Upload
core-security
View
46
Download
3
Embed Size (px)
Citation preview
Identity + Security:Welcome to your new career
Chris Sullivan (Sully) SVP, Chief Information Security Office
Securing Digital BusinessSecureAuth, Core Security, Damballa, Courion, Secure Reset, Bay31
• We are leaders in IDM, IGA, SSO, Adaptive Auth, TI, Vulnerability Management, Pen-‐Testing, Threat Detection, Threat Intel
• We do primary research, analytics, automation and orchestration across the entire threat surface
Raison D'être
Device Centric InvestigationsThe Old Way
Defense In-‐Depth Manual Response
Limited Control Over Devices
Manual Investigation
Silos Of Data
Alert Overload
Alert FatiguePoint ProductsFocused On Devices
O R C H E S T R A T I O NI D E N T I T Y C A S E M G M TA N A L Y T I C S A U T O M AT I O N
LACKS
This Looks Simple but It’s Not
Attack Paths are Complicated
Access Attack PathsBillions of Changing Relationships
I D EN T I T Y
AC COUNT S
EN T I T L EMEN T S
RO L E S
A P P L I C AT I ON S
Separation of Duties
Privileged Access
Real Attack Paths are Real Complicated
The Role of Identity in Digital Business is Evolving
ITEfficiency
ITComplianceSecurity
Business Agility
Scale
UX
API
API
AI
I N T E L L I G ENT I D ENT I T Y I S V I TA L /NECES SARY FOR S ECUR I T Y
Identity Security AutomationThe Only Way
O R C H E S T R A T I O NI D E N T I T Y C A S E M G M TA N A L Y T I C S A U T O M AT I O N
IDENTITY SECURITY AUTOMATION
Any | Any | Any
Identity Centric TelemetryDevice Agnostic
WORKFORCEPARTNERS
CONSUMERS
ANY USER ANY DEVICE
MOBILETABLETLAPTOPSERVER
ANY PATH
CLIENT APPMOBILE APPBROWSEREMAIL
Contextual Evidence
Orchestration ofSiloed Data
Identity Context
Authentication Attempts
Network Behavior
Vulnerable Attack Paths
3rd Party Sec. Controls
Automated Investigation
Analytics Driven Case Mgmt.With High Confidence
Adaptive Automation
Playbooks for Rapid ResponseAt Identity Layer & Beyond
CONVENTIONALVIEW OF ACCESS
CLUSTER ANALYSISOF ACCESS
LINK ANALYSISOF ACCESS
ATTACK PATHREVIEW
Reducing Business Friction SecurelyAdaptive Authentication
Device Recognition
Threat Service
Directory Lookup
Geo-‐Location
Geo-‐Velocity
Geo-‐Fencing
Phone Number Fraud Prevention
Behavioral Biometrics
Identity Governance
User & Entity Behavior Analytics
Do we recognize this device?Associated with a user we know?
Real-‐time Threat IntelligenceIP Address Interrogation
Group membership and attribute checking
Request coming from a known location?Do we have employees, partners or customers here?
Has an improbable travel event taken place?
Track normal behaviorLooking for anomalies
Who should/does have access rights?High Access Rights = greater risk/vulnerability
Access request coming from within or outside a geographic barrier
Typing Sequences & Mouse MovementsUnique to each user on each device
Reduce # of OTPs, Block device class,Identify “porting” status, Block by carrier
Behind the Buzz of AISubtitle left
214– Allow us to continue to assist
Extract IP address from major target systems and evaluate activity
Gain Awareness
Define criteria to determine level of acceptance by use case or user category
Understand seasonality and impact to risk tolerance
Assess Acceptable Risk
Create metrics for success (near term, mid term, long term)
Determine success?
Make a time investment in a Risk Awareness Workshop
© 2017 by SecureAuth + Core Security All rights reserved
Thank you… Thank you very much.