Beruflich Dokumente
Kultur Dokumente
CyberArk Training
1
LESSON OBJECTIVES
This lesson provides an introduction to the CyberArk Privileged Account Security (PAS) solution.
Upon completion of this lesson the participant will be able to:
• Describe the system architecture and flows
• Describe a common attack method and how PAS solution can be used to minimize exposure to that
attack
• Describe the EPV
• Describe the PSM and how it can be used to minimize exposure to attacks
• Describe the PTA and how it can be used to detect and contain attacks
2
2
PRIVILEGED ACCOUNT SECURITY
4
4
PRIVILEGED ACCOUNTS CREATE A HUGE ATTACK SURFACE
5
5
AN OUTSIDE ATTACKER MUST OBTAIN CREDENTIALS OF
AN INSIDER
“…100% of breaches
involved stolen
credentials.” “APT intruders…prefer to leverage
privileged accounts where possible, such
as Domain Administrators, service
accounts with Domain privileges, local
Administrator accounts, and privileged
user accounts.”
6
6
PASS-THE-HASH VULNERABILITY
• Widely available tools such as mimikatz can be used to expose the hashes and move latterly
through the network
7
7
PRIVILEGE IS AT THE CENTER OF THE ATTACK LIFECYCLE
8
8
CYBERARK BREAKS THE ATTACK CHAIN
9
9
CYBERARK: PROACTIVE PROTECTION, DETECTION & RESPONSE
Proactive protection
• Only authorized users
Insider • Individual accountability
• Limit scope of privilege
External Hypervisors Databases/
Applications
Targeted detection
External • Continuous monitoring
Endpoints Network • Malicious behavior
Insider Devices
• High risk behavior
• Alerting
External
Industrial
Insider Controls Social Media Real-time response
External • Session termination
• Full forensics record of activity
Privileged Accounts
10
10
CYBERARK DELIVERS A NEW CRITICAL SECURITY LAYER
PERIMETER SECURITY
11
11
COMPREHENSIVE CONTROLS ON PRIVILEGED ACTIVITY
12
12
PRIVILEGED ACCOUNT SECURITY
Enterprise Privileged Session Privileged Threat Application Identity On-Demand Endpoint Privilege
Password Vault® Manager® Analytics Manager/Conjur Privileges Manager™ Manager
Credential Isolate, Monitor Privileged Attack DevOps & Apps *NIX Least Endpoint Least Privilege,
Protection & & Record Sessions Prevention & Secrets Management Privilege Control App Control & Credential
Management Detection Theft Protection
13
CORE PAS SOLUTION
• Standard Core
Includes:
• EPV
• Vault
• CPM
• PVWA
• PrivateArk Client
• PSM
• PTA
• Advanced Core
includes:
• OPM/EPM for
NIX/Windows and
Domain Controller
protection
14
ADDITIONAL PAS SOLUTIONS
• DevOps and Apps
Secrets
Management
includes:
• AIM and
Conjur
• Endpoint Least
Privilege App
Control and
Credential Theft
Protection
includes:
• EPM for
Workstations
15
CORE PAS SOLUTION
16
CORE PAS SOLUTION
• A hardened and secured digital vault used to store privileged account information
Secure Digital Vault • Based on a hardened Windows server platform
Central Policy
• Performs the password changes on devices
Manager (CPM)
Password Vault Web • The web interface utilized by users to gain access to privileged account information
Access (PVWA) • Used to configure the Master Policy on the CPM
Privileged Session
• Isolates and Monitors privileged account activity.
Manager (PSM)
• A thick-client used by administrators to perform some configuration tasks of the
PrivateArk Client
EPV solution
Privilege Threat
• Monitors and detects malicious privileged account behavior.
Analytics
17
17
SECURE
DIGITAL • Hardened and secured digital vault used to securely store data
for the entire PAS solution including:
VAULT
• Privileged Credentials
• Audit Data
• Configuration data for most components
CPM - AUTOMATIC, POLICY-BASED PASSWORD MANAGEMENT
19
PVWA - PASSWORD VAULT WEB ACCESS
21 21
ENTERPRISE PASSWORD VAULT SOLUTION OVERVIEW
IT
Enterprise IT Environment
22
PRIVILEGED SESSION MANAGER
(PSM)
28
PRIVILEGED ACCOUNT SECURITY
Enterprise Privileged Session Privileged Threat Application Identity On-Demand Endpoint Privilege
Password Vault® Manager® Analytics Manager/Conjur Privileges Manager™ Manager
Credential Isolate, Monitor Privileged Attack DevOps & Apps *NIX Least Endpoint Least Privilege,
Protection & & Record Sessions Prevention & Secrets Management Privilege Control App Control & Credential
Management Detection Theft Protection
29
VALUE OF PRIVILEGED SESSION MANAGEMENT
31
31
PSM – SESSION ISOLATION / JUMP SERVER
Direct RDP
Connection
32
CYBERARK PRIVILEGED SESSION MANAGER
Databases
PVWA
HTTPS
1
Windows/UNIX
Servers
SIEM/Syslog
33
33
SESSIONS SEARCH PAGE
34
34
TEXT RECORDING WITH POINT-IN-TIME VIDEO PLAYBACK
35
35
PRIVILEGED THREAT ANALYTICS
36
PRIVILEGED THREAT ANALYTICS
37
PTA DATA SOURCES
CyberArk Vault Network Tap or Agent on DC
SIEM EPM
38
IMMEDIATELY RESPOND TO DETECTED INCIDENTS
Collect
Collecting privileged accounts
activity
Ongoing Profiling
Detect
Detecting abnormal privileged accounts
activity
40
HOW PRIVILEGED THREAT ANALYTICS WORKS
Behavioral
Analysis Normal
Abnormal
Critical System
Access SIEM ALERT: SIEM &
Solution CyberArk
41
SUMMARY
42
SUMMARY
43
43
THANK YOU
44