IDC Connection (Part 1): Addressing Advanced Threats through – Privileged Account Security
May 15, 2014 | Uncategorized | CyberArk
CyberArk recently had the opportunity to sit down with IDC analysts Charles Kolodgy and Sally Hudson to discuss the advanced threat landscape and why privileged account security needs to be part of an overarching strategy.
Privileged accounts have become the priority target in both internal and external advanced attacks. Whether it’s Edward Snowden using a privileged account to pilfer secrets from the NSA, or a third-party contractor not properly managing privileged connections to a network as in the recent retail breaches, privileged accounts are the hinge on which successful attacks swing.
Attackers simply can not perpetrate advanced attacks without stealing privilege credentials. IDC agrees. As Kolodgy said in our conversation:
“Organizations are realizing that compromised privileged accounts have become a huge threat because of the gaps in existing solutions. Once privileged accounts are compromised, they provide anonymity to the attacker, making malicious activity more difficult to detect … If an organization is not protecting the activity of all privileged accounts, they are leaving the window open for a damaging attack.”
This is why we sat down with IDC for a conversation about the state of privileged account security, the rapidly advancing threat landscape, and what businesses can do to protect themselves now.
Over the next few weeks, we’ll be posting portions of the conversations here to our blog. Today’s excerpt focuses on how attackers are using privileged accounts to access and exfiltrate data.
CyberArk: What is the key element that allows attackers to gain access to valuable corporate data? What are the challenges associated with addressing this threat?
IDC: Attacks are complex and sophisticated, limited only by the ingenuity and inventiveness of attackers. There are specific classes of attacks including brute force events that push their way past defenses, attacks that exploit vulnerabilities, and ones that use specialized malware.
Regardless of method, the goal is to compromise credentials and exfiltrate sensitive data undetected. In order to do so, the attacker needs to look like an authorized user that has the access required to install software, make configuration changes, and collect and disseminate protected information. Impersonating an authorized user makes any intruder much more difficult to identify. As a result, unprotected privileged accounts represent a serious vulnerability.
One of the difficulties organizations have in securing privileged accounts is lack of clarity about what qualifies as a privileged account. As the name implies, a privileged account holds special permissions, but confusion is introduced because there are so many types of privileged accounts.
They can include user accounts that are granted high levels of access, root administrative accounts, application accounts that authorize applications to automatically access databases, service accounts that can access running processes on servers, and “break-glass” accounts used when elevated privileges are required to fix urgent problems. Each one of these represents a critical vulnerability that can be exploited to gain widespread, anonymous access.
Additionally, some of these credentials are often shared within the organization making it even more difficult to determine if they are being properly utilized. Organizations are realizing that the large number of privileged accounts represents a huge threat because existing perimeter-based security solutions such as firewalls and antimalware will not prevent unauthorized access or malicious behavior. What’s required is a privileged account security solution.
Kolodgy also outlines best practice recommendations for selecting a privileged account security solution that addresses the latest threats, recommending solutions that:
- Discover all privileged accounts across the enterprise
- Protects, manages and audits all privileged account credentials
- Controls, isolates, and monitors privileged access and activity on servers and databases
- Uses real-time analytics to detect and response to in-progress attacks