250 likes | 323 Vues
Security – Knowing Who is Doing What. August 2007. Email. Chat. Protect Against Unauthorized Use. Compliance Across Data Lifecycle. Assess Electronic Risks Across Entire Data Lifecycle…. Customers. Suppliers. Source Code Marketing Plans Executive eMail Customer Info Competition
E N D
Security – Knowing Who is Doing What August 2007
Email Chat Protect Against Unauthorized Use Compliance Across Data Lifecycle Assess Electronic Risks Across Entire Data Lifecycle… Customers Suppliers Source Code Marketing Plans Executive eMail Customer Info Competition Employee Data 10Q Sales Data Passwords Internal Projects Sales Marketing Channel Partners Inbound/OutboundCall Centers Help Desk Consultants Finance Employees ConfidentialCustomer Data Thieves/Fraudsters
Compliance • SOX GLBA • HIPAA SB1386 CriticalInformationSecurity Competitive Advantage • IP theft • Defensibility of Trade Secrets • Competitive Intelligence • Insider Threat - 80% • Closing the Loop • Forensics CorporateGovernance • Appropriate Use of Corporate Resources • Productivity Identity Risk Management C C C C
CustomerRecords AccessDenied Here are the customer records. New Data Security and Compliance Risks Customer Records/Information “Trusted” Insider External Hacker Where Have You Put Your Resources?
Changing Trends in Information Security Risks • “87% of insider attacks involved authorized persons using legitimate commands.” US Secret Service • “Through 2008, insiders will account for the majority of financial losses from computers & networks.” Gartner Group • “In writing the GLBA Data Protection Rules, the ability to monitor the insider threat was a significant gap.” Paul Reymann Co-author GLBA Data Protection Rule
CSI/FBI 2005 Report on Sources of Threats • Attack volumes from both internal and external are similar in nature • The belief that strong authentication is required only from external sources is outdated
CSI/FBI 2005 Report on Unauthorized Use Unauthorized computer system use is still a problem for most companies
Methodology: 7 Steps of Effective Risk Mitigation • Identify Perceived Risks • Planning meetings with corporate organization • Gather Data on Actual Risks • Identity Risk Assessment • Prioritize Severity of Risks • Correlate Information – Look for Trends • Complete Action Plan to Remediate Risk • Risk Profile Analysis • Standardized Risk Management Reporting • Continue Monitoring Risks and Investigating Unusual Trends
Identity is a Critical Security Ingredient • Rapid Adoption & Growth • Authentication market stands between $1B to $3B - Infonetics • 2004 WW IAM market size was $2.33B –IDC • IAM market growing at 11% CAGR between 2004 – 2009 - IDC • Identity Management will grow from 1.2B 2005 to 8.5B 2008 -Radicati Group • Projected growth over 50% year over year till 2009 - Radicati Group “Security information and event management (SIEM), as well as identity and access management (IAM), have required different information security approaches. However, they are integrating at their respective functional layers for auditing. Compliance efforts are the major catalyst driving them together.” Gartner: Security & Identity Management Auditing Coverage, July 2005
Customer Needs Driving Identity Market Need for Simplified Identity & Access Management • Mitigating security risk, compliance to corporate security and usage standard • Government Regulations demanding better security and internal control for authentication, access, and identity management • Sarbanes-Oxley - HIPAA • Supporting strong protocols – 802.1X and EAP • Reducing IT & Help Desk overhead, improving operational efficiency • Tracking network activity through identity
The Problems With Traditional Security • Traditional security tends to be perimeter based with limited identity-based security • Most security comprises of Firewall & IDS at perimeter and OS or application provided authentication and access rights • Internal networks are still largely trusted • Many are still not layering key defenses – network and security • Layering identity management is still a relatively new concept
Identity, Network, Security Convergence Who is doing what and when? • Perimeter only security no longer enough • Mobility and new applications are forcing change • Must implement sophisticated security: • UTM Appliances (FW, AV, IPS, etc) • Content Security • Host Security • Network Access Control • Identity & Access Management • Identity will be critical element as perimeter dissolves The internal network can no longer be trusted…
Ideal Situation – Defense Everywhere • Layer security solutions to apply security everywhere • In addition to perimeter security: • Personal AV, firewalls, IDP, & Spyware • UTM security gateways with AV, IPS, Antispam, and Web filtering • Strong identity management, network authentication, access management, and integrity based access control • And more… • User’s view security as complex and difficult to manage • IT budgets dictate how much security can be deployed How do we manage all of this?
Management Issues: Management overhead to provision & maintain Scattered views offer no correlation Inconsistent password & authentication policies Higher volumes of support calls Requires more hardware, management utilities, and training Higher cost, added complexity, and slower response times Security Issues: Unauthorized entry points without a unified view Identity information theft from insecure servers Security holes from left-over accounts Inconsistent access policies weaken security stance Security issues decrease customer confidence, create negative corporate PR, and can lead to costly lawsuits Identity Resource Management Pain Points User Issues: • Authentication complexity • Too many accounts, passwords, login methods results in: • Increased security risk • Locked accounts • Lost productivity • Higher help desk volumes
Traditional Barriers to Identity Management • Difficulty of integration • Too many solutions, integration between vendor products expensive and difficult • High cost of implementation • Directory Service, Provisioning, Security is expensive to purchase and integrate • Time for implementation • Full scale deployments for large companies can take many months to over a year • Departmental difficulties • Legacy support for outdated systems • Departments giving up control of user and customer information
Internal Firewalls, Switches, Routers, Access Points, etc. Perimeter Firewalls, VPNs Email Servers Local Users, Data Systems, and Applications Remote Users Too Many Ways to Authenticate Complicates Identity Management and Increases Cost Authentication RADIUS, LDAP, AD box Identity Provisioning, Monitoring box Firewall Identity Monitoring box Many Others … Multiple Authentication Servers, Data Stores, and Proxies
Identity & Access Management Benefits • Security & Accountability • Authentication Capabilities • Management of User Roles & Identities • Elimination of Inactive Accounts • Detailed Audit Trail • Quick Account Termination • Identity Reporting and Logging • Simplifying Complexity • User Self-Service, Password Synch • Fast Provisioning of New Employees • Reduction in IT and Help Desk Resources • Compliance with Government & Internal Regulations
A10’s Smart IDentity Management Popular IAM functions unified in one hardened appliance Centralized provisioning & management of accounts and data stores Fast deployment into existing networks Rapid cost reduction & immediate benefits within hours of deployment Enhanced compliance & internal controls PROVISION CORRELATE MANAGE REPORT Rapid Deployment + Easy Use + Low Cost = Fast ROI & High Value
Central Account Management Unified IDentity Manager (UIM) Features Centralized account lifecycle management Virtual Directory model Synchronization of identity information Visibility of all account provisioning and activity IDsentrie 1000 Advantages Simplified user account management Centralized account policy enforcement Account activity with integrated identity Improved accuracy, security, accountability and operational efficiency Automate compliance tasks Manage popular data store types from a central web interface Make the changes from one location to all the data stores Verify that your data stores do not have stale data that could leave your network open to exploits
User Self-Help Service User Self Service Features • Account updates, password resets and changes • Web interface for easy access • Password Policy enforces tough passwords • Updates synchronized across data stores • All portal activity is logged for compliance IDsentrie Advantages • Reduces IT & Help Desk burden • Minimizes employee downtime • Agent-less solution for non-intrusive implementation • Fast implementation for immediate benefits Simplify user password management, recover IT resources, and improve user productivity
EX Series: Secure Bandwidth Manager with Identity Solving Bandwidth Management problems through a unique secure, high-performance, and highly visible platform. Hardened Appliance with High Performance Multi-threaded, Multi-CPU Operating System & Architecture
AX Series – Next-generation Server Load Balancer Advanced Core Operating System (ACOS) Advanced Application Switching SSL Acceleration High Density 10 Gig Protocol Optimization Integrated L2/L3 Line Rate Security Data Center Class Hardware Inline Scripting IPv4/IPv6 ACOS tuned for multiple CPUs
Thank You - Questions? For more information, visit A10 Networks’ web site at: www.a10networks.com