1 / 27

The New Cyber Battleground: Inside Your Network

The New Cyber Battleground: Inside Your Network. Chad Froomkin Major Account Executive Southeast. Why are we here?. 90% of organizations breached 59% of organizations breached more than once $3,500,000 Average cost per incident to investigate and remediate.

joliva
Download Presentation

The New Cyber Battleground: Inside Your Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The New Cyber Battleground:Inside Your Network Chad Froomkin Major Account Executive Southeast

  2. Why are we here? 90% of organizations breached 59% of organizations breached more than once $3,500,000 Average cost per incident to investigate and remediate Ponemon Institute - Cost of Data Breach: Global Analysis, 2014 Cisco Talos, Deliotte Financial Advisory service, Deloitte & Touche LLP, Mandiant, RSA, Verizon RISK - CyberArk Threat Report: Privileged Account Exploits Shift the front lines of Cyber Security, 2014

  3. The new cyber battleground: Inside your network • Over 90% of organizations have been breached • In the past: “I can stop everything at the perimeter” • Today: “I can’t stop anything at the perimeter” • Information security focus shifts to inside the network • Over 35% of breaches are internal – driven by malicious and unintentional insiders • Compromised credentials empower any attacker to act as an insider • Compliance and audit requirements focus on privileged accounts • Privileged accounts provide access to the most sensitive and valuable assets • Information exposure damages brand reputation and customer confidence

  4. What do we know? “We have to assume we have already been breached” Brian Krebs (Krebs on Security) Mandiant, M-Trends and APT1 Report, 2014

  5. Privileged accounts are targeted in all advanced attacks “APT intruders…prefer to leverage privileged accounts where possible, such as Domain Administrators, service accounts with Domain privileges, local Administrator accounts, and privileged user accounts.” “…100% of breaches involved stolen credentials.” Mandiant, M-Trends and APT1 Report, 2014

  6. Privileged accounts are targeted in all advanced attacks “Anything that involvesserious intellectual propertywill be contained in highly secure systems and privileged accountsare the only way hackers canget in.” Avivah Litan, Vice President and Distinguished Analyst at Gartner, 2014

  7. Privileged accounts are targeted in all advanced attacks “…that’s how I know I’m dealingwith a sophisticated adversary…if they are targeting privileged accounts, I’ve got a serious APTproblem…” CyberSheathAPT Privileged Account Exploitation Securing Organizations against Advanced, Targeted Attacks, 2013

  8. Perimeter defenses are consistently breached Over 28 Billion spent on IT security in 2014!!! Over 90% of organizations breached • Cisco Talos, Deliotte Financial Advisory service, Deloitte & Touche LLP, Mandiant, RSA, Verizon RISK - • CyberArk Threat Report: Privileged Account Exploits Shift the front lines of Cyber Security, • 2014

  9. Privileged Account Security:Now a critical security layer

  10. Privilege is at the center of the attack lifecycle Typical Lifecycle of a Cyber Attack

  11. Scope of Privileged Account “attack surface” underestimated Cyber - Privileged Account Security & Compliance Survey, 2014 (Enterprises > 5000 Employees)

  12. Many organizations only use partial measures Do you monitor and recordprivileged activity? Cyber - Privileged Account Security & Compliance Survey, 2014

  13. Privileged Accounts create a HUGE attack surface • Privileged accounts exist in every connected device, database, application, industrial controller and more! • Typically a ~3X ratio of privileged accounts to employees

  14. What, Where & Why of Privileged Accounts All Powerful Difficult to Control, Manage & Monitor Pose Devastating Risk if Misused

  15. Telecom breaches draw attention to insider access issues • August 2014 : A global top 5 Telecommunications company reported that, for the 2nd time in 2014, a privileged insider gained unauthorized access to customer information. “ We’ve recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization and while doing so, would have been able to view and may have obtained your account information, including your social security number and driver's license number ” • Yet another reminder that true technical controls need to be put in place to better manage the privileges and access that employees have to data and systems.

  16. Chinese hack U.S. weather systems & satellite network • October 2014: A federal agency recently had four of its websites attacked by hackers from China. To block the attackers, government officials were forced to shut down a handful of its services. • Post breach, security testing discovered multiple weaknesses: • “Weak or default passwords and operating system vulnerabilities with well documented exploits” • Significant problems with remote access • Assessment results lacked supporting evidence – lack of audit logs

  17. The framework of a retail breach • Escalation of privileges • *For example* Via Pass the Hash • Once necessary privileges are obtained Install malware on POS • Install Remote Administration Tools -Ex-filtrate data Goal • Access Via compromised 3rd party account

  18. The Privileged Account Security maturity model Expand scope and automate Manage and monitor Discover and control Baseline maturity Highmaturity Mediummaturity

  19. 1) Baseline Maturity • Inventory the privileged accounts • Limit standard user accounts • Establish on- and off-boarding processes • Remove non-expiring passwords • Securely store passwords • Ensure attribution Discover and control Baseline maturity

  20. 2) Medium Maturity Manage and monitor • Schedule password changes • Utilize one-time passwords • Implement session recording • Prevent human usage of service accounts • Control application accounts • Detect anomalies Mediummaturity

  21. 3) High Maturity • Use multi-factor authentication • Replace all hard-coded passwords in applications • Employ next-generation jump-servers • Implement approval and monitoring workflows • Proactively detect malicious behavior Expand scope and automate Highmaturity

  22. Critical steps to stopping advanced threats • Discover all of your privileged accounts • Protect and manage privileged account credentials • Control, isolate and monitor privileged access to servers and databases • Use real-time privileged account intelligence to detect and respond to in-progress attacks

  23. Enterprise account usage today ? Auditor/ Security & Risk External Vendors Business Applications DBAs VM Admins Windows Admins Unix Admins I need my service provider to connect remotely with root I need the password to map a drive I just need root to patch a database I have this script that needs to run as root every night What are your root entitlements, whoused it, when did they use it and why? What are your root entitlements, who used it, when did they use it and why? Websites & Web Apps Security Appliances iSeries Mainframes zSeries Mainframe Unix/Linux Servers Network Devices Windows Servers Virtual Servers Applications Databases

  24. Requirements for an effective Privileged Account Security Solution Granular Privileged Access Controls Privileged UserAccess Controls Protecting & Isolating Sensitive Assets Application Identity Controls Privileged Activity Monitoring

  25. Break the attack chain!!!

  26. DNA - Discovery & Audit Discover where your privileged accounts exist Clearly assess privileged account security risks Identify all privileged passwords, SSH keys, and password hashes Collect reliable and comprehensive audit information

  27. The CyberArk Team: Chad Froomkin – Major Account Executive Southeast: NC/SC/TN (770) 322-4201 Chad.Froomkin@cyberark.com Doug Brecher – Internal Account Executive Southeast (617) 796-3264 Doug.Brecher@cyberark.com

More Related