Active Authentication to Protect IT Assets - Onion ID

download Active Authentication to Protect IT Assets - Onion ID

of 19

  • date post

    11-Feb-2017
  • Category

    Documents

  • view

    133
  • download

    1

Embed Size (px)

Transcript of Active Authentication to Protect IT Assets - Onion ID

  • ACTIVE AUTHENTICATION FOR INFRASTRUCTURE

  • HELLO! I am Anirban Banerjee. I am the Founder and CEO of Onion ID.

    https://calendly.com/anirban/enterprise-demo/

  • THE STATUS QUO

    CHALLENGES AND THREATS

    GOING FORWARD

  • THE STATUS QUO

    4

  • IT INFRASTRUCTURE

    TODAY

    Laptops

    In house servers

    Cloud servers

    Mobile devices

    Containers

    Network equipment

  • WHO IS ACCESSING

    Devops IT

    Developers Shadow IT Bloggers Marketing

    Automated Software Deploy and Build software Vendors and 3rd parties

  • THE STATUS QUO

    Usernames/ passwords

    SSH Keys

    Helps login automatically

    IP filters

    Only talk to certain computers

    VPNs

    Some Security

    Encrypted traffic

  • CHALLENGES AND THREATS

  • CHALLENGES

    IT Outsourcing

  • CHALLENGES

    Inflexible Multiple dev teams Geographically distributed Shadow IT High Velocity Changes IaaS/Paas via

    APIs AWS, Rackspace, Docker All types of web apps Employee churn Compliance and Audits Attack surface has changed Horizontal attacker movement Vertical privilege escalation

  • THE THREAT LANDSCAPE

    Horizontal and Vertical Attacker Movement

  • GOING FORWARD

  • ACTIVE AUTHENTICATION

    CAN HELP

    Concept of least privilege Risk score everything Every command is analyzed Learn, Match, Act, Update

  • WHAT TO LOOK FOR AND WHAT

    TO DO

    Usually never runs visudo /etc/shadow high risk COMMANDSBEING

    RUN

    Where are you connecting from, time, # of connections

    CONNECTIONSTATISTICS

    Risk score every command: White, Grey, Black EVERYCOMMAND

    ISANALYZED

    Invisible 2FA for Grey, Physical 2FA for Black TAKEACTION

    Apache Spark, Pykit Sci, SSH proxies TOOLS

  • COMPLIANCE

    PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II Legal consequences Provide proof of controls Keep the board informed Use tools for reporting, automate

  • BEST PRACTICES

    SSH Key rotations Device fingerprinting Credential rotations for VPN MAC address pinning Review logs regularly Audit user accounts

  • CONTINUOUS IMPROVEMENT

    Your system needs to keep learning

    Think about rule based approach, dont obsess

    Follow good login hygiene

    Use DNS instead of nailed IPs

    Audit shadow IT accounts

  • Connect with us

    18 calendly.com/anirban/enterprise-demo/ Free Trial on OnionID.com Sales@onionid.com 1-888-315-4745 Twitter - @onion_id Connect with us on FB or Linkedin

    We will be posting these slides

    Feedback is very welcome

    https://calendly.com/anirban/enterprise-demo/

  • THANK YOU! Any questions? You can find more about us at: Onion ID Privilege Management in 60 Seconds www.onionid.com , sales@onionid.com Tel: +1-888 315 4745