When Security Goes Inside Out: Within the Perimeter Privileged Accounts are High Value Targets for Hackers
By: Ali Gomulu
Cybercrime is a lucrative business, and today more than at any other time in history, we are seeing advanced, targeted threats with software so sophisticated that it can penetrate the traditional network perimeter (firewalls, threat detection, anti-malware for example). Add to that professional social engineers, adept at moving around within large enterprises, becoming rogue insiders once they have gone inside the perimeter or manipulating authentic privileged account users.
How do advanced attackers succeed? They don’t target general end-users, they target privileged users who have the keys to the data and asset kingdom of the largest banks, government agencies, healthcare and pharma companies, and enterprises across all major verticals. Like Jesse James robbed banks because “that’s where the money is,” sophisticated hackers go for the most valuable assets to steal, because that’s where billions worth of data and secrets lie.
The key to privileged account security is putting in place “full stack” solutions, with Privileged Access Management (PAM) as a fundamental layer.
Since we cannot manage what we cannot measure, leveraging data analytics and AI is critical to visibility into what is happening inside private networks, data centers, and clouds, including multi-clouds. In today’s homogeneous world of technology, the first step is to automate discovery with a constantly updated database of every privileged account associated with every network server, gateway, hypervisor, application, database, web server and more, going beyond just IT, extending into OT.
The second step is to prevent risks of shared credentials by encrypting passwords, requiring multi-factor authentication to access valuable resources, and aiming for a “Zero Trust, Zero Touch” model, enforcing least privileged access.
The third step is to enable ongoing, real time isolation, to prevent the spread of malware should a network be compromised, and real time monitoring and recording of all privileged accounts with a full, detailed and time-stamped record of activity.
Finally, leveraging real time analytics gives the security team alerts and notifications when suspicious behavior is detected, so the response time is immediate and does not “metastasize” silently over months, or devastate business operations in a matter of days.
Organizations must be aware of every single action taken within their IT and Network Infrastructure to ensure security. Full audit trails provide a historical record and proof of compliance and operational integrity.
Ironsphere’s Session Manager provides real-time monitoring, logging, and recording of all privileged users’ sessions and stops malicious activities by role-based segregation of duties and least privilege management, including command and context-aware filtering.
Benefits of our advanced solution include:
- Man-in-the middle support for Telnet, SSH, RDP, VNC, HTTP.
- Logging, session recording, and session replay.
- Active Active redundancy.
- Enforces security policies transparently.
- Advanced policy, context aware policy, managerial approval.
- Object character recognition for RDP, RDP session recording.
- Termination of all active connections automatically on network elements for maintenance mode.
- Session “take-over” and “session-leave” functionality by the privileged users on active sessions.
- Unified visibility with searchable command/keystroke logs and full play-back video recordings.
- Stop attacks with least privilege functions, including command or application-based restrictions, managerial approval, geolocation confirmation, Multi-factor authentication/authorization, time & date-based access.
- Enforces role-based security policies centrally and silently.
- Meet regulatory compliance mandates including GDPR, ISO 27001, SOX, HIPAA, PCI.
- Single-Sign-On and 2-Factor Authentication support, makes system passwords invisible to users.
- Extend Active Directory group policies to IT and network infrastructure and support compliance.
- No agents, extensions, or applets. No hassle.
- Isolate Third Party access, control configuration changes, record all activities, and watch/participate in live sessions.
- Enable secure connections to any system, application, appliance, or website without disclosing the credentials.
We’d appreciate the opportunity to discuss how your organization can benefit from our technology and approach to ensure “inside the perimeter” threats are expertly addressed.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.