Security Diagnostics for IAM - ESD · 2018-11-05 · Easy to engage People like working with Data...
Transcript of Security Diagnostics for IAM - ESD · 2018-11-05 · Easy to engage People like working with Data...
Security Diagnostics for IAMStrategies and Approaches
Rebecca Harvey
Brian Dudek
10/29/2018
Cloud
Enable business
innovation and
transition to “IT as a
Service” through
reduced complexity,
increased agility, and
unified management.
Data
Increase efficiency and agility while protecting data,
minimizing recovery time, and deploying new technologies without disruption.
Security
Reduce risk by shifting the focus from network security to a secure network, from datacenter to cloud to
endpoint.
Mobility
Increase productivity, simplify access, and
improve collaboration without compromising
security.
Core CompetenciesOur areas of expertise
Easy to engage
People like working with Data Strategy because of our approach to customer engagement. We listen first. We give unbiased advice based. And, we’re easy to engage because we’re local.
This is what drives our goal to have the highest customer satisfaction in the industry.
Local support
• 350 Full Time Employees
• 160 Engineering Focused
• Nine office locations in seven-state territory
• Redundant NOCs
• Presales, design, and implementation
• Demo & POC facilities
• Technical integration
How Can We Provide Value?
Combined Geographies
Trace3 Existing Regions
Trace3 New/Priority Regions
Data Strategy / Optio Data Region(s)
Trace3 & Data Strategy
Defense in Depth
Secure Assets
• Implement Effective Policy’s and Procedures
• Create Multiple Layers of Security
Protect Life
• Authenticate & Automate• Access Control• Intrusion Detection• Countermeasures
Evolve, Adapt, Change, Survive
The strength of your information protection strategy depends on your ability to:
Understand weaknesses in the current approach to managing cybersecurity and protection of information within your purview;
Implement improvements that benefit your organization
Demonstrate that you have the vision and capabilities to transition this strategy into operational reality;
Manage this capability for the long term
Understand and document weaknesses in the currentdata protection program, including:
The scope of what should be considered; The types of critical data requiring protection; The current cybersecurity related operations; and Assigned responsibilities of personnel
Provide a sound strategy detailing what has to be achieved to improve the program to a baseline maturity level with 20/20 vision of data protection programs currently in flight, have been completed or are planned.
Identify and documentation changes, programs and technologies where required to comply with and achieve the expectations associated with your cybersecurity strategy;
Design and create a cybersecurity improvement roadmap detailing the recommended project path to your target security state.
Why a Program Assessment?
Cybersecurity Strategy Cybersecurity OperationsCybersecurity Monitoring,
Response, & Recovery
Cybersecurity Charter, Goals & Objectives
Security Program Management
Legal Support Cybersecurity Risk Management
Incidental Management
Cybersecurity Team Structure, Roles & Responsibilities
GDPR, Regulatory & Internal Compliance Management
Cyberthreat Management Configuration & Patch Management
Intrusion Detection & Prevention
Cybersecurity Policies, Standards, and Procedures
Vulnerability Management Logging, Monitoring, & Alerting Application Security Compliance Tracking and Reporting
Cybersecurity Architecture & Strategic Planning
Identity & User Account Management
GDPR Data Subject Data Management
Data Classification & Privacy Management
Business Continuity Management
Security Program Assurance & Governance
Asset Management VPN & Encryption Management
Network & System Security GPDR Data Subject Request Management
Security Program Assessment Components
The Importance of Network Penetration TestingTo Identify Gaps, Prioritize, and Roadmap Mitigation Steps
Vulnerability Assessment Traditional Penetration TestingEnhanced Red Teaming / Advanced
Penetration Testing
SCOPING Limited Limited to scan results Comprehensive
SKILL LEVEL REQUIRED
Tutorial Needed Training Required Advanced Degree Required
OBJECTIVEBroad scanning for information
gatheringUtilize broad scanning to manually test a network for compliance driven needs
Uncover as many vulnerabilities as possible using the resources leveraged by real
attackers
TECHNIQUESFully automated using software which identifies publicly known
vulnerabilities
Driven by automation with penetration testers manually testing the findings uncovered by automated scanning
Human driven with a team of hackers focused on your network identifying
vulnerabilities unique to your network
THREAT EMULATION
None Partial Advanced Persistent Threat Emulation
REPORTINGComputer generated report with
unverified information and no determination of business impact
Computer generated report which is verified by penetration tester reducing
the amount of false positives
Narrative report with actionable remediation steps and verified intelligence determining
the business impact of all findings
One Click to Confirm Compromises
One Click to Take Action
Unify Views and Intel for All Key Tools
Automate Correlation
Understand Context
Streamline the response
Enrich Incident Data
Prioritize the incidents that matter using the best intelligence
ACTIONINSIGHT
Reputation Data
Global Malware Exchange
Attacker and Campaign Intel
What’s needed to Recover Quickly?
Example of an Automated Threat Response
SIEM
Malware Sandbox
IDS/IPS, Firewall
Custom
Ale
rts
Email Security
Web Gateway
AD, Identity Mgmt.
Exchange, O365
Enfo
rcem
ent
Co
ntr
ols
IDS/IPS, Firewall
Network Access
IndustryISACs
Open Source Intelligence
CommercialIntelligence or TIP
Threat Intelligence
CONSISTENT
Verify
Respond, Block, Quarantine
Enrich & Augment
ThreatResponse
Collect, Group, Prioritize
AUTOMATED
ActiveDirectory
Understand
INSTANT
Contain
“Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.” – Gartner
Identity DataUser
ManagementIdentity
GovernanceAccess
Management
What is IAM?
Advanced Analytics
• Authoritative Identity Stores vs Many Islands of Identity
• Groups, Profiles, Roles – Decentralized or Centralized
• Identity Data Mapping, Consolidation, and Cleansing
• Workforce Identity vs Consumer Identity
• Directory (AD, LDAP, Database, Cloud, Virtual, EDirectory, Google)
Identity Data
Concepts
• Birth-right provisioning
• Automated de-provisioning
• Access requests and approvals
• User registration
• Self service and Delegated Administration
• Contractor and Temp Worker Management
Benefits
• Improved efficiency and cuts administration costs
• Reduce user idle time
• Increase security by reducing orphaned accounts
• Increase compliance posture
• Centralize view of enterprise access
User Management
Concepts
• Single Sign-On (SSO)
– Internal apps
– SaaS, Cloud, eg. Office 365
– Standard – SAML, OpenIDConnect
• Multi-Factor Authentication
– SMS, mobile app push
– Soft/Hard token, adaptive/risk Authentication
Benefits
• Less usernames and passwords
• Better user experience
• Improved security
Access Management
Privileged Access Management (PAM)
• Keys to the kingdom• Local administrators• AD domain users• Root on Unix• Database accounts• Cloud infrastructure accounts
• Principle of least privilege• Password vault and automated password rotation• Usage monitoring and recording• AD bridge to Unix systems• Application password integration
Identity Governance
Concepts• Access review and remediation for regulations such
as SOX, HIPAA, GDPR, PCI, etc.• Enterprise Role Definition• Segregation of Duties• Structured and Unstructured Data
Benefits• Automate manual process• Focus on high risk users• Enforce SOD policies• Centralize view of access
Advanced Analytics
Detect Compromised Accounts and Insider Threats
• Data Collection – firewall, application, SIEM, IAM, SaaS, etc.• Processing – normal vs abnormal, policies, machine learning• Alert – event-based, risk score, or thresholds• Analysis – timeline, objects touched, and historical use• Case Management – open, assign, remediate, close
Key IAM Areas and Recommended Vendors
No Magic Bullet
SECURITY LABS
ADVISORY SERVICES
BUSINESS CONTINUITY
SECURITY AS A SERVICE
Network Penetration Testing -Security Program Assessments
-GDPR
Active/Active Data Centers -Managed SIEM/SOC-IRaaS, Data Forensics-Intrusion Detection and Response
Vulnerability Scanning and Assessments
Gap Analysis and Risk Registry Operationalization
Disaster Recovery and BCP Cloud Access Security Brokerage (CASB) Services
Social Engineering PCI DSS and Payment Systems Risk Report
Off-site Replication Identity and Access Management solutions
-Incident Response Services
-Security Training
HIPAAHIPAA/HITECH ISO 27001, FFIEC, FISMA NERC CIP, FedRAMP 3PAO SOC and SSAE 16, NIST Assessments
-Backup & Archiving
-Backup and DR as a Service
-End point security solutions-Multi-Factor Authentication -BYOD & Mobile Device Management; MDM/EMM
Digital Forensics Cloud and Virtualization Security Strategies
Recovery Optimization, including Cloud-based
NG Firewalls and Proxies
Application Security Policy and Procedure Development
Runbook Automation -Email Security solutions
-Vulnerability Management as a service
Security practice overview
Questions?
Thank you!Rebecca Harvey & Brian Dudek
[email protected]@data-strategy.com