zero trust identity · pushed to logrhythm 4) user sso into aws console with netskope monitoring...
TRANSCRIPT
ZERO TRUST IDENTITY
Identity is the Center of Security– The Future is Now!– Zero Trust Identity
• Users Data, and Devices are uniquely tied together
• Users and devices are untrustworthy
SESSIONSTime Session Partners
2:30 Access Management Verifies Enterprise Mobility Management Status of Mobile Device
Ping / Vmware
3:00 Complete Security for your AWS deployment Okta / Netskope / LogRhythm / CyberArk
3:30 Adaptive Access Management for Enterprises SecureAuth / Netskope / LogRhythm
4:00 Delegation of Access Management and trust elevation for privileged access
Gemalto / Ping / BeyondTrust
4:30 Access Management checks for Cloud Access Security Broker
Ping / Netskope / Optiv
5:00 Identity Governance Attestation of Privileged Account Management
SailPoint / CyberArk / LogRhythm
Complete Security for your AWS deployment
• Problem
– A holistic approach must include the right approaches for onboarding, proper authentication runtime access, request & approvals, inline security & DLP and security analytics.
• Zero Trust Capabilities
– MFA on top of username/password
– approval/request workflow for resource access
– limited timeframe for access
• IDSA Use Cases
– MFA For Public / Private Cloud Application Consolidation
– Step-Up Authentication for a Privileged Access Management Application
– Access Management Cloud Access Security Broker Security Policy Enforcement
SECURITY FOR AWS DEPLOYMENT
+
Access Management
Identity Governance
Identity Administration
SIEM
EMMDLP
CASBPAM
GRC
Network Security
UEBA
Service Mgmt
Fraud & RiskDAG
IDENTITY SECURITY
Complete Security for your AWS deployment
MEMBERS
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOGS
PAMSAML
SAML (Netskope Proxy)
ARCHITECTURE SLIDE
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOG
S
PAMSAML
SAML (Netskope Proxy)
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOG
S
PAM
SAML
SAML (Netskope Proxy)
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOG
S
PAMSAML
SAML (Netskope Proxy)
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOG
S
PAMSAML
SAML (Netskope Proxy)
Access Management Privileged Account Management SIEM CASB
• Single Sign-On• Multifactor authentication• Custom login• Extensible user profile• Group membership
• Credential vault for• Apps & Services• OS & RDBMs
• Session recording• Approval workflow
• Log management• Security analytics• Incident Response
• DLP• Real-time protection• Continuous Security
Assessment
Passwords are insecure
Consider the impact of unauthorized access to sensitive resources such as AWS or your Privileged Access Management solution
Problem statement:Use Case 1
AWS Console
OS’s
SQL
LOG
S
LOGSLOGS
LOG
S
PAM
SAML
SAML (Netskope Proxy)
UC1: MFA
1) User logs in through Okta. Credentials can be local to Okta or delegated to a corporate directory
2) MFA can be enforced during initial authentication based on policies (e.g. group membership or IP, etc)
3) MFA can be enforced within Okta at the app-level. For example, when someone tries to SSO into AWS console, MFA can be enforced based on extensible policies
4) Similar to 3, SSO from Okta into CyberArk can be challenged using MFA
DEMOUSE CASE 1
FOLLOW UP
• Extensible policy framework in Okta for MFA enforcement– Reduce credential fatigue, step up when needed
• Native MFA offerings– Okta Verify with Push, SMS, Voice and email as a factor
• Robust 3rd party integrations– Reduce factor creep, incorporate your existing MFA
Policy of least Privilege
Least privilege policies seek to reduce attack surface area but can reduce administrative efficiency.Streamline with integrated just in time privilege requests.
Problem statement:Use Case 2
AWS Console
OS’s
SQL
LO
GS
LOGS
LOGS
LO
GS
PAM
SAML
SAML (Netskope Proxy)
UC2: APPROVAL WORKFLOW
1) User logs in through Okta. Credentials
can be local to Okta or delegated to a
corporate directory
2) Login to CyberArk is
federated with Okta
3) Resource specific policy requires
user to “request for resource”
4) After approval by resource owner the
requestor is able to access requested resource
DEMOUSE CASE 2
FOLLOW UP
• CyberArk dual control enforcement– Configurable workflow of approval
• Session Isolation and Recording – Credential protection
– Auditing & forensic evidence
• C3 Alliance Integrations – Authentication and SIEM vendors among others
It takes to long to identify and respond
Static policies are insufficient to meet modern day demands.
Continuous evaluation of logs will identify actionable suspicious behavior.
Modern security platforms can streamline or automate responses to actionable alerts.
Problem statement:Use Case 3
AWS Console
OS’s
SQL
LOGS
LOGSLOGS
LOG
S
PAM
SAML
SAML (Netskope Proxy)
UC3: THREAT REMEDIATION
1) User logs in through Okta. Credentials can be local to Okta or delegated to a corporate directory
2) CASB policy securely enables access to AWS based on use/ profile match
3) Netskope logs are pushed to LogRhythm
4) User SSO into AWS Console with Netskope monitoring activities
5) End user performs suspicious operations. Netskope blocks user from performing the operation as well as logging the suspicious activity
1) Upon detection of suspicious behavior LogRhythm’s alarm triggers a risk mitigation task to revoke user’s CyberArk entitlement
DEMOUSE CASE 3
FOLLOW UP
• Netskope points of / explanation / reference
• What are the things you want to drive home from the demo
• Clean Data = Effective Analytics– Common vocabulary across all sources
• Adaptive Security– Security controls respond to stimulus
QUESTIONS?