Identity  +  Security:Welcome  to  your  new  career

Chris  Sullivan  (Sully)  SVP,  Chief  Information  Security  Office

Securing  Digital  BusinessSecureAuth,  Core  Security,  Damballa,  Courion,  Secure  Reset,  Bay31

• We  are  leaders  in  IDM,  IGA,  SSO,  Adaptive  Auth,  TI,  Vulnerability  Management,  Pen-­‐Testing,  Threat  Detection,  Threat  Intel

• We  do  primary  research,  analytics,  automation  and  orchestration  across  the  entire  threat  surface

Raison  D'être

Device  Centric  InvestigationsThe  Old  Way

Defense  In-­‐Depth Manual  Response

Limited  Control  Over  Devices

Manual  Investigation

Silos  Of  Data

Alert  Overload

Alert  FatiguePoint  ProductsFocused  On  Devices

O R C H E S T R A T I O NI D E N T I T Y C A S E   M G M TA N A L Y T I C S A U T O M AT I O N

LACKS

This  Looks  Simple  but  It’s  Not

Attack  Paths  are  Complicated

Access  Attack  PathsBillions  of  Changing  Relationships

I D EN T I T Y

AC COUNT S

EN T I T L EMEN T S

RO L E S

A P P L I C AT I ON S

Separation  of  Duties

Privileged  Access

Real  Attack  Paths  are  Real  Complicated

The  Role  of  Identity  in  Digital  Business  is  Evolving  

ITEfficiency

ITComplianceSecurity

Business  Agility

Scale

UX

API

API

AI

I N T E L L I G ENT   I D ENT I T Y   I S   V I TA L /NECES SARY   FOR   S ECUR I T Y

Identity  Security  AutomationThe  Only  Way

O R C H E S T R A T I O NI D E N T I T Y C A S E   M G M TA N A L Y T I C S A U T O M AT I O N

IDENTITY  SECURITY  AUTOMATION

Any  | Any  |  Any

Identity  Centric  TelemetryDevice  Agnostic

WORKFORCEPARTNERS

CONSUMERS

ANY  USER ANY  DEVICE

MOBILETABLETLAPTOPSERVER

ANY  PATH

CLIENT  APPMOBILE  APPBROWSEREMAIL

Contextual  Evidence

Orchestration  ofSiloed  Data

Identity  Context

Authentication  Attempts

Network  Behavior

Vulnerable  Attack  Paths

3rd Party  Sec.  Controls

Automated  Investigation

Analytics  Driven  Case  Mgmt.With  High  Confidence

Adaptive  Automation

Playbooks  for  Rapid  ResponseAt  Identity  Layer  &  Beyond

CONVENTIONALVIEW  OF  ACCESS

CLUSTER  ANALYSISOF  ACCESS

LINK  ANALYSISOF  ACCESS

ATTACK  PATHREVIEW

Reducing  Business  Friction  SecurelyAdaptive  Authentication

Device  Recognition

Threat  Service

Directory  Lookup

Geo-­‐Location

Geo-­‐Velocity

Geo-­‐Fencing

Phone  Number  Fraud  Prevention

Behavioral  Biometrics

Identity  Governance

User  &  Entity  Behavior  Analytics

Do  we  recognize  this  device?Associated  with  a  user  we  know?

Real-­‐time  Threat  IntelligenceIP  Address  Interrogation

Group  membership  and  attribute  checking

Request  coming  from  a  known  location?Do  we  have  employees,  partners  or  customers  here?

Has  an  improbable  travel  event  taken  place?

Track  normal  behaviorLooking  for  anomalies

Who  should/does  have  access  rights?High  Access  Rights  =  greater  risk/vulnerability

Access  request  coming  from  within  or  outside  a  geographic  barrier

Typing  Sequences  &  Mouse  MovementsUnique  to  each  user  on  each  device

Reduce  #  of  OTPs,  Block  device  class,Identify  “porting”  status,  Block  by  carrier

Behind  the  Buzz  of  AISubtitle  left

214– Allow  us  to  continue  to  assist

Extract  IP  address  from  major  target  systems  and  evaluate  activity  

Gain  Awareness

Define  criteria  to  determine  level  of  acceptance  by  use  case  or  user  category  

Understand  seasonality  and  impact  to  risk  tolerance  

Assess  Acceptable  Risk

Create  metrics  for  success  (near  term,  mid  term,  long  term)

Determine  success?  

Make  a  time  investment  in  a  Risk  Awareness  Workshop

© 2017  by  SecureAuth +  Core  Security  All  rights  reserved

Thank  you…  Thank  you  very  much.