SlideShare une entreprise Scribd logo

Securing DevOps through Privileged Access Management

BeyondTrust
BeyondTrust

In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance. Key use cases covered include: • Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another • Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail • Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc. You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/

Logiciels
1  sur  39
Télécharger pour lire hors ligne
Securing DevOps through Privileged Access Management @paulacqure @CQUREAcademy CONSULTING Paula Januszkiewicz CQURE: CEO, Penetration Tester; Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT www.cqureacademy.com paula@cqure.us
What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
Overly simple passwords and security questions Key learning points: ✓ Almost always there are passwords reused ✓ Almost always (ekhm… always) there is some variant of company name and some number (year, month etc.) ✓ It makes sense to check for obvious passwords and continuously deliver security awareness campaigns Typical password locations NTDS.dit, SAM Configuration files Registry Memory dumps, Hiberfil.sys Databases (DPAPI ?)
No network segmentation Key learning points: ✓ ✓ ✓ ✓ ✓ x x x No-brainer or unseen network security threat?
Lack of SMB Signing (or alternative) Key learning points: ✓ Set SPNs for services to avoid NTLM: SetSPN –L <your service account for AGPM/SQL/Exch/Custom> SetSPN –A Servicename/FQDN of hostname/FQDN of domain domainserviceaccount ✓ Reconsider using Kerberos authentication all over https://technet.microsoft.com/en-us/library/jj865668.aspx ✓ Require SPN target name validation Microsoft network server: Server SPN target name validation level ✓ Reconsider turning on SMB Signing ✓ Reconsider port filtering ✓ Reconsider code execution prevention but do not forget that this attack leverages administrative accounts
Allowing unusual code execution Key learning points: Common file formats containing malware are: ✓ .exe (Executables, GUI, CUI, and all variants like SCR, CPL etc) ✓ .dll (Dynamic Link Libraries) ✓ .vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM, BAT, COM, CMD etc) ✓ .docm, .xlsm etc. (Office Macro files) ✓ .other (LNK, PDF, PIF, etc.) If SafeDllSearchMode is enabled, the search order is as follows: 1. The directory from which the application loaded 2. The system directory 3. The 16-bit system directory 4. The Windows directory 5. The current directory 6. The directories that are listed in the PATH environment variable
No whitelisting on board Key learning points: ✓ ✓ ✓ ✓ x ✓ ✓
Old protocols or their default settings
Trusting solutions without knowing how to break them Key learning points: ✓ The best operators won't use a component until they know how it breaks. ✓ Almost each solution has some ‘backdoor weakness’ ✓ Some antivirus solutions can be stopped by SDDL modification for their services ✓ Configuration can be monitored by Desired State Configuration (DSC) ✓ DSC if not configured properly will not be able to spot internal service configuration changes Example: how to I get to the password management portal?
Misusing service accounts + privileged accounts Key learning points: ✓ gMSA can also be used for the attack ✓ Service accounts’ passwords are in the registry, available online and offline ✓ A privileged user is someone who has administrative access to critical systems ✓ Privileged users have sometimes more access than we think (see: SeBackupRead privilege or SeDebugPrivilege) ✓ Privileged users have possibility to read SYSTEM and SECURITY hives from the registry Warning! Enabling Credential Guard blocks: x Kerberos DES encryption support x Kerberos unconstrained delegation x Extracting the Kerberos TGT x NTLMv1
Falling for hipster tools Key learning points: ✓ Worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020, according to advisory firm Gartner ✓ With increasing budget the risk of possessing hipster tools increases too – do we know where these tools come from and what are their security practices? ✓ Lots of solutions where not created according to the good security practices (backup software running as Domain Admin etc.) ✓ Each app running in the user’s context has access to secrets of other apps – Data Protection API ✓ Case of CCleaner
BeyondTrust VirtualCloud & DevOps Martin Cannard – Product Manager
The Cyber Attack Chain – Where is the Risk? Vulnerable Assets & Users Unmanaged Credentials Excessive Privileges Limited Visibility of compromises used definable patterns established as early as 2014.188% of data breaches involve the use or abuse of privileged credentials on the endpoint.2 80% average days to detect a data breach.3206 1Verizon 2017 Data Breach Investigations Report 2Forrester Wave: Privileged Identity Management, Q3 2016 3Ponemon 2017 Cost of a Data Breach Study
The Cyber Attack Chain – Getting More Complex Virtual & Cloud IoT DevOps Connected Systems growth of hybrid cloud adoption in the last year, increasing from 19% to 57% of organizations surveyed.1 3X billion connected things will be in use worldwide in by 2020, according to Gartner. 2 20.4 of organizations implementing DevOps – it has reached “Escape Velocity.”350% 1Forbes 2017 State of Cloud Adoption & Security 2Gartner Press Release, Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31% From 2016, Feb 7, 2017 3Forrester Q1 2017 Global DevOps Benchmark Online Survey
Our Mission: Stop Privilege Abuse. Prevent Breaches. • Reduce attack surfaces by eliminating credential sharing, enforcing least privilege, and prioritizing and patching system vulnerabilities • Monitor and audit sessions for unauthorized access, changes to files and directories, and compliance • Analyze behavior to detect suspicious user, account and asset activity
Cloud Cloud Management Platforms (AWS, Azure) SaaS Applications (Facebook, LinkedIn, Custom) Hybrid Cloud Virtualized Environments (VMWare, MSFT) Virtualized Machines (UNIX, Linux, Windows) IoT Roaming workstations BYOD Cameras Sensors Printers DevOps DevOps Tools Dynamic Virtual Environments Containers Microservices On-Premise Shared Administrator & Machine Accounts Desktops and Servers (Windows, Mac, Unix, Linux) Security & Network Infrastructures & Industrial Control Systems Apps, Databases & Servers Hypervisors & Virtual Machine Privilege Management – The New Perimeter
Cloud Hybrid Cloud IoT DevOps On-Premise Privilege Management – The New Perimeter Reduce Insider Threats • Discover, manage & monitor all privileged accounts & keys • Enforce least privilege across all Windows, Mac, Unix, Linux and network endpoints • Gain control and visibility over privileged activities Stop External Hacking • Discover network, web, mobile, cloud and virtual infrastructure • Remediate vulnerabilities through prescriptive reporting • Protect endpoints against client-side attacks Reveal Hidden Threats • Aggregate users & asset data to baseline and track behavior • Correlate diverse asset, user & threat activity to reveal critical risks • Dynamically adjust access policies based on user and asset risk
Into the Cloud Connector Framework: Industry unique connector technology to enumerate instances in the cloud and virtually instantiated for management. • Amazon AWS • Microsoft Azure • Vmware • Hyper-V • IBM SmartCloud • Go Grid • Rackspace • Google Cloud
In the Cloud • Cloud Ready Agents: UnixLinuxWindowsMac Agents • Cloud Ready Communications: Agents to Console • Cloud Ready API: Public Password Safe API • Dynamic Licensing: High watermark based licensing • MSP & Multi-tenant Platform: Managed Service Provider Ready
From the Cloud • Market Place Apps: Amazon AWS AMI, Microsoft Azure, & Google and Oracle (Later this year) • Cloud Offerings (SaaS) • BeyondSaaS – Vulnerability Assessment, Web Application Scanning, Privilege Cloud Management • PowerBroker Cloud Privilege Manager (Coming soon)
DevOps & PAM: Challenges 1. Inventory of DevOps Assets & Activity 2. Asset vulnerabilities across dev, test, production 3. Hard Coded Passwords in scripts & orchestration 4. Shared Accounts with limited accountability 5. Excessive Privileges on test and production systems 6. Attackers targeting developer workstations 7. Lack of boundary controls between dev, test & production 8. Scale and dynamic nature of the environment
DevOps & PAM: Challenges Privilege Risk DevOps Adoption Physical Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management Virtualized Hypervisor & CMP Administrators Hypervisor & CMP Access Policies Hypervisor & CMP Session Mgmt. Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management Containers & Microservices Container & MS Session Admins Container & MS Policy Mgmt. Container & MS Session Mgmt. Hypervisor & CMP Administrators Hypervisor & CMP Access Policies Hypervisor & CMP Session Mgmt. Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management (CMP) Cloud Management Platform (MS) Microservice
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS
DevOps & PAM: Best Practices GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS DISCOVER & INVENTORY Continuous discovery of assets across physical, virtual and cloud environments.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS SCAN FOR VULNERABILITIES Continuous vulnerability assessment and remediation guidance of the infrastructure and code/builds across physical, virtual and cloud environments.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS ENSURE CONFIGURATION COMPLIANCE Continuous configuration and hardening baseline scanning across servers and code/builds across physical, virtual and cloud deployed assets. Ensure configurations are consistent and properly hardened across the entire devops lifecycle.
DevOps & PAM: Best Practices DISCOVER & INVENTORY ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS GAIN ACCOUNTABILITY OVER SHARED ACCOUTS Control and audit access to shared accounts and ensure that all audited activity is associated with a unique identity. Include developer access to source control, devops tools, test servers, production builds Ensure that all passwords are properly managed and rotated across the devops environment.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS ELIMINATE HARD-CODED PASSWORDS Control scripts, files, code, embedded application credentials and hard-coded passwords. Remove hardcoded passwords in devops tool configurations, build scripts, code files, test builds, production builds, and more.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE SEGMENT NETWORKS ENFORCE APPROPRIATE CREDENTIAL USAGE Eliminate administrator privileges on end- user machines Securely store privileged credentials Require a simple workflow process for check-out, and monitor privileged sessions.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS Group assets into logical units Reduce “line of sight” access Utilize a secured jump server with MFA, adaptive access and session monitoring Segment access based on context of the user, role, app and data being requested.
DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS RESTRICT PRIVILEGES Target environments Development workstations Containers
BeyondTrust Secures DevOps DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS POWERBROKER Single Platform that Unites DevOps Security Retina Vulnerability Management PowerBroker Password Safe PowerBroker Desktop & Server Privilege Management Retina Vulnerability Management Retina Vulnerability Management PowerBroker Password Safe PowerBroker Password Safe PowerBroker Password Safe POWERBROKER Single Platform that Unites DevOps Security
Why BeyondTrust? The PAM Industry Leader Leader: Forrester PIM Wave, 2016 Leader: Gartner Market Guide for PAM, 2017
DEMO
Poll + Q&A Thank you for attending!

Recommandé

Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 

Recommandé

Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 

Contenu connexe

Tendances

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access ManagementPrashanth BS
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

Tendances (20)

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
CyberArk
CyberArkCyberArk
CyberArk
 

Similaire à Securing DevOps through Privileged Access Management

Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Henry Stamerjohann
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWSKrzysztof Kąkol
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Trupti Shiralkar, CISSP
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 

Similaire à Securing DevOps through Privileged Access Management (20)

Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with Sparrow
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 

Plus de BeyondTrust

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)BeyondTrust
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?BeyondTrust
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutBeyondTrust
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsBeyondTrust
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksBeyondTrust
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 

Plus de BeyondTrust (20)

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
 
5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)5 Steps to Privilege Readiness (infographic)
5 Steps to Privilege Readiness (infographic)
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
 
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares AboutUnix / Linux Privilege Management: What a Financial Services CISO Cares About
Unix / Linux Privilege Management: What a Financial Services CISO Cares About
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Mitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT SystemsMitigating Risk in Aging Federal IT Systems
Mitigating Risk in Aging Federal IT Systems
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 
Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)Prevent Data Leakage Using Windows Information Protection (WIP)
Prevent Data Leakage Using Windows Information Protection (WIP)
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
 

Dernier

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Dernier (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

Securing DevOps through Privileged Access Management

  • 1. Securing DevOps through Privileged Access Management @paulacqure @CQUREAcademy CONSULTING Paula Januszkiewicz CQURE: CEO, Penetration Tester; Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT www.cqureacademy.com paula@cqure.us
  • 2.
  • 3.
  • 4. What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
  • 5. Overly simple passwords and security questions Key learning points: ✓ Almost always there are passwords reused ✓ Almost always (ekhm… always) there is some variant of company name and some number (year, month etc.) ✓ It makes sense to check for obvious passwords and continuously deliver security awareness campaigns Typical password locations NTDS.dit, SAM Configuration files Registry Memory dumps, Hiberfil.sys Databases (DPAPI ?)
  • 6. No network segmentation Key learning points: ✓ ✓ ✓ ✓ ✓ x x x No-brainer or unseen network security threat?
  • 7. Lack of SMB Signing (or alternative) Key learning points: ✓ Set SPNs for services to avoid NTLM: SetSPN –L <your service account for AGPM/SQL/Exch/Custom> SetSPN –A Servicename/FQDN of hostname/FQDN of domain domainserviceaccount ✓ Reconsider using Kerberos authentication all over https://technet.microsoft.com/en-us/library/jj865668.aspx ✓ Require SPN target name validation Microsoft network server: Server SPN target name validation level ✓ Reconsider turning on SMB Signing ✓ Reconsider port filtering ✓ Reconsider code execution prevention but do not forget that this attack leverages administrative accounts
  • 8. Allowing unusual code execution Key learning points: Common file formats containing malware are: ✓ .exe (Executables, GUI, CUI, and all variants like SCR, CPL etc) ✓ .dll (Dynamic Link Libraries) ✓ .vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM, BAT, COM, CMD etc) ✓ .docm, .xlsm etc. (Office Macro files) ✓ .other (LNK, PDF, PIF, etc.) If SafeDllSearchMode is enabled, the search order is as follows: 1. The directory from which the application loaded 2. The system directory 3. The 16-bit system directory 4. The Windows directory 5. The current directory 6. The directories that are listed in the PATH environment variable
  • 9. No whitelisting on board Key learning points: ✓ ✓ ✓ ✓ x ✓ ✓
  • 10. Old protocols or their default settings
  • 11. Trusting solutions without knowing how to break them Key learning points: ✓ The best operators won't use a component until they know how it breaks. ✓ Almost each solution has some ‘backdoor weakness’ ✓ Some antivirus solutions can be stopped by SDDL modification for their services ✓ Configuration can be monitored by Desired State Configuration (DSC) ✓ DSC if not configured properly will not be able to spot internal service configuration changes Example: how to I get to the password management portal?
  • 12. Misusing service accounts + privileged accounts Key learning points: ✓ gMSA can also be used for the attack ✓ Service accounts’ passwords are in the registry, available online and offline ✓ A privileged user is someone who has administrative access to critical systems ✓ Privileged users have sometimes more access than we think (see: SeBackupRead privilege or SeDebugPrivilege) ✓ Privileged users have possibility to read SYSTEM and SECURITY hives from the registry Warning! Enabling Credential Guard blocks: x Kerberos DES encryption support x Kerberos unconstrained delegation x Extracting the Kerberos TGT x NTLMv1
  • 13. Falling for hipster tools Key learning points: ✓ Worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020, according to advisory firm Gartner ✓ With increasing budget the risk of possessing hipster tools increases too – do we know where these tools come from and what are their security practices? ✓ Lots of solutions where not created according to the good security practices (backup software running as Domain Admin etc.) ✓ Each app running in the user’s context has access to secrets of other apps – Data Protection API ✓ Case of CCleaner
  • 14.
  • 15.
  • 16. BeyondTrust VirtualCloud & DevOps Martin Cannard – Product Manager
  • 17. The Cyber Attack Chain – Where is the Risk? Vulnerable Assets & Users Unmanaged Credentials Excessive Privileges Limited Visibility of compromises used definable patterns established as early as 2014.188% of data breaches involve the use or abuse of privileged credentials on the endpoint.2 80% average days to detect a data breach.3206 1Verizon 2017 Data Breach Investigations Report 2Forrester Wave: Privileged Identity Management, Q3 2016 3Ponemon 2017 Cost of a Data Breach Study
  • 18. The Cyber Attack Chain – Getting More Complex Virtual & Cloud IoT DevOps Connected Systems growth of hybrid cloud adoption in the last year, increasing from 19% to 57% of organizations surveyed.1 3X billion connected things will be in use worldwide in by 2020, according to Gartner. 2 20.4 of organizations implementing DevOps – it has reached “Escape Velocity.”350% 1Forbes 2017 State of Cloud Adoption & Security 2Gartner Press Release, Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31% From 2016, Feb 7, 2017 3Forrester Q1 2017 Global DevOps Benchmark Online Survey
  • 19. Our Mission: Stop Privilege Abuse. Prevent Breaches. • Reduce attack surfaces by eliminating credential sharing, enforcing least privilege, and prioritizing and patching system vulnerabilities • Monitor and audit sessions for unauthorized access, changes to files and directories, and compliance • Analyze behavior to detect suspicious user, account and asset activity
  • 20. Cloud Cloud Management Platforms (AWS, Azure) SaaS Applications (Facebook, LinkedIn, Custom) Hybrid Cloud Virtualized Environments (VMWare, MSFT) Virtualized Machines (UNIX, Linux, Windows) IoT Roaming workstations BYOD Cameras Sensors Printers DevOps DevOps Tools Dynamic Virtual Environments Containers Microservices On-Premise Shared Administrator & Machine Accounts Desktops and Servers (Windows, Mac, Unix, Linux) Security & Network Infrastructures & Industrial Control Systems Apps, Databases & Servers Hypervisors & Virtual Machine Privilege Management – The New Perimeter
  • 21. Cloud Hybrid Cloud IoT DevOps On-Premise Privilege Management – The New Perimeter Reduce Insider Threats • Discover, manage & monitor all privileged accounts & keys • Enforce least privilege across all Windows, Mac, Unix, Linux and network endpoints • Gain control and visibility over privileged activities Stop External Hacking • Discover network, web, mobile, cloud and virtual infrastructure • Remediate vulnerabilities through prescriptive reporting • Protect endpoints against client-side attacks Reveal Hidden Threats • Aggregate users & asset data to baseline and track behavior • Correlate diverse asset, user & threat activity to reveal critical risks • Dynamically adjust access policies based on user and asset risk
  • 22. Into the Cloud Connector Framework: Industry unique connector technology to enumerate instances in the cloud and virtually instantiated for management. • Amazon AWS • Microsoft Azure • Vmware • Hyper-V • IBM SmartCloud • Go Grid • Rackspace • Google Cloud
  • 23. In the Cloud • Cloud Ready Agents: UnixLinuxWindowsMac Agents • Cloud Ready Communications: Agents to Console • Cloud Ready API: Public Password Safe API • Dynamic Licensing: High watermark based licensing • MSP & Multi-tenant Platform: Managed Service Provider Ready
  • 24. From the Cloud • Market Place Apps: Amazon AWS AMI, Microsoft Azure, & Google and Oracle (Later this year) • Cloud Offerings (SaaS) • BeyondSaaS – Vulnerability Assessment, Web Application Scanning, Privilege Cloud Management • PowerBroker Cloud Privilege Manager (Coming soon)
  • 25. DevOps & PAM: Challenges 1. Inventory of DevOps Assets & Activity 2. Asset vulnerabilities across dev, test, production 3. Hard Coded Passwords in scripts & orchestration 4. Shared Accounts with limited accountability 5. Excessive Privileges on test and production systems 6. Attackers targeting developer workstations 7. Lack of boundary controls between dev, test & production 8. Scale and dynamic nature of the environment
  • 26. DevOps & PAM: Challenges Privilege Risk DevOps Adoption Physical Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management Virtualized Hypervisor & CMP Administrators Hypervisor & CMP Access Policies Hypervisor & CMP Session Mgmt. Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management Containers & Microservices Container & MS Session Admins Container & MS Policy Mgmt. Container & MS Session Mgmt. Hypervisor & CMP Administrators Hypervisor & CMP Access Policies Hypervisor & CMP Session Mgmt. Application Admins Privileged End Users Developers Machine Password & Keys Shared Administrator Accounts Desktops (Windows, Mac) Servers (Unix, Linux, Windows) Industrial Control Systems Security Infrastructure Network Infrastructure SaaS Applications & Administrators Applications & Application Servers Databases & Database Servers Machine Credentials (AtoA) System & App Session Management (CMP) Cloud Management Platform (MS) Microservice
  • 27. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS
  • 28. DevOps & PAM: Best Practices GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS DISCOVER & INVENTORY Continuous discovery of assets across physical, virtual and cloud environments.
  • 29. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS SCAN FOR VULNERABILITIES Continuous vulnerability assessment and remediation guidance of the infrastructure and code/builds across physical, virtual and cloud environments.
  • 30. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS ENSURE CONFIGURATION COMPLIANCE Continuous configuration and hardening baseline scanning across servers and code/builds across physical, virtual and cloud deployed assets. Ensure configurations are consistent and properly hardened across the entire devops lifecycle.
  • 31. DevOps & PAM: Best Practices DISCOVER & INVENTORY ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS GAIN ACCOUNTABILITY OVER SHARED ACCOUTS Control and audit access to shared accounts and ensure that all audited activity is associated with a unique identity. Include developer access to source control, devops tools, test servers, production builds Ensure that all passwords are properly managed and rotated across the devops environment.
  • 32. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS ELIMINATE HARD-CODED PASSWORDS Control scripts, files, code, embedded application credentials and hard-coded passwords. Remove hardcoded passwords in devops tool configurations, build scripts, code files, test builds, production builds, and more.
  • 33. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE SEGMENT NETWORKS ENFORCE APPROPRIATE CREDENTIAL USAGE Eliminate administrator privileges on end- user machines Securely store privileged credentials Require a simple workflow process for check-out, and monitor privileged sessions.
  • 34. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS Group assets into logical units Reduce “line of sight” access Utilize a secured jump server with MFA, adaptive access and session monitoring Segment access based on context of the user, role, app and data being requested.
  • 35. DevOps & PAM: Best Practices DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS RESTRICT PRIVILEGES Target environments Development workstations Containers
  • 36. BeyondTrust Secures DevOps DISCOVER & INVENTORY GAIN ACCOUNTABILITY OVER SHARED ACCOUTS ELIMINATE HARD- CODED PASSWORDS RESTRICT PRIVILEGES SCAN FOR VULNERABILITIES ENSURE CONFIG- URATION COMPLIANCE ENFORCE APPROPRIATE CREDENTIAL USAGE SEGMENT NETWORKS POWERBROKER Single Platform that Unites DevOps Security Retina Vulnerability Management PowerBroker Password Safe PowerBroker Desktop & Server Privilege Management Retina Vulnerability Management Retina Vulnerability Management PowerBroker Password Safe PowerBroker Password Safe PowerBroker Password Safe POWERBROKER Single Platform that Unites DevOps Security
  • 37. Why BeyondTrust? The PAM Industry Leader Leader: Forrester PIM Wave, 2016 Leader: Gartner Market Guide for PAM, 2017
  • 38. DEMO
  • 39. Poll + Q&A Thank you for attending!