Upload
beyondtrust
View
156
Download
0
Embed Size (px)
Citation preview
© 2017 Security Current
Nikolay Chernavsky
Senior Vice President and Chief
Information Security Officer in the
Financial Sector
© 2017 Security Current
NIKOLAY CHERNAVSKY
Nikolay Chernavsky is an experienced information
security practitioner (CISO) in the financial sector,
responsible for developing cybersecurity strategies to
improve the information security posture of his
organization. Namely, he incorporates various threat
intelligence components to create risk-based, adaptive
information security controls in order to prevent and
proactively respond to cybersecurity threats.
Nikolay is the chairman of the FS-ISAC Mortgage Risk
Council and a governing body co-chair for Southern
California Evanta’s by CISO for CISO.
© 2017 Security Current
VERIZON:
Privilege misuse is one of 9
major incident classification
patterns
• 62% of all breaches featured
hacking, and of those, 81%
leveraged stolen and/or weak
passwords – giving the attacker the
same privileges as a trusted insider
© 2017 Security Current
In the wrong hands, your privileged accounts represent a major threat to your enterprise. A malicious actor can:
• Breach your data
• Commit unauthorized transactions
• Hide activity by deleting audit trails
• Cause Denial of Service attacks
0 5 10 15 20 25 30
Physical Theft and Loss
Point of Sale
Cyber-Espionage
Crimeware
Web App Attacks
Miscellaneous Errors
Everything Else
Privilege Misuse
Breaches
© 2017 Security Current
Financial and espionage are the two top motives accounting for 93% of breaches.
DBIR 2016 Report
© 2017 Security Current
Unix, and in particular
Linux, are very prominent
in financial systems
• The world’s leading stock
exchanges and financial
institutions started converting to
Linux a decade ago for the
additional security, stability and
flexibility the platform provides.
The largest exchange, the New York Stock Exchange
(NYSE) Euronext, is run on a Linux system that can
generate 1,500,000 quotes and process 250,000
orders every second, offering acknowledgments of
each transaction within two milliseconds.
© 2017 Security Current
The Challenges
• If it’s a privileged identity, systems can easily be compromised
SHARED IDENTITIES
• Processes need access to root level access to the system. Often passwords to these accounts are known to many people.
SERVICE ACCOUNTS BELONG TO
PROCESSES, NOT PEOPLE
• In order to maintain traceability each account must belong to a unique user.
REGULATORY REQUIREMENTS
DICTATE THE USE OF UNIQUE IDENTITIES
• Unix/Linux built-in tools are insufficient
THE SECURITY TOOLS MARKET IS FOCUSED
ON WINDOWS
© 2017 Security Current
PRIVILEGED ACCESS MANAGEMENT BOLSTERS SECURITY ESPECIALLY IN UNIX/LINUX SYSTEMS
• Segregation of accounts: one user per identity
• Assignment of least privileges provides a barrier
• Privilege escalation only through appropriate authorization
• Documented audit trail
• Discovery of accounts and access privileges
• Centralized management, policy and reporting
• The best password is the one that no one knows
© 2017 Security Current
WHERE TO START
• Understand the data you are trying to protect and what systems it resides on
• Segment your critical systems housing sensitive data
• Research the tools particular to your flavor(s) of Unix/Linux
• Select a few tools and do PoCs
• Strengthen controls with multi-factor authentication or adaptive authentication
© 2017 Security Current
WHERE THE PAM MARKET IS HEADEDWhat CISOs can expect to see in the privileged access market in
the near future
• More transparency into privileged access activities
• Tighter controls around privileged accounts
• Limited, time based privileged accounts
PowerBroker for
Unix and Linux
Comprehensive Unix & Linux Privilege
and Session Management to Protect
Your Most Critical Systems
Helicopter View – BeyondTrust Solutions
PowerBroker Auditor:
Audit for Active Directory
Audit for File Server
Audit for MS Exchange
PowerBroker Identity Services:
Single Sign On (AD Bridge)
Policy Mgmt for Unix/Linux/Mac via AD
Privilege Management:
PowerBroker for Windows & Mac
PowerBroker for Sudo
PowerBroker for Unix & Linux
Password Safe:
Password Management
Session Management
SSH Key Management
Application Management
Vulnerability Management:
Vulnerability Management
Patch Mgmt for Adobe, Java, etc
Analytic Reporting
PowerBroker for Unix & Linux:
• Eliminates the sharing of privileged credentials and delegate
permissions without exposing credentials
• Tracks, logs and audits activities performed on Unix and
Linux systems for compliance
• System level control provides powerful file and folder
controls, not just command line analysis
• Extends beyond Unix and Linux platforms, helping to reduce
risk across the enterprise
Advanced Control and Audit
PowerBroker for Unix & Linux controls access to files at the system
level, not at the command level. This provides advanced capabilities
such as:
❖ Auditing activities inside scripts
❖ Controlling file and folder
access, even for root
❖ Block malicious and
tampered binaries
9.4 Advanced Control and Audit Output:
Detailed Forensics and Reporting:
• Searchable Index
• Scheduled Reports
• Custom Reporting
• Single Events Window