Scribd
Upload
285 views4 pages

Privileged Account Security Guide

PTA cyberark

Uploaded by

Ajay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
285 views4 pages

Privileged Account Security Guide

PTA cyberark

Uploaded by

Ajay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

PTA

PTAUSERS
 PTAUser
 PTAAppUser

PTAUser requires the following permissions .


PasswordManager_Pendingsafe:
 List Accounts
 View Safe Members
 Add Accounts (includes update properties)
 Update Account content
 Update account properties
AUTOMATIC PASSWORD ROTATION
PTAUser and PTAAppUser require
 List Accounts
 View Safe Members
 Retrieve Accounts
 Imitate CPM account management operations
PSM INTEGRATION
 the PTAUser and PTAAppUser need to be members of the
PSMPTAAppUsersgroup.
REPORTS
 User Activities Report
 Privileged Threat Assessment Report
LOG FILE
 diamond.log
 directory: /opt/tomcat/logs/diamond.log
COLLECT
 PREPPRIETARY PROFILING ALGARITHMS to detect anomalous
activity
FEATURES:
 Detects privileged accounts related anomalies
 Detects privileged accounts related security incidents:
 Detects privileged accounts related risks:
 Contains security incidents:
 Kerberos authentication attacks
 Risks in privileged sessions
ABUSE OR MISUSE INCLUDE:
 Unmanaged privileged access
 Suspected credentials theft
 Suspicious activities detected in a privileged session
PRIVILEGED ACCOUNTS RELATED ANOMALIES
abnormal behaviors include:
 Access to the Vault during irregular hours
 Access to the Vault from irregular IP.
 Excessive access to privileged accounts in the Vault
KERBEROS ATTACKS
 Over-Pass-the-Hash
 PAC Attack
 Golden Ticket
VAULT ACCESS ANOMALIES
 Access to the vault during irregular hours or a day
 Access to the vault from irregular IP addresses
 Excessive access to privileged accounts in the vault
 Activity by dormant vault users
PRIVILEGED ACCOUNT RELATED RISKS
 exposed credentials
 unconstrained delegation
 dual usage
ALERTS
 security events
 security-monitoring navigation
SECURITY EVENTS
 Risk scored based on severity
 Granular details
 Email notification and/or by SIEM dashboard
REVIEW SECURITY IN PVWA
 Severity
 Event type
 Date
REVIEW SECURITY EVENTS IN PVWA
 Last time event was detected
 The name of the event
 Initiate remediation
 Description of event
 Event id
 Risk score and severity (low, medium and high)
 Recommendation
 Most retyped activities
 Session id
RESPOND (automatic) (PVWA Security option)
 Add to pending (Onboarding unmanaged accounts)
 Rotating credentials
 Reconciling credentials
 Terminating or suspended session
SECURITY CONFIGURATION
 Add rule
• Category
• Session response
 Suspended
 Terminate
 None
• Score
• Status
 Active/in active
• Scope
Login to PRIVELAGED ACCESS SECURITY
PRIVELEGED RISKS IN AWS

PTA can contain in-progress attacks by automatically:


 Onboarding unmanaged accounts to PAS
 Invalidating stolen credentials
 Resetting passwords that were changed bypassing the Password
Manager
 Terminating or suspending privileged sessions containing suspicious
activity and stopping an attacker from continuing their attack
PTA DATA SOURCES
 Active Directory
 CyberArk Vault
 Network Tap or Agent on DC
 SIEM
 EPM
 PSM
FORWARDING SECURITY LOGS FROM THE VAULT TO PTA
the Vault should configured to send logging data to the PTA machine for
real-time data analysis
 The settings are configured in the dbparm.ini file

You might also like