Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
BeyondTrust Webinar21. & 26. November 2019
Avantec Webinar
Presenter: Mohamed Ibbich – Lead Solutions Engineer
8© BeyondTrust 2019
REVOLUTIONIZING THE WAY THE WORLD SECURES & MANAGES PRIVILEGED ACCESS
Introducing BeyondTrust
BeyondTrust Webinar21. & 26. November 2019
The BeyondTrust Advantage
Market LeaderRanked as a PAM leader by Gartner, Forrester, & KuppingerCole
Proven Experience20,000 customers in 80+ countries
Integrated PlatformUnified PAM platform with seamless third-party integrations
Global Presence800 employees in 20+ countries and extensive partner network
Customer Driven90% renewal rates and exceptional customer support
Broadest PortfolioBest-in-class products that cover your entire PAM journey
9© BeyondTrust 2019
Recognized PAM Industry Leader
PIM Wave 2018PAM Magic Quadrant 2018 Leadership Compassfor PAM 2018
10© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
© BeyondTrust 2019
PAM Is #1 Spend Priority For CISO’s
1. Privileged account management
2. CARTA-inspired vulnerability management
3. Active anti-phishing
4. Application control on server workloads
5. Microsegmentation on flow visibility
6. Detection and response
7. Cloud security posture management
8. Automated security scanning
9. Cloud access security broker (CASB)
10. Software-defined perimeter
Gartner’s 2019 Top 10 Priorities for CISOs
Source: Smarter with Gartner, “Gartner Top 10 Security Projects for 2019”
11
© BeyondTrust 2019
‐ Gartner, “Best Practices for Privileged Access Management Through the Four Pillars of PAM,” January 28, 2019
By 2022, 90% of
organizations will recognize
that mitigation of PAM risk
is a fundamental security
control, which is an increase
from 70% today.
By 2022, 70% of
organizations will implement
privileged access management
(PAM) practices for all use
cases in the enterprise, which
is a significant increase from
40% today.
12© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
Trusted by 20,000 Customers in 80+ Countries
13© BeyondTrust 2019
BeyondTrust IntegratedPAM Platform
14
DEFEND AGAINST THREATS RELATED TO STOLEN CREDENTIALS, MISUSED AND UNWANTED REMOTE ACCESS WHILE EMPOWERING END USERS
14© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
BeyondTrust Supports Your Entire PAM Journey
Broadest PAM Portfolio
BeyondTrust supports your entire PAM journey by covering the broadest
set of use cases
Best-In-Class Products
Best-in-class, feature-rich solutions that cover all of your privileged accounts, endpoints and users
Simplified Deployment
Flexible, simple deployments that work in your IT environment and deliver fast time-to-value
Seamless Integrations
A streamlined integration experience across
BeyondTrust products & third-party technologies
15© BeyondTrust 2019
SB60
16© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
Privilege Password & Session Management
• Automated, continuous discovery & rotation across your entire environment
• Superior session management and recording
• Secure all privileged credentials, including admin passwords, SSH Keys, App to App Passwords, Service Accounts
• Secure passwords and secrets in Cloud & DevOps environments
Endpoint Privilege Management
Secure RemoteAccess
With Best-in-Class Solutions Across Your EnvironmentLEADING SOLUTIONS THAT SECURE ALL PRIVILEGED ACCOUNTS, ENDPOINTS, AND USERS
• Removal of excessive end user privileges across the network without slowing productivity
• Protection of all endpoints: Windows, Mac, Unix/Linux
• Elevates applications, not users, to improve security
• Comprehensive audit trail of privileged activity across all endpoints
• Secure remote access & control for desktops, services, mobile devices, and more
• Enables secure third-party and vendor access without requiring a VPN
• Complete audit trails for all access types, including SSH, VNC, RDP, IaaS resources
• Credential injection to reduce sharing & phishing
17
© BeyondTrust 2019
PAM ComponentsPrivilege Access Management (PAM) Criteria
Privileged Access Governance & Admin
Formally manage privilege assignment, periodically review & certify privileged
access, ensure segregation of duties based on a set of policies
Privileged Session Management
Manages a privileged user session for human interaction sessions from initial
authentication through checking a privileged credential out and back in again
Privileged Task Automation
Automating multistep, repetitive tasks related to privileged operations that are
orchestrated and/or executed over a range of systems
Privileged Account Discovery & Onboarding
Identify and onboard all privileged accounts and related credentials in all platforms and
environments
Privileged Access for Apps & Services
Manages privileged access for nonhuman use cases such as machines, applications,
services, scripts, processes and DevSecOps pipelines
Privileged Access Analytics & Response
Employs analytics (using machine learning) on privileged account activities to detect and flag anomalies, including baselining,
risk scoring and alerting
Privileged Credentials Management
Manage and protect system- and enterprise-defined shared account
credentials or secrets
Privileged Access Logging, Reporting
Auditing
Records all single events, including changes and operations, as part of the
PAM operation
Privileged Elevation & Delegation Management
Enforcing policies to allow authorized commands or applications to run under
elevated privileges
Integration with Adjacent Systems
Integrate and interact with adjacent security and service management
capabilities.
Ease of Deployment &
Availability
Simplify the deployment of the PAM solution while ensuring
availability, recoverability,
performance and scalability.
18© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
PAM ComponentsPrivilege Access Management (PAM) Criteria
Privileged Access Governance & Admin
Formally manage privilege assignment, periodically review & certify privileged
access, ensure segregation of duties based on a set of policies
Privileged Session Management
Manages a privileged user session for human interaction sessions from initial
authentication through checking a privileged credential out and back in again
Privileged Task Automation
Automating multistep, repetitive tasks related to privileged operations that are
orchestrated and/or executed over a range of systems
Privileged Account Discovery & Onboarding
Identify and onboard all privileged accounts and related credentials in all platforms and
environments
Privileged Access for Apps & Services
Manages privileged access for nonhuman use cases such as machines, applications,
services, scripts, processes and DevSecOps pipelines
Privileged Access Analytics & Response
Employs analytics (using machine learning) on privileged account activities to detect and flag anomalies, including baselining,
risk scoring and alerting
Privileged Credentials Management
Manage and protect system- and enterprise-defined shared account
credentials or secrets
Privileged Access Logging, Reporting
Auditing
Records all single events, including changes and operations, as part of the
PAM operation
Privileged Elevation & Delegation Management
Enforcing policies to allow authorized commands or applications to run under
elevated privileges
Integration with Adjacent Systems
Integrate and interact with adjacent security and service management
capabilities.
Ease of Deployment &
Availability
Simplify the deployment of the PAM solution while ensuring
availability, recoverability,
performance and scalability.
19© BeyondTrust 2019Evaluation Criteria for Privileged Access Management, July 30, 2019
Seamlessly Integrating with Third-Party SolutionsMAXIMIZE YOUR EXISTING IT INVESTMENTS
Cloud Platform
Vulnerability ManagementIdentity Governance
Threat Analytics
Service Management
Identity Access Management SIEM & GRC
DevOps
Robotics Process Automation
20© BeyondTrust 2019
BeyondTrust Webinar21. & 26. November 2019
BeyondTrustUse Cases
21
GAIN VISIBILITY & CONTROL OVER ALL PRIVILEGED ACCOUNTS, USERS & ACCESS
21© BeyondTrust 2019
© BeyondTrust 2019
Protect Passwords & Credentials
PRIVILEGED ACCOUNT DISCOVERYFind and onboard credentials quickly with insight on
age and status
SHRINK YOUR ATTACK
SURFACE AND REDUCE
THE RISK OF A CYBER
BREACH
CENTRALIZED PASSWORD STORAGEManage, rotate, and randomize credentials for
privileged accounts
BEYOND USER PASSWORDSManage credentials for service accounts, cloud
services, SSH keys, and app to app access
CREDENTIAL INJECTIONAccess endpoints directly without exposing plain
text passwords
AUDIT & COMPLIANCETrack and log privileged credential activity
automatically and set granular permissions
22
BeyondTrust Webinar21. & 26. November 2019
© BeyondTrust 2019
PREVENT ATTACKSRemove admin rights from all users to close gaps that
lead to ransomware and malware propagation
ACHIEVE COMPLIANCEMeet best practices for removing admin rights and
whitelisting applications
IMMEDIATE SECURITY GAINSAchieve fast time to value by removing admin rights
quickly
VISIBILITY INTO USER ACTIVITYCreate a consistent audit trail with integrated
session and file integrity monitoring
OPERATE EFFICIENTLY AT SCALEReduce helpdesk tickets, simplify maintenance, and
enable an admin-free environment
Remove Admin Privileges From Users and Systems
ENABLE USERS TO WORK
PRODUCTIVELY WITHOUT
ADMIN RIGHTS
23
© BeyondTrust 2019
Reduce Risk From Vendor Access
SECURE REMOTE ACCESSProvide third-party vendors with secure, reliable
connections to access your network externally
CONTROL AND MANAGE
THIRD PARTY ACCESS TO
YOUR NETWORK
ACCOUNT ROTATIONRotate or reset vendor accounts automatically based on
your specifications
ACCESS ELEVATIONGrant vendors temporary elevated access, or limited to
certain timeframes
MONITORINGLog all session activity for a complete audit trail and
real time reporting
24
BeyondTrust Webinar21. & 26. November 2019
© BeyondTrust 2019
SECURE REMOTE SUPPORTProvide fast remote assistance to any desktop, server, or
mobile device with screen sharing and remote control
MONITORINGLog all session activity for a complete audit trail, with
real time reporting
CHAT SUPPORTIncrease support staff productivity and end user
satisfaction
REMOTE CAMERA SHARINGPerform remote support on anything your customer
can see, including hardware and peripherals
INTEGRATIONS Maximize existing investments with CRM and ITSM
tools and password management solutions
Support Users, Desktops & Devices
QUICKLY ACCESS AND FIX
ANY DEVICE OR DESKTOP,
ANYWHERE, ON ANY
PLATFORM
25
© BeyondTrust 2019
GRANULAR PERMISSIONSAssign permissions individually or through group
policies for privileged users & IT vendors
AUDITING & MONITORINGLog all session activity for a complete audit trail with
real time reporting
PASSWORD PROTECTIONEnforce password policies and automatically rotate
passwords
ENCRYPTIONSecure all communications between the user and the
remote systems using TLS 1.2 encryption
TWO FACTOR AUTHENTICATIONUtilize native 2FA or integrate with your existing
solution
Meet Compliance Mandates
SATISFY AUDIT AND
COMPLIANCE
REQUIREMENTS QUICKLY
AND EFFECTIVELY
26
BeyondTrust Webinar21. & 26. November 2019
BeyondTrustProduct Portfolio
27
THE BROADEST SET OF SECURITY CAPABILITIES IN ONE PLATFORM
27© BeyondTrust 2019
© BeyondTrust 2019
Password Safe
ENABLE UNIFIED
PASSWORD & SESSION
MANAGEMENT
DISCOVERY & AUTOMATED ACCOUNT ONBOARDINGScan, identify and profile all assets and accounts
ADVANCED THREAT ANALYTICS & REPORTING
Correlate anomalous behavior against a baseline and
compare user activity against asset vulnerability data
ENHANCED SESSION MONITORING & MANAGEMENT
Provide full session recording and real-time visibility into
privileged user behavior
TURNKEY DEPLOYMENTEnable fully hardened appliance (OS, application,
database) with packaged updates for maintenance with a
single interface to configure and manage solution
28
BeyondTrust Webinar21. & 26. November 2019
© BeyondTrust 2019
Endpoint Privilege Management
ELIMINATE UNNECESSARY
PRIVILEGES & ELEVATE
RIGHTS TO WINDOWS,
MAC, UNIX, LINUX &
NETWORK DEVICES
COMPLETE PLATFORM COVERAGEProtect Windows, Mac, Linux, Unix, and network devices
as well as Cloud, IoT, DevOps endpoints
QUICK STARTLeverage immediate out-of-the-box deployment model and
reference best practice architectures for rapid deployment
GRANULAR APPLICATION & COMMAND CONTROL
Enforce least privilege and application control, implement
remote application and command execution on all
platforms, and provide advanced control and audit of
commands, files, and scripts across Linux/Unix
29
© BeyondTrust 2019
Secure Remote Access
SECURE AND CONTROL
PRIVILEGED REMOTE
ACCESS FOR INSIDERS &
VENDORS
SECURE BY DESIGNEnable a single tenant appliance architecture, with a unique URL and customized portal, comprehensive authentication methods, and role based policy management
BUILT FOR THE SERVICE DESK & VENDOR ACCESSConnect from anything, to anything, with comprehensive
features designed to maximize productivity – no VPN required
FLEXIBLE DEPLOYMENT & LICENSING OPTIONSSelect on premise (physical/virtual), SaaS or private cloud
deployment and perpetual or subscription concurrent licensing
INTEGRATED WITH PASSWORD & SESSION MANAGEMENTRetrieve privileged credentials automatically when
accessing target systems, with no need for users t0 view
plain text passwords
30
BeyondTrust Webinar21. & 26. November 2019
© BeyondTrust 2019
Danke!