ACTIVE AUTHENTICATION FOR INFRASTRUCTURE

HELLO! I am Anirban Banerjee. I am the Founder and CEO of Onion ID.

https://calendly.com/anirban/enterprise-demo/

THE STATUS QUO

CHALLENGES AND THREATS

GOING FORWARD

THE STATUS QUO

4

IT INFRASTRUCTURE

TODAY

Laptops

In house servers

Cloud servers

Mobile devices

Containers

Network equipment

WHO IS ACCESSING

Devops IT

Developers Shadow IT Bloggers Marketing

Automated Software Deploy and Build software Vendors and 3rd parties

THE STATUS QUO

Usernames/ passwords

SSH Keys

▹  Helps login automatically

IP filters

▹  Only talk to certain computers

VPNs

▹  Some Security

▹  Encrypted traffic

CHALLENGES AND THREATS

CHALLENGES

▸  IT Outsourcing

CHALLENGES

▸ Inflexible – Multiple dev teams ▹  Geographically distributed ▹  Shadow IT ▸  High Velocity Changes – IaaS/Paas via

APIs ▹  AWS, Rackspace, Docker ▹  All types of web apps ▸  Employee churn ▸  Compliance and Audits ▸  Attack surface has changed ▸  Horizontal attacker movement ▸  Vertical privilege escalation

THE THREAT LANDSCAPE

Horizontal and Vertical Attacker Movement

GOING FORWARD

ACTIVE AUTHENTICATION

CAN HELP

▸  Concept of least privilege ▸  Risk score everything ▸  Every command is analyzed ▸  Learn, Match, Act, Update

WHAT TO LOOK FOR AND WHAT

TO DO

Usually never runs visudo /etc/shadow – high risk COMMANDSBEING

RUN

Where are you connecting from, time, # of connections

CONNECTIONSTATISTICS

Risk score every command: White, Grey, Black EVERYCOMMAND

ISANALYZED

Invisible 2FA for Grey, Physical 2FA for Black TAKEACTION

Apache Spark, Pykit Sci, SSH proxies TOOLS

COMPLIANCE

▸ PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II ▸ Legal consequences ▸ Provide proof of controls ▸ Keep the board informed ▸ Use tools for reporting, automate

BEST PRACTICES

▸ SSH Key rotations ▸ Device fingerprinting ▸ Credential rotations for VPN ▸ MAC address pinning ▸ Review logs regularly ▸ Audit user accounts

CONTINUOUS IMPROVEMENT

Your system needs to keep “learning”

Think about rule based approach, don’t obsess

Follow good login hygiene

Use DNS instead of nailed IPs

Audit shadow IT accounts

Connect with us

18 ▸ calendly.com/anirban/enterprise-demo/ ▸ Free Trial on OnionID.com ▸ Sales@onionid.com ▸ 1-888-315-4745 ▸ Twitter - @onion_id ▸ Connect with us on FB or Linkedin

▸ We will be posting these slides

▸ Feedback is very welcome

https://calendly.com/anirban/enterprise-demo/

THANK YOU! Any questions? You can find more about us at: Onion ID – Privilege Management in 60 Seconds www.onionid.com , sales@onionid.com Tel: +1-888 315 4745