ZERO TRUST IDENTITY

Identity is the Center of Security– The Future is Now!– Zero Trust Identity

• Users Data, and Devices are uniquely tied together

• Users and devices are untrustworthy

SESSIONSTime Session Partners

2:30 Access Management Verifies Enterprise Mobility Management Status of Mobile Device

Ping / VMware

3:00 Complete Security for your AWS deployment Okta / Netskope / LogRhythm / CyberArk

3:30 Adaptive Access Management for Enterprises SecureAuth / Netskope / LogRhythm

4:00 Delegation of Access Management and trust elevation for privileged access

Gemalto / Ping / BeyondTrust

4:30 Access Management checks for Cloud Access Security Broker

Ping / Netskope / Optiv

5:00 Identity Governance Attestation of Privileged Account Management

SailPoint / CyberArk / LogRhythm

• Problem

– Unnecessary account privileges (gained through overprovisioning or ineffective de-provisioning policies) increase the risk of a cyber attacker gaining critical access and accomplishing a significant data breach

• Zero Trust Capabilities

– Privileged accounts have been proven to be the main attack vector for most data breaches. As such, provisioning of these accounts should be governed by a lifecycle management system and recertified on an ongoing basis according to the policies and compliance/audit requirements of an organization

• IDSA Use Cases

– Identity Governance Attestation of Privileged Access Management Accounts

+

Identity Governance

Identity Administration

SIEM

CASBPAM

GRC

Network Security

UEBA

Service Mgmt

Fraud & RiskDAG

IDENTITY SECURITY

Identity Governance Attestation of Privileged Account Management

EMMDLP

Access Management

7

SOLUTION MATURITY

Define Implement Automate Report Optimize

8

Define Implement Automate Report Optimize

Periodic and event driven certification of privileged accounts minimize the ‘high access leverage surface area’ available to cyber attackers

EnhancementSuspicious usage of privileged accounts and the response to these incidents with deeper investigation and/or account suspension

• Manual approach, with ad-hoc or scheduled governance campaigns

• Provides adequate ‘pruning’ of privileged access• Begins to shrink the threat landscape

Define Implement Automate Report Optimize

EnhancementSIEM controls to monitor and respond to suspicious use of privileged accounts are implemented

Manual trigger of certifications is now augmented with the automatic initiation based on Identity events or Risk

Define Implement Automate Report Optimize

EnhancementSIEM threat response is now automated based on suspicious use of privileged accounts– removing, disabling, or re-attesting accounts either directly or through intermediary

Enhanced reporting and auditing• Track the baseline metrics of reduced privileged

account days as a percentage of total provisioned privileged account days

Define Implement Automate Report Optimize

EnhancementMeasure and track the enhanced metric of suspicious privileged account usage incidents and the reduction of these incidents through the automated mitigation responses

16

Organizational commitment and follow-through to review, analyze, determined and mitigate the root causes that create unnecessary privileged account days• An example of this would be coarse and/or flawed role

definition

Define Implement Automate Report Optimize

EnhancementOrganizational commitment to make prioritized progress mitigating the root causes of suspicious privileged account usage incidents

SOLUTION COMPONENTS

• CyberArk SCIM Server

• IdentityIQ 7.1+• PAM Module• SIEM Plugin

• SmartResponse Plugin

QUESTIONS?

MEMBERS

THANK YOU

For more information https://www.idsalliance.org