[October 23, 2014] |
|
Identity is the New Perimeter -Deciphering CDM and Implementing Next Generation Cybersecurity
HERNDON, Va. --(Business Wire)--
Xceedium, the premier provider of privileged identity management for the
enterprise, and Innovative Solutions Consortium presented an inaugural
Continuous Monitoring Phase II Symposium on October 16, 2014 at the CIT
Complex in Herndon, Va. The event held in the Bannister auditorium was
filled to capacity with government and industry cybersecurity
professionals. The symposium focused on the goals of Continuous
Diagnostic Mitigation (CDM) and on the topics of managing people and
their access to systems. It explored the issues, challenges and best
practices for organizations seeking to manage system access,
credentials, human behavior, and the growing need to establish
protective boundaries to ensure the security and integrity of data,
applications and infrastructure.
Led by a robust roster of senior government and industry information
technology (IT) executives - including representatives from the
Department of Homeland Security (DHS), General Services Administration
(GSA), Department of State (DoS), the U.S. Office of Personnel
Management (OPM), HP Enterprise Security Products, Kratos, Microsoft,
Forescout, Splunk (News - Alert), VMware, Amazon Web Services, and more - the event
examined the topic of privileged identity management and insider threat
from a variety of perspectives, programs and solutions. Sessions
included keynote presentations and engaging panel discussions. The forum
provided attendees with key takeaways centered on identity and
underscored the criticality of establishing a least privilege
infrastructure.
"I have spent over twenty-five years in the security industry," said Ken
Ammon, Chief Strategy Officer of Xceedium. "The cadence and
sophistication of attacks mounted by hackers, organized crime, and
nation-state threats demands an unprecedented call to action for all of
us."
Key Takeaways for Cybersecurity Professionals:
-
Identity is the new perimeter. No longer are there clear
boundaries that can be drawn around a system to protect it. Identity
must be considered an integral element of security, knit into the
fabric of our next generation IT infrastructure. In order to better
protect the enterprise, cybersecurity professionals must know who is
entering and navigating the network at all times. As such, identity
management must be core to any security framework, which is reflected
in the goals of CDM Phase II.
-
A zero-trust model is essential for next generation
cybersecurity. In the past, predominant thinking dictated that
organizations assume trust and then verify access. In today's world,
this model of trust is broken. Organizations must adopt a zero-trust
model in which they never trust and always verify. In
fact, the Ponemon
Institute revealed in a study that 54 percent of respondents say
their organization assigns privileged access rights that go beyond
their role or responsibility. Instead, privileged users should only
have access to the baseline information they need to perform their
role, and only for the amount of time its needed.
-
A holistic shift in the security operating model is required. Being
breached must be viewed as the rule - not the exception. Network
administrators need to be able to establish what "normal" looks like
on an ongoing basis, in order to immediately flag suspicious behavior
and investigate. Additionally, in order to mitigate risk and improve
system defense, organizations need to make a clear distinction between
authentication and authorization. If a user's credentials have been
verified and the system can confirm them, their identity shouldn't
directly translate to carte blanche access to everything on the
system. An automated process should replace manual processes to
instantly determine the level of access granted based on a
predetermined set of rules and conditions. The separation of
authentication and authorization is a key component of CDM Phase II:
Least Privilege and Infrastructure Integrity and any leastprivilege
identity management approach.
-
Continuous Diagnostics and Mitigation embraces intersection with
HSPD-12. The principles outlined in CDM Phase II are more than
just a checklist - they are a robust complement to existing security
guidelines and mandates, including Identity, Credential and Access
Management (ICAM), the Federal Information Security Management Act
(FISMA), the Federal Risk and Authorization Management Program
(FedRAMP), and Homeland Security Presidential Directive 12 (HSPD-12).
CDM Phase II attempts to implement an access lifecycle management
approach that establishes an accurate, current baseline of knowledge
and an understanding of everything in the system and who has access to
it. CDM then aims to modernize and automate the business processes
driven by digital policy. By provisioning access through a digital
workflow, the integrity of the infrastructure remains intact from end
to end.
-
Educating all employees on cybersecurity best practices is
critical to success. The biggest threat to the IT
infrastructure isn't technology itself, but rather the everyday
employees who misuse their privileges, either maliciously or
unintentionally. Employees should be made aware of hacking techniques
- including information harvesting via social media, fake links and
clone log-in sites - and be armed with the knowledge to avoid these
tactics. Employees should adopt best practices and be instructed to
use two-factor authentication for all personal sites, manually enter
all log-in web addresses, be wary of calls from headhunters digging
for information on job responsibilities and never re-use passwords.
-
Industry should take a page from government to implement an
identity management system rooted in data. This includes a
clear and up-to-date view of digital identity (the defined
levels of trust, and the granted trust levels for all employees), credentials
(a list of all credential types, and the issued credentials for
each digital identity), authentication (password complexity
rules, and a list of every account on the system) and authorization
(all logical access privileges and all physical access privileges).
Without the dashboard view of the entire system and an automated
process that manages identities based on actual data, security is
nothing more than a steel door with a grass hut entrance on the side.
About Xceedium
Xceedium
is the leading provider of privileged identity management solutions for
hybrid-cloud enterprises. Large companies and global government agencies
use Xceedium products to reduce the risks privileged
users and unprotected credentials pose to systems and data. The
company's Xsuite platform enables customers to implement a zero
trust security model. It vaults privileged
account credentials, implements role-based
access controls, and monitors
and records
privileged user sessions. With unified policy management, Xsuite enables
the seamless administration of security controls across systems, whether
they reside in a traditional data center, a private cloud, on public
cloud infrastructure, or a combination of environments.
Xceedium's solutions
enable organizations to comply with security and privacy mandates, such
as PCI DSS, FISMA, HIPAA, and NERC (News - Alert) CIP. The company's products provide
industry-leading reliability, availability, and scalability, and they
are the most highly certified products in the market, with designations
including FIPS 140-2 validation, Common Criteria EAL4+ certification,
and inclusion on the U.S. DOD Unified Command Approved Products List
(UC/APL). For more information, please visit www.xceedium.com.
Xceedium and Xsuite are registered trademarks of Xceedium, Inc. All
other trademarks, trade names, or service marks are the property of
their respective owners.
About Xsuite
Xsuite,
unlike other products, is specifically designed and purpose-built to
satisfy the demanding privileged identity management requirements of
enterprise information technology infrastructure. Today's enterprise
IT-comprising an organization's entire computing fabric from traditional
on-premise network equipment and servers, to virtual and public cloud
based infrastructure-brings with it demanding new challenges for
privileged identity management. Traditional, first generation solutions
are ill-equipped to address these needs:
-
Comprehensive Functionality - Xsuite delivers comprehensive
functionality, including password and SSH access key management,
strong authentication integrated with multi-factor security
technologies, access control, user monitoring and recording, and
proactive policy enforcement.
-
Single Platform for Enterprise and Cloud - Xsuite enables a
single set of policies across the entire cloud and traditional data
center, ensuring consistent standards, easier compliance reporting,
and reduced administrative overhead.
-
Architected for Scale and Dynamism - Tight integration with
Amazon Web Services (News - Alert) and VMware vSphere and NSX enable Xsuite to
automatically identify resources as they're created, and automatically
apply and enforce security policies. Xsuite's automated protections
reduce "mean time to protection" to fractions of a second. Xsuite also
delivers the built-in reliability and availability services, like
clustering, which enterprise IT demands.
-
Protection of the Extended Management Plane - Xsuite has worked
extensively with both AWS and VMware to deliver tight, API-level
integration and protections.
[ Back To TMCnet.com's Homepage ]
|