Uploads Contact
/
Login Upload
Stopping Attacks Before They Stop Business Stopping Attacks Before They Stop Business

Stopping Attacks Before They Stop Business - PowerPoint Presentation

ximena
ximena . @ximena
Follow
342 views
Uploaded On 2022-02-15
About Share Download

Stopping Attacks Before They Stop Business - PPT Presentation

Jeff Vealey Customer Success Technical Advisor CyberArk Software State of play There are only two types of companies Those that have been hacked and those that will be Even that is merging in to one category those that have been hacked and will be again ID: 909183

access privileged accounts account privileged access account accounts security step credentials passwords admin control statistics attacks local activity domain

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Stopping Attacks Before They Stop Busine..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

Stopping Attacks Before They Stop Business

Jeff Vealey – Customer Success

Technical Advisor

CyberArk Software

Slide2

State of play

There are only two types of companies: Those that have been hacked, and those that will be. Even that is merging in to one category; those that have been hacked and will be again.

FBI Director Robert Mueller 2012

Slide3

Recent history

Slide4

Cyber Attacks Are a Daily Event

Slide5

Cyber Security and Privileged Access

Mandiant, M-Trends and APT1 Report

“…100% of data breaches involved stolen credentials.”

“APT intruders…prefer to leverage privileged accounts where possible, such as Domain Administrators, service accounts with Domain privileges, local Administrator accounts, and privileged user accounts.”

Slide6

Any account which has the ability to access and update the configuration of a critical system or impact it’s operational service

Privileged Account Definition and Scope

WiFi Routers, Smart TVs

Routers, Firewalls, Hypervisors, Databases, Applications

Routers, Firewalls, Servers, Databases, Applications

Laptops, Tablets, Smartphones

Power Plants, Factory Floors

Privileged Account Definition

Slide7

Privileged Account Security: the new security layer

PERIMETER SECURITY

PRIVILEGED ACCOUNT SECURITY

SECURITY CONTROLS INSIDE THE NETWORK

MONITORING

Slide8

Typical processes that attackers expose…

Local admin accounts set to the same password

Separate, named domain accounts created for each admin

Non-expiring passwords for critical accounts

Hard-coded credentials for applications in code, scripts and appliances

Unmanaged SSH Keys used for interactive sessions and applications

Workstation users granted local admin rights

Standing Access – network, access and authentication

Lack of visibility around who, why and is it legitimate access

Excessive Permissions for specific roles, like; DBA, Developers, etc.

Slide9

Data Breaches - Real Life Example

Slide10

Step 3:

Hash of helpdesk user who remotely assisted executive 3 days prior extracted and used.

Step 1:

Attackers used Phishing Scam to detect local admin users.

How did the attack start?

Step 2:

Executive user with local admin Privilege discovered. Pass the hash attack starts

ABC Company

Slide11

Step 6:

Golden Ticket Attack Performed

Step 4:

Using the helpdesk users password hash, Server Access was finally gained

What happened?

Step 5:

Authenticated to multiple servers using those privileges until they gained domain-admin level access

Used system access to:

Write own Kerberos Tickets

Exfiltrate

Data

Local Admin accounts

Domain Admin accounts

Slide12

Comprehensive Approach Required

Slide13

Stats

Slide14

Privileged Account Statistics

Of Advanced attacks exploit Privileged Credentials.

100

%

Slide15

Privileged Account Statistics

Shared by who? What happens when people leave the organization?

Of Privileged Account Passwords are shared.

51

%

Slide16

Privileged Account Statistics

Current processes are making it easier for attackers to move around the infrastructure.

Of Large Enterprises take 90 days or longer to change Privileged Passwords.

53

%

Slide17

Privileged Account Statistics

There is more than 1 way to underestimate this. Amount, Scope, Power, Same/Similar Passwords

Of Large Enterprises do not know, or have underestimated the magnitude of their Privileged Account Security problem.

86

%

Slide18

Privileged Account Statistics

Remember the breach for a US health insurer? 70 million credit card details were stolen because of 1 unmanaged credential.

Of Privileged Accounts across Enterprises are either unknown or un-managed

67

%

Slide19

Privileged Account Statistics

Truth?

Are these numbers correct?

??

%

Slide20

Privileged Account Statistics

Of Advanced attacks exploit Privileged Credentials.

100

%

Slide21

Compliance View

Slide22

Compliance and Regulation

PCI

SOX

Slide23

Reduce Risk of Privileged Account Exploits

Slide24

Implement a standardized privileged access strategy

NETWORK INFRASTRUCTURE

OPERATING SYSTEM

DATABASE

APPLICATION

For each layer:

Why is Privileged Access needed?

Who needs Privileged Access?

Which entities are used to authenticate?

Can approval workflows be enforced?

What controls are in place right now?

Slide25

Example Controls…

Ref

Process

Description

Priority

C1

Inventory and reduce the number of privileged accounts in your organization

Knowing how many accounts are present in the environment and where they are is a critical first step in making informed risk decisions and protecting the accounts. Once inventoried, privileged accounts should be reviewed and unnecessary accounts should be deleted to reduce the overall number of accounts requiring management.

 

C2

Prohibit standard user accounts from having privileged access.

Utilising separate accounts for general and administrative use enables organizations to identify misuse or abuse of privileged accounts. In addition, enforcing least privilege is a significant step an organization can take towards improving the security of their network environment.

 

C3

Create a process for on- and off-boarding employees that have privileged account access.

Employees should understand the responsibility that comes with privileged access and be trained in existing corporate policies before administrative access is granted. Access should routinely be reviewed to ensure privileged access is still required. The off-boarding process should include disabling all employee privileged accounts and changing passwords to any shared accounts the employee had access too.

 

C4

Eliminate the practice of accounts that have non-expiring passwords.

Passwords should be changed on a regular schedule to reduce their vulnerability to password cracking tools and password sharing between employees.

 

C5

Store passwords / keys securely

It is imperative that organizations store their privileged credentials in the most secure, encrypted vaulting system available. The use of envelopes, binders, spreadsheets, flat files, etc. for the storage of privileged account information should be eliminated.

 

Slide26

Restrict Lateral Movement – Define the Target Operating Model

Tier 0

– Forest admins: Direct or indirect administrative control of the Active Directory forest, domains, or domain controllers

Tier 1

– Server admins: Direct or indirect administrative control over a single or multiple servers

Tier 2

– Workstation Admins: Direct or indirect administrative control over a single or multiple devices

Source – Microsoft Mitigating Pass The Hash and Other Credential Theft V2

Slide27

Privileged Account Security

Slide28

Privileged Account Security - Critical Steps

Protect and manage privileged account credentials

Control, isolate and monitor privileged access to servers and databases

Use real-time privileged account intelligence to detect and respond to in-progress attacks

Discover all of your privileged accounts

Implement least privileges access for server and workstation access

Slide29

First, understand the Current Position

Slide30

Slide31

Protect and Manage Privileged Account Credentials

Implement strong credential access workflows

Simplify policy management - “master policy” function

Protect the Privileged Credentials – Secure Digital Vault

Slide32

Control, Isolate and Monitor Privileged Activity

Isolate malware from the target system

Monitor and record command level activity

Establish a single point of control for privileged sessions

Slide33

Privileged Session Activity

Privileged session intelligence

Privileged Credential Access

Vault access

intelligence

Detect Malicious Activity

Real-time, integrated with SIEM

Full forensics capabilities

Privileged account intelligence detects attacks

Full integration with existing SIEM solution

Complete, indexed record of privileged activity

Use Real-time, Privileged Account Intelligence

Detect anomalies in day-to-day activity

Slide34

The Standardized Approach for Privileged Access

Real-Time Threat Detection

Detect Attempts to Circumvent Controls

Privileged Account Management

Enforce account management on all privileged accounts

Global IT Environment

Privileged Access

IT Admins

Applications

3

rd

Parties

Secure App2App Authentication

Implements the new concept Target Operation Model for Risk Mitigation. Standardize Privileged Access for all accounts; human and non-human IDs

Benefits:

Mitigates risk by reducing the attack surface within the heart of the enterprise

Implements a standardized workflow for privileged access; central control and audit

Provides full accountability, forensics and threat detection.

Directive

Slide35

So….in summary…

Slide36

Slide37

Slide38

Slide39

Slide40

Slide41

Slide42

Slide43

Slide44

Slide45

Thank you

Related Contents


SISTEMA Examples Example 1: Start/Stop Facility with Emergency Stop Device
SISTEMA Examples Example 1: Start/Stop Facility with Emergency Stop Device PowerPoint Presentation
405 views
Business Logic Attacks –
Business Logic Attacks – PowerPoint Presentation
353 views
Randomized Trial of Stopping or Continuing ART
Randomized Trial of Stopping or Continuing ART PowerPoint Presentation
360 views
Road Stopping
Road Stopping PowerPoint Presentation
429 views
1 Defensive Driving
1 Defensive Driving PowerPoint Presentation
612 views
Energy Riders Training
Energy Riders Training PowerPoint Presentation
410 views
Business Logic Bots: Friend or Foe?
Business Logic Bots: Friend or Foe? PowerPoint Presentation
349 views
1 What can the experience of combating tobacco addiction
1 What can the experience of combating tobacco addiction PowerPoint Presentation
350 views
NEGOTIATING INTERSECTIONS
NEGOTIATING INTERSECTIONS PowerPoint Presentation
358 views
My Business – My Business is a feature of Team on the Run that allows sending and receiving
My Business – My Business is a feature of Team on the Run that allows sending and receiving PowerPoint Presentation
349 views
When Should We Stop Anti-TNF Therapy and How Do We Then Tre
When Should We Stop Anti-TNF Therapy and How Do We Then Tre PowerPoint Presentation
383 views
Brown Bag Presentation:
Brown Bag Presentation: PowerPoint Presentation
381 views
The Double-Bind Dilemma forWomen in Leadership:Damned ifYou Do, Doomed
The Double-Bind Dilemma forWomen in Leadership:Damned ifYou Do, Doomed PowerPoint Presentation
416 views
Next Show more