Locking Down the Remote Vendor Attack Pathway through Privileged Account Security

August 14, 2017 Corey O'Connor

Remote vendors are everywhere, and they’re not limited to help desk services, storage and application service providers or other IT-focused MSP’s. Let’s not forget about the other vendors a company typically works with – law firms, public relations firms, HVAC, trucking companies, supply chain vendors, services companies – the list goes on. Organizations both large and small grant third-party vendors with access to their network and applications as a necessary means to do business. However, in doing this, they also introduce a potential new pathway for cyber attacks.  This pathway can be especially vulnerable given that the security controls for third-party vendors are not typically held to the same standards as those followed internally by an organization.

Locking down privileged credentials for remote vendors is a critically important step in minimizing the attack surface. A recent report showed that 67 percent of organizations had experienced a data breach that somehow tied back to a third-party vendor. This is a clear indication that attackers continue to look at third parties as an easy way to gain a foothold into a network, move laterally, escalate privileges and eventually gain access to their target assets. Before engaging with third-party vendors, organizations should fully vet each one and consider the potential risks the vendor might introduce to their business.

Mitigating Risks Associated with Remote Vendors

The first step in mitigating risks associated with remote vendor access is an obvious one – identify all third parties that have access into your internal systems. This can represent a complex ecosystem for some organizations. The number of vendors given access to systems and applications continues to increase year-over-year widening the threat landscape for attacks – and somehow remote vendor access management is still not considered to be of high priority for many organizations. CyberArk has a free tool that discovers privileged user accounts and credentials provisioned by your organization as well as those created by third parties (that perhaps you didn’t even know existed).

Organizations should be able to safely provide their remote vendors with access to the resources they need without exposing any user credentials, and at the same time, without introducing too many hoops for them to jump through. Storing passwords, SSH keys and other associated credentials with your third-party privileged accounts in a single, secured vault is how you can provide the required level of access without burdening the end user. Keeping a close eye on all privileged activity within your environment is accomplished through session isolation, monitoring and recording.  Doing this both secures and assigns all internal and external users with a baseline-level of accountability. More importantly, by adding this separation layer between the end user and target systems, you enable your users to successfully complete their tasks without directly accessing critical systems. To the end user, everything appears to be totally normal, but if an attacker were to get into the network, they wouldn’t be able to move laterally across the environment or spread harmful malware to an organization’s systems.

Putting the Right Tools in Place

What about those regular and mundane manual tasks that can be inadvertently damaging to the business? Remember that recent public cloud outage where a routine debugging exercise went haywire leading to a six hour meltdown caused by one simple little typo? Automated privileged task management (both in the cloud and on-premises) safeguards your remote vendors and internal users alike by automating manual, sometimes critically sensitive privileged tasks while simultaneously improving workflow productivity. How would you respond to high-risk commands and tasks that can lead to a mix up like above example? With the right analytics tools in place, you can pre-define default, high-risk commands that are unique to your organization and automatically notify the necessary security teams to take action when those commands have been executed. Furthermore, these tools can help you to detect and even disrupt in-progress attacks through both heuristic and advanced behavioral-based threat detection capabilities.

The CyberArk Privileged Account Security Solution can help minimize the threat associated with third party vendor management. Controlling and auditing each vendor’s access can be resource-intensive, causing meaningful activities to get lost in the shuffle. Therefore, it’s recommended to start with the areas that have the highest risk, such as access, privileged access and critical assets. CyberArk enables organizations to securely lock down remote vendor access and put the necessary security controls in place to enable third parties to safely complete tasks.

Learn more by downloading the Securing Remote Vendor Access with Privileged Account Security white paper. See how CyberArk can help to identify vulnerabilities in your organization and how you can better secure your privileged accounts against targeted attackers.

Previous Article
CyberArk & Proofpoint Integration: Real-Time Response to Suspicious Privileged User Activity
CyberArk & Proofpoint Integration: Real-Time Response to Suspicious Privileged User Activity

As attack sophistication and frequency increase, the likelihood of an attacker breaching an organization’s ...

Next Article
WannaCry Ransomware: A Brief Q&A with a CyberArk Labs Researcher
WannaCry Ransomware: A Brief Q&A with a CyberArk Labs Researcher

In May, we offered a 30 minute webcast focused on deconstructing the WannaCry ransomware attack. Led by Cyb...