Event Recording

Four Steps to a Next Generation PAM Solution

Log in and watch the full video!

Four simple steps to the perfect PAM.

Stefan Schweizer, Vice President, Sales – DACH, ThycoticCentrify

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Fantastic. Hey, complex situation for me right now with the hand microphone and the flipper here and the glasses on my nose. So I have to concentrate myself, you know, to do the right stuff now in the right direction. Okay. So it's, it's all about Pam and privilege, access management and elevation let's, you know, just right now start and jump in. So what are we talking about? We are talking about, you know, the four or the next generation of Pam solution, why next generation, because we are not considering Pam to be, you know, one thing that can, you know, be completed and, and solved easily. We are thinking about, of being a journey of a majority journey that we'd like to guide you through your process of making your environment more secure. It's interesting. When you see, when you see, you know, headlines like this, that passwords got breached was one of the biggest security providers and, and supporters of that planet.
And, and they upgrade services was secured by a password, which is 1, 2, 3, and you might wonder yourself, how the hell can that happen? But, you know, we, we are all humans. This can happen. And the question is now only for us, how can we avoid that for the future? So what indeed can be read and can be seen that 80% of all attacks and all cyber attacks. And this is, I think why we are all here are based on the idea of stolen credentials or high credentials. And it always not always, but four out of five attacks, starting with the idea of, you know, stolen passwords and stolen credentials. And it's always the same, right? So whatever prominent tech you look like, and in this case, the, the water supply of Florida hacked because their windows seven password wasn't changed for the last 19 years.
And you can go through and through and through and digest into every, you know, modern hack. And you sooner later find out that it always had a relation with stolen credentials, easy to hack passwords and easy to guess passwords. So if Gardner in this case would say, if you are about to spend only $1 on security, you should spend it on the Pam side, because, you know, with just one hand strike, you would be able, you know, within building a fantastic idea and implementation of Pam, you can avoid 80% of all attacks happening right now in your environment. So why is this the case? And we all know this from the private side. So this is a screenshot from my Google Chrome browser. And I'm very thankful that Google Chrome in many cases takes care of my passwords and stores my passwords. So whenever Google asks me and my Chrome browser asks me, should we store and take care of your passwords?
I'm usually thankfully saying yes, but I'm working on a Mac. And when I start the application on my Mac, the apple key chain takes care of that password as well. So there's another place where passwords are stored on my devices. Usually I work with my iPhone and I don't have a Google Chrome or the apple key chain running on my iPhone. So my iPhone, which is bound to my personal apple ID stores passwords as well. And you know, the safari browser on my Mac stores passwords also. So I'm just one guy and one guy has now four, five different positions where you know, that person in this case me is storing his passwords. So just imagine yourself now, a company with 1000 employees, they have easily four to five to 10,000 places where passwords are stored. So you can imagine that that can never be protected.
So the idea of psychotic Centrify is collecting these all together, bring them together in one system and implement it, you know, on behalf of the stuff that needs to be done. And, you know, it can be seen in the analog world for very long time. So on an airport, for instance, you might have a ticket. You can come across the security area, the boarding area and enter the aircraft, but you're not allowed, you know, to go to the support areas. You're not allowed to fuel the aircraft. You're not allowed to go into the cockpit of the aircraft for a pilot. The pilot does not need to go through the security. He has a different entrance. He has a different gate. And with his security pass, he can enter that gate and go into the cockpit, but is not supposed to go into the luggage area.
So there are different workers with different jobs, doing different tasks on the same, on the very same airport. You can see this in hotel cars as well. So you might be sleeping here in that Infiniti hotel. And it's interesting to see that, you know, there are different, you know, areas in that hotel. So there is your room, there's the conference area. There is the sauna or the fitness area. There is, you know, your wardrobe, there are different areas that can be attached or not attached. So at the reception you might be saying, yes, I want to be part of, you know, the fitness team. And I'd like to access the fitness area.
And on addition to that, there are different people in that hotels. There are managers, there are guests, there is cleaning services in every Illa. You see that the gangster is stealing the hotel card from the cleaning services. But, you know, just imagine a system like it's already implemented at every airport. If I would steal, you know, the ticket of a passenger, I would not be able to gather and get into the luggage area onto the cockpit. So back to the hotel example, imagine yourself that you hand out only access cards for the cleaning services for the third floor and only for the uneven rooms on the left hand side. Okay. And that would avoid the scenario that you can find out in every, in every thriller that the gangster is stealing the access card from the cleaning services. So what does this mean for us?
That means that we would like to take you on a journey on a journey that evolves and, you know, in a, in a first move finds out where you are on that journey. So where are you on that? We call it Pam majority model. Are you still in the analog phase? Are you in the basic phase? Are you in the advanced phase or are as we call it the adaptive intelligence phase with workshops, we are able to support you or help you to find out where you are, where you would like to be and, you know, take the necessary steps to bring you there. So what now, what now means, what is a privileged account? What are we all talking about? Is it about the users? Is it about the administrators? And, but we'll always have in mind when we talk about accounts, we always think about users, the administrators, the business users, the Unix users, the Microsoft users, but there is a lot of different environment acting in the network as well.
There are, do I have the laser pointer here? Yes, but it's not showing up. So there are service accounts machine to machine communication application to application communications. You not only have administrators and you know, your usually workforce, you have external workers on that, on that networking acting as well. And obviously we have different devices. So there is a data center. There's this network stuff, all the cloud applications coming up. And the legacy usually application that you might be having on site as well. So what are we doing? We are consolidating. And going back to that example that I was telling in the first phase that you, as a company with thousand employees might be 400, 4,005,000, 6,000 places where you store passwords, consolidating all these passwords and identities in one repository. And that one repository might be. And if you talk about consolidating identities, your active directory, okay.
So we might be able or not might be able, but we are able to consolidate all your users in one identity, we call it bridging. So with your Microsoft ID identity, you might be blocking into your units devices, or you might be able to look into your network devices. So we consolidate all the identities in one repository, and you as a user, do not go to your services anymore. You go into that repository. And in that repository, you might be finding the services you're allowed to go to. And then when we have granted access through that repository, we might be select how powerful that access to that repository and to that device and service you're going to might be. So what does powerful mean? Powerful means you might be able to install all the SAP applications that might be necessary for you accomplishing the job that you're about to do, but you might be not able to, for instance, go and install Netflix application to distract yourself by you not, not doing the task that you're supposed to do, but, you know, looking TV with this, all the major analytics and Cola as well, you know, rankers as number one or two in the market, depending, you know, what statistic you would, you know, like to follow and like to believe.
So, here we go, what accounts do we have? We have thousands of difference accounts, right? So hundred of hundred administrator I'm asking is where they are collecting their accounts. They always thinking of union accounts and their active directory, but there might be more places there's not only that active directory, right? There's a complete Unix world. There's this database world, the old Z OS mainframe world, for instance, there's this networking stuff and all the modern legacy, not legacy, but modern applications that might be running on your cloud services as well. So a lot of different stuff happening. And in the first dimension in the first step, we might be able and will be able to accomplish that and bring that all together altogether means, you know, bring this together in your active directory, in handling all these accounts as if they would be active directory accounts.
And the moment we are bringing this all together in one repository and in one place, we can add hundreds of features around that. So for instance, we might be able to, you know, turn a feature, which is called behavior analytics and behavior analytics, you know, could give you some indications of an early happening attack on to your accounts in order to your network. So you might be able to find out that there is anomaly happening in this environment. So maybe a Unix administrator, all of a sudden, you know, turns and tries to connect and get access to your ad environment. So stuff that you might be finding out by, you know, simply digest into, you know, what is usual, what is unusual and find out how the behavior can be accumulated to that, what you're about to do. So, you know, we can create alarms mitigate alarms and, you know, do all that stuff.
Okay. So we all know what a pushing attack is, right? So pushing attack is you being stupid enough to fall into the trap of answering a male, which asks for an uncle that got died and blah, blah, blah, you know, all that stuff that is about to trick you and give your password away. But, you know, just remember back that we have been talking that we have been talking about features just a few moments ago. And one of those features that we have been talking about is that we are locking onto that repository and that repository is forwarding you to the applications and the devices you're supposed to work with. And we are able not only to forward you to that, but do that completely passwordless okay. So you will not know your password and by not knowing your password, you can't fall into the trap of, you know, being stupid and acting stupidly enough, giving your password away by trapping it through, you know, some, some tricky pushing nails. Okay. So psychotic solution, not only, but on top to that, you know, per maturity model that we are about, and what I was showing you is able to protect you from falling to the trap of, you know, getting tricked by pushing nails.
So what is ransomware? Everyone knows what ransomware is, right? So you can on a drive by download some stuff. And that, you know, all of a sudden gets control over your machine and starts encrypting your encrypting, your files. Very so very simple solution that we had already been talking about with this repository, that we are forwarding you to the services that you are supposed to do during your work. We also give you access and granted access to the machines that you're about to work with. So just imagine you are working with a machine where ransomware would have no rights to be executed. So you're totally fine. And being protected by, you know, falling the trap of rental, we breaking through your network.
So maybe last example, what is a rainbow table? Rainbow table is the reverse, I would say engineering of passwords. Okay. So just imagine that your Microsoft system, whenever you type in your password is not, of course storing the password in Clearex, but is, you know, encrypting that password and stores it away. And that away stored password, which is a kind of hash number that's being stored on your device can be reversed engineer. This method is called hacking, but just think of a system where you random wise brute force all the passwords and store the passwords away. And, you know, be simply now able to reverse this in a, in a engineered reverse way that gives you the ability. And you can download these rainbow tablets from the internet, which are, you know, huge, huge files. So that, that file, for example, here, right? And you can go this on rainbow, correct.com, very simple reverse and get passwords.
So for instance, you steal a password which is encrypted on your Microsoft device. And this is, let's say MD five encrypted password, which is, you know, eight lengths. You can have that who is clicking there. It takes you only six minutes with this rainbow table that you can legally download to reverse engineer the password. So then our passwords secure and the answer to that is it only needs to long enough, right? So the password needs to be long enough, then it takes you millions of years. But how can you remember long enough passwords and, you know, avoid the idea of getting hacked passwords. And we already have been talking about it a moment ago when we talk about features like password. So you'll lock into that repository, the repository forwards you to the device or the service that you're about to work. And the moment you log off, we out to rotate the passwords and the hacker needs to start from the very first moment again. Okay. So password outer rotation feature that we have been talking about protects you perfectly, even from reverse engineered rainbow tables that you know, might be access and grant access to access hackers within minutes.
So what does four dimension of Pam mean four dimension of Pam beans that we can guide you through a four step journey onto that Pam journey, where we can easily find out where you are, where you wanna be and what steps would guide you to that way, where you'd like to be with this. I'd like to thank you. We.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00