copyright © 2015 centrify corporation. all rights reserved. 1 identity is the new perimeter of...
TRANSCRIPT
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1
Identity is the new Perimeter of Security
Wade Tongen
NA Enterprise SE Manager
817-514-0090 (W)
Copyright © 2015 Centrify Corporation. All Rights Reserved. 2
For the End User
Copyright © 2015 Centrify Corporation. All Rights Reserved. 3
For the Privileged User
Copyright © 2015 Centrify Corporation. All Rights Reserved. 4
Identity is at the center of cyber attacks…
End UsersPrivileged Users
Copyright © 2015 Centrify Corporation. All Rights Reserved. 5
2015 Verizon Data Breach Investigations Report
“As always, compromised credentials, whether they were obtained through phishing, spyware or brute-force methods, played a major role in many data breaches.”
“Pulling back from a single industry view, we find that most of the attacks make use of stolen credentials.”
“While we have tried to refrain from best practices advice this year, there’s no getting around the fact that credentials are literally the keys to the digital kingdom.”
Copyright © 2015 Centrify Corporation. All Rights Reserved. 6
Mandiant-Fireeye Security Report
Source: Mandiant
Copyright © 2015 Centrify Corporation. All Rights Reserved. 7
Flow of ATP Attacks:
• Attacks target the end user with malware or spoofing attacks
• Programs like Mimikatz look for accounts used on systems
• Pass-The-Hash permits lateral movement from system to system
• Attacks export data
Attack Lifecycle (Mandiant Trends 2015)
Initial Compromise
Establish Foothold
Escalate Privileges
Internal Recon
Complete Mission
Lateral MovementMaintain Presence
Identity is at the center of cyber attacks…
Copyright © 2015 Centrify Corporation. All Rights Reserved. 8
OPM Breach
OPM suffered 3 breaches starting Oct 2013
The breaches were detected 6 months later
Copyright © 2015 Centrify Corporation. All Rights Reserved. 9
Director Katherine Archuleta Resigns
Our jobs are on the line…
After 21 million SSN numbers were lost – Director Archuleta lost her job.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 10
The Current Future
Mac/Windows Mobile SaaSAccess from
anywhereIaaS
No physical boundaries
Copyright © 2015 Centrify Corporation. All Rights Reserved. 11
How is identity managed in this new world?
De-perimeterization – Data is everywhere
Users are accessing data from everywhere
Copyright © 2015 Centrify Corporation. All Rights Reserved. 12
Apache +
+
+
Enterprise Class Environments today
by Red Hat
ID
IDID
IDID
ID
IDID
ID
ID
ID
ID
ID
ID
ID
ID
ID
IDID
ID ID
ID
ID
ID
ID
ID
ID
ID
ID
ID
The Modern Enterprise Needs a New Identity Platform
Copyright © 2015 Centrify Corporation. All Rights Reserved. 14
Apache
Centrify’s Value Proposition – Simplify
by Red Hat
ID
Plataformade identidad
ID
IDID
ID
ID
IDID
IDID
IDID
ID
ID
IDID ID
IDID
ID ID
ID
ID
ID ID
IDID
ID
IDID
ID
ID
ID
Active Directory
Copyright © 2015 Centrify Corporation. All Rights Reserved. 15
For End Users, Privileged Accounts and Privileged Users
Centrify Identity Platform
Identity Service
Server Suite
SS
O
MFA
Pro
visi
on
ing
Mo
bile
De
vice
M
an
ag
em
en
t (M
DM
)
Ma
c A
dm
inis
tra
tion
Rem
ote
Acc
ess
Re
al T
ime
M
on
itori
ng
of
sess
ion
s
Pa
ssw
ord
M
an
ag
em
en
t
Act
ive
Dir
ect
ory
In
teg
ratio
n
Pri
vile
ge
d A
cce
ss
Au
diti
ng
Se
rve
r Is
ola
tion
Privilege Service
Copyright © 2015 Centrify Corporation. All Rights Reserved. 16
Apache
Centrify’s Value proposition – Simplify
by Red Hat
ID
Plataformade identidad
ID
IDID
ID
ID
IDID
IDID
IDID
ID
ID
IDID ID
IDID
ID ID
ID
ID
ID ID
IDID
ID
IDID
ID
ID
ID
Active Directory
We will be focusing on this environment today
Copyright © 2015 Centrify Corporation. All Rights Reserved. 17
1. Minimize the amounts of credentials used (consolidate)
2. Enforce least access privileges (minimize access)
3. Audit user activity, specially on critical resources (record activity)
Best Practices for Privilege Identity Management (PIM)
Copyright © 2015 Centrify Corporation. All Rights Reserved. 18
1. Centrify natively integrates your zLinux (or any other UNIX/Linux systems to Active Directory
2. Roles Based Access Control to enforce least access privileges
3. Centralized Group Policy enforcement assures consistent configuration
4. Central Reporting of which users can access which systems
5. Detailed Auditing of user activity for critical systems
Without additional infrastructure, schema extensions or intrusive changes
How can Centrify Help?
DEMO
Copyright © 2015 Centrify Corporation. All Rights Reserved. 20
Based in Santa Clara, CA with offices in Seattle, London, Munich, Hong Kong, Brisbane and Sao Paulo• Founded in 2004 with over 500 personnel (2/3rds in engineering)
• Named Deloitte Technology Fast 500 Winner as one of North America’s Fastest Growing Companies
Delivers software and cloud services that lets you securely leverage your existing identity infrastructure — Active Directory — across data center, cloud and mobile• Support for 450+ operating systems and 1000+ Apps
• Proven technology deployed by 5500+ customers including 50% of Fortune 50
• Award-winning solutions and numerous industry certifications
About Centrify
Industry Awards Industry Certifications
Copyright © 2015 Centrify Corporation. All Rights Reserved. 21
Some of our 5500+ CustomersB A N K I N G & F I N A N C E P H A R M A & H E A LT H D E F E N S E & G O V E R N M E N T
R E TA I L & I N T E R N E T T E C H N O L O G Y & T E L E C O M A U T O M O T I V E & E N E R G Y