Scribd
Upload
413 views

Thycotic Denver Presentation

This document discusses privileged account security and insider threats. It notes that hackers target privileged accounts like domain administrators and service accounts. The key to securing against internal breaches is access management. Common issues include failing to update passwords, storing passwords insecurely, and using default passwords. Effective privileged account management (PAM) involves limiting privileged accounts, auditing and accountability, unique random passwords, and rotation. The document promotes Thycotic's Secret Server product as a PAM solution. It allows password changing, discovery of service accounts, workflow approval, SIEM integration, and prevents application password misuse.

Uploaded by

uakarsu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
413 views

Thycotic Denver Presentation

This document discusses privileged account security and insider threats. It notes that hackers target privileged accounts like domain administrators and service accounts. The key to securing against internal breaches is access management. Common issues include failing to update passwords, storing passwords insecurely, and using default passwords. Effective privileged account management (PAM) involves limiting privileged accounts, auditing and accountability, unique random passwords, and rotation. The document promotes Thycotic's Secret Server product as a PAM solution. It allows password changing, discovery of service accounts, workflow approval, SIEM integration, and prevents application password misuse.

Uploaded by

uakarsu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 41

LOCKING DOWN

PRIVILEGED ACCOUNTS

Dan Ritch Bruce Martin


Sales Engineer Senior Account Manager

Greg Hanchin
Owner, TechVader
Insider threat: today’s risk
What does a security team have to deal with?
Auditors/compliance
External threats
Insider threats

NDA - CONFIDENTIAL
THE THREAT LANDSCAPE HAS CHANGED
Old Paradigm
Perimeter security
Firewall, AV,IDS,IPS, email gateways
Threat detection
SIEM, Big data analytics, IOC detection
Account and user provisioning
Role based access, layering, insider threat
What is the result of all of this security?
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
HUMAN SECURITY
RISKS

% of incidents % of social media % of people open


related to errors by scams shared and click on
admins manually phishing emails

% of people use
the same +500 Data Breaches
password for 500m Records
Data Source: Symantec ISTR 2015 social sites
Data Source: Verizon DBIR Report 2015 WWW.ESCGS.COM
SEVERAL HOSPITALS DECLARED
STATE OF EMERGANCY
THE THREAT LANDSCAPE HAS CHANGED
New Paradigm
No matter how much security you put in place you are
still going to be breached.
One example: Advanced Persistent Threats - Malware
Email phishing: 10 emails - 100% someone will open
an executable. BOOM! APT has control
If we know that we are going to be breached,
what can we do?
If we know we are going to get breached,
the questions we should ask are:
How do I mitigate risk?
What do hackers target?
What do hackers target?
“APT intruders…prefer to leverage
privileged accounts where possible, such
as Domain Administrators, service
accounts with Domain privileges, local
Administrator accounts, and privileged
user accounts.” Mandiant, mtrends report and APT1 report

“100% of breaches involved


stolen credentials”
What are Privileged accounts?
Windows Database
Domain admin- How many are shared? Oracle - Sys
Local Admin- password formatting SQL - SA
UNIX Dbadmin
root Cisco - Enable
Service Accounts
superuser
Scheduled tasks
Web and social media
What about vendor and consultant accounts?
Insider Threat
Seasoned
THE Management
KEY TO SECURING Team
AGAINST INTERNAL
BREACHES IS ACCESS MANAGEMENT
• 58% of large organizations suffered staff-related
security breaches in 2014, compared to just 24%
detecting outsiders penetrating their networks.
• 71% are very concerned with external threats, but
only 46% indicated a strong concern for internal
threats.
• In cases where staff will be dealing with sensitive
information, monitoring user activity is a must.
Information-age.com, Insider Hacks vs. outsider threats: spending budget in the wrong place

12
Three common practices
that highlight need for
password management
1. Failure to update passwords

2. Passwords stored on
spreadsheets or sticky notes

3. Default passwords on Virtual


machines
Core Principles of
Effective PAM
• Limit the number of privileged
accounts
• Auditing and Accountability
• Do not allow users to bypass
security protocols
• Unique, random passwords
• Ensure all passwords are rotated
• Only give users access to accounts
they need to perform their job
Thycotic Product slide

Recent Acquisition of Arellia adds more depth to Security offering


Lockdown the Endpoints
Lockdown the Applications
Lockdown the OS Configuration
 Founded in 1996 and HQ in Washington DC, USA
Thycotic Product slide
 Over 3500 Global customers with additional 3000 on fully
supported free version
 Software used by over 200,000+ IT admins
 INC 5000 fastest growing companies
 Numerous awards like Best of VMWorld 2014, Info Security
Products Guide Global Excellence 2015, 5-Star award 2016
Best Privileged Account Management Award and many others
What our
CUSTOMERS SAY
Thycotic provides the best privileged account security
software and the support we need to solve our most pressing
problems.”
– Liz McQuarrie, Director of Security Operations, Adobe

“One of the things I love about Secret Server is the out of the
box integration with our existing technology tools. We
maintain a lot of different systems, and so it’s really nice to
have tools that work together as opposed to needing to figure
out how to build custom integrations.”
– Mathew Eshleman, Chief Technology Officer Community IT
Innovators

“On the IT operations side Secret Server makes your life


exponentially easier.”
-Seth, Top four global IT consulting Firm

NDA - CONFIDENTIAL
Secret Server

Architecture
Remote Password Changing

Active Directory SAP


Local Windows accounts F5
UNIX/Linux/Mac Blue Coat
MS SQL Server Dell DRAC
Oracle HP iLO
Sybase SSH/Telnet
MySQL LDAP
ODBC Salesforce
VMware ESX/ESXi Google
SonicWALL Amazon
Cisco Office365
Juniper PowerShell
Discovery

Local Windows accounts

Windows services

Windows scheduled tasks

IIS application pools

Unix/Linux accounts

VMware ESX/ESXi accounts


NDA - CONFIDENTIAL
Solution – Passwords:
• Heartbeat ensures passwords are valid
• Auditing + Permissions + Rotation
= Compliance

NDA - CONFIDENTIAL
Closing the termination gap

NDA - CONFIDENTIAL
Solution:
IT ADMIN LEAVES
• Run Audit Report on Password Usage
• Automate Password Changes
• Coordinate with HR
Reducing exposure

NDA - CONFIDENTIAL
Solution:
REDUCING EXPOSURE
• Use passwords without knowing them
• Session Launching
• Change passwords automatically after use
• Check Out
Service accounts

NDA - CONFIDENTIAL
Solution:
MANAGING SERVICE ACCOUNTS
• Automatically find all your service accounts
• Discovery
• Windows Services, Scheduled Tasks, IIS AppPools
• COM+, File Regex, PowerShell extensions
• Automatically change password everywhere
• Full automation
NDA - CONFIDENTIAL
Solution:
WORKFLOW APPROVAL
• Request access to sensitive Secrets
• Dual Approval if necessary
• Approve for limited period of time
• Capture service request/ticket number
• Complete audit trail for compliance
Who’s watching IT?

NDA - CONFIDENTIAL
Solution:
WHO’S WATCHING IT?
• SIEM integration
• Get shared/privileged account activity to your SIEM and
correlate with AD identity for true accountability
• Session Monitoring
• Launch SSH, RDP, MSSQL, etc. sessions
• Record all activity
• SSH proxy to capture all keystroke activity
• Live monitoring and session termination
SIEM TOOL INTEGRATION
Monitor Account Usage

Syslog format
CEF format

Get the most out of your SIEM tool by


monitoring Privileged Account usage
Application password misuse
SOLUTION:
Application password misuse
** GET RID OF EMBEDDED PASSWORDS **

• API integrations
• .NET/Java/Perl/PHP/PowerShell/etc.
• Push
• Update embedded passwords directly from
vault
• Pull
• Use API from custom and 3rd party applications
to retrieve passwords at runtime
BEFORE @echo off
echo —————————————-
echo Uploading changes…
echo —————————————-
ftpsync-1.3.04\ftpsync.pl documents
ftp://jsmith:passJgH47523@10.0.10.100/stage/mydocuments

AFTER @echo off


echo —————————————-
echo Connecting to Secret Server API…
echo —————————————-
FOR /F “tokens=*” %%A IN (‘java -jar secretserver-jconsole.jar -s 1587 Password’)
DO SET FieldValue=%%A
echo —————————————-
echo Uploading changes…
echo —————————————-
ftpsync-1.3.04\ftpsync.pl documents
ftp://jsmith:%FieldValue%@10.0.10.100/stage/mydocuments
10k foot perspective
1.Protect against internal
and external threats
2.Meet compliance
mandates and industry
best practices
3.Automate scalable security
processes and be more
efficient
Best Practice to increase
Implementation
Adoption Rate: Plan
Phased Approach
Questions?

Request a Trial:
https://thycotic.com/products/secret-server/start-a-trial/
JUNE 20th & 21st
Washington D.C.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy