Active Authentication to Protect IT Assets - Onion ID
date post
11-Feb-2017Category
Documents
view
134download
1
Embed Size (px)
Transcript of Active Authentication to Protect IT Assets - Onion ID
ACTIVE AUTHENTICATION FOR INFRASTRUCTURE
HELLO! I am Anirban Banerjee. I am the Founder and CEO of Onion ID.
https://calendly.com/anirban/enterprise-demo/
THE STATUS QUO
CHALLENGES AND THREATS
GOING FORWARD
THE STATUS QUO
4
IT INFRASTRUCTURE
TODAY
Laptops
In house servers
Cloud servers
Mobile devices
Containers
Network equipment
WHO IS ACCESSING
Devops IT
Developers Shadow IT Bloggers Marketing
Automated Software Deploy and Build software Vendors and 3rd parties
THE STATUS QUO
Usernames/ passwords
SSH Keys
Helps login automatically
IP filters
Only talk to certain computers
VPNs
Some Security
Encrypted traffic
CHALLENGES AND THREATS
CHALLENGES
IT Outsourcing
CHALLENGES
Inflexible Multiple dev teams Geographically distributed Shadow IT High Velocity Changes IaaS/Paas via
APIs AWS, Rackspace, Docker All types of web apps Employee churn Compliance and Audits Attack surface has changed Horizontal attacker movement Vertical privilege escalation
THE THREAT LANDSCAPE
Horizontal and Vertical Attacker Movement
GOING FORWARD
ACTIVE AUTHENTICATION
CAN HELP
Concept of least privilege Risk score everything Every command is analyzed Learn, Match, Act, Update
WHAT TO LOOK FOR AND WHAT
TO DO
Usually never runs visudo /etc/shadow high risk COMMANDSBEING
RUN
Where are you connecting from, time, # of connections
CONNECTIONSTATISTICS
Risk score every command: White, Grey, Black EVERYCOMMAND
ISANALYZED
Invisible 2FA for Grey, Physical 2FA for Black TAKEACTION
Apache Spark, Pykit Sci, SSH proxies TOOLS
COMPLIANCE
PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II Legal consequences Provide proof of controls Keep the board informed Use tools for reporting, automate
BEST PRACTICES
SSH Key rotations Device fingerprinting Credential rotations for VPN MAC address pinning Review logs regularly Audit user accounts
CONTINUOUS IMPROVEMENT
Your system needs to keep learning
Think about rule based approach, dont obsess
Follow good login hygiene
Use DNS instead of nailed IPs
Audit shadow IT accounts
Connect with us
18 calendly.com/anirban/enterprise-demo/ Free Trial on OnionID.com [email protected] 1-888-315-4745 Twitter - @onion_id Connect with us on FB or Linkedin
We will be posting these slides
Feedback is very welcome
https://calendly.com/anirban/enterprise-demo/
THANK YOU! Any questions? You can find more about us at: Onion ID Privilege Management in 60 Seconds www.onionid.com , [email protected] Tel: +1-888 315 4745