SlideShare une entreprise Scribd logo

3 Tips to Revealing Hidden Security Risks with Behavior Analytics

BeyondTrust
BeyondTrust

Want to catch the full webinar recording? Check it out here: https://www.beyondtrust.com/resources/webinar/3-tips-revealing-hidden-security-risks-behavior-analytics/ Hackers hell-bent on breaking into your network, don't follow the rules and will exploit the weakest link (the users) in an organization. In targeting users, they will often exploit the biggest exposure which is authentication via passwords. Today’s security is not merely about prevention, but mitigating any impact of an attack. In this on-demand webinar, SANS faculty fellow and industry-recognized security expert, Dr. Eric Cole, shows how behavior analytics can help organizations rapidly identify suspicious activity and proactively take action. This presentation / webinar cover: •Attack methods and tricks used by hackers •How to identify and address your weakest links •How to leverage behavioral analytics to improve detection and response

Logiciels
1  sur  35
Télécharger pour lire hors ligne
3 TIPS TO REVEALING HIDDEN SECURITY RISKS WITH BEHAVIOR ANALYTICS ecole@secureanchor.com * www.secureanchor.com Secure Anchor is All Cyber Defense, All of the Time PREVENT – DETECT - RESPOND
Do you want to win? OR Do you want to be a loser? THERE IS REALLY ONLY 1 QUESTION BTW, I am a loser
If you have not detected an attack/compromise in the last 6 months, it is not because it is not happening – it is because you are not looking in the right areas… You are either hunting or being hunted
Security MUST be focused on minimizing the impact and controlling the damage Two key metrics are: DWELL TIME LATERAL MOVEMENT PREVENTION IS IDEAL BUT DETECTION IS A MUST
RECENT MAJOR BREACHES 5
Attack Methodology Dwell Time Lateral Movement
Insiders Are Responsible for 90% of Security Incidents * Mailicious ∙ Fraud/Data Theft ∙ Inappropriate access ∙ Disgruntled employee Unintentional ∙ Misuse of systems ∙ Log-in/log-out failures ∙ Cloud storage 71%29% * Verizon 2015 Data Breach Investigations Report * Kaspersky Lab 2016 Security Risks Special Report Are You Focused on the Correct Area?
Insiders: Excessive Privileges Shared Privileged Access Credentials • Several admins / common credentials • Lack of accountability • Compliance (e.g., SOX, HIPAA, GLBA, PCI) • Maintenance for routine changes / turnover • Amplified threats from disgruntled insiders Password Security • Strength / storage issues • Communications with administrators • Routine changes Need for Dual Control • Production, critical or sensitive systems • Compliance requirements (developer or administrative access to production systems) Security of Embedded Passwords • Passwords hardcoded & passed in code or scripts • Difficult to change / maintain compliance
External Attackers: Vulnerabilities System or Network Availability • Operational impacts (performance and downtime) from malware (HeartBleed, ShellShock, Poodle, Ghost, etc.) Data Overload • Easy to find • Hard to fix Cost of Remediation Security • Unauthorized assets on network • Default or weak passwords • Inadequate network access controls • Unauthorized access • Unauthorized website changes and defacements
THE EVOLVING THREAT ENVIRONMENT Most (2/3) don’t know they’ve been attacked Present for over 200 days before detected Too easy to successfully attack most companies • Phishing – High percentage can be socially engineered to click • Popular sites (water holes) infected • Most client systems have several known vulnerabilities • Some attacks leverage non-publicized vulnerabilities • Once inside undetected, lateral expansion occurs seeking privileged access to key systems often without need to exploit a vulnerability Expanding target base and content • No longer limited to defense, financial, large F100 companies • Includes small, medium sized businesses where controls are lacking • Thefts - far beyond specific product IP to business plans and how it operates Sophisticated attack methods / tools - mostly not needed • Leverages off-the-shelf malware but with variations • 70% of attacks uses standard malware but have unique signatures
COMMON PITFALLS Trying to protect IP without business sponsorship • Owners of information must be accountable and take lead to protect information • Security can help with tools, best control practices, awareness Thinking technical controls address most issues • Most large risk management programs require holistic approach (e.g., 7 steps to effective compliance) • Governance (oversight), corporate polices • Employee education and awareness • Leadership from key groups (Business, Research, Manufacturing, Legal, HR, IT, …) • Monitoring, response to incidents, enforcement, and assessments Trying to lead vulnerability management from Security • IT Operations are accountable for the security of systems under their management • Security can help with tools, communications and metrics Trying to implement too many tools • Very challenging to introduce another console or agent • Look at the overall security framework / architecture and define key control solutions • Look for synergies & integration between tools (some can provide additional benefits 11
To defend against an adversary you must understand how the adversary operates, so a proper defense can be built…. If the offense knows more than the defense you will lose…..
Focus on Behavior & Analytics Activity patterns focused on data: — Amount of data accessed — Failed access attempts — Data copied or sent to external sources There are differences in activity between a normal user and an insider threat.
1. Control and manage privileged access 2. Focus on vulnerability remediation with clear metrics 3. Prioritize risks based on criticality of information 4. Monitoring and timely detection is key 5. Communicate clear metrics to your executives Focus on rogue behavior not signatures 5 STEPS FOR SECURING ENDPOINTS
Are You Ready to Take….. Focus on outbound traffic The Dr. Cole Challenge – Number of connections – Length of the connections – Amount of data
SUMMARY Security is about endpoint security of ALL endpoints Assume both insider and cyber attacks are occurring Take a holistic approach; go beyond required technical controls Focus on vulnerability remediation not just scanning Widespread assignment of privileged credentials makes it easier for attackers to get to valuable assets and data Talk to your executives about security – it could make all of the difference
PowerBroker Password Safe v5.8 Martin Cannard – Product Manager
PAM – A collection of best practices AD Bridge Privilege Delegation Session Management Use AD credentials to access Unix/Linux hosts Once the user is logged on, manage what they can do Managed list of resources the user is authorized to access. Gateway proxy capability. Audit of all session activity Password & SSH Key Management Automate the management of functional account passwords and SSH keys
Comprehensive Security Management ► Secure and automate the process for managing privileged account passwords and keys ► Control how people, services, applications and scripts access managed credentials ► Auto-logon users onto RDP, SSH sessions and apps, without revealing the password ► Record all user and administrator activity (with keystrokes) in a comprehensive audit trail ► Alert in real-time as passwords, and keys are released, and session activity is started ► Monitor session activity in real-time, and immediately lock/terminate suspicious activity Privileged Password Management People Services A2A Privileged Session Management SSH Key Management
Differentiator: Adaptive Workflow Control
Adaptive Workflow Control • Day • Date • Time • Who • What • Where
Differentiator: Included Session Management
Native desktop tool (MSTSC/PuTTY etc.) connects to Password Safe which proxies connection through to requested resource Protected Resources User authenticates to Password Safe and requests session to protected resource RDP/SSH session is proxied through the Password Safe appliance HTTPS RDP / SSH RDP / SSH Password Safe ProxyProxy Privileged Session Management
Differentiator: Controlling Application Access
Automatic Login to ESXi example Browser RDP Client ESX RDP (4489) RDP (3389) User selects vSphere application and credentials vSphere RemoteApp Credential Checkout Credential Management User Store Session Recording / Logging HTTPS
Automatic Login to Unix/Linux Applications Typical Use Cases • Jump host in DMZ • Menu-driven Apps • Backup Scripts • Role-based Apps Browser RDP Client SSH (22) SSH (22) User selects SSH application and credentials SSH Application Credential Checkout Session Recording / Logging HTTPS
Differentiator: Reporting & Analytics
Actionable Reporting
Advanced Threat Analytics
What makes Password Safe different? • Adaptive workflow control to evaluate and intelligently route based on the who, what, where, and when of the request • Full network scanning capabilities with built-in auto-onboard capabilities • Integrated data warehouse and analytics capability • Smart Rules for building permission sets dynamically according to data pulled back from scans • Session management / live monitoring at NO ADDITIONAL COST • Clean, uncluttered, and intuitive HTML5 interface for end users
Less complexity & cost Password and Session Management together in the same solution Rotate SSH keys according to a defined schedule and enforce granular access control and workflow Native tools for session management (MSTSC/PuTTY etc), with no Java required Faster time to value Deploy as a hardened physical or virtual appliance with a sealed operating system, or as software Clean, uncluttered, and intuitive HTML5 interface for end users Full network scanning, discovery and profiling with auto-onboarding, and Smart Rules Better insights Integrated data warehouse and threat analytics capability through BeyondInsight Live session monitoring, true dual control for locking, terminating or canceling sessions Improve workflow by considering the day, date, time and location when a user accesses resources Key differentiators and business value Reduce risk | Achieve compliance | Improve efficiency
PowerBroker Privileged Account Management: Validated by the industry BeyondTrust is a “representative vendor” for all five key feature solution categories.1 “Deploying the BeyondTrust PAM platform … provides an integrated, one-stop approach to PAM… one of only a small band of PAM providers offering end-to-end coverage.”2 “BeyondTrust is a pure-player in the Global Privileged Identity Management market and holds a significant position in the market.”3 "Frost & Sullivan endorses PowerBroker Password Safe.“4 "Leverage a solution like BeyondTrust’s PowerBroker for Windows to transparently remove administrator privileges.“5 BeyondTrust is a “Major Player” in Privileged Access Management.6 “BeyondTrust is a vendor you can rely on… BeyondTrust PowerBroker Auditor suite is an impressive set of flexible and tightly integrated auditing tools for Windows environments.”7 1Gartner, Market Guide for Privileged Account Management, June 17, 2014. 2Ovum, SWOT Assessment: BeyondTrust–The BeyondInsight and PowerBroker Platform, November 5, 2014. 3TechNavio, Global Privileged Identity Management Market 2015-2019, 2014. 4Frost & Sullivan, PowerBroker Password Safe – a Frost & Sullivan Product Review, 2014. 5Forrester, Introducing Forrester’s Targeted Hierarchy of Needs, May 15, 2014. 6IDC, IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment, March 2015. 7Kuppinger Cole, Executive View: BeyondTrust PowerBroker Auditor Suite, March 2015.
Demonstration
Poll
Q&A Thank you for attending.

Recommandé

External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 
Actividades Colegio Cervantes
Actividades Colegio Cervantes Actividades Colegio Cervantes
Actividades Colegio Cervantes Edomar Parada
 
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the CloudIBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the CloudBeyondTrust
 
Rotary club of Dhone Oct 2012 pml
Rotary club of Dhone Oct 2012 pmlRotary club of Dhone Oct 2012 pml
Rotary club of Dhone Oct 2012 pmlRAFI Mohammad
 
April pml r.c. dhone
April pml r.c. dhoneApril pml r.c. dhone
April pml r.c. dhoneRAFI Mohammad
 
piggott zachary_director'snotebook
piggott zachary_director'snotebookpiggott zachary_director'snotebook
piggott zachary_director'snotebookEnglishKrause
 
Novo Presentation
Novo PresentationNovo Presentation
Novo Presentationchadjmelton
 
January pml r.c. dhone
January pml r.c. dhoneJanuary pml r.c. dhone
January pml r.c. dhoneRAFI Mohammad
 

Recommandé

External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 
Actividades Colegio Cervantes
Actividades Colegio Cervantes Actividades Colegio Cervantes
Actividades Colegio Cervantes Edomar Parada
 
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the CloudIBM and BeyondTrust Presents: Protecting Your Sensitive Data in the Cloud
IBM and BeyondTrust Presents: Protecting Your Sensitive Data in the CloudBeyondTrust
 
Rotary club of Dhone Oct 2012 pml
Rotary club of Dhone Oct 2012 pmlRotary club of Dhone Oct 2012 pml
Rotary club of Dhone Oct 2012 pmlRAFI Mohammad
 
April pml r.c. dhone
April pml r.c. dhoneApril pml r.c. dhone
April pml r.c. dhoneRAFI Mohammad
 
piggott zachary_director'snotebook
piggott zachary_director'snotebookpiggott zachary_director'snotebook
piggott zachary_director'snotebookEnglishKrause
 
Novo Presentation
Novo PresentationNovo Presentation
Novo Presentationchadjmelton
 
January pml r.c. dhone
January pml r.c. dhoneJanuary pml r.c. dhone
January pml r.c. dhoneRAFI Mohammad
 
PML Special 2
PML Special 2PML Special 2
PML Special 2RAFI Mohammad
 
Sach ve thuong mai dien tu
Sach ve thuong mai dien tuSach ve thuong mai dien tu
Sach ve thuong mai dien tuDuong Nguyen Dai
 
Vantage Point Consulting, Inc.
Vantage Point Consulting, Inc.Vantage Point Consulting, Inc.
Vantage Point Consulting, Inc.VantagePointConsulting
 
sauls serena oogie boogies song
sauls serena oogie boogies songsauls serena oogie boogies song
sauls serena oogie boogies songEnglishKrause
 
Cover girl
Cover girlCover girl
Cover girlAmmutha ammu
 
1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)EnglishKrause
 
Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRAFI Mohammad
 
Nov gml
Nov gml Nov gml
Nov gml RAFI Mohammad
 
Matter 123
Matter 123Matter 123
Matter 1238447652160
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13RAFI Mohammad
 
Masat (2)
Masat (2)Masat (2)
Masat (2)hokaghe_qc
 
December pml R.C Dhone
December pml R.C DhoneDecember pml R.C Dhone
December pml R.C DhoneRAFI Mohammad
 
Linear linklist search
Linear linklist searchLinear linklist search
Linear linklist searchSharon Manmothe
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)BeyondTrust
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 

Contenu connexe

En vedette

Sach ve thuong mai dien tu
Sach ve thuong mai dien tuSach ve thuong mai dien tu
Sach ve thuong mai dien tuDuong Nguyen Dai
 
sauls serena oogie boogies song
sauls serena oogie boogies songsauls serena oogie boogies song
sauls serena oogie boogies songEnglishKrause
 
1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)EnglishKrause
 
Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRAFI Mohammad
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13RAFI Mohammad
 
December pml R.C Dhone
December pml R.C DhoneDecember pml R.C Dhone
December pml R.C DhoneRAFI Mohammad
 

En vedette (14)

PML Special 2
PML Special 2PML Special 2
PML Special 2
 
Sach ve thuong mai dien tu
Sach ve thuong mai dien tuSach ve thuong mai dien tu
Sach ve thuong mai dien tu
 
Vantage Point Consulting, Inc.
Vantage Point Consulting, Inc.Vantage Point Consulting, Inc.
Vantage Point Consulting, Inc.
 
sauls serena oogie boogies song
sauls serena oogie boogies songsauls serena oogie boogies song
sauls serena oogie boogies song
 
Cover girl
Cover girlCover girl
Cover girl
 
1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)1 adam brakman_wax_onwaxoff(director'snotebook#2)
1 adam brakman_wax_onwaxoff(director'snotebook#2)
 
Rotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pmlRotary club, dhone may 2013 pml
Rotary club, dhone may 2013 pml
 
Nov gml
Nov gml Nov gml
Nov gml
 
Matter 123
Matter 123Matter 123
Matter 123
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13Rotary club of Dhone souviner 2012 - 13
Rotary club of Dhone souviner 2012 - 13
 
Masat (2)
Masat (2)Masat (2)
Masat (2)
 
December pml R.C Dhone
December pml R.C DhoneDecember pml R.C Dhone
December pml R.C Dhone
 
Linear linklist search
Linear linklist searchLinear linklist search
Linear linklist search
 

Plus de BeyondTrust

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)BeyondTrust
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?BeyondTrust
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutBeyondTrust
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsBeyondTrust
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksBeyondTrust
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
 

Plus de BeyondTrust (20)

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)
 

Dernier

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Dernier (20)

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

3 Tips to Revealing Hidden Security Risks with Behavior Analytics

  • 1. 3 TIPS TO REVEALING HIDDEN SECURITY RISKS WITH BEHAVIOR ANALYTICS ecole@secureanchor.com * www.secureanchor.com Secure Anchor is All Cyber Defense, All of the Time PREVENT – DETECT - RESPOND
  • 2. Do you want to win? OR Do you want to be a loser? THERE IS REALLY ONLY 1 QUESTION BTW, I am a loser
  • 3. If you have not detected an attack/compromise in the last 6 months, it is not because it is not happening – it is because you are not looking in the right areas… You are either hunting or being hunted
  • 4. Security MUST be focused on minimizing the impact and controlling the damage Two key metrics are: DWELL TIME LATERAL MOVEMENT PREVENTION IS IDEAL BUT DETECTION IS A MUST
  • 7. Insiders Are Responsible for 90% of Security Incidents * Mailicious ∙ Fraud/Data Theft ∙ Inappropriate access ∙ Disgruntled employee Unintentional ∙ Misuse of systems ∙ Log-in/log-out failures ∙ Cloud storage 71%29% * Verizon 2015 Data Breach Investigations Report * Kaspersky Lab 2016 Security Risks Special Report Are You Focused on the Correct Area?
  • 8. Insiders: Excessive Privileges Shared Privileged Access Credentials • Several admins / common credentials • Lack of accountability • Compliance (e.g., SOX, HIPAA, GLBA, PCI) • Maintenance for routine changes / turnover • Amplified threats from disgruntled insiders Password Security • Strength / storage issues • Communications with administrators • Routine changes Need for Dual Control • Production, critical or sensitive systems • Compliance requirements (developer or administrative access to production systems) Security of Embedded Passwords • Passwords hardcoded & passed in code or scripts • Difficult to change / maintain compliance
  • 9. External Attackers: Vulnerabilities System or Network Availability • Operational impacts (performance and downtime) from malware (HeartBleed, ShellShock, Poodle, Ghost, etc.) Data Overload • Easy to find • Hard to fix Cost of Remediation Security • Unauthorized assets on network • Default or weak passwords • Inadequate network access controls • Unauthorized access • Unauthorized website changes and defacements
  • 10. THE EVOLVING THREAT ENVIRONMENT Most (2/3) don’t know they’ve been attacked Present for over 200 days before detected Too easy to successfully attack most companies • Phishing – High percentage can be socially engineered to click • Popular sites (water holes) infected • Most client systems have several known vulnerabilities • Some attacks leverage non-publicized vulnerabilities • Once inside undetected, lateral expansion occurs seeking privileged access to key systems often without need to exploit a vulnerability Expanding target base and content • No longer limited to defense, financial, large F100 companies • Includes small, medium sized businesses where controls are lacking • Thefts - far beyond specific product IP to business plans and how it operates Sophisticated attack methods / tools - mostly not needed • Leverages off-the-shelf malware but with variations • 70% of attacks uses standard malware but have unique signatures
  • 11. COMMON PITFALLS Trying to protect IP without business sponsorship • Owners of information must be accountable and take lead to protect information • Security can help with tools, best control practices, awareness Thinking technical controls address most issues • Most large risk management programs require holistic approach (e.g., 7 steps to effective compliance) • Governance (oversight), corporate polices • Employee education and awareness • Leadership from key groups (Business, Research, Manufacturing, Legal, HR, IT, …) • Monitoring, response to incidents, enforcement, and assessments Trying to lead vulnerability management from Security • IT Operations are accountable for the security of systems under their management • Security can help with tools, communications and metrics Trying to implement too many tools • Very challenging to introduce another console or agent • Look at the overall security framework / architecture and define key control solutions • Look for synergies & integration between tools (some can provide additional benefits 11
  • 12. To defend against an adversary you must understand how the adversary operates, so a proper defense can be built…. If the offense knows more than the defense you will lose…..
  • 13. Focus on Behavior & Analytics Activity patterns focused on data: — Amount of data accessed — Failed access attempts — Data copied or sent to external sources There are differences in activity between a normal user and an insider threat.
  • 14. 1. Control and manage privileged access 2. Focus on vulnerability remediation with clear metrics 3. Prioritize risks based on criticality of information 4. Monitoring and timely detection is key 5. Communicate clear metrics to your executives Focus on rogue behavior not signatures 5 STEPS FOR SECURING ENDPOINTS
  • 15. Are You Ready to Take….. Focus on outbound traffic The Dr. Cole Challenge – Number of connections – Length of the connections – Amount of data
  • 16. SUMMARY Security is about endpoint security of ALL endpoints Assume both insider and cyber attacks are occurring Take a holistic approach; go beyond required technical controls Focus on vulnerability remediation not just scanning Widespread assignment of privileged credentials makes it easier for attackers to get to valuable assets and data Talk to your executives about security – it could make all of the difference
  • 17. PowerBroker Password Safe v5.8 Martin Cannard – Product Manager
  • 18. PAM – A collection of best practices AD Bridge Privilege Delegation Session Management Use AD credentials to access Unix/Linux hosts Once the user is logged on, manage what they can do Managed list of resources the user is authorized to access. Gateway proxy capability. Audit of all session activity Password & SSH Key Management Automate the management of functional account passwords and SSH keys
  • 19. Comprehensive Security Management ► Secure and automate the process for managing privileged account passwords and keys ► Control how people, services, applications and scripts access managed credentials ► Auto-logon users onto RDP, SSH sessions and apps, without revealing the password ► Record all user and administrator activity (with keystrokes) in a comprehensive audit trail ► Alert in real-time as passwords, and keys are released, and session activity is started ► Monitor session activity in real-time, and immediately lock/terminate suspicious activity Privileged Password Management People Services A2A Privileged Session Management SSH Key Management
  • 21. Adaptive Workflow Control • Day • Date • Time • Who • What • Where
  • 23. Native desktop tool (MSTSC/PuTTY etc.) connects to Password Safe which proxies connection through to requested resource Protected Resources User authenticates to Password Safe and requests session to protected resource RDP/SSH session is proxied through the Password Safe appliance HTTPS RDP / SSH RDP / SSH Password Safe ProxyProxy Privileged Session Management
  • 25. Automatic Login to ESXi example Browser RDP Client ESX RDP (4489) RDP (3389) User selects vSphere application and credentials vSphere RemoteApp Credential Checkout Credential Management User Store Session Recording / Logging HTTPS
  • 26. Automatic Login to Unix/Linux Applications Typical Use Cases • Jump host in DMZ • Menu-driven Apps • Backup Scripts • Role-based Apps Browser RDP Client SSH (22) SSH (22) User selects SSH application and credentials SSH Application Credential Checkout Session Recording / Logging HTTPS
  • 30. What makes Password Safe different? • Adaptive workflow control to evaluate and intelligently route based on the who, what, where, and when of the request • Full network scanning capabilities with built-in auto-onboard capabilities • Integrated data warehouse and analytics capability • Smart Rules for building permission sets dynamically according to data pulled back from scans • Session management / live monitoring at NO ADDITIONAL COST • Clean, uncluttered, and intuitive HTML5 interface for end users
  • 31. Less complexity & cost Password and Session Management together in the same solution Rotate SSH keys according to a defined schedule and enforce granular access control and workflow Native tools for session management (MSTSC/PuTTY etc), with no Java required Faster time to value Deploy as a hardened physical or virtual appliance with a sealed operating system, or as software Clean, uncluttered, and intuitive HTML5 interface for end users Full network scanning, discovery and profiling with auto-onboarding, and Smart Rules Better insights Integrated data warehouse and threat analytics capability through BeyondInsight Live session monitoring, true dual control for locking, terminating or canceling sessions Improve workflow by considering the day, date, time and location when a user accesses resources Key differentiators and business value Reduce risk | Achieve compliance | Improve efficiency
  • 32. PowerBroker Privileged Account Management: Validated by the industry BeyondTrust is a “representative vendor” for all five key feature solution categories.1 “Deploying the BeyondTrust PAM platform … provides an integrated, one-stop approach to PAM… one of only a small band of PAM providers offering end-to-end coverage.”2 “BeyondTrust is a pure-player in the Global Privileged Identity Management market and holds a significant position in the market.”3 "Frost & Sullivan endorses PowerBroker Password Safe.“4 "Leverage a solution like BeyondTrust’s PowerBroker for Windows to transparently remove administrator privileges.“5 BeyondTrust is a “Major Player” in Privileged Access Management.6 “BeyondTrust is a vendor you can rely on… BeyondTrust PowerBroker Auditor suite is an impressive set of flexible and tightly integrated auditing tools for Windows environments.”7 1Gartner, Market Guide for Privileged Account Management, June 17, 2014. 2Ovum, SWOT Assessment: BeyondTrust–The BeyondInsight and PowerBroker Platform, November 5, 2014. 3TechNavio, Global Privileged Identity Management Market 2015-2019, 2014. 4Frost & Sullivan, PowerBroker Password Safe – a Frost & Sullivan Product Review, 2014. 5Forrester, Introducing Forrester’s Targeted Hierarchy of Needs, May 15, 2014. 6IDC, IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment, March 2015. 7Kuppinger Cole, Executive View: BeyondTrust PowerBroker Auditor Suite, March 2015.
  • 34. Poll
  • 35. Q&A Thank you for attending.