Identity is Security - CSO50 Conference · SailPoint Actions supported in Splunk Adaptive Response...

Fission & Fusion with Identity & SecurityNew Opportunities for Advanced Incident Response

Joe Gottlieb


Context…

-1+1

=0

+92

=146-2 -8 -18 -32 -21 -9 -2

Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 4

We are

the

new

attack

vector


Social

Engineering


Phishing


Employee

Negligence


BIG DATA! ANALYTICS! AUTOMATION!

the technology

isn’t ready…

not enough

people…

automate

what?


OVERWHELMED


Lessons Learned


We enable enterprises to govern

all of their digital identities and access rights,

across all applications and all data,

through the deployment of their choice


Identity Governance:

continuous management of who has access to what

according to

job roles, life cycle, context and business rules,

with clear paths for workflow, approvals and exceptions

Copyright © SailPoint Technologies, Inc. 2018. All rights reserved. 1313Copyright © SailPoint Technologies, Inc. 2018. All rights reserved.

from

outdated and

manual

processes

to

a $1 million

ROI in the

first year


Identity vs. Security

Why? Reduce Risk

What? Control Access

How? Approval Workflow

Why? Reduce Risk

What? Detect/Block

How? Analytics/Algorithms


Endpoint

Security


Network

Security


Data

Security


ENDPOINT SECURITY (e.g., ANTI-MALWARE)

NETWORK SECURITY (e.g., FIREWALLS)

DATA SECURITY (e.g., DATA LOSS PREVENTION)

(ALGORITHMIC/PROBABILISTIC)

<EXPERTISE>


IDENTITIES

ACCOUNTS

ENTITLEMENTS

(DETERMINISTIC)

<APPROVAL MANAGEMENT>


Identity+ Security

Why? Reduce Risk

What? Identity-defined Security

How?


Three Opportunities

• Situational Awareness via Serialized Identity

• Context Verification via Organizational Hierarchy

• Automation Confidence via Patterned Workflows


SailPoint Actions supported in Splunk Adaptive Response

• Disable or delete a single account on an identity

• Disable or delete all accounts on an identity

• Remove an entitlement from an identity

• Remove all entitlements from a given application on an identity

• Remove all entitlements from all applications on an identity

• Force password reset on all applications for a single identity

• Generate a manager certification for a specific account on an identity

• Generate a manager certification for all accounts belonging to an identity

• Remove entitlement from all identities and make it non-requestable

• Delete or disable all accounts on an application

• Perform an entitlement owner certification on the specified group

• Perform an application owner certification


Gartner SOAR – simple enough?

Source: Gartner (November 2017)


Gartner SOAR – hmm…

SOA: security operations automation; TVM: threat and vulnerability management

Source: Gartner (November 2017)


Five Questions

• Are my identity and security solutions open enough to integrate?

• Are my identity and security teams open to collaborating?

• Am I ready to iterate in pursuit of automation pattern confidence?

• Can I pursue all of this in the context of risk management?

• Can I advance my board’s confidence in our posture?


We are

the

new

attack

vector


We are

the

necessary

solution

vector

Thank You

Identity is Security - CSO50 Conference · SailPoint Actions supported in Splunk Adaptive Response...

Documents

Transcript of Identity is Security - CSO50 Conference · SailPoint Actions supported in Splunk Adaptive Response...