SlideShare une entreprise Scribd logo

Case Study: Privileged Access in a World on Time

CA Technologies
CA Technologies

Today there are more privileged users than ever before. Providing access is not optional it is a business necessity. But how do you avoid excessive access? Providing the right access at the right time is the formula for reducing your risk and securing a world of data. At FedEx empowering the right people at the right time is not only good business, but it's also good security. For more information on Security, please visit: http://cainc.to/CAW17-­Security

Technologie
1  sur  23
Télécharger pour lire hors ligne
Case  Study:   Privileged  Access  in  a  World  on  Time Trey  Ray SCT17S SECURITY IT  Manager   FedEx Cyber  Security  Advisor FedEx Laxmi Potana Sr.  Cyber  Security  Analyst FedEx Michael  Scudiero
2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies. The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type   of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.   For  Informational  Purposes  Only   Terms  of  This  Presentation
3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Abstract Today  there  are  more  privileged  users  than  ever  before.  Providing  access  is  not  optional   it  is  a  business  necessity.  But  how  do  you  avoid  excessive  access?  Providing  the  right   access  at  the  right  time  with  CA  Privileged  Access  Manager  is  the  formula  for  reducing   your  risk  and  securing  a  world  of  data.  At  FedEx  empowering  the  right  people  at  the   right  time  is  not  only  good  business  it's  also  good  security. Trey  Ray FedEx IT  Manager Laxmi Potana FedEx Cyber  Security  Advisor Michael  Scudiero FedEx Sr.  Cyber  Security  Analyst
A GLOBAL SHIPPING NETWORK TO TAKE ON THE FUTURE HOW TO BUILD
VIDEO: “FEDEX” TRT:  1:31
Privileged Access in a World on Time Trey Ray, Laxmi Potana, and Michael Scudiero
Privileged Access in a World of Cyber Risk
PCI DSS 3.2 Created The Urgency
2 Factor Authentication Automated Password Rotation & Vaulting Command Filtering Leapfrog Prevention PREVENT DVR & Command Line Session Recording Available Logging of All PAM User Activity SIEM Integration & Alerting DETECT Built-in Reports on All Integrated Accounts and Passwords Metrics Displayed in Admin Dashboard REPORT Privileged Access is Preventive & Detective
Active Directory domain admin Windows Server Admin Unix root Database admin (DBA) and developer break-fix App service accounts Web Portals VMware Hypervisor admin TACACS Corporate social media accounts Any shared privileged account in the environment If privileged accounts are the “Keys to the Kingdom,” then PAM is the lockbox for the keys. Managing the Keys to Running the World on Time
Unix Root Admin Active Directory Domain Admin Windows Local Admin Accounts Developer Access To Privileged Data USE CASESTO CONTROL PRIVILEGED ACCESS
Use Case: Active Directory Domain Admin Domain Admin launches an RDP session from their own PC/Laptop or from other Windows server in the domain using a personal admin account. This practice is subject to the “Pass the Hash” vulnerability whereby the domain administrator’s credentials can be harvested by an attacker and used to gain privileged access to the domain. Before PAM Integration
Use Case: Active Directory Domain Admin Domain Admin logs into CA PAM client w/2FA and checks out a Domain Admin credential. RDP session to a Domain Controller is launched using CA PAM transparent login with PAM managed credentials. The Domain Admin credentials are never exposed to the administrator endpoint which eliminates the "Pass the Hash" vulnerability. Session is optionally recorded for audit purposes. After PAM Integration
Use Case: Unix Root No consistent method for managing Unix root passwords by the SysAdmin teams. The Unix root passwords had to be rotated manually on a regularly scheduled interval. No attribution for Unix root account usage Before PAM Integration
Use Case: Unix Root Unix SysAdmin logs into CA PAM client w/2FA to check out the root password for a server when required. SSH session to Unix server is launched using CA PAM transparent login with PAM managed credentials. The root password is never displayed to the SysAdmin. Command filtering prevents accidents (rm –rf *.*) Session is optionally recorded for audit purposes. After PAM Integration
Use Case: Developer DB Break-Fix Developer escalates his database privileges temporarily (24 hours) using an IDM pre-approved break/fix workflow. Since the developer uses his own personal user account for the escalated database access, the window of opportunity for an attacker to gain access using compromised credentials is lengthy. Before PAM Integration
Use Case: Developer DB Break-Fix Developer logs into CA PAM client w/2FA and checks out a privileged database account. Secure SQL session to database is launched using CA PAM transparent login with PAM managed credentials. The database password is never displayed to the developer. Session is optionally recorded for audit purposes. After PAM Integration
Use Case: Microsoft LAPS Console Administrator launches the LAPS console from their local machine. LAPS privileges are granted directly to the human admins via an AD group. An adversary utilizing a compromised human admin account would be able to view local Windows admin credentials for many devices in LAPS. Before PAM Integration
Use Case: Microsoft LAPS Console Administrator logs into CA PAM client w/2FA and checks out a LAPS enabled credential. CA PAM launches the LAPS console via RDP published application. The LAPS enabled credential is rotated at the end of the session and once a day. LAPS session is optionally recorded for audit purposes. After PAM Integration
WHAT WE LEARNED WILL HELP US SCALE | | |DESIGN FOR HIGH AVAILABILITY EMPOWER ADMINISTRATORS PHASED APPROACH AWARENESS PLANNING
21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Questions?
22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Stay  connected  at  communities.ca.com Thank  you.
23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security

Recommandé

Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDM
Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDMFundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDM
Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDMSandeep Bhatia
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 
Sample Solution Blueprint
Sample Solution BlueprintSample Solution Blueprint
Sample Solution BlueprintMike Alvarado
 
Microservices
MicroservicesMicroservices
MicroservicesACCESS Health Digital
 

Recommandé

Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDM
Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDMFundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDM
Fundamentals of SACM,ITAM,ITIL,BMC Discovery-ADDMSandeep Bhatia
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 
Sample Solution Blueprint
Sample Solution BlueprintSample Solution Blueprint
Sample Solution BlueprintMike Alvarado
 
Microservices
MicroservicesMicroservices
MicroservicesACCESS Health Digital
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Cristofaro Mune
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - OverviewHitachi ID Systems, Inc.
 
Microsoft Azure Storage Basics
Microsoft Azure Storage BasicsMicrosoft Azure Storage Basics
Microsoft Azure Storage BasicsSai Kishore Naidu
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Veeam Backup and Replication: Overview
Veeam Backup and Replication: OverviewVeeam Backup and Replication: Overview
Veeam Backup and Replication: OverviewDudley Smith
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
Architecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaSArchitecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaSEstelle Auberix
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfinfosec train
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfinfosec train
 

Contenu connexe

Tendances

Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Cristofaro Mune
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionDatabarracks
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK
 
Microsoft Azure Storage Basics
Microsoft Azure Storage BasicsMicrosoft Azure Storage Basics
Microsoft Azure Storage BasicsSai Kishore Naidu
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Veeam Backup and Replication: Overview
Veeam Backup and Replication: OverviewVeeam Backup and Replication: Overview
Veeam Backup and Replication: OverviewDudley Smith
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
Architecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaSArchitecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaSEstelle Auberix
 

Tendances (20)

Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Introducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protectionIntroducing rubrik a new approach to data protection
Introducing rubrik a new approach to data protection
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICS
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
 
Microsoft Azure Storage Basics
Microsoft Azure Storage BasicsMicrosoft Azure Storage Basics
Microsoft Azure Storage Basics
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
Veeam Backup and Replication: Overview
Veeam Backup and Replication: OverviewVeeam Backup and Replication: Overview
Veeam Backup and Replication: Overview
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
Architecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaSArchitecture Battle: PaaS vs. FaaS
Architecture Battle: PaaS vs. FaaS
 

Similaire à Case Study: Privileged Access in a World on Time

CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfinfosec train
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfinfosec train
 
_Hackercool - September 2021.pdf
_Hackercool - September 2021.pdf_Hackercool - September 2021.pdf
_Hackercool - September 2021.pdfssuser5e1b13
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Amazon Web Services
 
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxDIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxBirLama2
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdfInfosec Train
 
cPanel: Brief Glossary
cPanel: Brief GlossarycPanel: Brief Glossary
cPanel: Brief GlossaryHTS Hosting
 
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesExploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesPriyanka Aash
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployDavid Rowe
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB
 
Protecting Your Big Data on the Cloud
Protecting Your Big Data on the CloudProtecting Your Big Data on the Cloud
Protecting Your Big Data on the CloudAlibaba Cloud
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
 
CyberArk Interview Questions and Answers for 2022.pptx
CyberArk Interview Questions and Answers for 2022.pptxCyberArk Interview Questions and Answers for 2022.pptx
CyberArk Interview Questions and Answers for 2022.pptxInfosectrain3
 
Magento security best practices magento's approach to pci compliance
Magento security best practices magento's approach to pci complianceMagento security best practices magento's approach to pci compliance
Magento security best practices magento's approach to pci complianceRitwik Das
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 

Similaire à Case Study: Privileged Access in a World on Time (20)

CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdf
 
_Hackercool - September 2021.pdf
_Hackercool - September 2021.pdf_Hackercool - September 2021.pdf
_Hackercool - September 2021.pdf
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
Red Team vs. Blue Team on AWS (DVC304) - AWS re:Invent 2018
 
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptxDIY-CyberArk-Blueprint-Roadmap-Template.pptx
DIY-CyberArk-Blueprint-Roadmap-Template.pptx
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Clouds And Security
Clouds And SecurityClouds And Security
Clouds And Security
 
CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdf
 
cPanel: Brief Glossary
cPanel: Brief GlossarycPanel: Brief Glossary
cPanel: Brief Glossary
 
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesExploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
Escalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deployEscalation defenses ad guardrails every company should deploy
Escalation defenses ad guardrails every company should deploy
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
 
Protecting Your Big Data on the Cloud
Protecting Your Big Data on the CloudProtecting Your Big Data on the Cloud
Protecting Your Big Data on the Cloud
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
 
CyberArk Interview Questions and Answers for 2022.pptx
CyberArk Interview Questions and Answers for 2022.pptxCyberArk Interview Questions and Answers for 2022.pptx
CyberArk Interview Questions and Answers for 2022.pptx
 
Magento security best practices magento's approach to pci compliance
Magento security best practices magento's approach to pci complianceMagento security best practices magento's approach to pci compliance
Magento security best practices magento's approach to pci compliance
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 

Plus de CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 

Plus de CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 

Dernier

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Dernier (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Case Study: Privileged Access in a World on Time

  • 1. Case  Study:   Privileged  Access  in  a  World  on  Time Trey  Ray SCT17S SECURITY IT  Manager   FedEx Cyber  Security  Advisor FedEx Laxmi Potana Sr.  Cyber  Security  Analyst FedEx Michael  Scudiero
  • 2. 2 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS ©  2017  CA.  All  rights  reserved.  All  trademarks  referenced  herein  belong  to  their  respective  companies. The  content  provided  in  this CA  World  2017  presentation  is  intended  for  informational  purposes  only  and  does  not  form  any  type   of  warranty. The information  provided  by  a  CA  partner  and/or  CA  customer  has  not  been  reviewed  for  accuracy  by  CA.   For  Informational  Purposes  Only   Terms  of  This  Presentation
  • 3. 3 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Abstract Today  there  are  more  privileged  users  than  ever  before.  Providing  access  is  not  optional   it  is  a  business  necessity.  But  how  do  you  avoid  excessive  access?  Providing  the  right   access  at  the  right  time  with  CA  Privileged  Access  Manager  is  the  formula  for  reducing   your  risk  and  securing  a  world  of  data.  At  FedEx  empowering  the  right  people  at  the   right  time  is  not  only  good  business  it's  also  good  security. Trey  Ray FedEx IT  Manager Laxmi Potana FedEx Cyber  Security  Advisor Michael  Scudiero FedEx Sr.  Cyber  Security  Analyst
  • 4. A GLOBAL SHIPPING NETWORK TO TAKE ON THE FUTURE HOW TO BUILD
  • 6. Privileged Access in a World on Time Trey Ray, Laxmi Potana, and Michael Scudiero
  • 7. Privileged Access in a World of Cyber Risk
  • 8. PCI DSS 3.2 Created The Urgency
  • 9. 2 Factor Authentication Automated Password Rotation & Vaulting Command Filtering Leapfrog Prevention PREVENT DVR & Command Line Session Recording Available Logging of All PAM User Activity SIEM Integration & Alerting DETECT Built-in Reports on All Integrated Accounts and Passwords Metrics Displayed in Admin Dashboard REPORT Privileged Access is Preventive & Detective
  • 10. Active Directory domain admin Windows Server Admin Unix root Database admin (DBA) and developer break-fix App service accounts Web Portals VMware Hypervisor admin TACACS Corporate social media accounts Any shared privileged account in the environment If privileged accounts are the “Keys to the Kingdom,” then PAM is the lockbox for the keys. Managing the Keys to Running the World on Time
  • 11. Unix Root Admin Active Directory Domain Admin Windows Local Admin Accounts Developer Access To Privileged Data USE CASESTO CONTROL PRIVILEGED ACCESS
  • 12. Use Case: Active Directory Domain Admin Domain Admin launches an RDP session from their own PC/Laptop or from other Windows server in the domain using a personal admin account. This practice is subject to the “Pass the Hash” vulnerability whereby the domain administrator’s credentials can be harvested by an attacker and used to gain privileged access to the domain. Before PAM Integration
  • 13. Use Case: Active Directory Domain Admin Domain Admin logs into CA PAM client w/2FA and checks out a Domain Admin credential. RDP session to a Domain Controller is launched using CA PAM transparent login with PAM managed credentials. The Domain Admin credentials are never exposed to the administrator endpoint which eliminates the "Pass the Hash" vulnerability. Session is optionally recorded for audit purposes. After PAM Integration
  • 14. Use Case: Unix Root No consistent method for managing Unix root passwords by the SysAdmin teams. The Unix root passwords had to be rotated manually on a regularly scheduled interval. No attribution for Unix root account usage Before PAM Integration
  • 15. Use Case: Unix Root Unix SysAdmin logs into CA PAM client w/2FA to check out the root password for a server when required. SSH session to Unix server is launched using CA PAM transparent login with PAM managed credentials. The root password is never displayed to the SysAdmin. Command filtering prevents accidents (rm –rf *.*) Session is optionally recorded for audit purposes. After PAM Integration
  • 16. Use Case: Developer DB Break-Fix Developer escalates his database privileges temporarily (24 hours) using an IDM pre-approved break/fix workflow. Since the developer uses his own personal user account for the escalated database access, the window of opportunity for an attacker to gain access using compromised credentials is lengthy. Before PAM Integration
  • 17. Use Case: Developer DB Break-Fix Developer logs into CA PAM client w/2FA and checks out a privileged database account. Secure SQL session to database is launched using CA PAM transparent login with PAM managed credentials. The database password is never displayed to the developer. Session is optionally recorded for audit purposes. After PAM Integration
  • 18. Use Case: Microsoft LAPS Console Administrator launches the LAPS console from their local machine. LAPS privileges are granted directly to the human admins via an AD group. An adversary utilizing a compromised human admin account would be able to view local Windows admin credentials for many devices in LAPS. Before PAM Integration
  • 19. Use Case: Microsoft LAPS Console Administrator logs into CA PAM client w/2FA and checks out a LAPS enabled credential. CA PAM launches the LAPS console via RDP published application. The LAPS enabled credential is rotated at the end of the session and once a day. LAPS session is optionally recorded for audit purposes. After PAM Integration
  • 20. WHAT WE LEARNED WILL HELP US SCALE | | |DESIGN FOR HIGH AVAILABILITY EMPOWER ADMINISTRATORS PHASED APPROACH AWARENESS PLANNING
  • 21. 21 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Questions?
  • 22. 22 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Stay  connected  at  communities.ca.com Thank  you.
  • 23. 23 COPYRIGHT  ©  2017  CA.  ALL  RIGHTS  RESERVED#CAWORLD #NOBARRIERS Security For  more  information  on  Security, please  visit:  http://cainc.to/CAW17-­Security