 500
Aerospace / Defense
22 of 40Fortune 500
Energy / Utility / Chemical
19 of 26Fortune 500
Tech / Software
5 of 8Fortune 500
Entertainment
15 of 33Fortune 500
Healthcare / Pharmaceuticals
13 of 35Fortune 500
Retail / Consumer
9 of 12Fortune 500
Communications
Summary:
Why PowerBroker?
• Comprehensive
• Integrated
• Intelligent
ACHIEVE END-
TO-END PRIVILEGED
ACCESS MANAGEMENT
GAIN VISIBILITY
INTO SYSTEM &
ASSET SECURITY
ALIGN WITH IAM
SOLUTIONS
UNDERSTAND
PASSWORD, USER &
ACCOUNT BEHAVIOR
SINGLE
PLATFORM
Quick Poll
Thank you for attending
today’s webinar.
Download Now!The Forrester Wave™:
Privileged Identity Management, Q3 2016
http://bit.ly/bt-pim-wave-Q32016