Identity is Security - CSO50 Conference · SailPoint Actions supported in Splunk Adaptive Response...
Transcript of Identity is Security - CSO50 Conference · SailPoint Actions supported in Splunk Adaptive Response...
Fission & Fusion with Identity & SecurityNew Opportunities for Advanced Incident Response
Joe Gottlieb
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 2Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 2
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 3Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 3
Context…
-1+1
=0
+92
=146-2 -8 -18 -32 -21 -9 -2
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 4
We are
the
new
attack
vector
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 5
Social
Engineering
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 6
Phishing
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 7
Employee
Negligence
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 8
BIG DATA! ANALYTICS! AUTOMATION!
the technology
isn’t ready…
not enough
people…
automate
what?
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 9
OVERWHELMED
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 10
Lessons Learned
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 11Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 11
We enable enterprises to govern
all of their digital identities and access rights,
across all applications and all data,
through the deployment of their choice
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 12Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 12
Identity Governance:
continuous management of who has access to what
according to
job roles, life cycle, context and business rules,
with clear paths for workflow, approvals and exceptions
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 1313Copyright © SailPoint Technologies, Inc. 2018. All rights reserved.
from
outdated and
manual
processes
to
a $1 million
ROI in the
first year
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 14Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 14
Identity vs. Security
Why? Reduce Risk
What? Control Access
How? Approval Workflow
Why? Reduce Risk
What? Detect/Block
How? Analytics/Algorithms
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 15
Endpoint
Security
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 16
Network
Security
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 17
Data
Security
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 18Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 18
ENDPOINT SECURITY (e.g., ANTI-MALWARE)
NETWORK SECURITY (e.g., FIREWALLS)
DATA SECURITY (e.g., DATA LOSS PREVENTION)
(ALGORITHMIC/PROBABILISTIC)
<EXPERTISE>
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 19Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 19
IDENTITIES
ACCOUNTS
ENTITLEMENTS
(DETERMINISTIC)
<APPROVAL MANAGEMENT>
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 20Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 20
Identity+ Security
Why? Reduce Risk
What? Identity-defined Security
How?
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 21
Three Opportunities
• Situational Awareness via Serialized Identity
• Context Verification via Organizational Hierarchy
• Automation Confidence via Patterned Workflows
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 22Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 22
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 23Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 23
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 24Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 24
SailPoint Actions supported in Splunk Adaptive Response
• Disable or delete a single account on an identity
• Disable or delete all accounts on an identity
• Remove an entitlement from an identity
• Remove all entitlements from a given application on an identity
• Remove all entitlements from all applications on an identity
• Force password reset on all applications for a single identity
• Generate a manager certification for a specific account on an identity
• Generate a manager certification for all accounts belonging to an identity
• Remove entitlement from all identities and make it non-requestable
• Delete or disable all accounts on an application
• Perform an entitlement owner certification on the specified group
• Perform an application owner certification
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 25Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 25
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 26
Gartner SOAR – simple enough?
Source: Gartner (November 2017)
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 27
Gartner SOAR – hmm…
SOA: security operations automation; TVM: threat and vulnerability management
Source: Gartner (November 2017)
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 28
Five Questions
• Are my identity and security solutions open enough to integrate?
• Are my identity and security teams open to collaborating?
• Am I ready to iterate in pursuit of automation pattern confidence?
• Can I pursue all of this in the context of risk management?
• Can I advance my board’s confidence in our posture?
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 29
We are
the
new
attack
vector
Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 30
We are
the
necessary
solution
vector
Thank You
32Copyright © SailPoint Technologies, Inc. 2018. All rights reserved.
Questions?