SECURE, MANAGE & CONTROLPRIVILEGED ACCOUNTS & SESSIONSPresenter: Terence Siau

Company IntroductionToday’s Security ChallengesPrivileged Identity Management Suite OverviewPrivileged Session Management Suite OverviewSensitive Information Management SuiteOverview

Agenda

2

COMPANYINTRODUCTION

3

Established in 1999, HQ Boston, USOffices Worldwide (including Singapore andMalaysia)1200+ customers globally

Customers in Vietnam: Banks, Oil & Gas,Government

Cyber-Ark Overview

Strategic Partnerships

“The company has gradually expandedfrom its initial start as an enterprise vaultfor file and sensitive content sharing toassume a commanding position inprivileged identity management (PIM)”

- Steve Copland, April 2010

“The company has gradually expandedfrom its initial start as an enterprise vaultfor file and sensitive content sharing toassume a commanding position inprivileged identity management (PIM)”

- Steve Copland, April 2010

“Cyber-Ark has one of the largestcustomer bases of the vendors includedin this Market Scope and, because of itsfocus on enterprise customers … thelargest market share by revenue by awide margin.”

- Ant Allan/Perry Carpenter, June 2009

“Cyber-Ark has one of the largestcustomer bases of the vendors includedin this Market Scope and, because of itsfocus on enterprise customers … thelargest market share by revenue by awide margin.”

- Ant Allan/Perry Carpenter, June 2009

“Cyber-Ark is perceived as a leader inthe rapidly expanding market forPrivileged Access Managementsolutions.“

- Martin Kuppinger, 2010

“Cyber-Ark is perceived as a leader inthe rapidly expanding market forPrivileged Access Managementsolutions.“

- Martin Kuppinger, 2010

“Cyber-ark is at the top of the PIMmarket, based on product maturity & thenumber of customer deployments”

-Mark Diodati, 2009

“Cyber-ark is at the top of the PIMmarket, based on product maturity & thenumber of customer deployments”

-Mark Diodati, 2009

Recognized Market Leadership

4

Best Identity Management SolutionHighly Commended:

Information Security Product of the Year

What it takes to be Market Leader?

Recognition from Authoritative Bodies

A Strong History of Acknowledged Excellence

Cyber-Ark’s Solution Suites

6

Sensitive InformationManagement Suite

Privileged IdentityManagement Suite

Privileged SessionManagement Suite

Enterprise PasswordVault®

Application IdentityManager™

On-Demand PrivilegesManager™

PSM for Servers

PSM for Databases

PSM for Virtualization

Inter-Business Vault®

Sensitive DocumentVault™

DIGITAL VAULT

TODAY’S SECURITYCHALLENGES

7

Privileged Account Types

AdministrativeAccountsAdministrativeAccounts

Owned by the system:Not owned by anyperson or “identity”

Shared Predefined:UNIX rootCisco enableDBA accountsWindows domainEtc.

ApplicationAccountsApplicationAccounts

Hard-coded, embedded:Resource (DB) IDsApplication / Generic IDsBatch jobsTesting Scripts

Service Accounts:Windows Service AccountsScheduled Tasks

PersonalComputerAccounts

PersonalComputerAccounts

Windows Local administrator:DesktopsLaptops

Shared:Help DeskOperationsEmergencyLegacy applicationsDeveloper accounts

Who has access to privileged accounts?AdministratorsContractors; Cloud Service ProvidersDBAsTerminated EmployeesApplications

Why are these breaches happening?Shared account usageExcessive privilege“Hidden/Sleeping” accountsNon-existent/unenforcedaccess controlsInfrequent replacement of credentials

Privileged Accounts Give System-Wide Access

9* Verizon, 2010 Data Breach Investigations Report

“48% of data breaches were caused by privileged misuse”Proactively manage privileged access to prevent such attacks

“48% of data breaches were caused by privileged misuse”Proactively manage privileged access to prevent such attacks

PRIVILEGED IDENTITYMANAGEMENT

10

Privileged Identity Management Suite v.7.1

11

PIM Portal/Web Access

Secure Digital Vault™

Central Policy Manager

Monitoring & SIEMApplications

Monitoring & SIEMApplications

TicketingSystems

TicketingSystems

IdentityManagement

IdentityManagementExternal Vendors

IT Personnel

Auditors

Developers & DBAs

EnterpriseDirectory and more

EnterpriseDirectory and more

Enterprise Password Vault: Preventing Threats, Improving Productivity

12

Windows Server

The result? A preventative approach that:Secures privileged credentialsGives you full control over access

Ticketing integration; approval workflowPersonalizes usageAutomatically replaces credentials on a periodic basis (policy driven)

Protection from terminated employees & 3rd partiesGenerates better productivity & shorter time to resolution

Who is accessing critical information assets?Who is accessing critical information assets?

John requestsmanagerial approval to

retrieve password

and transparentlyconnects without seeing

the password

John’s access is logged,personalized and reason

is entered

John, the IT admin, receives a ticket heneeds to handle. There’s a problem on the Windowsmachines and he needs to install a patch to fixit which requires administrator access

Ticketing Application

Full Datacenter Coverage

• AD• SunOne• Novel• UNIX Kerberos• UNIX NIS

Databases

Central Policy Manager

Operating Systems

Security Appliances

Network Devices

Directories andCredential Storage

Remote Control andMonitoring

Applications

Generic Interface• Windows• Unix/Linux• IBM iSeries• Z/OS• HPUX• Tru64• NonStop• ESX/i• OVMS• OS X• XenServers

• Oracle• MSSQL• DB2• Informix• Sybase• MySQL• Any ODBC

• FW1, SPLAT• IPSO• PIX• IronPort• Netscreen• FortiGate• ProxySG• Panorama

• Cisco• Juniper• Nortel• Alcatel• Quntum• F5• HP• 3Com• RuggedCom• Avaya• BlueCoat• Yamaha

• HMC• HPiLO• ALOM• Digi CM• DRAC• iRMC• AlterPath

• SSH/Telnet• ODBC• Windows

Registry

• SAP• WebSphere• WebLogic• Windows:

• Services• Scheduled Tasks• IIS App Pools• IIS Anonymous• COM+• Cluster Service

• Oracle Application ERP• System Center Configuration Manager

Enterprise IT Environment

Web Applications

EPV: Better Visibility & Control for Managers

14

When was the account accessed and why?When was the account accessed and why?Where do all my privileged accounts exist?Where do all my privileged accounts exist?

Auto-discovery automatically detects unmanaged devices andservice accounts for operational efficiency and full compliancyAutomatically manage hundreds of thousands of local adminaccounts

Application Identity Management: Tighter Security; Better Compliance

15

Secure, manage and eliminatehard-coded privileged accounts from applications

Secure, manage and eliminatehard-coded privileged accounts from applications

BillingApp

Websphere

CRMApp

HRApp

OnlineBookingSystem

Secure & reset applicationcredentials with no downtime orrestart

Ensure business continuity &high performance with a securelocal cacheStrong application authenticationUnique solution for JavaApplication Servers with no codechangesAvoid hard coding connectionstrings – no code changes &overhead

UserName = “app”Password = “y7qeF$1”Host = “10.10.3.56”ConnectDatabase(Host,

UserName, Password)

UserName = “app”Password = “y7qeF$1”Host = “10.10.3.56”ConnectDatabase(Host,

UserName, Password)

UserName = GetUserName()Password = GetPassword()Host = GetHost()ConnectDatabase(Host,

UserName, Password)

UserName = GetUserName()Password = GetPassword()Host = GetHost()ConnectDatabase(Host,

UserName, Password)

Weblogic

Legacy

IIS / .NET

On-Demand Privileges Manager: Tightening Unix Security

Control superuser access(root, oracle, app1…)

Granular Access Controland Hardening

Monitor & audit with reports and text recording

When Who What Where What

Unix /LinuxServers

Reduce TCO of desktop management & IT overheadLeast privilege leads to less tickets/calls to IT, less “unintentionaldamage”

Gartner: “20% lower TCO with full least-privileged implementation”

Reduce the risk of infecting desktops with malware90% of Windows vulnerabilities are mitigated when running withoutadmin rights.Eliminating admin rights reduces the attack surface of malwares.

OPM for Windows

BUT IS ACCESSCONTROL ENOUGH?

PRIVILEGED SESSIONMANAGEMENT SUITE

Expanding from Managing Accounts to Managing Sessions

19

Portal/Web Access

Secure Digital Vault™

Central Policy Manager

PrivilegedIdentity

Management

PrivilegedSession

ManagementMonitoring & SIEM

ApplicationsMonitoring & SIEM

Applications

TicketingSystems

TicketingSystems

IdentityManagement

IdentityManagementExternal Vendors

IT Personnel

Auditors

Developers & DBAs

EnterpriseDirectory and more

EnterpriseDirectory and more

Secure, manageand trackprivilegedaccounts

Isolate, control,and monitorprivilegedsessions

Continuous Monitoring & Protection Across the Datacenter

20

Privileged SessionManagement Suite

PSM for Servers

PSM for Databases

PSM for Virtualization

Isolate

Control

Monitor

Platform Video Mode Text CommandMicrosoft: Windows XP Windows Vista Windows 7 Windows 2003 Server Windows 2008 Server

P

IBM: AS400 PIBM: AIX P PSun Solaris P PHP: HPUX Tru64 Open VMS

P P

SSH-compatible sessions P PSQL Plus / PLSQL Developer P PSQL Server Management Studio PSybaseASE PSybase Interactive SQL Client PSecureCRT PVirtualization: Hypervisors inc ESX, ESXi vSphere

P

Cyber-Ark PSM Platform Support

Remote Vendor Access – with PSM

Corporate Network

Auditors,PIM Admins

Routers andSwitches

WindowsServers

UNIXServers

PIM

Vault

Firewall

3rd partyvendor

Internet

HTTPS

PVWAPSM

DMZ

Firewall

Real-Time Monitoring with Session Interaction

23

Easily Search Privileged Sessions for Forensic Analysis

24

Search for SQL commands thatinclude the word 'Salary'

Click to Play ‘Point in Time’

* Supports SSH and SQL commands

Manage sensitive credentials to websites andweb-based/SaaS applications using PIMConnect transparently to the web-basedapplication without needing to know the passwordMonitor and record privileged sessions in webapplications in real-time or for forensic analysis

Accessing & Monitoring Websites & Cloud Applications

25

Value of Privileged Session Management

26

Isolate• Prevent cyber attacks by isolating desktops from

sensitive target machines

Control• Create accountability and control over privileged

session access with policies, workflows and privilegedsingle sign on

Monitor• Deliver continuous monitoring and compliance with

session recording with zero footprint on targetmachines

Sensitive Information Management SuiteSample use cases

Accelerate Business, Securely

Variety ofInterfaces

EnterpriseReady

BusinessAutonomy

THANK YOU!

29