keynote 7, steven ringelberg, vanguard
TRANSCRIPT
Best Practices for Securing Privileged
Accounts Steven Ringelberg
Chief Operating Officer
go2vanguard.com
About Vanguard
Founded: 1986
Business: Cybersecurity experts for large enterprises
Provide software, professional services, and training
Customers: 1,000+ worldwide
More than 20 distributors and resellers serving 50+ countries worldwide
Data Breaches
• Number of breaches and
outside attacks increasing
• Continuing insider problem
- malicious or by accident
“Passing Audits” is no solution.
Target Corporation: One of the Largest
Retailers in the United States
“Target was certified as meeting the standard
for payment card industry (PCI DSS) in
September 2013. Nonetheless, we suffered a
data breach…”
now ex-chairman, ex-president, and ex-CEO of Target
Corporation, Gregg Steinhafel (http://buswk.co/1lT9j0X)
Data Breaches - US
• Ebay
• Target
• Home Depot
• Sony
• Anthem Health Insurance
Data Breaches
Logica and Nordea Bank:
Mainframes Breached April 2013
Sophisticated Criminal Enterprises
Hacktivists/Terrorists
Governments
Who is attacking you?
Data Breaches: The Fundamental
Step.
Mandiant: 2014 Data Breach Report 100% of breaches examined included an exploitation of a user id and password that was compromised.
What is our goal?
Perfect Security?
Better Security?
Good Enough Security?
Security
Best Practices
1. Least Privileged Access. 2. “Lock out” privileged users. 3. Multi-Factor Authentication 4. Active Real Time Alerts.
Least Privileged Access.
If you do not need access you do not get access. Basic Issues:
a. Enterprises have to know who has access to what resources.
b. Regular Review and “re-certification.
Lock Out Privileged Users.
Everyone with high degree of privilege (sysprogs, security administrators, etc.) is like a locksmith: they can make a key to unlock any door/access any resource. Basic Step: Implement an automated tool to prevent privileged users from making their own key/granting themselves access.
– Multifactor Authentication: a method of
requiring factors from three categories
• Knowledge Factors
• Possession Factors
• Inherence Factors
Multifactor Authentication
• Two-Factor Authentication
• Two-Step Verification
• Strong Authentication
Multifactor Authentication
• Knowledge Factors
- Password
- PIN number
- Mother’s maiden name
- Favorite potato chip
Multifactor Authentication
• Disconnected (RSA, ActivID, etc.) - Sequence-based tokens – singular button, multiple
depresses
- Time-based tokens – change every ‘x’ seconds typically
• Mobile phones – soft token or SMS one-time password
• Connected – Magnetic strip – ATM card, etc.
– Contacts – Smartcard, EMV credit cards,
– USB – zPDT key, RSA SecureID800,
– Wireless – RFID, Bluetooth, Proximity
– Other – Audio Port, iButtons, etc,
Possession Factors
• Fingerprint
• Hand topography
• Eye (iris)
Inherence Factors
When a critical or sensitive resource is
accessed, an automated message should
be sent to one or more people so they can
investigate and approve or remediate.
Active Alerts
What is our goal?
Perfect Security?
Better Security?
Good Enough Security?
Exposure Issues
Vanguard
Least Privileged • Vanguard Administrator • Vanguard Analyzer
Lock Out • Vanguard Configuration Manager.
• Vanguard Policy Manager.
Multi Factor • Physical tokens • Smartcards aka PIV or CAC cards • Software-based virtual tokens
Alerts • Vanguard Active Alerts • Vanguard Enforcer Vanguard Advisor
Questions?
35
For More Information: Call 800-794-0014
or Email [email protected]
Grazie
Japanese
Thank You English
Merci French
Russian
Danke German
Italian
Gracias Spanish
Obrigado Brazilian Portuguese
Arabic
Simplified Chinese
Traditional Chinese Hindi
Thai
Korean