observeit webinar: privileged identity management
TRANSCRIPT
Privilege Identity Management08.27.15
Asurion_Confidential
2Asurion_Confidential
Asurion IAM
Introduction of PIM
Why PIM at Asurion
The Past
The Present
The Future
Agenda
3Asurion_Confidential
What is Identity and Access Management (IAM) at Asurion?
Identity Management: The systems and processes of managing enterprise digital identities. This
includes automated user and entitlement provisioning and management, as well as the oversight process
around user rights and entitlements including automated attestation.
Authentication Management: The systems and processes of managing authentication of both internal
and external identities and resources. This includes processes to audit and report on such authentications.
Directory Management: The systems and processes to store digital identities. This includes mainly
LDAP stores and the strategy and schema of such stores.
PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to
create, manage, distribute, use, store, and revoke digital certificates.
Asurion IAM
4Asurion_Confidential
What is Privilege Identity Management (PIM)?
Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the
special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as
an Information Security and governance tool to help companies in meeting compliance regulations and to
prevent internal data breaches through the use of privileged accounts.
Managing the password of and who uses any account that has elevated rights on any
system.Where the accounts are used
Who has access to the account information
Creation of the accounts
Automated password rotations
Auditing of what the accounts do.
What is PIM?
5Asurion_Confidential
Why did Asurion deploy a PIM program?
IAM Program started in April 2014 but did not focus on anything but bellybuttons
Need to focus on Properly Managed Accounts:The account complies with our password policy
The account is not used for anything other than intended purpose
The account can only be used by those authorized to do so
The account is monitored for compliance
PIM and Asurion
6Asurion_Confidential
What Asurion looked like before PIM:
AD contacts
Sticky notes
Excel spreadsheets
Onboarding documentation
Wiki and SharePoint
Not updated always
Everyone knew passwords
Passwords never changed
The Past
7Asurion_Confidential
What Asurion looks like today:
Secure Password Vault
Auditing of check in/out
The Present
8Asurion_Confidential
Where is Asurion headed:
Local Admin Accounts
Appliance and HW Accounts
Directory Service Accounts
Programmatic Account Retrieval
Session Management
The Future
9Asurion_Confidential
What have we learned so far:
Need to focus on PIM separately
Scope, keep it simple
Need to understand where accounts are used
Organization is key
Baby steps
Potential to break everything
Lessons Learned
Asurion_Confidential
PRIVILEGE IDENTITY MANAGEMENT08.27.15
Matt Chambers
Principal, IAM
Thank you.
WHO IS OBSERVEIT?
HQ Boston, MA / R&D Tel Aviv, Israel
Founded 2006
1,200+ Customers Worldwide
$20M Invested by Bain Capital
The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats
INSIDER THREAT LANDSCAPE
THIRD-PARTIES
PRIVILEGED USERS
EMPLOYEES
CHALLENGE WITH ADDRESSING INSIDER THREATS
“It’s Hard to Distinguish Abuse from Legitimate Use”
3 out of 4 InfoSec professionals say
260,000+ members
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
INSIDER THREAT INTELLIGENCE WITH OBSERVEIT
Collect
DetectRespond
• User Behavior Analytics
• Activity Alerting
• User Risk Scoring
• Visual User Recording
• Application Marking
• User Activity Logs
• Live Session Replay
• Interact With Users
• Shutdown Sessions
UNDERSTAND FIELD-LEVEL APPLICATION USAGE
DETECT DATA MISUSE AND APPLICATION ABUSE
INVESTIGATE RISKY USER BEHAVIOR AND INTENT
USERS
Audit and Compliance
Employees________________________
Data Extraction and Fraud
Application Access, Call Centers, and Watchlists
Third-parties________________________
IP Theft and Service Availability
Contractors, Remote Vendors, Outsourced IT
Privileged Users________________________
Access Abuse and Data Privacy
Help Desk, DBAs, HPAs, SoD and Sys Admins
COMPLETE COVERAGE WITH OBSERVEIT
Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access
to Sensitive systems
PRIVILEGED USER INTELLIGENCE
UNIX / LINUX Windows DBAs
Network Help Desk Programmers
WireShark PuTTY
Toad
RDPWinSCP
Reg EditorCMD PowerShell
DR JavaSSH
Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts
ADSQL PLUS
CUSTOMER EXAMPLES
Monitoring Privileged Access PCI
Monitoring internal privileged users with access to PCI systems
Detect unauthorized configuration changes
Meeting internal and external audit
Monitoring Privileged Users for PCI/SOX
Monitoring privileged users with access to over 60 PCI/SOX applications
Real-time monitoring of unauthorized account creation and firewall changes
Integrated with Lieberman Password Vault and Avatier identity provisioning
THANK YOU