1

Security for the Heart of the Enterprise

Bogdan Tobol

Regional Sales Executive South - Eastern Europe

2

Privileged Accounts are Targeted in All

Advanced Attacks

Mandiant, M-Trends and APT1 Report

“…100% of breaches

involved stolen

credentials.”

“APT intruders…prefer to

leverage privileged accounts

where possible, such as Domain

Administrators, service accounts

with Domain privileges, local

Administrator accounts, and

privileged user accounts.”

3

Privileged Credentials are Everywhere

WiFi Routers, Smart TVs

Privileged Accounts

Routers, Firewalls, Hypervisors,

Databases, Applications

Routers, Firewalls, Servers,

Databases, Applications

Laptops, Tablets,

Smartphones

Power Plants,

Factory Floors

4

Typical Lifecycle of a Cyber Attack Privilege is At The Center of the Attack Lifecycle

5

Power Plants,

Factory Floors

WiFi Routers, Smart TVs

Hijacked Credentials Put the Attacker in Control

Firew

all

Routers, Servers,

Databases, Applications

Compromised Privileged Accounts

Laptops, Tablets,

Smartphones

Enable attackers to:

• Bypass security controls & monitoring

• Access all of the data on the device

• Disrupt normal operation of the device

• Cause physical damage

Routers, Firewalls, Hypervisors,

Databases, Applications

6

Privileged Accounts are Targeted in All

Advanced Attacks

Avivah Litan, Vice President and Distinguished Analyst at Gartner, 2012

“Anything that involves serious intellectual property

will be contained in highly secure systems and privileged accounts

are the only way hackers can get in.”

7

CyberArk Breaks the Attack Chain

8

CyberArk Delivers a New Critical Security Layer

PERIMETER SECURITY

PRIVILEGED ACCOUNT SECURITY

SECURITY CONTROLS INSIDE THE NETWORK

MONITORING

9

What is a Privileged Account?

Privileged

Accounts System

Administrators

Applications Select Business

Users

Social

Networking

Account

Managers

3rd Party & Service Providers

• Privileged accounts exist in every PC, database,

application, industrial controller, and more

• Typically a ~3X ratio of privileged accounts to employees

10

Solving The Privileged Account Security Problem

▪ Control & Accountability for

Privileged Users

▪ Monitor & Record Privileged

Activity

▪ Compliance Reporting

▪ Remote User Access Control

Audit &

Compliance

▪ Advanced, External Threats

▪ Insider Threats

▪ Securing Application Credentials

▪ Securing Shared Admin Accounts Threats

11

CyberArk’s Privileged Account Security Solution

REAL-TIME

THREAT

DETECTION

Privileged Threat Analytics

PROACTIVE

CONTROLS

Privileged

Threat

Analytics

Enterprise

Password

Vault®

Privileged

Session

Manager®

Application

Identity

Manager™

Viewfinity SSH Key

Manager

On-Demand

Privileges

Manager™

SHARED

TECHNOLOGY

PLATFORM

Web Management Interface

Master Policy

Secure Digital Vault™

Discovery Engine

PROTECT DETECT RESPOND

12

Network

Devices

Servers Mainframes

Databases Applications

Security

Appliances

Websites/

Web Apps Cloud

Infrastructure

Enterprise Password Vault

Enterprise Password Vault Enterprise Resources

Secure Storage

Password Rotation

*****

End Users

CyberArk Web Portal

13

Servers Mainframes

Databases Applications

Cloud

Infrastructure

SSH Key Manager

SSH Key Manager Unix/Linux Resources End Users

CyberArk Web Portal

Secure Storage

Key Rotation and

Distribution

Pub. Priv.

14

Network

Devices

Servers Mainframes

Databases Applications

Security

Appliances

Websites/

Web Apps Cloud

Infrastructure

Privileged Session Manager Layered with Enterprise Password Vault

Privileged Session Manager Enterprise Resources End Users

CyberArk Web Portal

Privileged Session

Manager

*Layered with Enterprise Password Vault

15

Network

Devices

Servers Mainframes

Databases Applications

Security

Appliances

Websites/

Web Apps Cloud

Infrastructure

Secure Storage

Password and SSH Key Rotation

*****

Type System

Accounts

Receivable

CRM

Human

Resources

Online

Booking

System

Application Identity Manager

Application Identity Manager Enterprise Resources Applications

WebSphere

WebLogic

IIS / .NET

Legacy / Homegrown

UserName = “app”

Password = “y7qeF$1”

Host = “10.10.3.56”

ConnectDatabase(Host, UserName, Password) UserName = GetUserName()

Password = GetPassword()

Host = GetHost()

ConnectDatabase(Host, UserName, Password)

16

Unix Linux

Target Resources

Windows

Server Windows

PC OS

On-Demand Privileges Manager

On-Demand Privileges Manager End Users

3. Validate policy

4. One-time access granted

User Privileges:

• Standard privileges

• Permitted elevated privileges

• Blocked privileges

1. Elevated privilege request sent

2. Authenticate user

17

Privileged Threat Analytics

Normal

Abnormal

ALERT:

SIEM & CyberArk

Behavioral Analysis

SIEM Solutions

Login Data

Target System

Data

GOALS:

• Find the signal in the

noise.

• Enable the SOC to

instantly locate the

most serious alerts.

Behavioral Analysis: Self-learning statistical

model based on a combination of patent-pending

algorithms, login data, and target system data

gathered from inbound SIEM integrations.

18

Anti Virus &

Content Filtering

Securing Access Into the ICS/OT Network

DMZ

Corporate

Network

DMZ firewall

ICS firewall

ICS

Network

UNIX

Servers Databases SCADA

Devices

Routers

& Switches

Windows

Servers

Third party

vendor

VPN

Web

Portal

Vault

Supervisor

PSM

Password Session

Recording

19

Discovery and Audit: Free Assessment Tool

DNA enables organizations to:

• Discover all their privileged accounts and SSH keys

• Understand the current state of their environment

• Use this actionable data to set a plan to reduce risk and become compliant

20

Comprehensive Controls on Privileged Activity

Protect privileged

passwords and SSH

keys

Lock Down

Credentials

Prevent malware

attacks and control

privileged access

Isolate & Control

Sessions

Implement continuous

monitoring across all

privileged accounts

Continuously

Monitor

Enterprise Password Vault SSH Key Manager

Application Identity Manager

Privileged Session Manager On-Demand Privileges Unix

Viewfinity Privileged Threat Analytics

21

CyberArk Overview

Approach privileged accounts as a security challenge

• Designed and built from the ground up for security

Trusted experts in privileged account security

• 2,500+ privileged account security customers

• More than 40% of Fortune 100

Twelve years of innovation in privileged

account controls, monitoring and

analytics

• First with vault, first with monitoring, first with analytics

• Over 100 software engineers, multiple patents

Only comprehensive privileged account

security solution

• One solution, focused exclusively on privileged accounts

• Enterprise-proven

1 2 3 4 5

30% GROWTH

40% GROWTH

56% GROWTH

56% GROWTH

22

IDC Names CyberArk the PAM Market Leader

“CyberArk is the PAM

pure-play “big gorilla”

with the most revenue

and largest customer base.”

SOURCE: "IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment”, by Pete Lindstrom , December 2014, IDC Document #253303

23

Thank you