Documente Academic
Documente Profesional
Documente Cultură
Bogdan Tobol
Regional Sales Director North/Eastern Europe
1
Anunak Attack Summary
Breach
Breach Overview
Overview
Target: Financial institutions
Attacker: Anunak cybercrime ring
Motivation: Monetary
Goal: Steal money directly from banks
Outcome: >$25M stolen since 2H 2014
What
What Happened?
Happened?
Anunak launched targeted attacks against
several banks
Gained privileged access to systems
Transferred money to outside accounts
Compromised ATMs to steal cash
2
Large US Retailer: March 2014 Attack Summary
COMPANY
COMPANY OVERVIEW
OVERVIEW
Industry Retail
Employees 27,000
Headquarters USA
WHAT
WHAT HAPPENED?
HAPPENED?
Early
Early 2014:
2014: 260,000
260,000 credit
credit cards
cards stolen
stolen from
from aa
large
large US
US retailer
retailer went
went up
up for
for sale
sale
Early
Early 2015:
2015: The
The same
same retailer
retailer announced
announced aa
second
second intrusion
intrusion to
to POS
POS systems
systems
3
Sony Pictures Entertainment Breach Summary
Company
Company Overview
Overview
Industry: Media/Entertainment
Revenue: $8 billion
Employees: 6,500
Headquarters: California, US
What
What Happened:
Happened:
4
Privileged Accounts are Targeted in All
Advanced Attacks
APT
APT intrudersprefer
intrudersprefer to to
leverage
leverage privileged
privileged accounts
accounts
100%
100% ofof breaches
breaches where
where possible,
possible, such
such as
as Domain
Domain
involved
involved stolen
stolen Administrators,
Administrators, service
service accounts
accounts
credentials.
credentials. with
with Domain
Domain privileges,
privileges, local
local
Administrator
Administrator accounts,
accounts, and
and
privileged
privileged user
user accounts.
accounts.
5
Privileged Credentials are Everywhere
Privileged Accounts
Laptops, Tablets,
Smartphones
6
Privilege is At The Center of the Attack Lifecycle
Typical Lifecycle of a Cyber Attack
7
Hijacked Credentials Put the Attacker in Control
Routers, Servers,
Enable attackers to:Databases, Applications
Firew
Bypass security controls & monitoring
all
Access all of the data on the device WiFi Routers, Smart TVs
8
CyberArk Breaks the Attack Chain
9
CyberArk Delivers a New Critical Security Layer
PERIMETER
PERIMETER SECURITY
SECURITY
SECURITY
SECURITY CONTROLS
CONTROLS INSIDE
INSIDE THE
THE NETWORK
NETWORK
MONITORING
MONITORING
PRIVILEGED
PRIVILEGED ACCOUNT
ACCOUNT SECURITY
SECURITY
10
Privilege Account Security Across the Stack
Data
Data
Data
Security
Security
Applications
Application
Application
Security
Security
Privilege
Privilege
dd
End-point Account
Account
End
End Point
Point Security
Security
Security
Security
Network
Network
Network
Security
Security
11
Solving The Privileged Account Security Problem
12
Comprehensive Controls on Privileged Activity
Enterprise
Enterprise Password
Password Vault
Vault Privileged
Privileged Session
Session Manager
Manager
SSH
SSH Key
Key Manager
Manager On-Demand
On-Demand Privileges
Privileges Unix
Unix Privileged
Privileged Threat
Threat Analytics
Analytics
Application
Application Identity
Identity Manager
Manager OPM
OPM Windows
Windows
13
The Problem: Users with admin rights can
14
Pain varies based on role and current state of
admin privilege management
Scenario: Users
Users have
have local
local admin
admin rights
rights Local
Local admin
admin rights
rights are
are removed
removed
Buyer:
Pain: Spends lots of timing fixing Pain: Handles consistent help desk calls
Operations
Operations Team
Team
damage and remediating incidents on as users need privileges to install and run
users laptops approved applications
Desktop Engineering
IT Planning and
Engineering How much time and effort do you spend How do you handle events that generally
responding to endpoint incidents? require local admin rights?
Director of IT
Security
Security Team
Team Pain: Limited ability to protect the Pain: Forced to manage privilege creep,
organizations due to a giant, unmanaged as users regain local admin rights to run
Security Analyst attack surface business applications
Security Architect
How many security incidents could you How do you revoke local admin rights
Director of IT Security
prevent each year by eliminating local once they are no longer needed by
admin rights? business users?
15
Recap: Least Privilege + App Control = Reduced Risk
Least
Least Privilege
Privilege Application
Application Control
Control
16
Privileged Accounts are Targeted in All
Advanced Attacks
Anything
Anything that
that involves
involves
serious
serious intellectual
intellectual property
property
will
will be
be contained
contained inin highly
highly secure
secure
systems
systems and
and privileged
privileged accounts
accounts
are
are the
the only
only way
way hackers
hackers can
can
get
get in.
in.
17
Can We Really Isolate All Critical Networks?
Removable media
Mistakes and temporary
connections
Remote access
18
Securing Access Into the ICS/OT Network
Corporate
Network
VPN
DMZ firewall Web
Third party
Portal Supervisor
vendor
DMZ
PSM
ICS firewall
Password Session
ICS Recording
Network
Vault
51%
of companies report being impacted
by SSH key related compromises*
20
Layers of Security in the Digital Vault
Tamper-Proof
Auditability
Comprehensive
Monitoring
Segregation of Session
Duties Encryption
Firewall Authentication
21
Sensitive Information Management
Easy, Secure and Compliant File Sharing
SHARE
Sensitive documents between users
AUTOMATE AUDIT
File transfers between File sharing and access to
applications sensitive documents
22
CyberArk Overview
23
IDC Names CyberArk the PAM Market Leader
25
Thank you
26