Documente Academic
Documente Profesional
Documente Cultură
Overview
The New Cyber Battleground: Inside Your Network
2
An Outside Attacker Must Obtain Credentials of an Insider
“APT intruders…prefer to
leverage privileged accounts
“…100% of breaches where possible, such as Domain
involved stolen Administrators, service accounts
credentials.” with Domain privileges, local
Administrator accounts, and
privileged user accounts.”
3
Comprehensive Controls on Privileged Activity
4
Privileged Accounts Create a Huge Attack Surface
Applications
Social Networking
System Privileged Account
Managers
Administrators Accounts
5
CyberArk: Proactive Protection, Detection & Response
Proactive protection
Insider • Only authorized users
• Individual accountability
Hypervisors
Targeted detection
External Databases/
Applications • Continuous monitoring
Network • Malicious behavior
Insider Devices
End
• High risk behavior
Points
• Alerting
Social
External Industrial Media
Controls
Insider Real-time response
• Session termination
External
Privileged • Full forensics record of activity
Accounts
6
Privilege is At The Center of the Attack Lifecycle
Typical Lifecycle of a Cyber Attack
7
CyberArk Breaks the Attack Chain
8
CyberArk Overview
9
Solving The Privileged Account Security Problem
10
CyberArk Delivers a New Critical Security Layer
PERIMETER SECURITY
Proactive On-
Controls, Enterprise Privileged Application
SSH Key Demand
Password Session Identity Viewfinity
Monitoring & Manager Privileges
Vault® Manager® Manager™
Manager™
Management
14
Enterprise Password Vault Solution Overview
IT
Enterprise IT Environment
Request to view Reports
Auditors
15
CyberArk’s Secure Digital Vault
16
16
Master Policy
17
Users and Accounts
Throughout this course we will be using the terms Users and Accounts.
It is very important to understand the difference between the two.
▪ Users – People who have been granted access to the system.
■ Access passwords
■ Manage policies
18
Account Storage – Granular User Access Control
19
Password Storage – Account Creation
Manual Entry Automatic Detection/Provisioning
20
Password Retrieval – Show Password
21
Password Retrieval – Transparent Connection
22
Password Retrieval – Work Flow 1/2
User attempts to access a password
E-mail is automatically
sent for approval
23
Password Retrieval – Work Flow 2/2
Approver confirms the request
25
Automatic, Policy-Based Password Management
26
SSH Key Manager
What are SSH Keys?
root
SSH
root
192.168.41.37
FTP primary Server
root
root
192.168.41.38
192.168.40.4 FTP backup Server
Billing Application
root
192.168.40.5
Billing backend Server
SSH Key Manager
End Users SSH Key Manager Unix/Linux Resources
Secure Storage
Pub.
Priv.
Cloud
Infrastructure
Privileged Session Manager
CyberArk Privileged Session Manager
Databases
Windows/UNIX
Servers
1
HTTPS PSM 4
32
PSM – RDP Connection Using RemoteApp
33
PSM – Windows Video Recording
34
PSM – Text Recording with Point-in-time Playback
35
PSM – Built-in Clients
SQL Plus VMWare vCenter Client
36
Application Identity Manager
Application Identity Manager (AIM)
Applications Application Identity Manager Enterprise Resources
Type System
Secure Storage
Accounts Servers Mainframes
Receivable
WebSphere *****
Websites/ Cloud
Web Apps Infrastructure
Online Booking
System
Legacy /
Homegrown
On-Demand Privilege Manager
CyberArk On-Demand Privileges Manager for Unix
UNIX Servers
with OPM Agent 1
2 Installed PAS Admin
PVWA
IT personnel
Server admin
GPO ARCHITECTURE
AD Domain
Servers, Desktops,
Laptops, VMs
Group
Policy
SCCM
CyberArk Viewfinity
GPO Editor
Report Events
Group Policy
Flexible Delivery Methods
PUBLIC CLOUD
CyberArk Viewfinity
Administrator
Remote Laptop
User Management
Engine
Web Server
Database &
Reporting
CyberArk
Viewfinity
SERVER-BASED
AD Domain
Servers, Desktops, Laptops, VMs
Group
Management Policy
Engine
Web Server
Database &
Reporting
CyberArk
Viewfinity
CyberArk Viewfinity
Administrator
Remote Laptop
User
Privileged Threat Analytics
Privileged Threat Analytics
Behavioral
Analysis Normal
Login
Data
Abnormal
ALERT:
Target SIEM &
System Data CyberArk
GOALS: SIEM Solutions
• Find the signal in
the noise.
• Enable the SOC
to instantly locate
the most serious
alerts.
Privileged Threat Analytics
Collect
Ongoing Profiling
Detect
Detecting abnormal privileged
accounts activity
48
Privileged Threat Analytics Dashboard
49
Architecture
Vault and Components
Central Policy
Privileged Session Manager Unix/Windows
Manager Application Provider
1858
Vault
End Users:
IT Staff, Auditor, etc.
HTTPS
Password Vault
Web Access
Vault Administrators
EPV Clients
Unmanaged
Target Account
and Servers
End Users:
IT Staff, Auditor, Unix/Windows
etc. Users
Custom Applications,
Reporting Tools, ets.
Vault
Administrators
Architecture – Basic Deployment, One Site
1858
10.0.1.30
1858
Password Vault
Web Access Vault
10.0.1.31
HTTPS
1858 or 443
192.168.23.19 10.0.1.30
1858
Auditors
IT
IT Environment
Auditors/IT Auditors/IT
IT IT
Environment Environment
56