Embed Size (px)
Citation preview
Why Privileged Account Security Should Be Your #1 Priority
Business Developer CEE/CIS www.wallix.com
Paweł Rybczyk
PAM PIM PUM PEDM
Gartner
Why PAM?
3
2
1
4
4 good reasons to implement a PAM solution
When an incident happens
Origin of an incident and traceability of actions
The customer database crashed after a support intervention from an external provider during a major upgrade
We cannot establish responsibilities or find evidence!
Where did the problem come from? Can we review what happened? How can we determine the origin of the problem?
External service providers
I have no visibility on what my providers are doing on the infrastructure
Many people access servers, devices and applications: I do not know who has access to what, when or how
I must control these accesses and change external provider if I need to
How can I ensure full access control? How can I find the origin of the problem? Who is responsible?
IT teams turnover
One of my admins is leaving the companyHis/her access rights must be listed, deactivated and modified for every deviceThese changes must be communicated internallyHow can I make sure he/she will no longer be able to access to the information system?
Admin PasswordsPost-it notes multiply on computer screens or on the desks or in unsecured Excel file
Passwords are handled chaotically. Sometimes, they are only in the admin’s head
Generic accounts (Admin & Root) are not longer an option
What is the best way to handle user authentication?
Session Manager
1
2 3
Session Manager
Session video recordingReal time
4 eyes monitoringAlertingAutomatically terminate sessions
RDP, SSH, VNC, TELNET, RLOGIN,
HTTP, HTTPS, Raw TCP/IP
Targets
▪ Retrieve credentials safely from the Vault
▪ Get the approval with quorum for a given time period
▪ Recognize unusual command lines and automatically terminate sessions
▪ Manage concurrent user activities
Record the Sessions Replay the Sessions
▪ Post-incident audit: session replay and metadata analysis
▪ Rich metadata
• Key logging with automatic keyboard layout detection
• Process event
▪ Video of any applications including web applications and other management consoles
Auditor
Approver
BASTIONSessionProbe
ephemeralagent
Password ManagerSecuring passwords in a certified vault, hiding, revealing, changing or generating target passwords
Bastion Vault, the credentials’ secured storage
SSH key as well as PasswordPassword encryption using AES 256
Targets
LDAP
Linux
Fortinet FortiGate
Windows
Cisco
Oracle
SQL Server Teradata
Plugin based architecture to easily support password change and rotation
▪ Password Manager capabilities
• Automatic or on-demand password rotation
• Check-out/check-in workflow
• Password complexity generation
• App2App Password Management
• Breaking glass
MySQL
Palo Alto PA-500
IBM 3270
Juniper SRX
Bastion Administrator
PEDMImplement the Principle of Least Privilege without
impacting productivity
BestSafe PEDM
Privileged users
Third party
contractors
Auditors, Risk and
Compliance officers
Targets
RDP
<BASTION
BestSafe Agent on
Windows-based targets
Increases system security by reducing administrator’ rights to the bare minimum needed to address their tasks
Enriched metadata, thanks to the BestSafe PEDM agent controlled by the session probe, thus enhancing the traceability functionality of the Bastion
Effective anti-ransomware solution: detect in real time when a process intends to perform an encryption operation before it is carried outReal-time monitoring of applications: monitoring access to disk, to the registry, to the network, and actions like creating new processes or local user accountsControl access to resources by application: blocking of all outgoing connections of a certain application regardless of the user's credentials
WALLIX complete portfolio
WALLIX Admin Center
SaaS management console for WALLIX solutions
• Cybersecurity by design• Manage configurations• Back up and restore• License key management
DISCOVERYMap and explore your network
to unveil hidden privileged accounts
PEDMLeast Privilege protection to
secure critical endpoints
SESSION MANAGEREnsure real-time oversight of
critical resources
PASSWORD MANAGERMaintain the highest standards
of password protection
ACCESS MANAGERGrant & control secure access
for external connections
WALL4iOT• Bastion4iOT• ISC (Alleantia)
AAPM MFA
WALLIX for Industry 4.0
Who is WALLIX? WALLIX is expanding rapidly in Europe and beyond
Boston
Montreal
London
ParisMünchen
Singapore
Dubai
AmsterdamWarsaw
…present in
55 countries
160+partners and resellers
12.6 M€ turnover
36% international turnover (52% growth year over year)
50+ M€raised between 2008 and 2018
150+people
30%Growth YoY
3060
100
150
220
300
420
570
770
1050
0
200
400
600
800
1000
1200
Number of Customers
Our 3rd party inter-operabilityIdentity IGA/IAM
Multifactor Authentication & SSO
Vault SIEMVulnerability
MgtDevOps
ITSM
Antivirus / DLP
Standard Protocols
Radius
Admin Center
RESTFul APIWeb Services
Architecture and functionalites
Privileged users
Third party
contractors
Auditors, Risk and
Compliance officersTargets
Robots
Vault
BASTION
Session Manager
Password Manager
AAPM
AdminCenter
JumpServer
PEDM Agent on
Windows based
targets
Access Manager
RDP
Raw TCP/IP
RLOGIN
SSH
VNC
TELNET
HTTPSRDP
▪ A centralized Bastions’ administration portal
▪ Save & Store configuration
▪ Push & Manage configuration
▪ Deploy any existing configuration
to different Bastion clusters
▪ Web console to access and audit
distributed Bastion architectures
▪ LDAP/AD directory
▪ Customizable UX
▪ Password Management
▪ App2App Password Mgt
▪ Generation complexity
▪ Check-out/check-in workflow
▪ Privileged accounts mgt & governance
▪ Pattern detection with automatic termination
▪ Real-time monitoring
▪ Session recording and replay
▪ Contextualized settings
▪ Vault to store passwords
▪ Integrate with third-party vaults
▪ SSH keys as well as Passwords
▪ AES 256 encryption
HTTPS
RDP, SSH
DEMO
☺
WALLIX brief informationSession Manager/Password ManagerApplication to Application Password ManagerPrivilege Escalation and Delegation ManagementLicensing Guide
