SlideShare a Scribd company logo

Identity - The Cornerstone of Information Security

Ben Boyd
Ben Boyd

Breakout Presentation by Ben Boyd during the 2017 Nebraska Cybersecurity Conference. Discussion on the importance of identity. How it relates to recent breaches, and how to architect security frameworks, policies, and processes around identity. Identity and access management does more to protect your organization than any Fancy Technology, Deep Packet Inspection, Artificial Intelligence, Machine Learning, and quantum cryptography.

Technology
1 of 22
Download to read offline
Identity The Cornerstone of Information Security Ben Boyd | Sr. Security Architect | Integration Partners
YOU CAN BLOCK 95-100% of THREATS No machine learning No artificial intelligence No quantum cryptography
Really? How? Zero-Trust Least Privilege
The End
IdentityPeople Technology Applications Endpoints Infrastructure Wearables IoT Employees Contractors Vendors Customers Anyone/Everyone
A Native Nebraskan Knew in 1936
It’s as easy as 1,2,3….. 4 • Identify • Subjects, Objects, Actions… verbs? • Decide • Allow/Deny/Challenge (Know, Have, and Are) • Grant • Permissions, Authority, Access • Watch • Monitor, Record, Timed Access
But what about the last 4 months? • September 2017 • SEC – Non public filings (Remote Code Execution) GRANT • Equifax – 143M records of PII (Remote Code Execution) GRANT • Deloitte – 100% of emails (Admin Account..OMG 2FA) DECIDE • July 2017 • Verizon – 14M records of PII (Insecure publically facing) GRANT/WATCH • CA Assoc. of Realtors – 250K Credit Cards (Malware) GRANT/WATCH • June 2017 • Deep Root Analytics – 198M records of PII (unsecured cloud) GRANT/WATCH • Washington State University – 1M records of PII (stolen safe) GRANT/WATCH
Ok… The last 6 months? • May 2017 • Kmart – 1M Credit Cards (Malware) • OneLogin– 100% of customers (Private Key Loss) • Gmail – 1M Users Email Accounts (phishing) • April 2017 • Chipotle– 1M+ Credit Cards (Malware) • IHG – 1M+ Credit Cards (Malware) • FAFSA IRS Tool – 100K records of PII (Public Tool Abuse)
Identity. The new (old) perimeter. Yesterday’s Reality Today’s Reality Monolithic, Contained, Rigid Employees Perimeter Security, VPN THE WORLD BEFORE Distributed, Mobile, Hybrid Insecure, Fragmented THE WORLD TODAY Partners Employees Contractors Customers
Start Now! • The attack surface is spreading • Target and HVAC • Toasters and Cars coming soon! • Wait, Dyson is making a car?
So, I should just grill everyone?
A balancing act between YES and NO Speaking of Toasters… 11 IPs 3 Bluetooth radios 8 Zigbee radios 3 Z-wave radios How many toasters do you have? IPs? Radios? USBs? Miswires?
Where does Identity Matter?
Context Matters • Geo-location • Device specific • Corporate Asset • Registered BYOD • Unregistered “Bad Guy” • IP/Location Reputation • Time Sensitive
Beside the Obvious Workstations (End Users) Servers Seriously? Why are we still giving these people admin rights?! User namespaces (Jails) Containers
Firewalls • Perimeter, Core, Virtual? D. All of the above • User-based FW is a MUST • User-based policies are a MUST
Applications • Put identity at the center of everything! • Network effect on access – Scale from 1 to millions • Stay neutral! Lifecycle Management Mobility Management Universal Directory Adaptive Multi-Factor Authentication Developer SDKs Single Sign-On API Access Management Extensible Profiles, Attribute Transformations, Directory Integration and AD Password Management Secure SSO for All Your Web Apps, On-prem and Cloud, with Flexible Policy, from Any Device Contextual Access Policies, Modern Factors, Adaptive Authentication, Integrations for Apps and VPNs Lifecycle Management, Cloud & On-prem App Integration, Mastering from Apps, Directory Provisioning, Rules, Workflow, Reporting Tight User Identity Integration, Device Based Contextual Access, Light-weight Management OAuth 2.0 API authorization, Flexible identity-driven policy engine, Easy & centralized administration across APIs SDKs simplify the process of managing your Okta org. Use our REST APIs easily.
How about both? (Sponsor Time!)
Where else? • Data Analytics • Info from everything • Network Gear • Servers • Endpoints • Clouds • Wireless • Toasters? • Aware, Alert, Alarm • Churn baby churn!
Questions
Thank You!

Recommended

Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT DefCamp
 
Iot ppt
Iot pptIot ppt
Iot pptdhritykachhwaha
 
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.Rushabh Shah
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five yearsSABBY GILL
 
Things Security
Things SecurityThings Security
Things SecurityDony Riyanto
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 

Recommended

Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT Hack the World: IT/IOT/ICS SCADA OSINT
Hack the World: IT/IOT/ICS SCADA OSINT DefCamp
 
Iot ppt
Iot pptIot ppt
Iot pptdhritykachhwaha
 
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.Rushabh Shah
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five yearsSABBY GILL
 
Things Security
Things SecurityThings Security
Things SecurityDony Riyanto
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsPrivacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsEFF-Austin
 
Digital law
Digital lawDigital law
Digital lawAlieyn_
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringSuraj Khetani
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeLenin Aboagye
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesKelsey LaBelle (She Her)
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsIsmail Al Kamal
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsKatedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
The Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI EvidenceThe Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI EvidenceAaron Vick
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
Location: Trends, Ethics & Diversity
Location: Trends, Ethics & DiversityLocation: Trends, Ethics & Diversity
Location: Trends, Ethics & DiversityPLACE
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Cyber crime1 vaibhavi
Cyber crime1 vaibhaviCyber crime1 vaibhavi
Cyber crime1 vaibhaviVaibhavikhurana
 
Around a Few Big Buttons
Around a Few Big Buttons Around a Few Big Buttons
Around a Few Big Buttons Suo&Co Oy
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Energy and The Internet of Things
Energy and The Internet of ThingsEnergy and The Internet of Things
Energy and The Internet of ThingsEenovators Limited
 
Building powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesBuilding powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesCambridge Intelligence
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 

More Related Content

What's hot

Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsPrivacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsEFF-Austin
 
Digital law
Digital lawDigital law
Digital lawAlieyn_
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringSuraj Khetani
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeLenin Aboagye
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesKelsey LaBelle (She Her)
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of ThingsIsmail Al Kamal
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
The Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI EvidenceThe Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI EvidenceAaron Vick
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
Location: Trends, Ethics & Diversity
Location: Trends, Ethics & DiversityLocation: Trends, Ethics & Diversity
Location: Trends, Ethics & DiversityPLACE
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Around a Few Big Buttons
Around a Few Big Buttons Around a Few Big Buttons
Around a Few Big Buttons Suo&Co Oy
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Energy and The Internet of Things
Energy and The Internet of ThingsEnergy and The Internet of Things
Energy and The Internet of ThingsEenovators Limited
 
Building powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesBuilding powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesCambridge Intelligence
 

What's hot (20)

Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsPrivacy on the Series of Tubes of Things
Privacy on the Series of Tubes of Things
 
Digital law
Digital lawDigital law
Digital law
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineering
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagye
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting Files
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013
 
The Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI EvidenceThe Basics: Reviewing & Producing ESI Evidence
The Basics: Reviewing & Producing ESI Evidence
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?
 
Location: Trends, Ethics & Diversity
Location: Trends, Ethics & DiversityLocation: Trends, Ethics & Diversity
Location: Trends, Ethics & Diversity
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the future
 
Cyber crime1 vaibhavi
Cyber crime1 vaibhaviCyber crime1 vaibhavi
Cyber crime1 vaibhavi
 
Around a Few Big Buttons
Around a Few Big Buttons Around a Few Big Buttons
Around a Few Big Buttons
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber Security
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data Protection
 
Energy and The Internet of Things
Energy and The Internet of ThingsEnergy and The Internet of Things
Energy and The Internet of Things
 
Building powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLinesBuilding powerful apps with ArangoDB & KeyLines
Building powerful apps with ArangoDB & KeyLines
 

Similar to Identity - The Cornerstone of Information Security

Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudBen Johnson
 
Better to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityBetter to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityEric Kavanagh
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big dataDez Blanchfield
 
A Comedy of Errors in Web Application Security
A Comedy of Errors in Web Application SecurityA Comedy of Errors in Web Application Security
A Comedy of Errors in Web Application SecurityRob Dudley
 
Protecting Yourself From Data and Identity Theft
Protecting Yourself From Data and Identity TheftProtecting Yourself From Data and Identity Theft
Protecting Yourself From Data and Identity TheftMary Lou Roberts
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To KnowRaffa Learning Community
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to KnowRaffa Learning Community
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentJustin Grammens
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 

Similar to Identity - The Cornerstone of Information Security (20)

Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Better to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityBetter to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and Security
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big data
 
A Comedy of Errors in Web Application Security
A Comedy of Errors in Web Application SecurityA Comedy of Errors in Web Application Security
A Comedy of Errors in Web Application Security
 
Protecting Yourself From Data and Identity Theft
Protecting Yourself From Data and Identity TheftProtecting Yourself From Data and Identity Theft
Protecting Yourself From Data and Identity Theft
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Identity - The Cornerstone of Information Security

  • 1. Identity The Cornerstone of Information Security Ben Boyd | Sr. Security Architect | Integration Partners
  • 2. YOU CAN BLOCK 95-100% of THREATS No machine learning No artificial intelligence No quantum cryptography
  • 6. A Native Nebraskan Knew in 1936
  • 7. It’s as easy as 1,2,3….. 4 • Identify • Subjects, Objects, Actions… verbs? • Decide • Allow/Deny/Challenge (Know, Have, and Are) • Grant • Permissions, Authority, Access • Watch • Monitor, Record, Timed Access
  • 8. But what about the last 4 months? • September 2017 • SEC – Non public filings (Remote Code Execution) GRANT • Equifax – 143M records of PII (Remote Code Execution) GRANT • Deloitte – 100% of emails (Admin Account..OMG 2FA) DECIDE • July 2017 • Verizon – 14M records of PII (Insecure publically facing) GRANT/WATCH • CA Assoc. of Realtors – 250K Credit Cards (Malware) GRANT/WATCH • June 2017 • Deep Root Analytics – 198M records of PII (unsecured cloud) GRANT/WATCH • Washington State University – 1M records of PII (stolen safe) GRANT/WATCH
  • 9. Ok… The last 6 months? • May 2017 • Kmart – 1M Credit Cards (Malware) • OneLogin– 100% of customers (Private Key Loss) • Gmail – 1M Users Email Accounts (phishing) • April 2017 • Chipotle– 1M+ Credit Cards (Malware) • IHG – 1M+ Credit Cards (Malware) • FAFSA IRS Tool – 100K records of PII (Public Tool Abuse)
  • 10. Identity. The new (old) perimeter. Yesterday’s Reality Today’s Reality Monolithic, Contained, Rigid Employees Perimeter Security, VPN THE WORLD BEFORE Distributed, Mobile, Hybrid Insecure, Fragmented THE WORLD TODAY Partners Employees Contractors Customers
  • 11. Start Now! • The attack surface is spreading • Target and HVAC • Toasters and Cars coming soon! • Wait, Dyson is making a car?
  • 12. So, I should just grill everyone?
  • 15. Context Matters • Geo-location • Device specific • Corporate Asset • Registered BYOD • Unregistered “Bad Guy” • IP/Location Reputation • Time Sensitive
  • 16. Beside the Obvious Workstations (End Users) Servers Seriously? Why are we still giving these people admin rights?! User namespaces (Jails) Containers
  • 17. Firewalls • Perimeter, Core, Virtual? D. All of the above • User-based FW is a MUST • User-based policies are a MUST
  • 18. Applications • Put identity at the center of everything! • Network effect on access – Scale from 1 to millions • Stay neutral! Lifecycle Management Mobility Management Universal Directory Adaptive Multi-Factor Authentication Developer SDKs Single Sign-On API Access Management Extensible Profiles, Attribute Transformations, Directory Integration and AD Password Management Secure SSO for All Your Web Apps, On-prem and Cloud, with Flexible Policy, from Any Device Contextual Access Policies, Modern Factors, Adaptive Authentication, Integrations for Apps and VPNs Lifecycle Management, Cloud & On-prem App Integration, Mastering from Apps, Directory Provisioning, Rules, Workflow, Reporting Tight User Identity Integration, Device Based Contextual Access, Light-weight Management OAuth 2.0 API authorization, Flexible identity-driven policy engine, Easy & centralized administration across APIs SDKs simplify the process of managing your Okta org. Use our REST APIs easily.
  • 19. How about both? (Sponsor Time!)
  • 20. Where else? • Data Analytics • Info from everything • Network Gear • Servers • Endpoints • Clouds • Wireless • Toasters? • Aware, Alert, Alarm • Churn baby churn!