Enemy from Within:

Managing and

Controlling Access

Dr. Eric Cole

Author, SANS Top 20 Critical Controls

Morey J. Haber

VP of Technology, BeyondTrust

Joe Gottlieb

SVP Corporate Development, SailPoint

Is Your Access Control Hacker Proof?

OR

Are You One Click Away From a Breach?

Dr. Eric Cole

2

The difference between a minor breach and a major breach is based off of what information the adversary was able to

obtain access to.

The question you need to ask is how effective is your access control?

3

Scenario 1 – Weak Password

SCENARIO

An attacker finds a web portal that allows access to your network. The access is based on a username and password.

Account harvesting is done via social media and password cracking is performed. A weak password is cracked to obtain access

WHAT FAILED

Password controls and policies

Monitoring and detection of password cracking

REMEDIATION

Account lockout

Strong password policy with enforcement

4

Scenario 2 – Compromised Credentials

SCENARIO

User does not properly protect their credentials and leaves their computer unlocked at a hotel, airport or coffee shop.

Adversary is able to compromise the system and gain access to both local and network based data stores

WHAT FAILED

User awareness

System lockdown

Account monitoring

REMEDIATION

Utilize multi-factor authentication

Enabled screen lockout

Limit or monitor access when connected to public networks

5

Scenario 3 – Uncontrolled Data

SCENARIO

Data is constantly copied and stored on multiple systems throughout the organization. No one has idea where the information is located except an adversary. From the DMZ the adversary is able to access and compromise sensitive information.

WHAT FAILED

Data classificationNo control of data access or permissions

REMEDIATION

Data discovery

Segmentation

Data flow analysis

6

Scenario 4 – Advanced Phishing

SCENARIO

User receives an email believing it is from their boss who is on vacation will all content being valid and legitimate but attachment contains malicious code

Since boss is away, email cannot be verified and system becomes compromised with no remediation

WHAT FAILED

Email filtering and monitoring

Controlling and managing access

Privilege escalation

REMEDIATION

Controlling access

Limiting executable content

7

Scenario 5 – Malicious External

SCENARIO

External adversary targets systems on the DMZ and compromises the server as a pivot point. From the DMZ they perform lateral movement and ultimately compromise sensitive information from the database

WHAT FAILED

Provision managementEntitlements

Timely detection

REMEDIATIONAccess control

Data classification

Data monitoring

8

Recent Major Breaches

9

Your Organization

• Resources

• Identities

• Entitlements

Interaction Between

Assets and Users

Can Represent Risk

10

Enemy from Within…

• Insider Threats

• External Threats

All Breaches and Exfiltration

of Sensitive Data Need to Leverage

Vulnerabilities and/or Privileges

11

Critical Questions for Managing RiskIdentity & Access Management (IAM) and Privileged Access Management (PAM)

Who has access

to what?

Is that access

appropriate?

Is that access being

used appropriately?

PAMIAM

12

How is that access changing over time?

How do IAM and PAM Fit Together?

Deep Controls for Privileged AccountsBroad Governance for All Accounts

CONTINUOUS MONITORING

SESSION CONTROL

ACCESS CONTROL

DISCOVERY

PROVISIONING

ACCESS CERTIFICATION

ACCESS REQUESTS

CREDENTIAL LOCK DOWN

IAM PAM

13

Combining IAM and PAM for Comprehensive Control

Broad Governance for All Accounts + Deep Controls for Privileged Accounts

CONTINUOUS MONITORING

SESSION CONTROL

ACCESS CONTROL

DISCOVERY

PROVISIONING

ACCESS CERTIFICATION

ACCESS REQUESTS

CREDENTIAL LOCK DOWN

Mobile

Devices

Security

AppliancesDatabase

s

Operating

Systems

SaaS &

Cloud

Network

DevicesDirectoriesStorageSCADAMainfram

e

14

SailPoint Identity & Access Management

15

Compliance

Manager

Lifecycle

Manager

Password

Manager

Dashboards

Reporting

Analytics

Policy

ModelIdentity

WarehouseRole

Model

Workflow

Engine

Risk

Model

3rd Party

Provisioning

Mobile Device

ManagementIT Service

Management

IT

Security

Identity

Intelligence Unified Governance

Platform

Cloud

Apps

On-prem

Apps

Directory

Services

Structured

Data

Unstructured

Data

Scenario 1:

Weak

PasswordScenario 3:

Uncontrolled

Data

Scenario 4:

Advanced

Phishing

Scenario 5:

Malicious

External

Reduce user-based risk and mitigate threats

to information assets3 Address security exposures across large,

diverse IT environments3 Comply with internal, industry and

government mandates3

The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively:

BeyondTrust Privilege Management Platform

16

Scenario 1:

Weak

Password

Scenario 2:

Compromised

Credentials

Scenario 4:

Advanced

Phishing

Scenario 5:

Malicious

External

Summary

• Attacks are increasingly proactive, sophisticated and

opportunistic

• To minimize risk, enterprises must master the complexity of

access

• IAM and PAM can be combined to achieve comprehensive

control

17

Poll

Thank you for attending

today’s webinar!

Dr. Eric Cole

Author, SANS Top 20 Critical Controls

Morey J. Haber

VP of Technology, BeyondTrust

Joe Gottlieb

SVP Corporate Development, SailPoint