ZERO TRUST IDENTITY
ZERO TRUST IDENTITY
Identity is the Center of Security– The Future is Now!– Zero Trust Identity
• Users Data, and Devices are uniquely tied together
• Users and devices are untrustworthy
SESSIONSTime Session Partners
2:30 Access Management Verifies Enterprise Mobility Management Status of Mobile Device
Ping / VMware
3:00 Complete Security for your AWS deployment Okta / Netskope / LogRhythm / CyberArk
3:30 Adaptive Access Management for Enterprises SecureAuth / Netskope / LogRhythm
4:00 Delegation of Access Management and trust elevation for privileged access
Gemalto / Ping / BeyondTrust
4:30 Access Management checks for Cloud Access Security Broker
Ping / Netskope / Optiv
5:00 Identity Governance Attestation of Privileged Account Management
SailPoint / CyberArk / LogRhythm
• Problem
– Unnecessary account privileges (gained through overprovisioning or ineffective de-provisioning policies) increase the risk of a cyber attacker gaining critical access and accomplishing a significant data breach
• Zero Trust Capabilities
– Privileged accounts have been proven to be the main attack vector for most data breaches. As such, provisioning of these accounts should be governed by a lifecycle management system and recertified on an ongoing basis according to the policies and compliance/audit requirements of an organization
• IDSA Use Cases
– Identity Governance Attestation of Privileged Access Management Accounts
+
Identity Governance
Identity Administration
SIEM
CASBPAM
GRC
Network Security
UEBA
Service Mgmt
Fraud & RiskDAG
IDENTITY SECURITY
Identity Governance Attestation of Privileged Account Management
EMMDLP
Access Management
7
SOLUTION MATURITY
Define Implement Automate Report Optimize
8
Define Implement Automate Report Optimize
Periodic and event driven certification of privileged accounts minimize the ‘high access leverage surface area’ available to cyber attackers
EnhancementSuspicious usage of privileged accounts and the response to these incidents with deeper investigation and/or account suspension
• Manual approach, with ad-hoc or scheduled governance campaigns
• Provides adequate ‘pruning’ of privileged access• Begins to shrink the threat landscape
Define Implement Automate Report Optimize
EnhancementSIEM controls to monitor and respond to suspicious use of privileged accounts are implemented
Manual trigger of certifications is now augmented with the automatic initiation based on Identity events or Risk
Define Implement Automate Report Optimize
EnhancementSIEM threat response is now automated based on suspicious use of privileged accounts– removing, disabling, or re-attesting accounts either directly or through intermediary
Enhanced reporting and auditing• Track the baseline metrics of reduced privileged
account days as a percentage of total provisioned privileged account days
Define Implement Automate Report Optimize
EnhancementMeasure and track the enhanced metric of suspicious privileged account usage incidents and the reduction of these incidents through the automated mitigation responses
16
Organizational commitment and follow-through to review, analyze, determined and mitigate the root causes that create unnecessary privileged account days• An example of this would be coarse and/or flawed role
definition
Define Implement Automate Report Optimize
EnhancementOrganizational commitment to make prioritized progress mitigating the root causes of suspicious privileged account usage incidents
SOLUTION COMPONENTS
• CyberArk SCIM Server
• IdentityIQ 7.1+• PAM Module• SIEM Plugin
• SmartResponse Plugin
QUESTIONS?
MEMBERS