IT Security trend: integrated APT-IGA solution

Vladislav Shapiro

Director of Identity Practice – IGA

Dell/Immersion Technology Services (ITS)

Discussion points

• Current state of affairs in IT Security

• How IGA can compliment ATP solution

• Basics of Identity Governance Administration

• Connecting the dots: agile I-G-A

• Conclusions

Current State of Affairs in IT Security

IT Security realities of today

• Change of focus: from protection the perimeter (external only) to the governance of the whole infrastructure (internal and external)

• Change of mentality: from “castle under siege” to “enemy is already here”

• Main external goal: advanced threat protection (ATP)

• Main internal goal: IGA – Identity Governance and Administration

• Shift from pure technical-based to business and human factor focused solutions

WHO ARE THE “BAD GUYS”?

APTs

Data Loss Filtering

URL Filtering

Anti-spam, Anti-spyware Anti-malware

Trojans

Worms,Bots

Spyware

Spam

Grey-listing

Behavioral Analysis

Heuristics

Whitelisting

1980s 1990s 2000s 2010s

Offense

Defe

nse

Melissa

CodeRed

Birth of

Anti-Virus

Mobile Threats

Rootkits

PhishingZero-days

EVOLUTION OF MALWARE

APT-NEW THREAT LANDSCAPE

2005 2007 2009 2011 2013

Advanced Persistent Threats

Zero-dayTargeted AttacksDynamic Trojans

Stealth Bots

WormsViruses

Disruption Spyware/Bots

Cybercrime

Cyber-espionage and Cybercrime

Dam

age

of

Att

acks

New Threat Landscape

Dynamic, Polymorphic Malware

Coordinated Persistent Threat Actors

Multi-Vector Attacks Multi-Staged Attacks

ATTACKS ALWAYS RELY ON INTERNAL PROCESS FLAWS

• No established business process for granting rights to individuals

• Lack of governance, access controls and monitoring

• No actionable reporting

IGA SHOULD BE READY FOR ADVANCED THREATS

How IGA can compliment ATP solution

Current process gaps• Pre-incident preparation gaps – no abilities to configure business

workflows ( information, lights-off, restoring the pre-incident status-quo after fixing issues, etc.) for actions in case of advanced threat attack discovery

• Detection gap – no identity information behind user account affected by incident

• Triage gap – not clear who has access to the affected data or device, and what kind of other entitlements the affected individual has

• Data collection gap – currently there is no IGA data available for ATP, like identity attributes, organizational structure, business rules, affected data governance information, etc.

• Take action gaps – no workflows to be triggered based on the discovery, just manual processes; no ability to have two-way communications with data owners, application admins and governance people and entities

• Report gaps – cannot include IGA data into report, no ability to automate report generation and delivery, no actionable reports.

How to cover the gaps

• Install Dell One Identity Manager (D1IM) as the central IGA authority

• Configure D1IM set of AT response business workflows for each IR Framework element

• Integrate D1IM with ATP solution for:• Identity Data Synchronization• XML data feeds from ATP for activation AT response workflows • D1IM approval and fulfillment workflow calls to ATP solution• D1IM object risk calculations and attestations• Joint device and other resource management

• Joint reporting: using ATP solution data in D1IM reports and notifications

IGA

ATP

Best response practice: ATP+ IGA

13

Pre-Incident Preparation

Detect TriageCollect Data: - Volatile Data- Forensic Dup. - Network Traffic

Perform Analysis

Take Action: Admin and

LegalReporting

Incident Occurs: Point-In-Time or Ongoing

Remediation: Technical Recovery from the Incident

Status Reporting

Identity Governance and Administration central authority

Data feed

Data feed

Data feed

Data feed

Targets/Applications/Devices

Account checks Access freeze Risk-based provisioning

Notifications, access restore and provisioning

Identity DataSync

Data feed

Basics of Identity Governance andAdministration (IGA)

Three dimensions of IGA

• I - Identity Management

• G - Governance, Risk and Compliance (GRC)

• A – Administration – Access Management and Provisioning

Main challenge:

Make all three components connected to work as one

Three forces of IGA in your enterprise

• Identity owners (HR, Identity suppliers) - I–Responsibilities: manage identities, organization charts–Goal: make sure that identity and organization information is up to

date

• Business owners (C-level managers, PM, compliance officers) - G–Responsibilities: manage all business-related matters, including

governance, risk and compliance–Goal: make business successful and customers happy

• Technology owners (System admins, DB admins, etc.) - A–Responsibilities: support business with technology–Goal: All systems should be up and running 24-7 with no downtime

Identity Posture - how to evaluate

• Identity Posture is about how connected and in-sync three forces are – Three forces collaboration– Maturity of each force

• Identity Posture is about measuring maturity of– Identity model– Governance model– Administration model

• Identity Posture is about how enterprise can handle CHANGES– Identity updates – Governance processes restructuring– Administration redesigning

Connecting the dots – agile IGA

Connected I-G-A goal – be agile

• All elements are connected into one solution where each responsible person is a contributor to the system

• Each contributor has means to configure his/her own IGA elements within his knowledge

• IGA project should have short length phases with clear achievable milestones

19

I G

GG

AA

Identity Governance Administration

Managers should easily see all the entitlements of an employee in one clear view

• Actionable

• All logical, physical systems, resources and assets.

Identity - Identity Goal - Enterprise Visibility

Identity goal – separate business and technical views

• Business view • Technical view

Governance goal – give dashboard views for current status visibility

Managers should easily find the overall and specific status of requests and processes in the system

Governance goal - Access granting history audit

People responsible for auditing should be able to see the history of assigning access and entitlements to the individuals

Governance goal – Approval Workflow builder

Approval workflows should be built by the same people who are responsible for the granting process using regular tools, not scripts

Conclusions

IGA-ATP integration solution advantages

• One vision – one solution

• Full protection for customers – Covering internal and external threats– Holistic view of the security posture

• End-to-end business process– Detection, triage and mitigation via business workflows– Governance and provisioning as steps of the same process– Proactive reporting and actions to eliminate gaps in policies

• One global view on IT security data – Central repository for IGA and ATP – Seamless data exchange between IGA and ATP tools– Joint administration and managing