Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft 2016 6/20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman.

Published byGerard West Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft 2016 6/20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman."— Presentation transcript:

1 Microsoft 2016 6/20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman Software – VP, Product Development © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Why “Manage” Privilege? Protected Customer Stories
How Does It Work? Recommendations Who Is Lieberman Software? Q&A

3 Why Privilege Management?
6/20/2018 9:26 AM Why Privilege Management? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Why Privilege Management
Why Privilege Management? The top 5 reasons why privilege needs special attention People who use privilege are anonymous without the right tracking. Access to privilege must be granted to systems in a JIT fashion. Privilege needs systems to create friction not remove it. Automated lock down of privilege is key to your success. Every other security control you have is meaningless if you don’t protect the method to bypass and even shut down all your controls.

5 100% of victims have Firewalls and Intrusion Protection
Why Privilege Management? Traditional Defenses Are Not Enough ANTIVIRUS 100% of victims have Firewalls and Intrusion Protection

6 Each of These Stages Requires Privileged Credentials
Why Privilege Management? Privilege Access Is Required to Plan and Execute Cyber Attacks…… Scanning NMAP Nessus Shodan Recon-naissance Maltego Metagoofil ExifTool Access & Escalation THC-Hydra Rainbow Table John the Ripper Metasploit Data Exfiltration Corkscrew OpenPuff Sabznameh Sustainment Linux identities Windows identities Assault Flashrom Obfuscation Bitblinder Tor Each of These Stages Requires Privileged Credentials

7 Why Privilege Management A Regulatory / Audit Requirement
Document that You Have Measures In Place To… NIST Special Publication R. 3 Defense Contractors, Information Processors FISMA Providers, Insurance Plans, Employers, Health Care Clearinghouses HIPAA Transmission Service Providers / Owners / Operators, Generation Owners / Operators, Load Serving Entities NERC Entities that store, process, or transmit credit card data PCI-DSS Regulatory Guide 5.71 Operators, Vendors, Contractors US NRC Identify and track the location of privileged account credentials AC-2 AC-4 B.R5.1. (Implicit) 7.2.1 Appendix A, B.1.2 Appendix A, B.1.3 Appendix A, B.1.4 Enforce rules for password strength, uniqueness, change frequency 45§ (5)(D) 45§ (2)(i) B.R5.3.1. B.R5.3.2. B.R5.3.3. 8.5.5 8.5.8 8.5.9 Delegate so that only appropriate personnel can access AC-3 AC-6 45§ (3)(i) 45§ (3)(B) 45§ (3)(C) 45§ (a)(1) B.R5.2. B.R5.2.1. B.R5.2.3. 2.1 6.3.6 7.7.1 8.5.4 8.5.6 Appendix A, B.1.5 Appendix A, B.1.6 Audit and alert to show requesters, access history, purpose, duration, etc. AU-3 AU-9 45§ (5)(C) B.R5.1.2. 10.2

8 Protected Customer Stories
6/20/2018 9:26 AM Protected Customer Stories © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Real-World Examples 30K+ Systems, dozens of sites, globally
Changed 100,000’s accounts in weeks Achieved corporate compliance in less than 60 days Global Manufacturing and Technology Company 130,000 Workstations/ 10K Servers 150K Accounts across Domain Controllers Changing Local Admin and Service Accounts, Scheduled Tasks, IIS Deployed on HA clustered SQL w/failover (physical) Diversified Aerospace, Transportation, Control, and Technology Manufacturer Top Software and Devices Company Team operates global datacenters “Just in time” Admin Access 200+ sites 850K+ systems Enables Access, Authorization and Security Controls for corporate compliance

10 6/20/2018 9:26 AM How Does It Work? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Lieberman uses automation at scale to protect the privileged credentials the bad guys want and the insiders abuse.

12 How Does It Work? The 4 Steps
TRACK DISCOVER Audit and alert so that the requester, purpose, and duration of each privileged access request is DELEGATE Identify and document critical IT assets, their privileged accounts and their interdependencies REMEDIATE Enforce rules for password complexity, diversity and change frequency, Delegate access to privileged credentials so that only appropriate personnel, documented and monitored and synchronize changes across all dependencies using the least privilege required, can login to IT assets You can’t manage what you don’t know

13 Flexible, Open Architecture
“We need to get all the interesting events this things generates to our SIEM and analytics platforms.” Flexible, Open Architecture ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| Event Sink SYSLOG, CEF, JSON, etc. “We are going to run a project in the cloud.” ZP ERPM “Our security people say they require all passwords to be protected with hardware encryption.” ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ZP “We just added 1000 new VMs.” Integrated HSM Any HSM Module ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| “We need you to integrate with Acme Exploding IT System that we just bought yesterday.” ZP Web for acquired Web for cloud “We bought a company with 3000 new VMs.” ZP “We don’t want the admins from the new company to see old stuff, and cloud should only see cloud.” Web Services OR Event Sink ZP

14 Recommendations 6/20/2018 9:26 AM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Recommendations What we tell our customers
Segment the network (air gaps) No persistent administrator accounts (local or domain) Short lifetimes on passwords No local access to keys, certificates, or other authentication sources (i.e., files) Access to privilege must be justified each time Monitor and record sessions to HVA

16 About Lieberman Software
6/20/2018 9:26 AM About Lieberman Software © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Who is Lieberman Software?
Flagship Enterprise Random Password Manager (ERPM™) product automatically discovers and manages cross-platform privileged accounts at scale, and throughout the enterprise, thereby securing access to sensitive data, reducing internal and external security threats, improving IT productivity and ensuring regulatory compliance. Available Today

18 Q&A Visit us at Booth 1404: See a Demo | Meet our Team
Learn more:

19 Thank You Visit us at Booth 1404: See a Demo | Meet our Team
Learn more:

20 Please evaluate this session
6/20/2018 9:26 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 6/20/2018 9:26 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft 2016 6/20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman."

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
“Shared superuser accounts – typically system-defined in operating systems, databases, network devices and elsewhere – present significant risks.

“Shared superuser accounts – typically system-defined in operating systems, databases, network devices and elsewhere – present significant risks.
Implementing and Managing Azure Multi-factor Authentication

Implementing and Managing Azure Multi-factor Authentication
BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.

BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.
Azure Information Protection

Azure Information Protection
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Enterprise Security in Practice

Enterprise Security in Practice
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Cloud-First, Modern Windows Management and Security

Cloud-First, Modern Windows Management and Security
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Microsoft 2016 6/4/2018 11:15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.

Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Windows Server* 2016 & Intel® Technologies

Windows Server* 2016 & Intel® Technologies
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,

Similar presentations

Ads by Google