Upload
bakotech
View
212
Download
4
Tags:
Embed Size (px)
Citation preview
IT Security trend: integrated APT-IGA solution
Vladislav Shapiro
Director of Identity Practice – IGA
Dell/Immersion Technology Services (ITS)
Discussion points
• Current state of affairs in IT Security
• How IGA can compliment ATP solution
• Basics of Identity Governance Administration
• Connecting the dots: agile I-G-A
• Conclusions
Current State of Affairs in IT Security
IT Security realities of today
• Change of focus: from protection the perimeter (external only) to the governance of the whole infrastructure (internal and external)
• Change of mentality: from “castle under siege” to “enemy is already here”
• Main external goal: advanced threat protection (ATP)
• Main internal goal: IGA – Identity Governance and Administration
• Shift from pure technical-based to business and human factor focused solutions
WHO ARE THE “BAD GUYS”?
APTs
Data Loss Filtering
URL Filtering
Anti-spam, Anti-spyware Anti-malware
Trojans
Worms,Bots
Spyware
Spam
Grey-listing
Behavioral Analysis
Heuristics
Whitelisting
1980s 1990s 2000s 2010s
Offense
Defe
nse
Melissa
CodeRed
Birth of
Anti-Virus
Mobile Threats
Rootkits
PhishingZero-days
EVOLUTION OF MALWARE
APT-NEW THREAT LANDSCAPE
2005 2007 2009 2011 2013
Advanced Persistent Threats
Zero-dayTargeted AttacksDynamic Trojans
Stealth Bots
WormsViruses
Disruption Spyware/Bots
Cybercrime
Cyber-espionage and Cybercrime
Dam
age
of
Att
acks
New Threat Landscape
Dynamic, Polymorphic Malware
Coordinated Persistent Threat Actors
Multi-Vector Attacks Multi-Staged Attacks
ATTACKS ALWAYS RELY ON INTERNAL PROCESS FLAWS
• No established business process for granting rights to individuals
• Lack of governance, access controls and monitoring
• No actionable reporting
IGA SHOULD BE READY FOR ADVANCED THREATS
How IGA can compliment ATP solution
Current process gaps• Pre-incident preparation gaps – no abilities to configure business
workflows ( information, lights-off, restoring the pre-incident status-quo after fixing issues, etc.) for actions in case of advanced threat attack discovery
• Detection gap – no identity information behind user account affected by incident
• Triage gap – not clear who has access to the affected data or device, and what kind of other entitlements the affected individual has
• Data collection gap – currently there is no IGA data available for ATP, like identity attributes, organizational structure, business rules, affected data governance information, etc.
• Take action gaps – no workflows to be triggered based on the discovery, just manual processes; no ability to have two-way communications with data owners, application admins and governance people and entities
• Report gaps – cannot include IGA data into report, no ability to automate report generation and delivery, no actionable reports.
How to cover the gaps
• Install Dell One Identity Manager (D1IM) as the central IGA authority
• Configure D1IM set of AT response business workflows for each IR Framework element
• Integrate D1IM with ATP solution for:• Identity Data Synchronization• XML data feeds from ATP for activation AT response workflows • D1IM approval and fulfillment workflow calls to ATP solution• D1IM object risk calculations and attestations• Joint device and other resource management
• Joint reporting: using ATP solution data in D1IM reports and notifications
IGA
ATP
Best response practice: ATP+ IGA
13
Pre-Incident Preparation
Detect TriageCollect Data: - Volatile Data- Forensic Dup. - Network Traffic
Perform Analysis
Take Action: Admin and
LegalReporting
Incident Occurs: Point-In-Time or Ongoing
Remediation: Technical Recovery from the Incident
Status Reporting
Identity Governance and Administration central authority
Data feed
Data feed
Data feed
Data feed
Targets/Applications/Devices
Account checks Access freeze Risk-based provisioning
Notifications, access restore and provisioning
Identity DataSync
Data feed
Basics of Identity Governance andAdministration (IGA)
Three dimensions of IGA
• I - Identity Management
• G - Governance, Risk and Compliance (GRC)
• A – Administration – Access Management and Provisioning
Main challenge:
Make all three components connected to work as one
Three forces of IGA in your enterprise
• Identity owners (HR, Identity suppliers) - I–Responsibilities: manage identities, organization charts–Goal: make sure that identity and organization information is up to
date
• Business owners (C-level managers, PM, compliance officers) - G–Responsibilities: manage all business-related matters, including
governance, risk and compliance–Goal: make business successful and customers happy
• Technology owners (System admins, DB admins, etc.) - A–Responsibilities: support business with technology–Goal: All systems should be up and running 24-7 with no downtime
Identity Posture - how to evaluate
• Identity Posture is about how connected and in-sync three forces are – Three forces collaboration– Maturity of each force
• Identity Posture is about measuring maturity of– Identity model– Governance model– Administration model
• Identity Posture is about how enterprise can handle CHANGES– Identity updates – Governance processes restructuring– Administration redesigning
Connecting the dots – agile IGA
Connected I-G-A goal – be agile
• All elements are connected into one solution where each responsible person is a contributor to the system
• Each contributor has means to configure his/her own IGA elements within his knowledge
• IGA project should have short length phases with clear achievable milestones
19
I G
GG
AA
Identity Governance Administration
Managers should easily see all the entitlements of an employee in one clear view
• Actionable
• All logical, physical systems, resources and assets.
Identity - Identity Goal - Enterprise Visibility
Identity goal – separate business and technical views
• Business view • Technical view
Governance goal – give dashboard views for current status visibility
Managers should easily find the overall and specific status of requests and processes in the system
Governance goal - Access granting history audit
People responsible for auditing should be able to see the history of assigning access and entitlements to the individuals
Governance goal – Approval Workflow builder
Approval workflows should be built by the same people who are responsible for the granting process using regular tools, not scripts
Conclusions
IGA-ATP integration solution advantages
• One vision – one solution
• Full protection for customers – Covering internal and external threats– Holistic view of the security posture
• End-to-end business process– Detection, triage and mitigation via business workflows– Governance and provisioning as steps of the same process– Proactive reporting and actions to eliminate gaps in policies
• One global view on IT security data – Central repository for IGA and ATP – Seamless data exchange between IGA and ATP tools– Joint administration and managing