Cyber-attacks continue to increase in sophistication and are occurring in such volume that the daily newsfeed is littered with tales of new breaches and the cyber infonomics ramifications. Central to almost each of these stories is an element of privilege abuse and misuse that resulted in either the initial exploit or that was implicated in allowing an initial foothold to metastasize into a security event inflicting widespread reputation and economic damage.
Based on strategies developed by BeyondTrust and presented in the recently published book, “Privileged Attack Vectors,” security professionals will learn how privileges, passwords, and vulnerabilities are being leveraged as attack vectors, and how you can take measurable steps to defend against them. Attendees will learn:
Securing the use of privileged accounts, i. e. service accounts, accounts used for administration and accounts having the ability to access critical data and perform unauthorized changes, is one of the basic security measures. However, the practice shows that the implementation of privileged access security is a challenge for many organizations and opens critical cyber security vulnerabilities. Within this presentation, the speaker will build a bridge between privileged access management and cyber security. The presentation is based on consulting experience in various organizations and will cover the following topics.
1. What challenges organizations typically face when securing privileged accounts usage? The presentation will address typical problems such as lack of account ownership, lack of central responsibility for privileged access management and accounts managed by service providers.
2. Why these challenges may lead to critical vulnerabilities used as a gateway for enabling cyber-attacks? The presentation will show typical cyber-attack scenarios and will elaborate on the usage of privileged accounts as a key method for achieving the goal of the attackers.
3. How privileged access security enables reasonable protection against targeted attacks? Targeted attacks are persistent in time, well-funded and use complex methods. Therefore a 100% protection is hardly possible and many organizations are looking for a reasonable balance between cyber security investments and remaining risk. The presentation will show the benefits of implementing privileged security controls such as administration tiering, password & session management for significantly reducing the probability of cyber security attacks in a reasonable way. The relation between preventive and detective cyber controls as well as a strategy for focusing the cyber security efforts to protection of key assets will be presented.
Key takeaways:
1. What challenges organizations typically face when securing privileged accounts usage?
2. Why these challenges may lead to critical vulnerabilities used as a gateway for enabling cyber-attacks?
3. How privileged access security enables reasonable protection against targeted attacks?
While PAM is a vital cog in the security wheel of an enterprise, its relevance to other IT functions is often overlooked leading to its poor implementation. For PAM to be meaningful and effective, all its functional components should fit into and be aware of the overall context of the environment, integrate seamlessly with other security applications and finally provide actionable information to the administrators.
This session will help attendees understand how to improve their PAM program and demonstrate more security value.
Key takeaways:
· Challenges ailing PAM implementations
· Factors that make PAM holistic and powerful
· Using contextual awareness to elevate PAM
· Real-world use cases demonstrating value
