The common assertion among many leading cyber security firms is that the types of zero day attacks that plagued Sony Pictures, Home Depot and other businesses are now largely indefensible due to their sophisticated, automated nature.
I have a contrary opinion. I allege that with only a few minor changes in organizational IT behavior and the use of security automation, most of these zero day attacks can be converted from PR catastrophes into mere nuisances.
This week at the Gartner Security & Risk Management Summit at National Harbor, MD, Lieberman Software is exhibiting technology that counters the three stages common to most “land and expand” style cyber attacks: establishing a foothold after a breach; escalating privileges and attaining lateral movement; and extracting data and concealing tracks.
In these types of exploits, attackers use automated hacking tools to penetrate the network perimeter. Once in, intruders aggressively seek out credentials they can exploit to move laterally throughout the enterprise, taking control over the IT infrastructure and extracting an organization’s most critical data.
An effective cyber defense solution minimizes the value of zero day attacks by making an attack an expensive and frustrating proposition for intruders who attempt to nest in the network or execute the land and expand scenario.
This is accomplished by global removal of local administrator permissions on workstations and servers – which we perform using our mass management tools. We also remove persistent elevated access to systems with Just in Time/Just Enough Privilege technology via our privileged identity management platform.
By talking this approach, you’re mitigating your risk exposure by enforcing frequent credential changes and secure escalation that blocks attackers’ lateral movements. Essentially, you’re eliminating the weak administrative practices that are typical of most organizations.
Gain Command and Control Over the IT Infrastructure
Why is the necessary? It’s likely that advanced cyber attacks already defeated your conventional perimeter defenses and intruders currently reside within your environment – and remain there undetected. Current cyber-warfare has advanced to the level that intrusions and credential/privilege misuse are nearly impossible to detect. However, you can still decide how long you are willing to allow the attackers to nest in your environment and access your systems.
There is still a place for existing firewalls and systems to detect command-and-control communication, and we have hooks in our solutions that point us toward areas that require immediate remediation. However, we now see that many of the most advanced cyber threats don’t provide a signature for these systems, and therefore require a more aggressive security posture and process.
We’d like to discuss this security process with you. If you’re attending Gartner Security & Risk Management Summit this week, I invite you to visit us in booth 325. We’d like to show you how nation-state attacks and cyber criminals can be mitigated by a combination of IT behavioral change and the implementation of proactive IT management technologies – such as the ones described in this post.
You can also download our whitepaper – Cyber Defense Review of Mandiant and Verizon Threats: How-to Immediately Limit Attack Consequences – for more information.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.