Lieberman Cyber Security Presentation
-
Upload
paul-sweeney -
Category
Internet
-
view
256 -
download
1
Transcript of Lieberman Cyber Security Presentation
Adaptive Privilege ManagementRoy Duckles – EMEA Sales [email protected]
Every Week Another Headline
Chances Are You’re Already Breached
►97% of organizations have been breached1
►69% of breached companieswere notified by outside parties2
►Partners and customers areoften the first to find out
1Cybersecurity’s Maginot Line: A Real-world Assessment of the Defense-in-Depth Model2Mandiant/FireEye M-Trends® 2015 Threat Report
And Don’t Know It…
Outside Attackers Must Obtain Insider Credentials
https://www.mandiant.com/threat-landscape/
Starts with a single vulnerability
Breach spreads rapidly by exploiting poorly secured privileged accounts
100% of victims have Firewalls and Intrusion Protection
ScanningRecon-naissance
Access & Escalation Exfiltration Sustainment Assault Obfuscation
Each of These Stages Requires Privileged Credentials or Admin Rights
•NMAP•Nessus•Shodan
• Maltego• Metagoofil• exiftool
•THC Hydra• Immunity• John the Ripper•Metasploit
•Corkscrew•OpenPuff•Sabznameh
•Linux identities•Windows identities•Michaeldaw.org •Flashro
•Bitblinder•Tor
All of these tools can be freely downloaded off the Internet
Without Admin rights a breach CANNOT be affected!
Planning and Executing Cyber Attack
Planning and Executing Cyber Attack
Hackers Nest for Months Before Striking
►205 days is the median time that hackers are present before discovery1
►Hackers infiltrated Sony for over 1 year before being detected2
1Mandiant/FireEye M-Trends® 2015 Threat Report
2"The breach at Sony Pictures is no longer just an IT issue" - CSO Online
Privilege Credentials Are Often Not Managed
►Unchanged Default Logins on Hardware, Applications, Appliances, Images,
►Cryptographically Weak Logins►Shared Passwords For Team
Convenience or Scale - Same password for all laptop local admin
►Developer Backdoors►Service Accounts Passwords Set
“Never To Expire”
pa s s wo r d 123
ENTER
And sometimes we make it really easy…
Wifi-SSID: WORLDCUPPassword: b5a2112014
B r a z i l 2014
Snowden persuaded NSA workersto give up Admin passwordsBooz Allen Hamilton contractor, Edward Snowden persuaded co-workers to give him their login credentials, allowing him to access classified material.
Snowden used login credentials and passwords provided unwittingly by colleagues to access some 1 million documents relating to classified material.
25 fellow workers at the NSA regional operations centre gave him their logins and passwords after Snowden told them they were needed for him to do his job as a computer systems administrator. Technology cannot
fix Stupidity
Privilege Challenge 1: Physical Ubiquity
Routers
Workstations
Notebooks
Routers
Laptops
Servers
IP Enabled Devices
IPMI Cards
DRAC Cards
ATM
POSSCADA Devices
ServersDatabases
HyperVisors
Switches
Privilege Challenge 2: Software Ubiquity
►Windows Service Accounts►Windows Scheduler Task
RunAs Identities►Windows Scheduler At
Service Accounts►COM+ Application Identities►DCOM Object RunAs Identities► IIS6 Metabase Account Info► IIS7 Account Info► SCOM RunAs Accounts►Accounts in .NET Config
► Credentials in SQL Server► String Replacements► SharePoint► Logon Cache► Auto Logon Account► Local Cache JAVA Client► SQL Reporting Services► SSH Keys► IBM WebSphere, Oracle WebLogic► Twitter, Facebook, LinkedIn, etc.► IBM, Oracle, SAP, others…
SecurityAdmin
DBAdmin
NetworkAdmin
HelpDesk
ITManagerWeb-
masterCRM
Admin
UNIXAdmin
ContractorWindowsAdmin
SystemIntegrator
Privilege Challenge 3: Personnel Ubiquity
Unique Passwords Stop Lateral Movement
Attackers’ Lateral Movements are Blocked
Continuous Password Rotation Makes Nesting Worthless
►Controlled password lifetimes limit the value of compromised credentials
►Scale and automation can change credentials as often as required,even every hour
It’s Tough for Hackers to Hit a Moving Target
The Need For Adaptive Privilege Management
►Hackers are automated. You need to be automated.
►Credentials need to be changed in hours, not days or weeks.
►The ability to ADAPT QUICKLY – without business disruption - is critical!
Adaptive Privilege Management SuiteOperational OverviewAuto-Discover Systems, Accounts, Account Usage (continuous)
Remediate Privileged Account Passwords
Build CMDB of Privileged Accounts and Usage
Management Console
Managed Targets
Unix, Linux, Mainframe
Systems
Windows Systems
Databases
Network Devices
SQL Server
OleDB
root
enable
admin
SA
Asset Account Password
Router enable
Linux root
Windows Admin
Database SA
abc123
abc123
abc123
abc123
W^g9k%$124jnq\
As#59bh?M<f9+TTd3
,1d^9*kb<LE2=]3&hq23mn6
K;]$tr*gjR992
W^g9k%$124jnq\
As#59bh?M<f9+TTd3
,1d^9*kb<LE2=]3&hq23mn6
K;]$tr*gjR992
enable
root
admin
SA
Privileged End User Authentication Process1. User Enters Corporate
Account ID / Password
2. Challenged by Multifactor (RSA Token)
3. Validates Trouble Ticket and Documents Reason for Access
4. Requests Access via Workflow
5. Gets Access to Resource
Adaptive Privilege Management SuiteThree Ways To Get Access to a Privileged Resource
1. Checkout and Check In Credentials► Click a system link in the Web application
►Get a time-limited password
► Automated check-in and randomization after use
Adaptive Privilege Management SuiteThree Ways To Get Access to a Privileged Resource
2. Remote Desktop Access► Click an RDP/SSH link
►Get access to system desktops without seeing passwords
► Access is time-limited and audited
► Ideal for contractors and remote users
Adaptive Privilege Management SuiteThree Ways To Get Access to a Privileged Resource
3. Application Launcher► Click an application icon
► Launches the application on a secure Bastion host
►User access is limited to the application interface
► Fully audited, with session recording capability
Dashboard Drill Down
Auditing, Reporting, and Analytics
Ensure Compliance with Regulatory Mandates
► Log password and system activity
► Provide comprehensive auditing and compliance reports
►Display real-time business intelligence with drill-down to the underlying data
Highly Extensible Solution
Enhancement NOT Displacement
What Differentiates Our Solution?
►More Than A Vault• Constant Rotation Shrinks The Attack Surface
► Rapid Time To Value• Auto Discovery and Easy Install Provides Protection In Weeks Not Months
►Highly Extensible Platform Integrates• Integrates Easily with Provisioning and Governance Platforms.
►We Write Our Own Code• All software developed in the USA. No Open Source Code. US Army CoN.
Who is Lieberman Software? Flagship Enterprise Random Password Manager (ERPM™) product automatically discovers
and manages cross-platform privileged accounts at scale, and throughout the enterprise, thereby securing access to sensitive data, reducing internal and external security threats, improving IT productivity and ensuring regulatory compliance.
► 24 languages
► 1400+ customers
► HQ and Dev in US, Global offices
► Nearly half of the Fortune 50
► Founded in 1978, ISV since 1994
► Followed by Gartner, Forrester, 451 Group, IDC and Kuppinger-Cole
1400+ Enterprise CustomersFederal Government
Finance & Insurance Healthcare
Manufacturing Technology
Consumer & Retail
Questions?