Pre-Con Ed: Privileged Access Management for Hybrid Enterprises
-
Upload
ca-technologies -
Category
Technology
-
view
181 -
download
0
Transcript of Pre-Con Ed: Privileged Access Management for Hybrid Enterprises
World®’16
PrivilegedAccessManagementforHybridEnterprisesShawnW.Hank,Sr.PrincipalConsultant,SecurityCATechnologies
SCX04E
SECURITY
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract(inonlineagenda)
Privilegedaccountsareacoreattackvectorincountless,devastatingdatabreachesandareincreasinglythefocusofdemandingcompliancemandates.ThissessionwillprovideanoverviewoftheCATechnologiesstrategyforprivilegedaccessmanagement,includinganin-depthexplorationofthekeycapabilitiesofCAPrivilegedAccessManager,suchasforcredentialmanagement;strongauthentication;role-based,leastprivilegeaccesscontrol;commandfiltering,andsessionmonitoringandrecordingfromasinglepointofcontrolacrosstheentirehybridenterprise.You’llalsolearnhowCAPrivilegedAccessManagerprovidestruedefense-in-depthandgreatersecurityforprivilegedaccountsbyseamlesslyworkingwithotherkeyenterprisesolutionsincludingCAPrivilegedAccessManagerServerControl,migrationpathsforCAPrivilegedIdentityManagercustomerstoCAPrivilegedAccessManagerandCAPrivilegedAccessManagerServerControl,andhelpdesksolutionsforprivilegedaccessservicemanagement.
ShawnHank
CATechnologiesSr.PrincipalConsultant,Presales
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
§ Privilegedaccountsareacoreattackvectorincountlessdevastatingdatabreaches,andareincreasinglythefocusofdemandingcompliancemandates.ThissessionwillprovideanoverviewofCATechnologiesstrategyforprivilegedaccessmanagement,includinganin-depthexplorationofthekeycapabilitiesofCAPrivilegedAccessManager,CATechnologiessolutionforprotectinganddefendingprivilegedaccountsandcredentialsfromattack,andmanaging,controlling,andauditingtheactivitiesofprivilegedusers
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TheCASolutionPortfolioComprehensivePrivilegedAccessManagement
§Ac
cessre
quests
§Ce
rtificatio
n§
Riskana
lytic
s
§ Strongauthentication,includingMFA§ Credentialmanagement§ Policy-based,leastprivilegeaccesscontrol§ Commandfiltering§ Sessionrecording,auditing,attribution§ Applicationpasswordmanagement§ Comprehensive,hybridenterpriseprotection§ Self-contained,hardenedappliance
§
§ In-depthprotectionforcriticalservers§ Highly-granularaccesscontrols§ Segregateddutiesofsuper-users§ Controlledaccesstosystemresourcessuchas
files,folders,processesandregistries§ SecuredTaskDelegation(sudo)§ EnforceTrustedComputingBase
IDENTITY-BASEDSECURITY HOST-BASEDSECURITY
DEFENSEINDEPTH
CAPrivilegedAccessManager CAPrivilegedAccessManagerServerControl
CAID
ENTITYSUITE
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAPrivilegedAccessManagerPrivilegedAccountManagementfortheHybridEnterprise
HYBRIDENTERPRISETraditionalDataCenter
Mainframe,Windows,Linux,Unix,Networking
EnterpriseAdminTools
SoftwareDefinedDataCenter
SDDCConsoleandAPIs
PublicCloud- IaaS
CloudConsoleandAPIs
SaaSApplications
SaaSConsolesandAPIs
HardwareAppliance AWSAMIOVFVirtualAppliance
IdentityIntegration Enterprise-ClassCore
CAPrivilegedAccessManager
§ VaultCredentials§ CentralizedAuthentication§ FederatedIdentity§ PrivilegedSingleSign-on
§ Role-BasedAccessControl§ MonitorandEnforcePolicy§ RecordSessionsandMetadata§ FullAttribution
ANewSecurityLayer- ControlandAuditAllPrivilegedAccess
UnifiedPolicyManagement
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HYBRIDCLOUDENVIRONMENT
IntegratedControlsandUnifiedPolicyManagement
Positively
Authen
ticateUsers
Vault&
Manage
Cred
entia
ls
RestrictA
ccessto
Authorize
dSystem
s
Fede
rateIden
tity
andAttributes(SSO
)
Mon
itora
nd
EnforcePo
licy
RecordSessio
ns
andMetadata
AttributeIden
tity
forS
haredAccoun
ts
TraditionalDataCenter
PrivateCloud
PublicCloud
CAPrivilegedAccessManagerinaction
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Demonstration
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ResultsCAPrivilegedAccessManagerisacentralcomponentofCATechnologiesportfolioofprivilegedaccessmanagementsolutions.Itdeliverscomprehensivefunctionality,spanningtheentirehybridenterprise,inaformfactorthat’sfastandeasytodeployandavoidsadditionalhiddencosts.
SummaryAFewWordstoReview
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCX15E MeettheCAPrivilegedAccessManagerTeam 11/14/2016at11:00am
SCX29E DeepDive:CAPrivilegedAccessManager 11/14/2016at1:00pm
SCT22S CARoadmap:PrivilegedAccessManagement 11/16/2016at4:30pm
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Don’tMissOurINTERACTIVESecurityDemoExperience!
SNEAKPEEK!
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.12 @CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw