observeit webinar: privileged identity management

Privilege Identity Management08.27.15

Asurion_Confidential

2Asurion_Confidential

Asurion IAM

Introduction of PIM

Why PIM at Asurion

The Past

The Present

The Future

Agenda

3Asurion_Confidential

What is Identity and Access Management (IAM) at Asurion?

Identity Management: The systems and processes of managing enterprise digital identities. This

includes automated user and entitlement provisioning and management, as well as the oversight process

around user rights and entitlements including automated attestation.

Authentication Management: The systems and processes of managing authentication of both internal

and external identities and resources. This includes processes to audit and report on such authentications.

Directory Management: The systems and processes to store digital identities. This includes mainly

LDAP stores and the strategy and schema of such stores.

PKI Management: Public Key Infrastructure or PKI is a set of software, policies, and procedures needed to

create, manage, distribute, use, store, and revoke digital certificates.

Asurion IAM

4Asurion_Confidential

What is Privilege Identity Management (PIM)?

Wikipedia: Privileged Identity Management (PIM) is a domain within Identity Management focused on the

special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as

an Information Security and governance tool to help companies in meeting compliance regulations and to

prevent internal data breaches through the use of privileged accounts.

Managing the password of and who uses any account that has elevated rights on any

system.Where the accounts are used

Who has access to the account information

Creation of the accounts

Automated password rotations

Auditing of what the accounts do.

What is PIM?

5Asurion_Confidential

Why did Asurion deploy a PIM program?

IAM Program started in April 2014 but did not focus on anything but bellybuttons

Need to focus on Properly Managed Accounts:The account complies with our password policy

The account is not used for anything other than intended purpose

The account can only be used by those authorized to do so

The account is monitored for compliance

PIM and Asurion

6Asurion_Confidential

What Asurion looked like before PIM:

AD contacts

Sticky notes

Excel spreadsheets

Onboarding documentation

Wiki and SharePoint

Not updated always

Everyone knew passwords

Passwords never changed

The Past

7Asurion_Confidential

What Asurion looks like today:

Secure Password Vault

Auditing of check in/out

The Present

8Asurion_Confidential

Where is Asurion headed:

Local Admin Accounts

Appliance and HW Accounts

Directory Service Accounts

Programmatic Account Retrieval

Session Management

The Future

9Asurion_Confidential

What have we learned so far:

Need to focus on PIM separately

Scope, keep it simple

Need to understand where accounts are used

Organization is key

Baby steps

Potential to break everything

Lessons Learned

Asurion_Confidential

PRIVILEGE IDENTITY MANAGEMENT08.27.15

Matt Chambers

Principal, IAM

matt.chambers@asurion.com

Thank you.

WHO IS OBSERVEIT?

HQ Boston, MA / R&D Tel Aviv, Israel

Founded 2006

1,200+ Customers Worldwide

$20M Invested by Bain Capital

The Leading Provider Of User Activity Monitoring To Mitigate Insider Threats

INSIDER THREAT LANDSCAPE

THIRD-PARTIES

PRIVILEGED USERS

EMPLOYEES

CHALLENGE WITH ADDRESSING INSIDER THREATS

“It’s Hard to Distinguish Abuse from Legitimate Use”

3 out of 4 InfoSec professionals say

260,000+ members

INSIDER THREAT INTELLIGENCE WITH OBSERVEIT

INSIDER THREAT INTELLIGENCE WITH OBSERVEIT

Collect

DetectRespond

• User Behavior Analytics

• Activity Alerting

• User Risk Scoring

• Visual User Recording

• Application Marking

• User Activity Logs

• Live Session Replay

• Interact With Users

• Shutdown Sessions

UNDERSTAND FIELD-LEVEL APPLICATION USAGE

DETECT DATA MISUSE AND APPLICATION ABUSE

INVESTIGATE RISKY USER BEHAVIOR AND INTENT

USERS

Audit and Compliance

Employees________________________

Data Extraction and Fraud

Application Access, Call Centers, and Watchlists

Third-parties________________________

IP Theft and Service Availability

Contractors, Remote Vendors, Outsourced IT

Privileged Users________________________

Access Abuse and Data Privacy

Help Desk, DBAs, HPAs, SoD and Sys Admins

COMPLETE COVERAGE WITH OBSERVEIT

Audit Controls for PCI / PII / PHI Data, Monitoring Privileged and 3rd Party Access, Alerting for Access

to Sensitive systems

PRIVILEGED USER INTELLIGENCE

UNIX / LINUX Windows DBAs

Network Help Desk Programmers

WireShark PuTTY

Toad

RDPWinSCP

Reg EditorCMD PowerShell

DR JavaSSH

Unauthorized Changes / Access, Abusing Privileges, Local / Service Accounts

ADSQL PLUS

CUSTOMER EXAMPLES

Monitoring Privileged Access PCI

Monitoring internal privileged users with access to PCI systems

Detect unauthorized configuration changes

Meeting internal and external audit

Monitoring Privileged Users for PCI/SOX

Monitoring privileged users with access to over 60 PCI/SOX applications

Real-time monitoring of unauthorized account creation and firewall changes

Integrated with Lieberman Password Vault and Avatier identity provisioning

THANK YOU