security & identity analytics - attachmate · security & identity analytics how security...
TRANSCRIPT
![Page 1: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/1.jpg)
Security & Identity AnalyticsHow Security and Identity Analytics can Drive Adaptive Defence
Adam Evans | Senior Identity & Access Specialist | 24th February 2016
![Page 2: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/2.jpg)
Source: PwC 2016 Global State of Information Security Survey(Responses from 10,000 CxOs in 127 countries 30% from Europe. Error margin <1%)
Hacking is Big Business…
The average annual Monetary loss was
$2.5m (
£1.75m)
per organisation
![Page 3: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/3.jpg)
Finding the weak links – a full-time job
• Social media
• Link clickers
• Weak passwords
![Page 4: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/4.jpg)
Adapting to Controls
![Page 5: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/5.jpg)
“Enterprises are having a difficult time hiring skilled people as it takes 53% of organisations between 3 and
6 months to fill a position and 10% cannot fill them at all.”
Source: ISACA’s global survey, “The State of Cybersecurity: Implications for 2015”
Meanwhile, as the threat evolves…
![Page 6: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/6.jpg)
Provide the limited professionals we have
with the best information for rapid decision making
![Page 7: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/7.jpg)
Analytics applies algorithms or machine learning to the
“advisor feeds” for specific use cases
![Page 8: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/8.jpg)
At Micro Focus, we believe that Identity and Security Analytics
holds the greatest hope of leveling the playing field with today’s
dynamic threats
![Page 9: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/9.jpg)
Identity Analytics Use Cases
![Page 10: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/10.jpg)
“Identity Analytics and Intelligence (IAI) moves organisations toward a contextual, dynamic, risk-based approach to identity
and access management.”
Source: Gartner
![Page 11: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/11.jpg)
Risk-Based Authentication
• Use risk scoring to drive step-up authentication
• Static risk scoring can be assigned to the entitlement, user, or application
• Add dynamic risk at request such as time of day, geo location, IP address, or device
• Results can be shared back into the analytics engine as an advisor feed
![Page 12: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/12.jpg)
Bad Behavioral Analysis
• Machine learning and anomaly detection based on identities
• Give privileged users insight into unusual activity with their credentials
• Identify unusual patterns of access, changes and data exfiltration
• Detect use of privileged account “backdoors”
![Page 13: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/13.jpg)
Excessive Credential Detection
• Identify orphaned or rogue accounts based on login or peer group analysis – revoke accounts and save on SaaS licenses
• Compare employees being paid by HR, or contracts to orphaned or rogue accounts
![Page 14: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/14.jpg)
Adaptive Access Certifications
• Request immediate access certification for high-risk transactions
• Prioritise the highest risk entitlements for access certifications
• Indicate dormant accounts or outlier access compared to peers
• Reduce rubber-stamping and increase revocation rates
![Page 15: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/15.jpg)
Risk-Based ID & Access Provisioning
• Risk-informed access request and approval
• Policy improvement suggestions for roles or SOD controls
![Page 16: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/16.jpg)
Generally, identity analytics provides better decision-
making information
![Page 17: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/17.jpg)
Security Analytics Use Cases
![Page 18: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/18.jpg)
Abnormal Sensitive File Access
• Unusual time of day for the user
• From a risky IP address, geographic location or unknown machine
• With credentials that haven’t been used in a while
![Page 19: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/19.jpg)
Abnormal Data Exfiltration
• Large data sets
• Data movement to USB drives or an unusual location
![Page 20: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/20.jpg)
Abnormal File Changes
• File replacement outside of change windows
• Changes made by an abnormal user
![Page 21: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/21.jpg)
Abnormal Password Resets
• Brute force attempts at self-service password resets
• Abnormal time, location or device for password resets
![Page 22: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/22.jpg)
Generally, security analytics is looking for abnormal activity
![Page 23: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/23.jpg)
Enforce Access Controls
Monitor User
Activity
Identity-Powered Security
MinimiseRights
Analytics
![Page 24: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/24.jpg)
The Micro Focus ApproachAn Integrated Identity, Access & Security Solution
Access Management & Authentication
SecureUser
Monitoring
Identity Governance & Administration
AnalyticsAnalytics
![Page 25: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/25.jpg)
Identity Governance & AdministrationEnforcing the Least-Privilege Principle
IGAAccess
Request
Help-Desk Integration
Access Review
Privileged Identity
Management
Delegated Administration
Business Policy SOD & Roles
Identity Management
Minimise Rights
![Page 26: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/26.jpg)
Enforce Access Controls
AMASingle Sign-On (Web, Cloud, Enterprise)
BYOI
BYOD
Multi-Factor Authentication
Federation
Risk-Based
Adaptive
Authentication
Access Management and AuthenticationA Secure Sign-on Experience
![Page 27: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/27.jpg)
Monitor User Activity
SUMLog & Event Correlation
SIEM
File Integrity
Monitoring
Configuration Assessment
Anomaly Detection
Privileged Session
Recording
Secure User MonitoringAnalytics - Identify Abnormal
![Page 28: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/28.jpg)
Benefits of an AnalyticsApproach…
• Targeted information for more efficient and intelligent decision making
• Reduced data sifting to more rapidly identify and eliminate threats
• Reduced overall risk with existing personnel resources
![Page 29: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/29.jpg)
Questions?
![Page 30: Security & Identity Analytics - Attachmate · Security & Identity Analytics How Security and Identity Analytics can Drive Adaptive Defence Adam Evans | Senior Identity & Access Specialist](https://reader031.vdocument.in/reader031/viewer/2022030802/5b0b12997f8b9aba628d40bc/html5/thumbnails/30.jpg)
Thank You For Listening