Wolkig - mit Aussicht auf Identitäten!" - Norbert Olbrich RSA, a DELL Technologies Business
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Wolkig – mit Aussicht auf Identitäten!” Norbert Olbrich RSA, a DELL Technologies Business 1
„Cloud Angriffe“
ungefähr 47.800 Ergebnisse Handelsabkommen?
(0,25 Sekunden)
Veröffentlichungspflicht
von Cyberangriffen ab
2018
(72 Stunden Zeitfenster)
Bedeutung für mein
Unternehmen?
2
The technology Convergence
problem became
a Attack Sophistication
BUSINESS Complexity
PROBLEM
CEO and Board Inspection
3
Where most vendors Where business
are focusing leaders are
focusing
SECURI TY DETAI L BUSINESS RISK
Account lockouts How bad is it?
Failed user access attempts Who was it?
Web shell deletions How did they get in?
Buffer overflows What information was taken?
SQL injections What are the legal implications?
Cross-site scripting Is it under control?
Denial-of-service What are the damages?
IDS/IPS events What do we tell people?
Incident level fixes
4
WHY DOES THE GAP EXIST?
SECURITY EXCLUSION SECURITY INCLUSION BUSINESS / IT
RISK MANAGEMENT
FW GW 2FA PROV
SIEM
SPREADSHEETS
FEDERATION
NGFW
ACCESS
A/V SANDBOX MGMT SSO VULN CMDB
GRC MGMT
IDS / IPS PAM
Multiple disconnected Lack of context &
point solutions Alert fatigue ability to prioritize
5
S E C U R I T Y B U S I N E S S
T E C H N O L O G R I S K
Y BUSINESS-
DRIVEN
SECURITY
RSA uniquely links business context with security incidents
so you can respond faster and protect what matters most
6
Business-Driven Security
RSA ARCHER SUITE
CONTEXTUAL INTELLIGENCE
ORCHESTRATION & RESPONSE
RSA CYBER
RSA RSA
NETWITNESS ANALYTICS
SECURID
S U ISTEEC U R I T Y PLATFORM SECURITY
EXCLUSION ANALYTICS SUITE
INCLUSION
RSA
FRAUD & RISK INTELLIGENCE
SUITE
CONTEXTUAL INTELLIGENCE
RIGHT POWER & BUSINES RIGHT
PICTUR SPEED S ACTION
7 E OF INSIGHT CONTEXT S
BUSINESS-DRIVEN SECURITY IN ACTION
Contextual Intelligence Business Impact
RSA Archer Suite Analysis
Critical Asset • Compromised
User
• IP Violation
• Incident
Analytics Contained
jsmith
Security Exclusion Security Inclusion
RSA NetWitness Suite RSA SecurID Suite
Account
Step Up Authentication Disable
8
Organizations are struggling to protect their
user identities
81.9% 67.8% 63%
compromised in of exfiltration of Web attacks
MINUTES occurred in DAYS used stolen PASSWORDS
9 Source: Verizon Data Breach Investigations Report, 2016
Cloud adoption creates islands of identity
and smart devices change the game
How and by whom?
Impossible
to centrally
manage/control
Islands of identity Mobile changes how users
create new credentials interact with applications
to be approved, and data; expect access
managed and certified from anywhere
Is access appropriate
throughout the
user’s lifecycle?
Islands create gaps in visibility and
How do you ensure it is secure?
introduce
security and compliance risks
10 1 Forrester Data Mobile, Smartphone, And Tablet Forecast 2016 To 2021 (Global), June 2016RSA SecurID Suite assurance
Accelerate business while mitigating identity risks (Secure & Convenient)
Access assurance
Who has access to what?
Identity assurance
Is the user who they
claim to be?
11RSA® Identity Governance and Lifecycle Manage and provide insight into who has access to what RSA Identity Governance and RSA Identity Governance and Lifecycle features Lifecycle benefits • Automated certification and • Visibility of user access privileges remediation of user entitlements • Efficient delivery of access • Business friendly access request • Better informed decision making and fulfillment • Cost effective, self-sufficient IAM • Identity analytics and decision administration support dashboards • Point and click configuration 12
RSA SecurID® Access Secure and convenient access for any legitimate user RSA SecurID Access features RSA SecurID Access benefits • Risk analytics and context-based • Dynamic, flexible and automated access decisions access decisions • Wide range of multifactor • Positive user experience authenticators • Eliminates islands of identity • Central, automated management • Quicker startup times and lower cost • Easily integrate with applications • Extends access protection • Access from anywhere, from any device to anything 13
Security and Convenience have traditionally been viewed as
tradeoffs
TRADITIONAL VIEW: As Security Goes Up, End User Convenience Must Come Down
CONVENIENCE
“Easy Access”
CONSEQUENCE: This
leads organizations to
enact security
SECURITY controls that often
“Regain Control” times contradict their
business needs
14Connect to Anything from Anywhere
SaaS
Applications
Mobile
Applications
(SAML-Enabled)
Centralized
Access
Policies &
Convinence
Web
Applications
Traditional/on-premise
Applications (400+ RSA
SecurID integrations)
15Authentication to Fit Any Situation
RSA
SecurID
RSA
Push
Access
Notification
OTP
Fingerprint
EyePrint ID
Verification
FIDO
Token
16Context and Risk-Driven Identity Assurance
Device Location
Session Network
Role App
PASS
RISKY
Desktop or mobile
(web browser)
SecurID token
Step-Up
Mobile OTP Authentication
Push (Approve)
Fingerprint
Eyeprint
Apple Watch
Trusted device
FIDO
17Single Sign-On
Connecting the islands of identity
SAML Reverse
Proxy
WS-Fed
Access to Any Resource
On-premises or in the cloud HTTP
headers
Oauth SecurID SaaS apps
agents Identity Assurance Password
OpenID for secure & PaaS vault
Connect VPN convenient access
App User role
sensitivity Web
Servers
IP network Multi-Factor Auth Device
type
for any user & use cases WAM
VDI Geo
location FIDO fingerprint session
Mobile
Networking OTP eyeprint apps
Known
device attributes
phone smart watch
SecurID Tokens
Class-leading
OTP authenticators Secure & convenient access for any
user, from anywhere to anything
18The RSA Difference: A Hybrid Approach
A secure approach to
supporting on-prem
applications
Sensitive user & org SecurID Access
information remains on-
premises
Active Directory passwords
are NEVER sent to cloud
Active
Directory
Dedicated runtime not Web
Reverse Proxy
Authentication
shared with other tenants Manager 8.x
Identity Router
App Portal
19Strategic areas of focus and investment
GRC Governance
Lifecycle ASOC
MFA Access
Continuous Mobility & End User To Anything Prevention meets
Identity Assurance Experience For Any User Detection
• Standalone IA service with • More devices (Win10, MacOS) • Open standards (OAuth/OIDC)
API integration • ASOC information sharing
• Expanded self-service • Next-generation agents
• Advanced risk analytics and • Respond to threats in progress
• Desktop integration (Windows • WAM enhancements
reputation scoring
Hello, proximity unlock)
• MFA service APIs
• Continuous & time relevant
• Bring your own app (BYOA)
• B2E B2B B2C
• External risk intelligence
20IDENTITY MANAGEMENT Identity Processes -> Joiner, Mover Leaver With RSA Identity Governanc & Lifecycle 21 21
A few easy questions?
Who has access to Are you compliant with
what? - How did internal and external
they receive it? security guidelines?
How confident are
How much time and
you that people
effort do you spend
have only
provisioning user
appropriate
access?
access?
How do you manage the
complete identity
lifecycle?
22
© Copyright 2016 EMC Corporation. All rights reserved.Governing Access With Policies
Policies help automate access governance and improve workforce management
Joiner Mover Leaver
Time Based
Segregation of Duties
23Configuration, Not Customization
Fastest Time-to-Value
Configuration • Configuration, not Coding
eliminates need • Phased Projects
for complex coding • SaaS and on-premise options
Coding-Centric Configuration-Based
Lowest TCO
• Less reliance on external consultants
Visibility & Policy Access Role & Group Simple project
Certification Management Request Management
phases • Self-sufficient IAM teams
Enables Business Agility
• Quickly respond to new business demands
• Easily adapt to infrastructure and organizational
70% of customers changes
70% go live within 4 months
24RSA Identity Governance & Lifecycle
Unstructured Role & Group
Connectors
Data Management
Policy
Identities Exemptions
Management
XMDB
One Brain Visibility &
Accounts Certification
Access
Entitlements Fullfilment
Request
Web services
25LOGICAL ARCHITECTURE
Directory Business-Friendly
Systems
User Interface
MS Active Browser
Directory
Web Services
Windows File
System Application API
Collector
LDAP, ODBC, CSV Server Presentation
Logic
NAS Business
Logic
Business Workflow
MS SharePoint Collector Processing Logic Engine
LDAP, ODBC, CSV
Identity
Management XMDB™
Systems
Data High
Human Resource Processing Logic Performance
Systems Data Store
Cloud
Access Fulfillment Express (AFX)
Connector Integration
Applications
Fulfillment Adapter Messages ESB Messages
Logic
Change
Management
26RSA Identity Governance & Lifecycle - GUI 27
Yes, I know all the (my) people and their activities! 28
Thank
you!
29You can also read
