pre-con ed: privileged access management for hybrid enterprises

World®’16

PrivilegedAccessManagementforHybridEnterprisesShawnW.Hank,Sr.PrincipalConsultant,SecurityCATechnologies

SCX04E

SECURITY

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract(inonlineagenda)

Privilegedaccountsareacoreattackvectorincountless,devastatingdatabreachesandareincreasinglythefocusofdemandingcompliancemandates.ThissessionwillprovideanoverviewoftheCATechnologiesstrategyforprivilegedaccessmanagement,includinganin-depthexplorationofthekeycapabilitiesofCAPrivilegedAccessManager,suchasforcredentialmanagement;strongauthentication;role-based,leastprivilegeaccesscontrol;commandfiltering,andsessionmonitoringandrecordingfromasinglepointofcontrolacrosstheentirehybridenterprise.You’llalsolearnhowCAPrivilegedAccessManagerprovidestruedefense-in-depthandgreatersecurityforprivilegedaccountsbyseamlesslyworkingwithotherkeyenterprisesolutionsincludingCAPrivilegedAccessManagerServerControl,migrationpathsforCAPrivilegedIdentityManagercustomerstoCAPrivilegedAccessManagerandCAPrivilegedAccessManagerServerControl,andhelpdesksolutionsforprivilegedaccessservicemanagement.

ShawnHank

CATechnologiesSr.PrincipalConsultant,Presales

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

§ Privilegedaccountsareacoreattackvectorincountlessdevastatingdatabreaches,andareincreasinglythefocusofdemandingcompliancemandates.ThissessionwillprovideanoverviewofCATechnologiesstrategyforprivilegedaccessmanagement,includinganin-depthexplorationofthekeycapabilitiesofCAPrivilegedAccessManager,CATechnologiessolutionforprotectinganddefendingprivilegedaccountsandcredentialsfromattack,andmanaging,controlling,andauditingtheactivitiesofprivilegedusers

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TheCASolutionPortfolioComprehensivePrivilegedAccessManagement

§Ac

cessre

quests

§Ce

rtificatio

n§

Riskana

lytic

s

§ Strongauthentication,includingMFA§ Credentialmanagement§ Policy-based,leastprivilegeaccesscontrol§ Commandfiltering§ Sessionrecording,auditing,attribution§ Applicationpasswordmanagement§ Comprehensive,hybridenterpriseprotection§ Self-contained,hardenedappliance

§

§ In-depthprotectionforcriticalservers§ Highly-granularaccesscontrols§ Segregateddutiesofsuper-users§ Controlledaccesstosystemresourcessuchas

files,folders,processesandregistries§ SecuredTaskDelegation(sudo)§ EnforceTrustedComputingBase

IDENTITY-BASEDSECURITY HOST-BASEDSECURITY

DEFENSEINDEPTH

CAPrivilegedAccessManager CAPrivilegedAccessManagerServerControl

CAID

ENTITYSUITE

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

CAPrivilegedAccessManagerPrivilegedAccountManagementfortheHybridEnterprise

HYBRIDENTERPRISETraditionalDataCenter

Mainframe,Windows,Linux,Unix,Networking

EnterpriseAdminTools

SoftwareDefinedDataCenter

SDDCConsoleandAPIs

PublicCloud- IaaS

CloudConsoleandAPIs

SaaSApplications

SaaSConsolesandAPIs

HardwareAppliance AWSAMIOVFVirtualAppliance

IdentityIntegration Enterprise-ClassCore

CAPrivilegedAccessManager

§ VaultCredentials§ CentralizedAuthentication§ FederatedIdentity§ PrivilegedSingleSign-on

§ Role-BasedAccessControl§ MonitorandEnforcePolicy§ RecordSessionsandMetadata§ FullAttribution

ANewSecurityLayer- ControlandAuditAllPrivilegedAccess

UnifiedPolicyManagement

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

HYBRIDCLOUDENVIRONMENT

IntegratedControlsandUnifiedPolicyManagement

Positively

Authen

ticateUsers

Vault&

Manage

Cred

entia

ls

RestrictA

ccessto

Authorize

dSystem

s

Fede

rateIden

tity

andAttributes(SSO

)

Mon

itora

nd

EnforcePo

licy

RecordSessio

ns

andMetadata

AttributeIden

tity

forS

haredAccoun

ts

TraditionalDataCenter

PrivateCloud

PublicCloud

CAPrivilegedAccessManagerinaction

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Demonstration

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ResultsCAPrivilegedAccessManagerisacentralcomponentofCATechnologiesportfolioofprivilegedaccessmanagementsolutions.Itdeliverscomprehensivefunctionality,spanningtheentirehybridenterprise,inaformfactorthat’sfastandeasytodeployandavoidsadditionalhiddencosts.

SummaryAFewWordstoReview

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

RecommendedSessions

SESSION# TITLE DATE/TIME

SCX15E MeettheCAPrivilegedAccessManagerTeam 11/14/2016at11:00am

SCX29E DeepDive:CAPrivilegedAccessManager 11/14/2016at1:00pm

SCT22S CARoadmap:PrivilegedAccessManagement 11/16/2016at4:30pm

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Don’tMissOurINTERACTIVESecurityDemoExperience!

SNEAKPEEK!

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.12 @CAWORLD#CAWORLD

Security

FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw