Upload
lydang
View
239
Download
0
Embed Size (px)
Citation preview
Security & Identity AnalyticsHow Security and Identity Analytics can Drive Adaptive Defence
Adam Evans | Senior Identity & Access Specialist | 24th February 2016
Source: PwC 2016 Global State of Information Security Survey(Responses from 10,000 CxOs in 127 countries 30% from Europe. Error margin <1%)
Hacking is Big Business…
The average annual Monetary loss was
$2.5m (
£1.75m)
per organisation
Finding the weak links – a full-time job
• Social media
• Link clickers
• Weak passwords
Adapting to Controls
“Enterprises are having a difficult time hiring skilled people as it takes 53% of organisations between 3 and
6 months to fill a position and 10% cannot fill them at all.”
Source: ISACA’s global survey, “The State of Cybersecurity: Implications for 2015”
Meanwhile, as the threat evolves…
Provide the limited professionals we have
with the best information for rapid decision making
Analytics applies algorithms or machine learning to the
“advisor feeds” for specific use cases
At Micro Focus, we believe that Identity and Security Analytics
holds the greatest hope of leveling the playing field with today’s
dynamic threats
Identity Analytics Use Cases
“Identity Analytics and Intelligence (IAI) moves organisations toward a contextual, dynamic, risk-based approach to identity
and access management.”
Source: Gartner
Risk-Based Authentication
• Use risk scoring to drive step-up authentication
• Static risk scoring can be assigned to the entitlement, user, or application
• Add dynamic risk at request such as time of day, geo location, IP address, or device
• Results can be shared back into the analytics engine as an advisor feed
Bad Behavioral Analysis
• Machine learning and anomaly detection based on identities
• Give privileged users insight into unusual activity with their credentials
• Identify unusual patterns of access, changes and data exfiltration
• Detect use of privileged account “backdoors”
Excessive Credential Detection
• Identify orphaned or rogue accounts based on login or peer group analysis – revoke accounts and save on SaaS licenses
• Compare employees being paid by HR, or contracts to orphaned or rogue accounts
Adaptive Access Certifications
• Request immediate access certification for high-risk transactions
• Prioritise the highest risk entitlements for access certifications
• Indicate dormant accounts or outlier access compared to peers
• Reduce rubber-stamping and increase revocation rates
Risk-Based ID & Access Provisioning
• Risk-informed access request and approval
• Policy improvement suggestions for roles or SOD controls
Generally, identity analytics provides better decision-
making information
Security Analytics Use Cases
Abnormal Sensitive File Access
• Unusual time of day for the user
• From a risky IP address, geographic location or unknown machine
• With credentials that haven’t been used in a while
Abnormal Data Exfiltration
• Large data sets
• Data movement to USB drives or an unusual location
Abnormal File Changes
• File replacement outside of change windows
• Changes made by an abnormal user
Abnormal Password Resets
• Brute force attempts at self-service password resets
• Abnormal time, location or device for password resets
Generally, security analytics is looking for abnormal activity
Enforce Access Controls
Monitor User
Activity
Identity-Powered Security
MinimiseRights
Analytics
The Micro Focus ApproachAn Integrated Identity, Access & Security Solution
Access Management & Authentication
SecureUser
Monitoring
Identity Governance & Administration
AnalyticsAnalytics
Identity Governance & AdministrationEnforcing the Least-Privilege Principle
IGAAccess
Request
Help-Desk Integration
Access Review
Privileged Identity
Management
Delegated Administration
Business Policy SOD & Roles
Identity Management
Minimise Rights
Enforce Access Controls
AMASingle Sign-On (Web, Cloud, Enterprise)
BYOI
BYOD
Multi-Factor Authentication
Federation
Risk-Based
Adaptive
Authentication
Access Management and AuthenticationA Secure Sign-on Experience
Monitor User Activity
SUMLog & Event Correlation
SIEM
File Integrity
Monitoring
Configuration Assessment
Anomaly Detection
Privileged Session
Recording
Secure User MonitoringAnalytics - Identify Abnormal
Benefits of an AnalyticsApproach…
• Targeted information for more efficient and intelligent decision making
• Reduced data sifting to more rapidly identify and eliminate threats
• Reduced overall risk with existing personnel resources
Questions?
Thank You For Listening