Active authentication to protect IT assets

Preview:

Click to see full reader

Citation preview

ACTIVE AUTHENTICATION FOR INFRASTRUCTURE

HELLO!I am Anirban Banerjee.I am the Founder and CEO of Onion ID. https://calendly.com/anirban/enterprise-demo/

THE STATUS QUO

CHALLENGES AND THREATS

GOING FORWARD

THE STATUS QUO

4

IT INFRASTRUCTURE

TODAY

LaptopsIn house servers

Cloud serversMobile devices

ContainersNetwork equipment

WHO IS ACCESSING

DevopsIT

DevelopersShadow ITBloggersMarketing

Automated SoftwareDeploy and Build softwareVendors and 3rd parties

THE STATUS QUO

Usernames/passwords

SSH Keys

▹ Helps login automatically

IP filters

▹ Only talk to certain computers

VPNs

▹ Some Security

▹ Encrypted traffic

CHALLENGES AND THREATS

CHALLENGES

▸ IT Outsourcing

CHALLENGES

▸ Inflexible – Multiple dev teams▹ Geographically distributed▹ Shadow IT

▸ High Velocity Changes – IaaS/Paas via APIs

▹ AWS, Rackspace, Docker▹ All types of web apps

▸ Employee churn

▸ Compliance and Audits

▸ Attack surface has changed▸ Horizontal attacker movement▸ Vertical privilege escalation

THE THREAT LANDSCAPE

Horizontal and Vertical Attacker Movement

GOING FORWARD

ACTIVE AUTHENTICATIO

N CAN HELP

▸ Concept of least privilege

▸ Risk score everything▸ Every command is

analyzed▸ Learn, Match, Act,

Update

WHAT TO LOOK FOR

AND WHAT TO DO

Usually never runs visudo /etc/shadow – high risk

COMMANDS BEING RUN

Where are you connecting from, time, # of connections

CONNECTION STATISTICS

Risk score every command: White, Grey, Black

EVERY COMMAND IS ANALYZED

Invisible 2FA for Grey, Physical 2FA for Black

TAKE ACTION

Apache Spark, Pykit Sci, SSH proxiesTOOLS

COMPLIANCE

▸ PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II

▸ Legal consequences▸ Provide proof of controls▸ Keep the board informed▸ Use tools for reporting, automate

BEST PRACTICES

▸ SSH Key rotations▸ Device fingerprinting▸ Credential rotations

for VPN▸ MAC address pinning▸ Review logs regularly▸ Audit user accounts

CONTINUOUS IMPROVEMEN

T

Your system needs to keep “learning”

Think about rule based approach, don’t obsess

Follow good login hygiene

Use DNS instead of nailed IPs

Audit shadow IT accounts

Connect with us

18 ▸ calendly.com/anirban/enterprise-demo/

▸ Free Trial on OnionID.com▸ Sales@onionid.com▸ 1-888-315-4745▸ Twitter - @onion_id▸ Connect with us on FB or Linkedin

▸ We will be posting these slides

▸ Feedback is very welcome

https://calendly.com/anirban/enterprise-demo/

mailto:Sales@onionid.com

THANK YOU!Any questions?You can find more about us at:Onion ID – Privilege Management in 60 Secondswww.onionid.com , sales@onionid.comTel: +1-888 315 4745

http://www.onionid.com/
mailto:sales@onionid.com

Recommended

A broad review on non-intrusive active user authentication
Documents
Welcome [tc18.tableau.com] · 2020-01-06 · Data Security –protect your data in multiple ways. Authentication. Authentication Local Authentication Active Directory LDAP Identity
Documents
RSA Authentication Manager 7.1 Microsoft Active Directory ...theether.net/download/RSA/SecurID/7.1SP2/ldapBestPracticesGuide.pdf · RSA Authentication Manager 7.1 Active Directory
Documents
Firewall Authentication and Active Directory
Documents
Centralizing users’ authentication at Active Directory level 
Technology
Ultra-strong authentication to protect network access and ... · Ultra-strong authentication to protect network access and assets ESET Secure Authentication provides powerful authentication
Documents
Advanced Active Directory Authentication Training v11 6
Documents
Ultra-strong authentication to protect network ... - ESET · ESET Secure Authentication provides powerful authentication to make remote access to the company network and sensitive
Documents
proven. trusted.d1q82mpda228xr.cloudfront.net/Files/Product... · Ultra-strong authentication to protect network access and assets ESET Secure Authentication provides powerful authentication
Documents
Configuring Integrated Windows Authentication for … · Configuring an Active Directory Authentication Provider for LDAP ... Configuring Integrated Windows Authentication for WebLogic
Documents
Passwordless Authentication in (Azure) Active Directory
Documents
Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere
Documents
Ultra-strong authentication to protect network access and ... · ESET Secure Authentication provides powerful authentication to make remote access to the company network and sensitive
Documents
Active Directory Authentication with DASH SCCM Plug-in - AMD
Documents
Active Directory Attacks and Detection - WordPress.com · Kerberos is a bit complex authentication protocol Active Directory implements Kerberos version 5 in two components: the Authentication
Documents
Active Authentication DARPA-BAA-12-06csis.pace.edu/~ctappert/papers/funding/2012DARPA-RFP.pdf · 2012. 3. 20. · Broad Agency Announcement . Active Authentication . DARPA-BAA-12-06
Documents
Integration active directory for authentication and authorization · 2021. 2. 1. · Integration active directory for authentication and authorization | Ical RedHat January 30, 2021
Documents
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication
Technology
Active Directory Attacks and Detection - HAKON-2018 · Kerberos is a bit complex authentication protocol Active Directory implements Kerberos version 5 in two components: Authentication
Documents
Advanced Authentication - Administration...Advanced Authentication is a multi-factor authentication solution that enables you to protect your sensitive data by using a more advanced
Documents