user activity monitoring: identify and manage the risk of your users - isaca orlando 2015
TRANSCRIPT
USER ACTIVITY MONITORING:IDENTIFY AND MANAGE THE RISK OF YOUR USERSMarc F Potter
Worldwide Vice President
Corporate Strategy
Introduction
The User Risk Problem
The Blind Spots
Approach to Identify Risk
Measuring User Risk
AGENDA
76%OF DATA BREACHES INVOLVE ACCOUNTS WITH ACCESS TO SENSITIVE DATA Source: Data Breach Investigations Report Verizon
THE PROBLEM YOUR USERS
USERS GATEWAYS OF RISK
Firewall
IDS
IAM
SIEM
SystemsFront End Data
Application
Business Users
Contractors
IT Users
Contractors
84% of Insider based breaches involve users with no admin rights2
62% of admin-caused breaches due to human error2
Breaches involving contractors have significantly higher data loss and severity 3
WHERE IS THE BIGGEST RISK?
Business Users IT Users
76% of Data Breaches Involved Stolen or Exploited User Accounts1
GARTNER FUTURE OF SECURITY
Securing will require a shift to User Activity Monitoring
Source: Prevention is Futile in 2020, Gartner
Audit and Compliance
WHAT YOU NEED TO MONITORApplication User
Monitoring__________________________________________
Custom & Commercial Apps:
External Vendor Monitoring
__________________________________________
Service Providers & Contractors:
Privileged User Monitoring
__________________________________________
Critical Systems, Files & Data:
SOXEU Data
Protection Reform HIPPA
Healthcare (PHI) data Customer (PII) data Employee data Company data Financial data Intellectual property Sales & marketing
data
USER RISK BLIND SPOTS
Systems
Front End
Data
Application
Maintain backend application systems, DBs, and infrastructure for business users
Risks• Remote Access• Configuration
Changes• Audit &
Compliance
IT UsersUser variety of applications everyday to drive business
Risks• App Data
Extraction• Shadow IT • Audit &
Compliance
Business Users
Provisioning &
Governance
_____________________________________________________
User Monitorin
g ______________________________________
_______________
Password Vaults
_____________________________________________________
PRIVILEGED USER MANAGEMENT
Granular Audit Trail of all privileged user activity
Visual forensics of user sessions
Application usage Reporting
Automated provisioning of user accounts
Role based access control modeling
Access review of user entitlements
Privileged user shared account Vault
IT Access request to check out account
Workflow approvals
Controlled Access
_____________________________________________________
User Monitoring __________________________________________
___________
Change Managem
ent_____________________________________________________
3RD PARTY VENDOR COMPLIANCE
Remote Access Session Monitoring (Off hours)
Alert on Unauthorized Activity (Leapfrog)
Incident Response with Session Replay on Event logs (embedded script)
Remote Access management
Published applications and VDI
Access Authentication to protected applications
Proactive Ticket validation
Remote desktop session video
Incident Response with Video Session Replay
Critical Applicatio
ns _________________________________________
____________
User Monitoring __________________________________________
___________
Audit Log Managem
ent_____________________________________________________
BUSINESS USER COMPLIANCE
Auditing user interaction with applications
User activity logs for log-less systems
Incident Response with end user Session Replay video
Application provides access to critical data
Application with limited audit logs (Homegrown)
Logging limited due to performance tuning
Native system and security Log collection
Event correlation and incident reporting
Dashboard for Security Operations team
Global company established in 2006
Market leader in User Activity Monitoring
1200 customers across all verticals
OBSERVEIT THE COMPANY
OBSERVEIT HOW IT WORKS
Identify and Manage User-Based Risk
Applications/Servers/Desktops
Apps Keystrokes Clicks
BusinessUser
Citrix User
IT Admin/Contractor