In recent months some of the world’s foremost businesses have experienced a series of astounding data breaches. Each breach inflicts massive financial and reputational damage.
Following intrusions into Sony Pictures, Target, Home Depot and others, it’s common for people to ask if any network can be fully protected from hackers.
The short answer to this question is no. If an intruder is determined to get into your network, they will. And it doesn’t matter how many perimeter defenses you build around your IT environment. Today’s IT departments must anticipate that their systems will be breached, and that their most sensitive data could be stolen.
The real question that corporate executives should be asking is: what can be done to minimize the damage of a cyber attack on my organization?
Privileged Identities Really are the Keys to the IT Kingdom
The Sony Pictures hack taught us that organizations that still do not have a security solution that can limit damage inside their networks are taking remarkable risks, considering the advanced capabilities of today’s cyber attacks.
Here’s why: one of the most common methods for cybercriminals to gain access to systems is through unsecured privileged accounts. Privileged accounts provide the necessary access to view and extract critical data, alter system configuration settings, and run programs on hardware and software assets throughout the enterprise.
Almost every account on the network has some level of privilege associated with it, and can potentially be exploited by a hacker. For example, business applications and computer services store and use privileged identities to authenticate with databases, middleware, and other application tiers when requesting information.
In fact, there are so many privileged accounts in large enterprises that many organizations don’t even know where all of their privileged accounts reside – or who can access them.
Unlike personal logins, privileged identities are not typically linked to one individual. They are often shared among multiple IT administrators, with credentials that are rarely – if ever – changed.
The Privileged Account Cyber Attack Vector
Hackers need privileged access to carry out their plans – whether it’s to install malware, steal data, or disable hardware. And that’s why privileged account credentials are such a crucial component of a cyber attack. Research conducted by Mandiant revealed that 100% of the data breaches they investigated involved stolen credentials.
As already stated, if attackers want to get into your environment, they will. There’s really no way to prevent it short of creating an “air gap” to isolate your critical systems from the rest of your network. Perimeter security tools, like firewalls, react too late to defend against new APTs and zero day attacks.
So the issue is not if attackers will penetrate your perimeter, but what happens once they’re in. The first thing they do is look for ways to expand their access. Usually remote access kits, routers and key loggers are installed. The intruders’ goal is to extract credentials that will give them lateral motion throughout the network.
To accomplish this, attackers look for SSH keys, passwords, certificates, Kerberos tickets and hashes of domain administrators. Often, hackers will quietly monitor and record activity on compromised systems. Then, they can use this information to expand their control of the network.
This is the classic “land and expand” expand cyber attack, and the entire activity can be completed quickly. It doesn’t take long because most of these attacks use automated hacking tools.
Next Generation Privileged Access Management
Given the fact that your adversaries use automated tools to attack you, shouldn’t you match their efforts with your own automated security defense?
Privileged access management is an automated cyber defense solution that proactively secures privileged accounts. It’s a process of continuous remediation. The solution automatically discovers privileged accounts throughout the enterprise, brings those accounts under management, and audits access to them.
The goal of adaptive privilege management is to block intruders by continuously providing new and unique credentials for privileged accounts. Essentially, even when hackers harvest a credential, that credential is different than any others on the network, and all credentials are constantly changed. This prevents the lateral motion of land and expand cyber attacks, even in zero day attack scenarios.
Remember, if you can’t find the privileged accounts on your network, you can’t secure them. But just because you may not know where all of your privileged accounts reside, doesn’t mean the bad guys can’t locate them – and leverage them to execute their cyber attacks.
The reality of today’s cyber security landscape is that attackers can breach your network regardless of your countermeasures. Fortunately, with privileged access management you can remediate security threats faster than cyber attackers can exploit them.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.