Insiders and the Privileged Pathway of Attacks
April 25, 2017 | Security and Risk | Lauren Horaist
Corroborating the recent surge in headlines, a new industry study reveals that 56 percent of security professionals surveyed say insider threat incidents have become more frequent in the past 12 months.
As we’ve covered in previous posts, insiders present a particularly challenging security conundrum. Those who gain access to privileged credentials can initiate seemingly legitimate privileged user sessions. Take, for example, reports of a former IT director at a sportswear company who created a privileged, unauthorized backdoor account that provided him access to the corporate network for nearly two years after he left the company.
Though insiders may have a variety of motives, the attack pathway they follow is similar. The first step in carrying out an insider attack is to gain inside access. This image shows the typical path attackers follow to complete their mission.
Without the automated real-time detection and alerting on risky activities within privileged sessions, an inside attacker may operate undetected for long periods of time.
In order to block insider attacks, it’s critical to first block the privileged pathway that leads to your organization’s most sensitive assets and information. CyberArk’s comprehensive solution for privileged account security offers proactive controls to reduce the risk of intentional and unintentional insider threats, as well as real-time monitoring and threat analytics to aid in detection of unauthorized accounts and in-progress attacks.
Here’s a look at how the CyberArk solution works at each critical step of the privileged pathway to control and monitor privileged accounts to minimize the risk of insider threats.