Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication

download Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication

of 24

  • date post

    25-Jun-2015
  • Category

    Technology

  • view

    835
  • download

    2

Embed Size (px)

description

In this age of an interconnected global business ecosystem, businesses rely on network connections with partners, suppliers, and others for efficient business processes. You just have to look at the headlines to see that several recent security breaches have compromised these connections as a way into a corporate network. Utilizing CA Advanced Authentication, CenterPoint Energy is making connections more secure through multi-factor authentication and reduce the risk of standard network credentials becoming compromised. For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm

Transcript of Protect Against Security Breaches by Securing Endpoints with Multi-Factor Authentication

  • 1. ca SecurecenterProtect Against Security Breaches by SecuringEndpoints with Multi-Factor AuthenticationMike PhillipsSession Number SCX07S #CAWorld @jamiebass25CenterPoint EnergyCorporate Technology Security DirectorJamie BassPwCAdvisory Director

2. 2 2014 CA. ALL RIGHTS RESERVED.Protect Against Security Breaches by Securing Endpoints with Multi-Factor AuthenticationIn this age of an interconnected global business ecosystem, businesses rely on network connections with partners, suppliers, and others for efficient business processes. You just have to look at the headlines to see that several recent security breaches have compromised these connections as a way into a corporate network. Utilizing CA Advanced Authentication, CenterPoint Energy is making connections more secure through multi-factor authentication and reduce the risk of standard network credentials becoming compromised.Mike PhillipsCenterPoint EnergyCorporate Technology Security DirectorJamie BassPwCAdvisory Director 3. 3 2014 CA. ALL RIGHTS RESERVED.AgendaBACKGROUND AND PROBLEM FACEDCENTERPOINTS APPROACHTECHNICAL CHALLENGESDEPLOYMENT PLANQ & A12345 4. BACKGROUND AND PROBLEM FACED 5. 5 2014 CA. ALL RIGHTS RESERVED.IntroductionCenterPoint Energy is a company with more than 5 million metered customers and a long history of service. CenterPoint Energy is composed of an electric transmission and distribution utility serving the Houston metropolitan area, local natural gas distribution businesses in six states, a competitive natural gas sales and service business serving customers in the eastern half of the U.S. We also operate an interstate pipelineoperationwith two natural gas pipelines in the mid-continent region, and a field services business with natural gas gathering operations, also in the mid-continent region. We're an established company with substantial assets that are managed by experienced people. CenterPointEnergy's vision is to be recognized as America's leading energy delivery company and We know that reliable energy is not a luxury. It's up to us to keep the lights on and to provide clean natural gas for homes, factories and businesses.OVERVIEW OF CENTERPOINT ENERGY 6. 6 2014 CA. ALL RIGHTS RESERVED.Interconnected business ecosystem*Businesses are becoming increasingly interconnected with third-partiesExternal connections and efficient access is a requirement for staying competitiveNot controlling this access effectively can be detrimentalAn effective security model must be deployed to balance and control thisOrganizationSuppliersVendorsOther agentsPartnersPERIMETER DEFENSES ARE BECOMING IMPRACTICALUsersVendorPartnersSupplierUsersPartnersSupplierUsersVendorsUsersAgentsVendorsUsersPartnersAgentsContractorsUsersUsersUsersUsers 7. 7 2014 CA. ALL RIGHTS RESERVED.The threat is realDespite following best security practices, an organization is still susceptible to weaknesses from an external partyThere have been recent breaches leveraging smaller, less secure external parties to get into large enterprise environmentsHackers have a long history of attacking the supply chain for certain industry sectorsOften vendors will have access to very critical components of the infrastructureSEVERE IMPACTS FOR DOING THIS INCORRECTLY 8. 8 2014 CA. ALL RIGHTS RESERVED.The threat is increasingRecent reports from Department of Homeland Security indicate increased number of security breachesWe exist in a copy cat world where successful attacks are quickly executed on other organizations with similar infrastructureDue to the evolving regulatory landscape, organizations are being held accountableTHESE ATTACKS ARE HAPPENING MORE FREQUENTLY 9. 9 2014 CA. ALL RIGHTS RESERVED.External users pose unique challengesThird-party access to the organization poses several security concerns not seen with internal usersSecurity capabilities of these external parties will varyMonitoring capabilities for items such as user activity outside the corporate network is limitedLack of visibility to the actual user behind the connectionand the full connection pathAssessing the security posture of each third party is difficultUNCONTROLLED ACCESS POINTS 10. CENTERPOINTS APPROACH 11. 11 2014 CA. ALL RIGHTS RESERVED.Improve the external authentication processLeverage advanced authentication for external usersProtect against phishing attacks and more accurately tie access to an actual end user with Multi-Factor Authentication (MFA)Risk based authentication can leverage location, time, etc.Provides centralized authentication for improved management and monitoring capabilitiesFind all of the external connectionsMany of these are setup and managed outside of ITSome of these many not even be active anymoreTHIS IS BOTH A TECHNICAL AND BUSINESS EFFORT 12. 12 2014 CA. ALL RIGHTS RESERVED.CenterPoints path to secure these connectionsStandardizeDefine policies and supporting standards for third-party connectionsLeverage leading industry practices and recommended security frameworksInventoryGather details around existing connections to the network and build an inventoryAssign business and technical owners to these connectionsAssessDetermine risk level for existing connectionsIdentify gaps from policies / standardsPrioritizePrioritize connections for integration with MFAConsider the risk they pose and the ease of integrationROADMAP FOR SECURING EXTERNAL CONNECTIONS 13. 13 2014 CA. ALL RIGHTS RESERVED.Technology can be implemented in a phased approachDeploy advanced authentication technologyDeploy the base infrastructure for CA Strong AuthenticationMigrate external connections to the infrastructureConsider internal use-casesExpand the capabilities of advanced authenticationIntegrate with CA Single Sign-On to protect web interfacesIntegrate with CA Risk Authentication for adaptive, context aware authenticationGET IMMEDIATE VALUE QUICKLY, BUT ALSO PLAN FOR EXTENDED CAPABILITIES IN THE FUTURE 14. 14 2014 CA. ALL RIGHTS RESERVED.Lessons learnedMust partner with business and IT stakeholdersClearly articulate objectivesMake it easy to do the right thingDeveloping complete inventory is a stretch goalKnowledge of connections distributedChasing a moving targetTHE PROBLEM CROSSES BUSINESS AND IT BOUNDARIES 15. TECHNICAL DEPLOYMENT 16. 16 2014 CA. ALL RIGHTS RESERVED.Overview of PwCSECURITY CAPABILITIES WITH BUSINESS UNDERSTANDINGPwC is a global leader in information security and privacy solutions, with a history of deploying CA Security productsOver 1,600 dedicated security practitioners globallyAccess to 2 offshore centers in India & China (Service Delivery Centers SDCs)Integrated offerings developed over 15+ yearsCapabilities to assess, plan, implement, and respond to security incidents 17. 17 2014 CA. ALL RIGHTS RESERVED.Technology requirementsChallenges to look for in advanced authentication integrationSimplify and automate the distribution and management of tokensNeed to be able to deploy this across broad technical areas of the environment such as modems, web interfaces, Virtual Desktop Infrastructure (VDI), Virtual Private Networks (VPN) etc.Effectively leverage and integrate with existing and planned infrastructure (Active Directory, CA Single Sign-On, CA Identity Management, etc.)Make management, support, and integration easyNEED TO CONSIDER THE ARCHITECTURE, INTEGRATION POINTS, AND USABILITY 18. 18 2014 CA. ALL RIGHTS RESERVED.Product requirementsVPN Virtual Private Network; UI User Interface; ISDN Integrated Services Digital Network;CONSIDER SECURITY, SCALABILITY, AND USABILITYFlexible means of One Time Password (OTP) generation and distributionAuthentication for web interfaces as well as network infrastructure components such as VPN, VDI, etc.Integration with threat and fraud prevention toolsEase of use, proven scalability, and real customer success 19. 19 2014 CA. ALL RIGHTS RESERVED.CA Strong Authentication product fitFlexible options for OTP distribution: text, app, call, etc.Multiple integration options: web, RADIUS, etc.IdentityMinder integration to provide user interface for enrolling and managing soft tokensIntegrates with CA Risk Authentication to provide features such as risk profiling, device fingerprinting, etc.OTP One Time Password; RADIUS Remote Authentication Dial In User Service; IDM Identity Management; UI User Interface;HOW CA AUTHMINDER FITS THE ENVIRONMENT 20. DEPLOYMENT PLAN 21. 21 2014 CA. ALL RIGHTS RESERVED.Deployment planPwC Pricewaterhouse Coopers; CNP CenterPoint Energy; UI User Interface; VDI Virtual Desktop Infrastructure;RADIUS Remote Authentication Dial In User Service;5 PHASE DEPLOYMENT PLAN FOR CA AUTHMINDER IMPLEMENTATIONValidate ProductExpandandRefineIntegrateApplicationsPlanDeploymentPerform Proof of Concept with key infrastructure componentsArchitect the infrastructure integrationIdentify remote connection platforms for authenticationDevelop integration planDevelop plan to manage soft token provisioningDeploy base infrastructure per CA / PwC / CenterPoint joint designPilot with a non- critical connection and small user setValidate infrastructure sizing and UI / workflows for managing tokensStart migrating prioritized connectionsGradually expand the solutionRefine the rules to strengthen authenticationDeployFoundation 22. 22 2014 CA. ALL RIGHTS RESERVED.SummaryA few words to reviewRememberYou are only as secure as your least secure vendor (none are too small to consider)Implementing a second layer of authentication can protect you from things occurring outside of your networkDoBe aware of recent breaches and ensure you raise the bar for attackersProvide users with flexibility and an easy way to do the right thingDontBe convinced that you are secure because your infrastructure has advanced monitoring and protectionCripple the business with cumbersome processes they will find a way to circumvent 23. 23 2014 CA. ALL RIGHTS RESERVED.For More InformationTo learn more about Security, please visit:ht