ACTIVE AUTHENTICATION FOR INFRASTRUCTURE

HELLO!I am Anirban Banerjee.I am the Founder and CEO of Onion ID. https://calendly.com/anirban/enterprise-demo/

THE STATUS QUO

CHALLENGES AND THREATS

GOING FORWARD

THE STATUS QUO

4

IT INFRASTRUCTURE

TODAY

LaptopsIn house servers

Cloud serversMobile devices

ContainersNetwork equipment

WHO IS ACCESSING

DevopsIT

DevelopersShadow ITBloggersMarketing

Automated SoftwareDeploy and Build softwareVendors and 3rd parties

THE STATUS QUO

Usernames/passwords

SSH Keys

▹ Helps login automatically

IP filters

▹ Only talk to certain computers

VPNs

▹ Some Security

▹ Encrypted traffic

CHALLENGES AND THREATS

CHALLENGES

▸ IT Outsourcing

CHALLENGES

▸ Inflexible – Multiple dev teams▹ Geographically distributed▹ Shadow IT

▸ High Velocity Changes – IaaS/Paas via APIs

▹ AWS, Rackspace, Docker▹ All types of web apps

▸ Employee churn

▸ Compliance and Audits

▸ Attack surface has changed▸ Horizontal attacker movement▸ Vertical privilege escalation

THE THREAT LANDSCAPE

Horizontal and Vertical Attacker Movement

GOING FORWARD

ACTIVE AUTHENTICATIO

N CAN HELP

▸ Concept of least privilege

▸ Risk score everything▸ Every command is

analyzed▸ Learn, Match, Act,

Update

WHAT TO LOOK FOR

AND WHAT TO DO

Usually never runs visudo /etc/shadow – high risk

COMMANDS BEING RUN

Where are you connecting from, time, # of connections

CONNECTION STATISTICS

Risk score every command: White, Grey, Black

EVERY COMMAND IS ANALYZED

Invisible 2FA for Grey, Physical 2FA for Black

TAKE ACTION

Apache Spark, Pykit Sci, SSH proxiesTOOLS

COMPLIANCE

▸ PCI DSS, HIPAA, FedRamp, FFIEC, SOX, SOC I,II

▸ Legal consequences▸ Provide proof of controls▸ Keep the board informed▸ Use tools for reporting, automate

BEST PRACTICES

▸ SSH Key rotations▸ Device fingerprinting▸ Credential rotations

for VPN▸ MAC address pinning▸ Review logs regularly▸ Audit user accounts

CONTINUOUS IMPROVEMEN

T

Your system needs to keep “learning”

Think about rule based approach, don’t obsess

Follow good login hygiene

Use DNS instead of nailed IPs

Audit shadow IT accounts

Connect with us

18 ▸ calendly.com/anirban/enterprise-demo/

▸ Free Trial on OnionID.com▸ Sales@onionid.com▸ 1-888-315-4745▸ Twitter - @onion_id▸ Connect with us on FB or Linkedin

▸ We will be posting these slides

▸ Feedback is very welcome

https://calendly.com/anirban/enterprise-demo/

THANK YOU!Any questions?You can find more about us at:Onion ID – Privilege Management in 60 Secondswww.onionid.com , sales@onionid.comTel: +1-888 315 4745