Privilege Management
-
Upload
lamar-hinton -
Category
Documents
-
view
53 -
download
0
description
Transcript of Privilege Management
![Page 1: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/1.jpg)
Customer confidential1
Privilege Management
Sean MooreSolutions Specialist
![Page 2: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/2.jpg)
Customer confidential2 2
AGENDA
AppSense Privilege Management
Demo
Q & A
• Trusted Installers• Application Admin Rights Discovery• Web and Application Installation• Application NAC • License Management• Selective Elevation• Auditing
Customer Challenges• Business Value
![Page 3: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/3.jpg)
Customer confidential3
Customer Challenges
Increased risk Lack of productivityHigh costs
• 24% higher cost (Gartner)• Higher support cost• Application compatibility• Over licensing situations
• 97% higher risk (Verizon)• Higher malware infection• Overuse of admin rights• Auditing/Compliance
• Limit users ability to change• Inability to perform necessary
actions• Balance risk vs reward
Source:• Gartner, ID G00174099• http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-
ebk_en_xg.pdf• http://www.csoonline.com/article/726899/privilege-management-could-cut-breaches-if-it-were-used
![Page 4: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/4.jpg)
Customer confidential4
Business Value of Privilege Management
Simple business case:
Up to 24% reduction in TCO
97% improvement in risk avoidance
Net increase in productivity
Source:• Gartner, ID G00174099• http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-
ebk_en_xg.pdf• http://www.csoonline.com/article/726899/privilege-management-could-cut-breaches-if-it-were-used
So why does the graph rise again with higher cost the more you lockdown?
![Page 5: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/5.jpg)
Customer confidential5
Privilege Management
• Control application access and reduce license requirements• Reduce risk and eliminate misuse of user privilege• Lower desktop support costs by up to 24%• Gartner: Save $1,278 per desktop per year*• Meet regulatory compliance and governance requirements
Benefit
• Identify applications requiring admin privileges• Block malicious code from execution• Central control of all privileges• Manage device access and licensing• Auditing/Reporting
Capabilities
![Page 6: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/6.jpg)
Customer confidential6
Trusted Application Execution
• Explicitly allow or block applications• Prevent unproductive desktop usage • Block untrusted code/malware
• Java, Scripts, ActiveX and executables
Requirement
• Static• Application executable• Trusted vendor (Signing cert)• Hash and signature• Path variables
• Time of day/schedule
• Dynamic • Trusted Ownership
Capabilities
![Page 7: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/7.jpg)
Customer confidential7
Application Admin Rights Discovery
• Provide IT insight into which applications require admin rights • Policy Control to remove admin rights without causing disruption• Allow apps to run without compromising least privilege
Requirement
• Detect which applications require admin privileges
• Passive detection and reporting• Analyze application data from
multiple endpoints• Convert discovery to rules
Capabilities
![Page 8: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/8.jpg)
Customer confidential8
Web and Application Installation
• Users need to install web apps and regular apps:• Web Conferencing, Adobe, Flash, Silverlight• Anything from a particular trusted vendor
Requirement
• Selectively allow approved applications to be installed
• Leverage prebuilt “snippets”• Minimize app re-packaging and update
costs• Installation from network share
Capabilities
![Page 9: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/9.jpg)
Customer confidential
Demo
![Page 10: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/10.jpg)
Customer confidential10
Application Network Access Control
• Control and limit 3rd party contractors on site network access• Report on access, by who, from what device & locationRequirement
• Provides control based on user, not on PC based firewall• Delivers per application control• Regulatory compliance auditing of user access• Limit what areas of the network a user or application can access
Capabilities
![Page 11: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/11.jpg)
Customer confidential11
License Enforcement by Device
• Applications delivered via XenApp/RDSH require a license for every device that can potentially access the server
• Reduce over-licensing situations• Control devices authorized to use the application
Requirement
• Recognized by Microsoft® for enforcing device based licensing• Application access defined by which devices are permitted• Comply with licensing agreement based on number of devices
Capabilities
![Page 12: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/12.jpg)
Customer confidential
Another Demo
![Page 13: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/13.jpg)
Customer confidential13
Selective Elevation
• Application requires elevation to run• User requires elevation to access control panel applet• Need to allow users to “self-elevate” with auditing• Challenge / Response for users
Requirement
• Remediate application compatibility issues – cannot run as “user”
• Transparently allow users to run as admin for selected capabilities
• Control child processes • Real time User code to elevate
Capabilities
![Page 14: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/14.jpg)
Customer confidential14
Auditing
• Monitor before enforcement begins• Report on compliance once enforced• Discover applications that require elevation
Requirement
• Understand who is doing what in the environment• Understand and monitor users before rule implementation• Log activity for compliance audits• Understand application operation functionality
Capabilities
![Page 15: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/15.jpg)
Customer confidential
YetAnotherDemo
![Page 16: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/16.jpg)
Customer confidential16
AppSense - Privilege Management
Maintain environment in desired state
Increased visibility into application landscape
Enforce licensing, ensure compliance
Reduces support calls
User acceptance
![Page 17: Privilege Management](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813492550346895d9b7b39/html5/thumbnails/17.jpg)
Customer confidential
Thank you