Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast.

Published byLorraine Oliver Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast."— Presentation transcript:

1 1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast

2 2 Why are we here? 90% of organizations breached 59% of organizations breached more than once $3,500,000 Average cost per incident to investigate and remediate Ponemon Institute - Cost of Data Breach: Global Analysis, 2014 Cisco Talos, Deliotte Financial Advisory service, Deloitte & Touche LLP, Mandiant, RSA, Verizon RISK - CyberArk Threat Report: Privileged Account Exploits Shift the front lines of Cyber Security, 2014

3 3 The new cyber battleground: Inside your network Over 90% of organizations have been breached In the past: “I can stop everything at the perimeter” Today: “I can’t stop anything at the perimeter” Information security focus shifts to inside the network Over 35% of breaches are internal – driven by malicious and unintentional insiders Compromised credentials empower any attacker to act as an insider Compliance and audit requirements focus on privileged accounts Privileged accounts provide access to the most sensitive and valuable assets Information exposure damages brand reputation and customer confidence

4 4 What do we know? 54%94%243 100% Of compromised systems contained malware Of breaches are reported by third parties Median number of days advanced attackers are on the network before being detected Of breaches involved stolen credentials Mandiant, M-Trends and APT1 Report, 2014 “We have to assume we have already been breached” Brian Krebs (Krebs on Security )

5 5 Privileged accounts are targeted in all advanced attacks Mandiant, M-Trends and APT1 Report, 2014 “…100% of breaches involved stolen credentials.” “APT intruders…prefer to leverage privileged accounts where possible, such as Domain Administrators, service accounts with Domain privileges, local Administrator accounts, and privileged user accounts.”

6 6 Privileged accounts are targeted in all advanced attacks Avivah Litan, Vice President and Distinguished Analyst at Gartner, 2014 “ Anything that involves serious intellectual property will be contained in highly secure systems and privileged accounts are the only way hackers can get in.”

7 7 Privileged accounts are targeted in all advanced attacks CyberSheath APT Privileged Account Exploitation Securing Organizations against Advanced, Targeted Attacks, 2013 “…that’s how I know I’m dealing with a sophisticated adversary… if they are targeting privileged accounts, I’ve got a serious APT problem…”

8 8 Perimeter defenses are consistently breached Over 28 Billion spent on IT security in 2014!!! Over 90% of organizations breached Cisco Talos, Deliotte Financial Advisory service, Deloitte & Touche LLP, Mandiant, RSA, Verizon RISK - CyberArk Threat Report: Privileged Account Exploits Shift the front lines of Cyber Security, 2014

9 9 Privileged Account Security: Now a critical security layer

10 10 Typical Lifecycle of a Cyber Attack Privilege is at the center of the attack lifecycle

11 11 Scope of Privileged Account “attack surface” underestimated Cyber - Privileged Account Security & Compliance Survey, 2014 (Enterprises > 5000 Employees)

12 12 Many organizations only use partial measures Cyber - Privileged Account Security & Compliance Survey, 2014 Do you monitor and record privileged activity?

13 13 Privileged Accounts create a HUGE attack surface Privileged accounts exist in every connected device, database, application, industrial controller and more! Typically a ~3X ratio of privileged accounts to employees

14 14 What, Where & Why of Privileged Accounts ScopeUsed byUsed for Elevated Personal Cloud providers Personal accounts w/ elevated permissions IT staff Any employee Privileged operations Access to sensitive information Web sites Shared Privileged Accounts Administrator UNIX root Cisco Enable Oracle SYS Local Administrators ERP admin IT staff Sys admins/Net admins DBAs Help desk Developers Social media mgrs Legacy applications Emergency Fire-call Disaster recovery Privileged operations Access to sensitive information Application Accounts (App2App) Hard coded/ embedded App IDs Service Accounts Applications/scripts Windows Services Scheduled Tasks Batch jobs, etc Developers Online database access Batch processing App-2-App communication All Powerful Difficult to Control, Manage & Monitor Pose Devastating Risk if Misused

15 15 Telecom breaches draw attention to insider access issues ▪August 2014 : A global top 5 Telecommunications company reported that, for the 2 nd time in 2014, a privileged insider gained unauthorized access to customer information. “ We’ve recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization and while doing so, would have been able to view and may have obtained your account information, including your social security number and driver's license number ” ▪Yet another reminder that true technical controls need to be put in place to better manage the privileges and access that employees have to data and systems.

16 16 Chinese hack U.S. weather systems & satellite network ▪October 2014: A federal agency recently had four of its websites attacked by hackers from China. To block the attackers, government officials were forced to shut down a handful of its services. ▪Post breach, security testing discovered multiple weaknesses: ■ “Weak or default passwords and operating system vulnerabilities with well documented exploits” ■ Significant problems with remote access ■ Assessment results lacked supporting evidence – lack of audit logs

17 17 Once necessary privileges are obtained Install malware on POS Install Remote Administration Tools - Ex-filtrate data Access Via compromised 3 rd party account Escalation of privileges *For example* Via Pass the Hash The framework of a retail breach Goal

18 18 The Privileged Account Security maturity model Baseline maturity Medium maturity High maturity Discover and control Manage and monitor Expand scope and automate

19 19 1) Baseline Maturity Baseline maturity Discover and control  Inventory the privileged accounts  Limit standard user accounts  Establish on- and off- boarding processes  Remove non-expiring passwords  Securely store passwords  Ensure attribution

20 20  Schedule password changes  Utilize one-time passwords  Implement session recording  Prevent human usage of service accounts  Control application accounts  Detect anomalies 2) Medium Maturity Medium maturity Manage and monitor

21 21 3) High Maturity High maturity Expand scope and automate  Use multi-factor authentication  Replace all hard-coded passwords in applications  Employ next-generation jump-servers  Implement approval and monitoring workflows  Proactively detect malicious behavior

22 22 Critical steps to stopping advanced threats Protect and manage privileged account credentials Control, isolate and monitor privileged access to servers and databases Use real-time privileged account intelligence to detect and respond to in-progress attacks Discover all of your privileged accounts

23 23 Virtual Servers Unix/Linux Servers iSeries Mainframes Windows Servers zSeries Mainframe Databases Applications Network Devices Security Appliances Websites & Web Apps Unix AdminsWindows Admins DBAs VM Admins External Vendors Business Applications Auditor/ Security & Risk I need the password to map a drive I need my service provider to connect remotely with root I just need root to patch a database I have this script that needs to run as root every night What are your root entitlements, who used it, when did they use it and why? Enterprise account usage today What are your root entitlements, who used it, when did they use it and why?

24 24 Requirements for an effective Privileged Account Security Solution Granular Privileged Access Controls Privileged User Access Controls Protecting & Isolating Sensitive Assets Privileged Activity Monitoring Application Identity Controls

25 25 Break the attack chain!!!

26 26 DNA - Discovery & Audit Discover where your privileged accounts exist Clearly assess privileged account security risks Identify all privileged passwords, SSH keys, and password hashes Collect reliable and comprehensive audit information

27 27 The CyberArk Team: Chad Froomkin – Major Account Executive Southeast: NC/SC/TN (770) 322-4201 Chad.Froomkin@cyberark.com Doug Brecher – Internal Account Executive Southeast (617) 796-3264 Doug.Brecher@cyberark.com

Download ppt "1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast."

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Security Controls – What Works

Security Controls – What Works
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.

Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Similar presentations

Ads by Google