Security Diagnostics for IAMStrategies and Approaches

Rebecca Harvey

Brian Dudek

10/29/2018

Cloud

Enable business

innovation and

transition to “IT as a

Service” through

reduced complexity,

increased agility, and

unified management.

Data

Increase efficiency and agility while protecting data,

minimizing recovery time, and deploying new technologies without disruption.

Security

Reduce risk by shifting the focus from network security to a secure network, from datacenter to cloud to

endpoint.

Mobility

Increase productivity, simplify access, and

improve collaboration without compromising

security.

Core CompetenciesOur areas of expertise

Easy to engage

People like working with Data Strategy because of our approach to customer engagement. We listen first. We give unbiased advice based. And, we’re easy to engage because we’re local.

This is what drives our goal to have the highest customer satisfaction in the industry.

Local support

• 350 Full Time Employees

• 160 Engineering Focused

• Nine office locations in seven-state territory

• Redundant NOCs

• Presales, design, and implementation

• Demo & POC facilities

• Technical integration

How Can We Provide Value?

Combined Geographies

Trace3 Existing Regions

Trace3 New/Priority Regions

Data Strategy / Optio Data Region(s)

Trace3 & Data Strategy

Defense in Depth

Secure Assets

• Implement Effective Policy’s and Procedures

• Create Multiple Layers of Security

Protect Life

• Authenticate & Automate• Access Control• Intrusion Detection• Countermeasures

Evolve, Adapt, Change, Survive

The strength of your information protection strategy depends on your ability to:

Understand weaknesses in the current approach to managing cybersecurity and protection of information within your purview;

Implement improvements that benefit your organization

Demonstrate that you have the vision and capabilities to transition this strategy into operational reality;

Manage this capability for the long term

Understand and document weaknesses in the currentdata protection program, including:

The scope of what should be considered; The types of critical data requiring protection; The current cybersecurity related operations; and Assigned responsibilities of personnel

Provide a sound strategy detailing what has to be achieved to improve the program to a baseline maturity level with 20/20 vision of data protection programs currently in flight, have been completed or are planned.

Identify and documentation changes, programs and technologies where required to comply with and achieve the expectations associated with your cybersecurity strategy;

Design and create a cybersecurity improvement roadmap detailing the recommended project path to your target security state.

Why a Program Assessment?

Cybersecurity Strategy Cybersecurity OperationsCybersecurity Monitoring,

Response, & Recovery

Cybersecurity Charter, Goals & Objectives

Security Program Management

Legal Support Cybersecurity Risk Management

Incidental Management

Cybersecurity Team Structure, Roles & Responsibilities

GDPR, Regulatory & Internal Compliance Management

Cyberthreat Management Configuration & Patch Management

Intrusion Detection & Prevention

Cybersecurity Policies, Standards, and Procedures

Vulnerability Management Logging, Monitoring, & Alerting Application Security Compliance Tracking and Reporting

Cybersecurity Architecture & Strategic Planning

Identity & User Account Management

GDPR Data Subject Data Management

Data Classification & Privacy Management

Business Continuity Management

Security Program Assurance & Governance

Asset Management VPN & Encryption Management

Network & System Security GPDR Data Subject Request Management

Security Program Assessment Components

The Importance of Network Penetration TestingTo Identify Gaps, Prioritize, and Roadmap Mitigation Steps

Vulnerability Assessment Traditional Penetration TestingEnhanced Red Teaming / Advanced

Penetration Testing

SCOPING Limited Limited to scan results Comprehensive

SKILL LEVEL REQUIRED

Tutorial Needed Training Required Advanced Degree Required

OBJECTIVEBroad scanning for information

gatheringUtilize broad scanning to manually test a network for compliance driven needs

Uncover as many vulnerabilities as possible using the resources leveraged by real

attackers

TECHNIQUESFully automated using software which identifies publicly known

vulnerabilities

Driven by automation with penetration testers manually testing the findings uncovered by automated scanning

Human driven with a team of hackers focused on your network identifying

vulnerabilities unique to your network

THREAT EMULATION

None Partial Advanced Persistent Threat Emulation

REPORTINGComputer generated report with

unverified information and no determination of business impact

Computer generated report which is verified by penetration tester reducing

the amount of false positives

Narrative report with actionable remediation steps and verified intelligence determining

the business impact of all findings

One Click to Confirm Compromises

One Click to Take Action

Unify Views and Intel for All Key Tools

Automate Correlation

Understand Context

Streamline the response

Enrich Incident Data

Prioritize the incidents that matter using the best intelligence

ACTIONINSIGHT

Reputation Data

Global Malware Exchange

Attacker and Campaign Intel

What’s needed to Recover Quickly?

Example of an Automated Threat Response

SIEM

Malware Sandbox

IDS/IPS, Firewall

Custom

Ale

rts

Email Security

Web Gateway

AD, Identity Mgmt.

Exchange, O365

Enfo

rcem

ent

Co

ntr

ols

IDS/IPS, Firewall

Network Access

IndustryISACs

Open Source Intelligence

CommercialIntelligence or TIP

Threat Intelligence

CONSISTENT

Verify

Respond, Block, Quarantine

Enrich & Augment

ThreatResponse

Collect, Group, Prioritize

AUTOMATED

ActiveDirectory

Understand

INSTANT

Contain

“Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.” – Gartner

Identity DataUser

ManagementIdentity

GovernanceAccess

Management

What is IAM?

Advanced Analytics

• Authoritative Identity Stores vs Many Islands of Identity

• Groups, Profiles, Roles – Decentralized or Centralized

• Identity Data Mapping, Consolidation, and Cleansing

• Workforce Identity vs Consumer Identity

• Directory (AD, LDAP, Database, Cloud, Virtual, EDirectory, Google)

Identity Data

Concepts

• Birth-right provisioning

• Automated de-provisioning

• Access requests and approvals

• User registration

• Self service and Delegated Administration

• Contractor and Temp Worker Management

Benefits

• Improved efficiency and cuts administration costs

• Reduce user idle time

• Increase security by reducing orphaned accounts

• Increase compliance posture

• Centralize view of enterprise access

User Management

Concepts

• Single Sign-On (SSO)

– Internal apps

– SaaS, Cloud, eg. Office 365

– Standard – SAML, OpenIDConnect

• Multi-Factor Authentication

– SMS, mobile app push

– Soft/Hard token, adaptive/risk Authentication

Benefits

• Less usernames and passwords

• Better user experience

• Improved security

Access Management

Privileged Access Management (PAM)

• Keys to the kingdom• Local administrators• AD domain users• Root on Unix• Database accounts• Cloud infrastructure accounts

• Principle of least privilege• Password vault and automated password rotation• Usage monitoring and recording• AD bridge to Unix systems• Application password integration

Identity Governance

Concepts• Access review and remediation for regulations such

as SOX, HIPAA, GDPR, PCI, etc.• Enterprise Role Definition• Segregation of Duties• Structured and Unstructured Data

Benefits• Automate manual process• Focus on high risk users• Enforce SOD policies• Centralize view of access

Advanced Analytics

Detect Compromised Accounts and Insider Threats

• Data Collection – firewall, application, SIEM, IAM, SaaS, etc.• Processing – normal vs abnormal, policies, machine learning• Alert – event-based, risk score, or thresholds• Analysis – timeline, objects touched, and historical use• Case Management – open, assign, remediate, close

Key IAM Areas and Recommended Vendors

No Magic Bullet

SECURITY LABS

ADVISORY SERVICES

BUSINESS CONTINUITY

SECURITY AS A SERVICE

Network Penetration Testing -Security Program Assessments

-GDPR

Active/Active Data Centers -Managed SIEM/SOC-IRaaS, Data Forensics-Intrusion Detection and Response

Vulnerability Scanning and Assessments

Gap Analysis and Risk Registry Operationalization

Disaster Recovery and BCP Cloud Access Security Brokerage (CASB) Services

Social Engineering PCI DSS and Payment Systems Risk Report

Off-site Replication Identity and Access Management solutions

-Incident Response Services

-Security Training

HIPAAHIPAA/HITECH ISO 27001, FFIEC, FISMA NERC CIP, FedRAMP 3PAO SOC and SSAE 16, NIST Assessments

-Backup & Archiving

-Backup and DR as a Service

-End point security solutions-Multi-Factor Authentication -BYOD & Mobile Device Management; MDM/EMM

Digital Forensics Cloud and Virtualization Security Strategies

Recovery Optimization, including Cloud-based

NG Firewalls and Proxies

Application Security Policy and Procedure Development

Runbook Automation -Email Security solutions

-Vulnerability Management as a service

Security practice overview

Questions?

Thank you!Rebecca Harvey & Brian Dudek

Rharvey@data-strategy.comBdudek@data-strategy.com