The Sony Pictures data breach cast a media spotlight on just how unprepared many organizations are for today’s advanced cyber threats.
Suddenly, 60 Minutes, The Wall Street Journal, Forbes and other major media outlets brought terms like “zero days”, “APTs” and “anonymizer programs” to mainstream audiences.
I’m at odds with many of the IT security recommendations put forth in some articles that dissected the Sony Pictures breach. However, the comments I read about the drawbacks of perimeter security tools and password vaults were spot on.
Continuous Cyber Defense Thwarts Covert Attacks
One of the lessons from the Sony Pictures hack is that it’s easy for criminal hackers and nation-state attackers to nest within their target’s environments. Existing perimeter security tools and password vaults cannot prevent this.
Vaults and perimeter security products, like firewalls, are incapable of proactive remediation. They cannot aniticipate breaches that occur using side channel access creation modes such as zero day attacks and malware.
To remedy this situation, end-users and IT administrators must be stripped of long-lived credentials with escalated capabilities. Privileged credentials and SSH keys should be changed every 2 -24 hours in most corporations and government agencies. Otherwise, attackers can nest on average of more than 200 days in the network, according to Mandiant.
At Lieberman Software, our privileged access management solution knocks the attackers out of their nests, no matter how they got there in the first place.
Security Automation is Key
Sony Pictures’ fundamental flaw was that they were trying to manage IT and security by hand and with password vaults. We propose a different strategy. We recommend automating identity security for corporate survival by removing persistent access and persistent administrative capabilities. The best way to do this is with technology for Just in Time Access and Just Enough Access.
Our privilege management solution reduces the number of credentials with escalated capabilities. It times out the credentials that attackers do manage to steal. We frustrate the attackers by creating a moving target. New credentials are generated as soon as any logins are compromised.
In essence, our strategy assumes that intruders are already inside the environment. Your user workstations are most likely compromised. This means that multifactor access to critical applications using bastion technology, such as our Secure Application Launcher, is essential.
This is the last line of defense for when intruders get past perimeter security defenses that are designed for yesterday’s threats, or vaults that store long-lasting (and therefore vulnerable) credentials.
Sony Pictures’ IT environment was compromised and severely damaged because the company did not operate on a continuous cyber-warfare footing. They failed by assuming that hackers were not competent in their tradecraft. The lack of an active cyber defense solution to protect powerful privileged accounts is a disaster in waiting.
Target, Home Depot, Sony Pictures and others were victims of that missing last line of defense that should always be in place, but often is not.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.