Industry sign banking iowa moving checklist mobile
today we are here for an interesting
session around identity security before we get started I'd like to do a couple
of quick checks I understand there's been a 1 minute
delay we want to ensure that you are able to screen see that screen clearly
and able to hear a voice as well so if you're able to see my screen that says
identity security, you can drop me a message and Tracy is going to check and
let me know we get started in a minute a quick audio/video check if anybody's
having any problems tell your clan us now lovely I think we are good to go the
audio and video needs to be working fine wonderful wonderful wonderful all right
I hope you guys have grabbed a cup of coffee and have a notepad because we
have an interesting session ahead of us and good meat for an heart and I promise
we will be doing action items and action items only so this is a one juncture and
the identity landscapes where identities have become important than ever before
a while back if you were to you know travel back in time about a decade ago
things were very different when it came to identity essentially most of the
stuff that happens around the identity were compromised and administrators love
how identities and the whole architecture around identities was but
today users have started experiencing and expecting a consumeristic approach
towards identities they want identities on the go and that turns out to be a
very big challenge for administrators not from our infrastructure standpoint
but from a security standpoint so through today's session we are going to
try and understand as to how has identity as an entity involved over time
and what challenges does it pose to administrators in organizations through
their IT security juries for a long time for a very very long time
identity has been on the background not essentially at the center of
security and statically that's how it's built most focus for administrators has
essentially been around the perimeter or the devices on the perimeter that's how
they get the organisation secure and when it came to identities the world
sees God within the perimeter they were insulated from the outside
world at best identities operated with that within an
intranet but now things are very different you cannot expect your
employees to do the same thing as they used to do a couple of years ago in fact
you see a tremendous increase in the number of employees who are on the go
who are road warriors you see people working from home and that specific
culture has taken a huge sleep right now there are design teams it's not just the
feel team that works from home I mean what's on the go you have
designers you have marketeers you have different verticals of an organization
trying to work from home and that again brings a very big deviation as to how
identities were managed not just that talk about devices talk about people
bringing their own devices so you essentially have to start looking for
options you essentially have to start acknowledging the factor that identities
are they one and they are spread out all over the place so a lot of them treating
identities is something within your perimeter start considering identities
as something that's right on your perimeter it's it's again very important
to do this one change in mindset because that's going to help how you handle
identities you you must be sharing a lot of things around zero trust security
privileged access management taking as done things like that essentially are
structured around this very idea that identity has become a parameter for
organization so we would want to go further and explore how exactly has this
specific aspects of identity been a problem and this being a problem because
of legacy systems and practices that we
follow because while back if you run to their identities it was all about trust
it started with trusting in I three edges letting them access specific
resources in your organization it can't be as simple as that anymore I just
pointed out there's this concept of bringing their horse to fight how do you
ensure that works out with your existing best practices or with your existing
policies how are you going to go on and take control over machine identities but
single users probably going to have 10 or 15 different accesses and trust me
not all of them are on them maybe more than 60 or 70 percentage of them are on
the club so the idea of the agenda is to very much understand and acknowledge the
shifting trend in how I don't see our architecture inside organizations and
how organizations and enterprises have a tough time coping up with this change
just because security has become hand in hand with identity then not many
organizations are up to it and we go forward talking about how can you make
your identity access management foolproof we are going to talk about a
couple of best practices right here essentially I'm gonna greet you a couple
of cool tricks and acts and can change the way how your organization and
stakeholders see identity so the whole idea of identities has take has been on
the bathroom for a long time the time it takes center stage I'm pretty sure a lot
of you folks joining today are ia and leaders and you would have great number
of reasons by the end of this presentation to convince your board to
do or overhaul for your identity management strategy when you do get
things as how they are it seems quite straightforward it seems like an
absolutely happy organization everybody seems to be having a good time but at
the end of the day things aren't the way they seem to as we speak all right there
could be an attacker nothing out there in your organization as long as
you know all all that and attacker is bothered about is the behavior of your
users the attacker thinks trying in fact I
would go on to say that they know your users better than you do
they take the assign the Hanoverian behavior they look for patterns they
look for that one weak spots to get into your organization because I'd like to
always put this the security of your organization is only as strong as the
weakest link in your organization and for an attacker the obvious weakest link
is users and people and now that identities are multiform there is a flaw
there looking for those touch points that are one durable and all they need
is just one entry point and in fact Microsoft agrees and they put out they
were very forthcoming with this infographic piece it's a little
disturbing but that's how things are if we're talking about Active Directory
security right here all that an attacker needs is two days of time from the
moment they've gotten their first access point we're talking about attackers
being able to get into your system and take just two days to crack into an
admin account so that is definitely scary
it doesn't really stop right there getting into the account is just the
first part of the problem the next bit of it is not having practices or
policies or solutions to notify administrators or organizations that
something's going wrong because the attackers are super trained we know how
to export rate data without tricks to bring the reader so most of these
attacks that we're talking about data breaches that had happened in the past
sadly were discovered only after a couple of months after the attack had
taken place so there's one recommendation my first recommendation
for the day for you is going to be start considering the possibility of an
attacker nothing in your system already as we speak
start considering that possibility so if you change that one mindset I'm pretty
sure the way you approach identity security is going to change why
I say that why do I want you to consider that there's a lot at all in your system
because it's almost impossible these days to go on and claim that you're 100%
secure probably the only way to call yourself 100% secure is when you shut
down all your systems buddy a six feet deep hole and you know buddy all your
machines that's the only way you can feel secure at the moment you turn on
your identity joy with these are baby there are chances that something could
go wrong and one infographic that kind of validates my statement that I just
made is this right here we are very well aware of the fact that phishing attacks
they've been there for waiting on them anybody who uses a computer or a mobile
the way but at some point in time ever heard and realize and been told that do
not open emails that are malicious looking we still have users who are in
the part of the equation of identities that cause most of the time the trouble
that we face when it comes to identity securely
what do your users do the moment they see an email that says do not open the
first thing that we do is open the email what do you users do when there's an
attachment that says do not download they download the attachment so account
takeovers are taking place as we speak and in fact but now that the identities
that we're talking about are online it's become all the more easy for attackers
and actors to get out there and get hold of these identities while that security
for identities wasn't a big deal tchau the whole idea of users having multiple
identities and then having to remember passwords for multiple identities turns
out to be a challenge we'll be talking about that in a while so account
takeovers are happening as we speak and all that the attacker wants to get hold
of your credential they want to do it through a social engineering attack it
could be a simple phishing email where the social scam you they establish
control they do an internal they wait for the right time they
exfiltrate all the data that they have and then even before you know they are
out of your system that's basically because attackers are well-trained at
their group they speak the business lingo they are almost perfect when it
comes to getting and executing the attacks they go completely undetected
under the radar no matter what systems you have so we are talking about not
being able to tackle attackers with existing native tools that you've got
Active Directory is about 20 years old to the kids or does it stop your users
from having a password such as password as 1 2 3 the simple answer is no just
that's just one example with existing within one training systems with with
with is the native options that you've got preventing your system from
attackers it's not really an option that you've got so this goes with the
infographic again that's right yeah we ran a survey and we found out there are
a lot of administrator's sort of CIS O's CTU's for that matter agree to the fact
that they are under I'm sort of the attack or the other you turn on the news
you see one cybersecurity attack per day big conglomerates multi-million dollar
companies undergoing a card that were basically because someone was a little
forgetful as simple as that so the element of human error right here
please a big deal so we are talking about not just securing your systems not
just educating your users but full proofing your system that has to be your
priority when it comes to identity security so how do you foolproof I've
got a couple of cases right here for you to go through and understand how serious
is what we are talking about we've got gdpr
it made rounds last year and you know when you want to do business with the
company in the EU PII Protection has to be your priority GDP ours the month at
that no I'm pretty sure a lot of you who are
joining me today are properly we've got a good set of people joining me from
California that's California consumer Privacy Act that's going out live
starting next year Jan 1 every law every privacy law that the top
moobot is around data privacy instead on personally identifiable information it's
around credentials being safe conditions being stolen and how exactly are
organizations going to that put their since you see disturbing numbers I don't
want to go through everything I've left it for you to go through so these mean
one point that I want to highlight right here is the image of an organization the
reputation that's associated with the organization let alone define little
only natural fine that you pay what a ransom that you pay you see
organizations losing business you see organizations losing truck seven
percentage to five point nine percent just in the number of customers who were
there for a specific industry after a major attack so this is not just for
organizations in multiple industries we talk a lot Deloitte a cybersecurity
consultancy they've been they've been number one in cybersecurity conference
key for a very long time they do a lot of other conferencing but when it comes
to cybersecurity they're real good in consulting they had a massive cyber
security breach a couple of years ago and why did this happen not because they
did not have a finish solution or a best-in-class security solution nothing
at all they have the best multi-layered security system that
someone could have they in fact consulted game a lot of organizations
best practices to get things done the whole idea of not enabling just one step
which was a two-factor authentication we could not do that and that was the end
of steroids reputation we had a master list they not a lot of employee data
customer later passwords IP addresses architectural diagram intellectual
property so on and so forth just because they lost one credential and that
credential or that account was not protected by a second factor of
authentication so that is another recommendation that I want to make build
an online system breathe a cloud system that you're working on look for
solutions that help you with two-factor authentication at least ninety percent
of identity problems are not your concern anymore if you have a second
factor of authentication right there so up low you might be wondering about
ultra my implementation of TF here I'm going to get there and a white computer
on your as yours it comes for free please implement multi-factor
authentication with just one button away it takes less than 10 minutes to
configure MSA you can do it running or me please do that that's my second
recommendation for you today so as we go through the whole idea of identity
security I am pretty sure you must have been bombarded with a lot of models they
call the zero trust model you would not want to trust anybody that's the
fundamentals of zero trust model do not give access to anybody unless it's
absolutely required even if you give access to someone make it just in time
make sure you remove the accidents right after the job is done you want the least
privileged approach these are certain recommendations back to zero trust one
that Wow if zero trust enough that's the whole
question right there is ZERO trust enough so you try to restrict the number
of parcels all right but still if it fee is enough to just go with the zero trust
1 as a matter of fact the answer is yes and no I would rather look for something
that is more adaptive rather than having robust models out there it makes sense
to start your identity security journey with an adapter model continuous
assessment of risk and threat is something that you need to do how do you
do it is quite straightforward and simple as lead it out as I go my dear so
you're able to see that the whole idea of compliance and identity security go
hand in hand it starts with you ensuring that you
have contextual authentication policies can you restrict access based on context
that's a big question that you'll have to ask yourself as you're taking your
identity security journey can you monitor
critical usage does your existing identity system have provision for
looking into transactions that happen day in day out with respect to
identities notifying you if something has gone wrong and if you had an insight
can you immediately act on it can you investigate any analyse can you handle
the threat and adjust your posture that's the whole idea of Carta the model
that we recommend this is a modernist recommended by God no we follow sweet as
it seems to be the most logical approach towards identity security you look for a
solution that is continuous that is adaptive because when it comes to
identities they never the same you cannot do a trade and spray and pray
approach you will need something that is wearing pointed you will need to
evaluate look into every user account quite differently so look for solutions
that are adaptive look for solutions that evaluate access based on context
look for solutions that can monitor and notify you when there are deviations
that can also help you manage and also help you drive results so that's the
kind of model that you should be looking for in an identity securely so we've
been talking about a couple of best practices here I started out with one
recommendation which was the idea of considering that a hacker is already in
your system the next recommendation that I had asked you to do was turning on
multi-factor authentication it's a simple thing to do the next one is if
you are on your journey towards identity security look for a model that is
adaptive because identities are evolving at a rapid pace the absences are also
supposed to be contextual of that it might so we spoke about ok a while back
we spoke about the Deloitte case there's another interesting case that I'll want
you to look into when it comes to PII or personally identifiable information you
would not believe me if I tell you that your user record gets sold for $5.00 on
the dark and your health record alright get sold
for $50 there are organizations out there marketers out there who are ready
to buy any data around your behavior and start advertising based on your behavior
so there have been instances where organizations lost user recalls and they
see immediate problems that follow things like people being advertised with
the personal a condom got sold here there's another example that's right
there where Harlan's 45 movie endings are the kodkod stolen we talking about
mailer meaning as we talk about cool numbers we talk about date of birth with
these a lot can be done so how do you have a model that does not just let you
know that something went from but helps you act right away all this happen
basically because there was no provision to check for deviation and behavior so
critical accounts who was act all right and deviation in that account was
absolutely not taken into consideration at all the behavior wasn't analyzed and
the attacker remained in the system for almost 220 ninetieth that's that's more
than enough time to take over your entire data that we're talking about
lots of loss means lot of the personally identifiable information being lost
right here so what we're looking at is a direction where identity access
management and data security need to be going hand-in-hand so here I'm going to
be giving you a very basic model how do you get your I am and data security
governance going hand-in-hand so here it all starts with your ability to do a
risk assessment so if you have a specific set of identities let's say
accounts with the keys to your kingdom let's say accounts with privileges you
will need provisions to analyze them you will need to understand how we use your
attacks the surface and start monitoring any data transaction that goes on
through these privileged to comes so managing these is again a challenge for
getting the architecture right is all about getting your identity
access management and data security governance working hand-in-hand so I've
got a modern right here it might look a little complex but you if you've noticed
locally it isn't that context it starts by understanding your organization's
architecture and your organization's central goals so where is all the
critical data that we are talking about how are you going to get your data set
priorities where I our data stood how are you going to have an analytics model
work hand in hand with that whilst we are talking about Identity Management it
has to go hand-in-hand with a cap system with a user entity being a dynamic
system it all works hand in hand for you to be able to say you are a hundred
percent secure when it comes to data security so how do we do that because
when job data security the first touch point obviously is a loss prevention
it's important that privileged accounts are monitored if there are data accesses
unholy are at probably from a little geography colocation you will need to be
in order quite so user behavior comes in the place if you want to know where
these actions coming coming from you need a chat system so no longer either
these are done in silos a former central party or security strategy and the
diagram right here is as to how you manage your identity and data governance
and so have clear-cut security policies that have identities at the center have
orchestration or automations that get the job done which is exactly what I'm
going to be giving you in a while I'm going to be giving you best practices
we've discussed about quite some ground on we've covered quite some no no no I'm
gonna give you best practices that could get your identity strategy started so we
are talking about six better practices right here
the ones that could probably get 90 percentage of your identity security
problems cleared off the first one is going to be around automation so robotic
process automation we've been using it for a long time
administrators are fascinated by it I myself am mixer
robotic process automation here when we talking about identities it makes a lot
of sense to automate your on-boarding and off-boarding when it comes to user
lifecycle that's one place where I'm not problem occurs why is that we were
talking about data security most of the time major data security leads are
YouTube privilege escalations so Moomins not supposed to be having access to a
file or folder ends up having access because it was manually given and it was
not revoked late on time so administrators are burdened with
enormous load of identity shown that happens to India it's not absent lest
one click users get provision right click delete the users get the provision
it's never like that the whole process around identity and entitlement
management is quite complicated so you should start looking for systems that
let you streamline the whole on loading and offloading process and managing as
well so as we go through the right side but it's important to understand that
it's not just provisioning users in one platform but provisioning them across
multiple platforms with the right entitlements with the right mappings
with the right access to the resources and when you do it manually there are
chances that you might end up doing this check and when there is an automation
that could do end up to an automation that can effortlessly talk to let's say
HR systems or a service desk system where a request comes in from the HR it
acts as a portal it provisions the user notifies the administrator of what it
happens have entitlements marked rightly because that context associated with it
there's access that's provided based on roles based on attributes you get that
right major problem is solved so entitlement management done right
through automation is a critical aspect of identity security you try to fool
troops the first step or the first entry right here so we get the right axis and
the next point right here is as we move through their lifecycle users are going
to get more axes old ones are supposed to be the more
a classic example is someone moving from the sales department to marketing at
times some of the marketing necessarily need not have access to the sales data
there into marketing later on but still the old entitlements are not the most
because it's a manual thing to do and a science administrators again you
can't blame them insurer load at times once or twice you miss that out so you
look for solutions that are adaptive that our policy build and work at and
attribute level it could be any target system not just ask you directly to the
office 365 degree G suite any target system that we're talking about look for
solutions that understand context if a user moves from department a to be
entitlements need to automatically change you wants me to be given old ones
need to be revoked it has to be as simple as an administrator looking into
a notification and say okay great things are going good that's how you have to
look for a system that doesn't are PA and the last phase of the lifecycle be
obvious and the most challenging one which is the provision users that's
always been a challenge because like I told you be provisioning isn't just
right they complete it's a multi-stage process you as matter of fact most of
the time finding Depot is a lot more challenging they're con boarding a
couple of reasons through the lifecycle a user gets more access more touch
points more devices more resources so having a checklist of hundred things to
be provisioned right when our users leaving is a difficult thing to do
manually so have systems in place that does that for you and that doesn't just
have to be with be provisioning and we can also talk about still users or
inactive becomes a major source of security problems there are two things
one is D provisioning employees who are giving that's again a problem then the
next one is steal accounts when it's about scale accounts that's the first
spot that is a factor looks for that's the most easy entrance that an attacker
has most of the time the national accounts that we talked about who
absolutely unmonitored there could be inactive
accounts that still have access to critical resources in the organisation
and attacker assortment that the for the organization's to see who is leaving the
organization just so that they can get hold of one person active account and
get in and when we're talking about deep provisioning
accounts if you do not do a full-fledged cleanup there are chances that your
users leave a backdoor access a lot of them do that we've had survey conducted
and we've seen results that are mind-boggling so many organizations
found out after a quick tip that we'd given that there have they've had
accounts with actions that have a store entrance it could be something as simple
as a mail forwarding set to a personal account we do not want our users to do
that so there's a lot around identity security that needs to be taken into
consideration and when it's the last phase essentially user deeper William
you would need to have a checklist that very clearly marks what happened they
had what once needs to be removed and the best part is that can be automated
and that can be done across target systems it's the best way to do
it so we're talking about a multi step sequential fee provisioning that
effectively revokes not just permissions also licenses also any potential factor
accesses forwarding that asset and purchase all these inactive accounts so
you should just be the division for sale there were these mini unit 2 accounts
they got first there were these many accesses they got to move that's the
kind of system that you should be building for your identity
infrastructure so we've spoken about the first tip of
the six tips which is to get our PA or robotic process automation done and set
for your user lifecycle management manual error is the big challenge that
we're solving right here besides that when it comes to business benefit are
going to be seeing tremendous loads of time lots of you know you can you can
probably be using it for something that a lot
productive so we're talking about users right here now we just saw how
automation can help you we just talk about users right now
then comes the user no matter what policies you try and set pay somehow try
to circumvent the policy we were talking about users being a security
vulnerability because we have we've seen instances where they're likelier
passwords on a piece of paper and having stuff on top of the desktop so how are
we going to ensure that they have at that they adhere to your policies and
when it comes to Active Directory the internal policies are very bright when
it comes to the policy there's no provision to get then not to set a
password like password at 1 2 3 or an incremental password and the granularity
is always been a challenge so we're talking about users meaning your problem
number one an existing native systems not being able to defend against the
most basic attacks it could be a dictionary attack it could be a password
spree attack it could be a credential stuffing how exactly can you say or who
among you can say an existing native systems can help you defend that it all
boils down to one basic question it boils down to this question where
it's always about usability was this security so your users most of the time
is resist a change because they find it's hard to implement and are to adhere
to and that's the reason why most of these emails from the IT gets not read
at all so we would want to make it simple for them we would want to make it
foolproof as well and I would that you don't give them too much control you get
the job done let them not even notice so we're talking about existing target
systems not having partial policies that are strong enough and how do you look
for a solution that can sit on top of those systems and enforce a stronger
password policy so I've got a couple of recommendations for you look for a
system that stops users from setting passwords that are was straight out of
the dictionaries so far as change administrator the 90 can have some fun a
dictionary attack that an attacker does you could very much use the same
dictionary have it incorporated with your solution let it let your users not
set passwords from the dictionary that's something that you could need me to and
another problem were on passwords is it's very predictable you don't even
need to have a complex bot or a tool to crack passwords human behavior is
predictable so patterns on something that you need to be what is about
password has one two three organization and one two three first name at once and
see what we keep advancing as they say lots of people do that so how do you
train your system to stop your users from using patterns that's something
that you'll need to look into and yes Active Directory does have a password
history functionality lots of tools - but does it get to the granularity where
you say none of the letters from my previous password can be used in my new
password or something like that maybe three consecutive letters you stop them
from using that so that ensure that there is no incremental possible sort of
being said I myself so I talk about security the way at times i password
fatigue exception it happens the first person that I said was maybe Parker
that's one two three the next one I said what's possible at one two three four so
you stop your users from doing bugs and realistics and how do you do that you
enforce a policy that's strong enough and also at the same time make it access
with Bruce for the user so let's trick them from using repeated passwords
ensure that there's the right mix prevent them from using patterns and how
do you do that you make it usable most important challenges right here
should not detect a strong personal policy but to make it usable and and
right forward available for the user so right let's say they're resetting the
password that has to be a whale will write at the place when you're doing it
most of the time this is trouble the friction is essentially because they
don't get it give them what they are supposed to do a simple check box is
going to get the job done so try to pull procure systems and a couple of more
recommendations like assign more like a cow
like a notification that arrangement passwords are about to expire things
like that that couldn't make your Active Directory security or identity security
a little better so we've spoken about a couple of
recommendations right here one around automation one on password security I
would also want to retouch on the multi-factor parts right here I just
talked about MSA being an important aspect of identity security a couple of
options that you've got our verification codes security commissioning answers be
an angel but it was to an extent we talking about moving forward with
factors like biometrics we're talking about touch ID we're talking about space
I think how do you get them incorporated how do you make it effort in a star
shining face ID your users are not even going to realize that they have to do
one step extra they do it all the time with the Google with their Facebook they
do such authentication sources it's already out there they're already
trained for this and when it comes to security and MFE for privileged accounts
this is going to be my recommendation a while back as I started my presentation
I was talking about privileged accounts having then second factor length when
they log in this is exactly how it looked like so an administrator alright
account is compromised the credentials are out there I excuse me I would say I
don't really care the credential is compromised and I don't really care how
is that even possible because I have a second factor that's absolutely
personalized it could be an email versification
or a touch ID or a face I did that back to choose and I'd be granted access into
my system all my server right after I do my second step verification so sure it
happens right at logon it can be for your Linux it can be for your Windows it
can be for your Mac look for solutions that do two-factor authentication right
at the model and most of your problems or solve it gets this right MFA is for
your applications the FAA right when you log on that's something that you should
definitely consider so you've spoken about
couple of best practices we've seen the automation side of things we've seen the
people side of thing and how to empower users with a great usability so that
security and similar there's one more recommendation that I've got for you
which is getting everything audited when I say everything every action at an
identity performs in your system not just privileged users talk about normal
users the whole deal of auditing the reports that can come handy when you're
doing a forensic analysis you can start off with logon auditing you would want
to know changes that are made by your users you would want to have auditing
for the files and folders that are accessed by the user this forms a vital
piece in your compliance strategy as well so this is quite important having
an identity solution that does full-blown auditing look for such a
solution this if I were to give you an example the most basic one if you have a
great logon auditing tool a proactive one you'd be able to stop a brute-force
attack a brute force attack is essentially in multiple logon failures
because of wrong transitions followed by one personal prevention and one
successful logon so there's a deviation there's a set pattern right here you
would know that something's wrong with the logon and you'd be notified earlier
to be accepted so a couple of examples right there that you could very much
curtain if only you enabled other things this is just one case and how many use
cases that you can solve that I've been having the classic kid
finding as one getting that one touch point and going forward with that
that's what as hackers do they try to get hold of the domain admin credentials
it keeps moving literally but when you notice after the first logon if you had
and also an auditing solution that can check for that deviation and multiple
dogon happening consecutively and multiple touch points on multiple
endpoints you know there's something wrong before they could get hold of your
entire system so have a strong auditing solution in place
that's a user of all the things that such objects or things it can tell you a
lot of insights that can give you a lot of insight it's need not be
active it can be proactive and tell you what is going on so then spoken about a
couple of action items the last point of the day is going to be the most
important one which is monitoring privileged accounts we just saw how
important is to audited every account in the organization controlling and
monitoring privileged accounts the most important of them all and when you do
move crib list accounts there are certain best practices that you can have
in mind quite simple not difficult at all the first one is going to be this
just in time axis give them access only when it's absolutely required give them
access right on time so set up your privilege entitlement delegation
management of the quality EDM in such a way that it has least crudeness
ingrained only when required only for the user who requires it and there has
to be an automation that is associated that provokes all those accidents after
the use this is a little difficult to set up in the beginning but once you've
got it set up it should be operating real smooth and should be helping you
manage your privilege to come straight forward so we talking about just-in-time
access to your produced account and that helping you for your identity security
there's something else that you need to understand through your journey of
privilege and delegation management trying to do it granularly so if you
were to ever try doing delegation or entitlement management through the stock
options you would have noticed it's not really friendly when it comes to saying
these many privileges these attributes need to be given a time that you end up
giving more than what's required this because of our age of repetition we
don't want you to do that get granular get attribute level give these
stakeholders only what they truly require and when it comes to identity
management I'm very sure there a lot of stakeholders who have nothing to do with
it but still requesting you for access for something or the other so get
granular give them only what's required on top of all this it's still something
goes wrong you can always rely on analytics you can
we rely on you EBA or UPA to check what has gone wrong so we talk about systems
that can notify you based on risk course every user in the organisation every
given second is analyzed the behaviors get tracked if there are any deviation
so it could be job within SA and presenting from California right now
alright another 30 minutes I have an action that happens from that a rogue
wave that's the deviation unless if only if I
had the power to teleport I would not have been able to do it so we are
talking about such deviations that are quite obvious it could be factors like
geography could be factors like network location it could be your IP it could be
so device from which they are logging in it could be anything around these 15
factors that I'm talking about that gets taken into consideration to draw a risk
score for every user individually and whether there's a deviation you get
notified is that enough what is you could act on that deviation and that's
exactly where adaptive authentication a very important component when you're
evaluating an identity a solution comes with a picture your system needs to have
the capability to look into such deviations and immediately make it
difficult for the attacker or the hacker who's trying to get into the system
extra layers of security extra factors of authentication have to step in to
stop the attacker from going any further so if the restore seemed to be normal if
no deviations were there the access is going to be a furnace of
frictionless as we like to call it just one security question or one factor of
authentication like a fake ID if they seem to be a deviation the
administrators get notified the concerned user gets a prompt and the
attacker can literally not pass through because there are extra factors that the
attacker needs to go through so adaptive identification is something that you'll
need to happen right so when you're doing or taking this identity security
journey you look for a solution that does all this you'd want to do auditing
you wanted to automation you'd want to do
multifactor would want to do adapter authentication and a lot more that I've
discussed the six best practices that it gave you an identity security and look
for a solution that does all of this under one panel so what we've done is we
put together a couple of resources the sources around identity security we'd
love to share it just all you're going to do is drop me an email or Tracy an
email and we'd love to share it so it's all about making the right choice
we understand that identity security is not a child's play a lot goes behind
identity security and it's more important than ever before it's become
critical and essential to security thank you so much like you've been lovely we
have questions and we're on to take your questions over to you Tracy okay great
what are wonderful presentations so much valuable information
I did not some questions and audience please feel free to submit your question
to and we'll get as many as you can so a first question is I have a hybrid
environment can I go manage it using 8360 all right
so are absolutely the answer is yes and the way how we fear the future is hybrid
there are a lot of people are trying to move the cloud only we still see a
majority of people still relying on hybrid when it comes to hybrid there are
a couple of challenges provisioning users both places doing it in one go
that's something that you'd want to do with an automation yes as a matter of
fact the simple answer is yes 8360 helps you do that and when you're looking for
any solution for that matter I'd advise you to look for solutions that can do
all of that through an automation or an RPA in one go you wouldn't really want
to do multiple identities in multiple friends so you didn't want to do that so
look for a solution that does and one go yes it's possible again how about what
kind of anomalies can we detect Eugene user behavior analytics all right so if
I want to give you example one normally that I would want to start with
it's not on activity if there's any unusual logon failures that is something
that you can look into the example that I earlier pointed out like a brute-force
attack then repetative logon failures followed by one successful logon so your
user behavior analytics can look into it or if you want to talk about let's say
file activity big chunk of file or folder being copied or move so data
security comes into the picture you'd be able to be notified if there's someone
accessing out there a large volume of files that they've never ever accessed
before first time accidents to file in folders we also be attached that we feel
these days are some way or the other detected by a uva system so an attacker
tries to probably snoop another system thinking that they get away if they're
doing it maybe in the middle of the night this is insiders alright people
who are inside your organization people who have a malicious intent but not very
technically trained but have some level of privilege trying to access your ub8
system can notify that because mostly we see that there's a crazy volume of
insiders trying to initiate some sort of attack and most of them have an intent
but not something you're not required training your UVA can spot such a
deviation in no time okay thank you
we have one more question in the queue so if anybody else wants a put one in
real quick that would be great and we'll get to we'll get to it how about what
type of NSA NSA authentication methods of 8360 support alright so when it comes
to multi-factor authentication also boss their support for Google Authenticator
duo RSA radius we've got a support for Microsoft Authenticator and even
physical devices like Yubikey Authenticator
one-time passwords styling based a lot of once just giving you the ones that I
can recall there's a lot more okay there's another question might have just
touched on it how does in solution compared to Microsoft
advanced tech threat analytics it also detects suspicious activity in right
away using UVA can you please clarify this point can you please repeat the
question Microsoft return antics yes I got that
and you BA got that so what's the question again okay how does this
solution compared to Microsoft's ata it okay the tech this is activity right
away using uva absolute absolutely that's a great question so when it comes
to how 8360 is structured we have a since Ellucian right here and managed
engine called log 360 a full-blown same solution that does beyond identity
security so when it comes to how you leave EA works it's not just identities
that come into the picture there are a lot of network devices also that come
into the picture so you would want a system that's just not tracked in the
text a deviation but one that could give you of correlation or a context so when
you get the whole picture you'd be able to connect dots better you'd be able to
have a better result so most of the time when it comes to use of behavioral
analytics the problem is false positives you end
up answering a flag that was not required in the first place tall the
models that are out there today are very robust and rigid they aren't very
time-sensitive and they aren't very dynamic so look for solutions that not
just take into consideration users behavior but also do autocorrelation
before they arrive at a contextual report or a result so that's how we do
it when compared to Microsoft analytics I'd like to thank everybody who's joined
I understand it's almost about the time of the year when things are wrapping up
I wish everybody a very happy Christmas and a Happy New Year and a great
identity journey so this is the kind of time when you make the decision take
some time shuffle the strategy I hope you found the presentation and full I've
given you a couple of key pointers I wouldn't call it 100% but yes we've
given you certain best practice boo does I have my email id displayed
right now please write to me we'd love to talk to you to understand
challenges you're facing and if there's anything specific that we can help you
with we'd be more than happy to do that thank you all for your time. Visit: mnge.it/iam