The National Institute of Standards and Technology (NIST) recently released version 1.1 of its CyberSecurity Framework, which incorporates feedback received from public comments and workshops over the past two years. Though the document is chiefly designed to help improve cyber security risk management in critical infrastructure, the Framework’s principles and best practices can be followed by organizations across industries in order to improve their security posture.
Many of the CyberSecurity Framework’s refinements center around cyber hygiene—or actionable steps that organizations can take to “clean up” current weaknesses and potential vulnerabilities. These steps are particularly important in the wake of massive attacks such as WannaCry. In fact, post-attack studies show that WannaCry’s impact could have largely been prevented if basic security best practices had been applied.
As the CyberSecurity Framework underscores, one of the most effective, preventative steps an organization can take to bolster its security program is to secure privileged accounts, credentials and secrets. Attackers continually look for new ways to exploit an organization’s vulnerabilities, so a “set it and forget it” approach is sure to fail, especially when it comes to privileged access since an company’s sensitive applications and systems can change as a company grows or changes direction. For example, if your organization secured privileged access for Windows built-in accounts on systems with access to sensitive data, then be sure not to stop there but commence work on the next set of systems that deliver the most risk reduction, given time and effort required.
Since the enterprise infrastructure is ever-changing, it’s important to look for new infrastructure in the cloud and new SaaS applications that could have access to sensitive business data. To have the strongest defense against attackers, organizations need to ensure their privileged access security program is up to date and continues to protect their most critical infrastructure, applications, customer data, intellectual property and other vital assets.
The CyberArk Privileged Access Security Cyber Hygiene Program
To help organizations establish and maintain strong a privileged access security program, CyberArk developed customized, step-by-step goals and an actionable process for achieving the highest level of protection against common attacks on privileged accounts, credentials and secrets. The program addresses these types of attacks:
- Irreversible network takeover attacks: Attackers establish persistence in an organization by performing an attack that is not only hard to identify but also so intrusive that the business must rebuild to remove the attacker—e.g., a Kerberos attack, such as a Golden Ticket.
- Infrastructure account attacks: Attackers leverage powerful default infrastructure accounts that exist on-premises or in cloud environments and are seldom used in day-to-day operations, but can provide the attacker with excellent opportunities for access to highly sensitive data.
- Attacks that leverage lateral movement: Attackers often steal credentials by gaining a foothold on endpoints and then moving laterally, for example by using Pass-the-Hash techniques, in order to steal elevated permissions.
- Targeting credentials used by third-party applications: Attackers compromise third-party applications that are used to perform operations such as deep scans in order to steal their embedded privileged credentials. From here, they execute attack goals while completely circumventing the targeted company’s defenses.
- Targeting *NIX SSH keys: Attackers leverage unmanaged SSH keys in order to login with root access and takeover the *NIX technology stack. Unix/Linux systems house some of an enterprise’s most sensitive assets and Linux systems are increasingly deployed in the cloud. Individual accounts and credentials—including SSH keys—used to gain root privileges are often overlooked by security teams.
- Targeting DevOps secrets in the cloud and on-premises: Attackers can compromise secrets embedded in code and Continuous Integration/Continuous Deployment (CI/CD) tools, in order to exploit the environment for more pervasive access.
- Targeting SaaS admins and privileged business users: Attackers steal credentials used by SaaS administrators and privileged business users, in order to get high level and stealthy access to sensitive systems.
The CyberArk Privileged Access Security Cyber Hygiene Program leverages the extensive experience the CyberArk Security Services team has gained from responding to significant data breaches, including those at many large organizations. Often these breaches have resulted from some of the most common attacks involving privileged access, and each example provides valuable insights into how attackers operate and exploit an organization’s vulnerabilities. Implementing this type of program effectively should help organizations achieve greater risk reduction in less time, and help satisfy security and regulatory objectives with fewer internal resources.
Read our whitepaper to learn more about the CyberArk Privileged Access Security Cyber Hygiene Program and visit here to learn more about how to ramp up your privileged access security program with CyberArk Security Services.
