Moneycontrol
you are here: HomeNewsTechnology
Last Updated : Jun 26, 2018 05:39 PM IST | Source: Moneycontrol.com

Dealing with cyber threats: A look at privileged-access management and vaulting technology

Privilege account management is powered by vault technology that enables the onboarding all privilege credentials onto a vault, which has a central policy manager that allows you to change or rotate credentials (Passwords, SSH keys, APIs or Secrets) without any human intervention,

Moneycontrol Contributor @moneycontrolcom

Rohan Vaidya

From the destruction of critical police evidence, to holding corporates to ransom, to bringing a whole country down on its knees, cyber threats represent the new normal of our digital lives.

It is no longer a question of if they will happen, but rather, when they will happen and, importantly, who will be targeted. In this context, from an enterprise's perspective, there remain two critical vulnerabilities against cyber threats that can be addressed. Ironically for the digital age, both have to do with mindsets.

The ability to secure and manage passwords, credentials, secrets – call them what you will - represents the greatest security challenge to businesses today.

Proper protection of passwords and credentials is an important step to keeping the enterprise safe. The 11th annual CyberArk Global Advanced Threat Landscape Report, however, reveals that lax password security practices remain rampant across organisations around the globe.

As many as 36 percent of the 1,300 respondents surveyed, reported that administrative credentials are stored in Word or Excel documents on company PCs. Around 34 percent say they store these credentials on shared servers or USB drives, while 19 percent store them on printed documents in physical filing cabinets.

The second mindset issue has to do with understanding who is responsible for security in the cloud.

The largely-prevalent attitude in the IT community is that only security of on-premises systems is their mandate, while cloud assets are to be protected by service providers. While cloud adoption has increased dramatically in recent years, there is still a limited understanding of the challenges of securing cloud workloads in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.

While security teams will often be comfortable with securing the cloud admin console — something that is akin to more traditional enterprise IT practices — securing dynamic environments is not so well understood.

Additionally, few understand the full impact of the unsecured credentials and secrets that proliferate in dynamic cloud environments and automated processes.

Credentials for these accounts are potent cyber temptation to many threat actors because they can provide a digital fast lane to sensitive data, systems and digital assets. This kind of risky behaviour suggests that recent high-profile examples of similar actions by companies such as Yahoo! and Uber are only the tip of the iceberg.

With the European Union's GDPR data privacy law, which places heavy penalties for not informing regulators of data breaches, kicking in on May 25, 2018, enterprises cannot continue getting away with ignoring cyber security.

The conundrum for enterprise security is that the attack surface is expanding exponentially, and attackers continue to target and exploit privileged accounts to accomplish their goals.

The good news is that security professionals understand that no organisation is safe from increasingly complex, targeted cyber security attacks.

The ways in which organisations can be compromised continue to grow in number across environments, including endpoints, on-premises systems, cloud services, hybrid environments and DevOps.

Regardless of size, country of origin or industry, every organization has something of value to a cyber attacker. High profile breaches like Yahoo! were caused by poor security, especially associated with securing privileged credentials.

Changing infrastructure, technologies and practices result in the prolific creation of privileged accounts that, when compromised, give threat actors free-ranging lateral access across networks, data and applications. Locking down privileged accounts is critical to keeping pace with today's highly-skilled threat actors.

Privileged account credentials are critical to enterprise security, because in almost all successful cyber attacks, hackers are able to compromise the credentials of privileged accounts.

With access to privileged accounts, attackers can go anywhere in your enterprise, impersonating your administrators, and you won't even know they are inside.

Reinforcing perimeters, securing databases and encrypting data mean nothing as defences, once privileged accounts are compromised. Privileged-account management is your last line of defence, and it should be your strongest as it gives you the power to not just stop attacks before they happen but, to also disrupt and contain the ones that have already started.

Privileged-account management is powered by vault technology that enables the onboarding of all privilege credentials onto a vault. The vault has a central policy manager that allows you to granularly change or rotate credentials (passwords, SSH keys, APIs or secrets) without any human intervention, according to security policy.

Besides, it is humanly impossible to remember multiple credentials, especially since they are over 16 characters or 32 characters in length, with the added complexity of being frequently rotated. Once onboarded, the IT admin will no longer be able to view the password.

It remains encrypted inside the vault, and will keep rotating and renewing as per the password policy, and synchronise with the asset with which it is onboarded. Additionally, vaults have seven layers of hardening around them with only one open port and inbuilt firewalls, which make them virtually impenetrable to the hacker.

What makes vaulting technology successful is that it locks down all credentials sitting with IT admins or lying in assets, which once onboarded, automates the entire process, rendering entry virtually impossible as even privileged users won't be able to view the automated credential.

They can access assets only through their authorised login on the vault interface, and even when they do, every session is recorded to monitor for unauthorised activity.

Since admins can only login to a session via a vault jump server, it grants access only to the assets he/she is authorised to enter once the credentials are authorised, effectively isolating the rest of the IT infrastructure.

Vaulting technology also offers privilege threat analytics, a monitoring tool of IT admins, on the basis of which it develops a profile of their normal activity, alerting their manager when anomalies are observed.

But its most important feature is that it doesn't allow infiltrators who have penetrated a perimeter and gotten themselves attached to an endpoint, to elevate their privileges by breaking the chain at every attempted lateral movement, thus preventing takeover and breaking down cyberattacks in progress.

What this means for enterprises is multi layered protection on a single platform – from accountability for privileged users to monitoring & recording of privileged activities to elimination of hard coded credentials and applications to enforcement of least privileged access control to real time analytics to detect and alert on malicious privileged account activity.

Disclaimer: Rohan Vaidya is Regional Director of Sales - India, CyberArk, a security company that focuses on eliminating the most advanced cyber threats, those that use insider privileges to attack the heart of an enterprise. The views expressed here are his own. 

First Published on Jun 26, 2018 05:39 pm
Loading...
Sections
Follow us on
Available On
PCI DSS Compliant