 | Issue: | Global-ICT 2015 |
| Article no.: | 15 | |
| Topic: | Four principles for protecting privileged accounts from becoming pathways to advanced threats | |
| Author: | Udi Mokady | |
| Title: | CEO & founder | |
| Organisation: | CyberArk | |
| PDF size: | 359KB |
About author
Udi Mokady is the President and CEO of CyberArk, and a pioneer in establishing the Privileged Account Security software market. Since co-founding the company in 1999, Mokady has entrenched CyberArk as the market leader in privileged account security and compliance. During his tenure at CyberArk, Mokady has also served as CyberArk’s chief strategist and visionary, overseeing global expansion, management, execution and corporate development.
Since assuming the position of CEO in 2005, Mokady’s leadership and direction has been instrumental in guiding CyberArk to achieve record growth, while accelerating overall market adoption for privileged account security solutions to protect against an evolving advanced threat landscape. Today, CyberArk is a trusted security partner to 1,800 global businesses, including 40 of the Fortune 100.
Prior to his role as CEO, Mokady served as CyberArk’s COO between 1999 and 2005. During this time, Mokady established CyberArk’s US headquarters in Newton, Massachusetts and successfully transitioned the company to a market leadership position in Privileged Account Security by helping organisations to recognise the connection between privileged accounts and advanced internal and external security threats. Mokady also orchestrated the company’s market expansion in the US, Europe, and Asia by elevating awareness of the security and compliance risks of privileged accounts while successfully implementing and managing channel development, international sales operations and marketing for CyberArk’s award winning information security products.
Prior to CyberArk, Mokady specialised in legal management and business development for international high-tech companies. He previously served as the general counsel at Tadiran Spectralink, a highly specialised producer of secure wireless communications systems.
A veteran of a Military Intelligence unit, Mokady holds a law degree (L.L.B.) from Hebrew University in Jerusalem and a Master of Science management degree (MSM) from Boston University.
Article abstract
If the companies that dominate the telecoms industry are infiltrated by a hacker, the consequences could be vast, as thousands of devices, servers, databases, security devices, network devices and applications could be at risk. It is therefore absolutely critical that the privileged and administrative accounts in control of these assets are properly locked down, monitored and controlled to provide security assurance.
Full Article
In today’s cybersecurity environment, companies should be acting as if a potential security threat is already on the inside, rather than waiting to see if they’ve been compromised – it’s a case of when, not if. Whether hackers are aiming to plant malware, expose credentials, or to siphon company secrets, enterprises need to continually increase awareness of emerging vulnerabilities that could lead to an attack.
Misused or exploited privileged credentials have been found to have been used in nearly all data breach incidents. They allow an external attacker or malicious insider to become a ‘super-user’, with the ability to take full control of an organisation’s infrastructure, disable security controls, steal confidential information, commit financial fraud or disrupt operations.
With this growing threat, organisations need controls in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.
Privileged access to national infrastructure
For telecoms companies in particular, the potential of a cyber attack has extremely serious implications. The communications infrastructure is vital to how the country operates on a day-to-day basis – from enabling commerce and energy infrastructure to supporting emergency response mechanisms.
If the companies that dominate the telecoms industry are infiltrated by a hacker, the consequences could be vast, as thousands of devices, servers, databases, security devices, network devices and applications could be at risk. It is therefore absolutely critical that the privileged and administrative accounts in control of these assets are properly locked down, monitored and controlled to provide security assurance.
A strategy to protect
In recent years, attacks have only increased in severity and regularity. For example, it’s now estimated that the average cost of an online security breach for big businesses starts at £1.46 million, an increase of £600,000 compared to 2014 . What’s more, in a survey of C-level and IT security executives last year, CyberArk found that 52 percent of respondents believed that cyber-attackers were currently on their network or had been in the last year . These statistics demonstrate why, more than ever before, businesses need to act as if their network has already been compromised. After all, by the time the business is aware of the breach, the credentials may have been stolen, the costs incurred, and a business’s reputation already damaged.
To stay one step ahead of the hackers and secure credentials, businesses must adopt four principles:
1. Understand
2. Control
3. Monitor
4. Respond
The first step – understanding – may sound obvious, however research has shown that the majority of organisations underestimate the true extent of their privileged account security risk. In our experience, a large number of organisations either do not know or grossly underestimate the number of privileged accounts within their company, meaning that privileged accounts are all too often either unknown or unmanaged. We’ve found that there are typically close to three to four times the number of privileged accounts as the number of employees.
Understanding therefore includes not only knowing how many privileged accounts there are, but also knowing which of these accounts are protected and properly managed. This means being aware of what people are able to view, what systems they can access, and if there is a legitimate need for those privileges.
Once businesses are able to understand the number of accounts that they have to contend with, both on-premises and in the cloud, the next step is putting the right processes in place to control these accounts and determine the necessary security policies.
Good security policies will provide both strong controls, while aligning with IT operations procedures and will be as transparent as possible for the IT and operational teams. An important best practice for controlling privileged access is to ensure session isolation, which creates full isolation between a potentially infected administrator desktop and a sensitive target asset. Controlling privileged accounts and sessions not only helps to improve security processes but is also useful proof to meet regulatory compliance requirements and audits.
Next, ongoing monitoring the use of these privileged accounts is a proactive step towards protecting against advanced threats. Effective monitoring will help businesses identify irregular or risky activities, alerting businesses to potentially malicious activity in real-time. As many organisations have central security monitoring or security operation centres (SOC), it is very common to have privileged account activity monitoring integrated for real-time event reporting. Ultimately, effective monitoring helps businesses to focus on risky activities or abnormal behaviour such as accounts being accessed at unusual times of day compared to normal use-patterns.
The final step is having the right tools in place to respond to these issues – whether it’s immediately revoking privileges while individual instances are investigated or filling a security hole that has been identified. Without central controls and continuous monitoring in place, it is extremely difficult for businesses to prevent an attacker from operating on the network once the perimeter has been breached and the hacker has been successful in escalating privileges once inside.
Privileged account exploitation is an essential step in targeted cyber attacks. It is inevitable that attackers will seek to hide in plain sight in order to access the most valuable information within a network. Protection from within is invaluable, and while there is no silver bullet to secure a company from today’s advanced and targeted threats, removing the ability for attackers to hijack and abuse privileged accounts under the radar is a crucial proactive step that organisations can take.
Perimeter breaches are to be expected, and security teams should be taking the approach that it’s not if, but when, they will be targeted in an attack – whether internal or external. By understanding, controlling and monitoring activities on all privileged accounts, critical businesses – like telecommunications companies — can be sure that only the right people are accessing the right information for legitimate purposes. Even if credentials fall into the wrong hands, business can reduce their exposure dramatically by being able to respond quickly and lock down paths to their critical information before the attackers can exploit it.
