When Security Goes Inside Out: Within the Perimeter Privileged Accounts are High Value Targets for Hackers
By: Ali Gomulu
Cybercrime is a lucrative business, and today more than at any other time in history, we are seeing advanced, targeted threats with software so sophisticated that it can penetrate the traditional network perimeter (firewalls, threat detection, anti-malware for example). Add to that professional social engineers, adept at moving around within large enterprises, becoming rogue insiders once they have gone inside the perimeter or manipulating authentic privileged account users.
How do advanced attackers succeed? They don’t target general end-users, they target privileged users who have the keys to the data and asset kingdom of the largest banks, government agencies, healthcare and pharma companies, and enterprises across all major verticals. Like Jesse James robbed banks because “that’s where the money is,” sophisticated hackers go for the most valuable assets to steal, because that’s where billions worth of data and secrets lie.
The key to privileged account security is putting in place “full stack” solutions, with Privileged Access Management (PAM) as a fundamental layer.
Since we cannot manage what we cannot measure, leveraging data analytics and AI is critical to visibility into what is happening inside private networks, data centers, and clouds, including multi-clouds. In today’s homogeneous world of technology, the first step is to automate discovery with a constantly updated database of every privileged account associated with every network server, gateway, hypervisor, application, database, web server and more, going beyond just IT, extending into OT.
The second step is to prevent risks of shared credentials by encrypting passwords, requiring multi-factor authentication to access valuable resources, and aiming for a “Zero Trust, Zero Touch” model, enforcing least privileged access.
The third step is to enable ongoing, real time isolation, to prevent the spread of malware should a network be compromised, and real time monitoring and recording of all privileged accounts with a full, detailed and time-stamped record of activity.
Finally, leveraging real time analytics gives the security team alerts and notifications when suspicious behavior is detected, so the response time is immediate and does not “metastasize” silently over months, or devastate business operations in a matter of days.
Organizations must be aware of every single action taken within their IT and Network Infrastructure to ensure security. Full audit trails provide a historical record and proof of compliance and operational integrity.
Ironsphere’s Session Manager provides real-time monitoring, logging, and recording of all privileged users’ sessions and stops malicious activities by role-based segregation of duties and least privilege management, including command and context-aware filtering.
Benefits of our advanced solution include:
- Man-in-the middle support for Telnet, SSH, RDP, VNC, HTTP.
- Logging, session recording, and session replay.
- Active Active redundancy.
- Enforces security policies transparently.
- Advanced policy, context aware policy, managerial approval.
- Object character recognition for RDP, RDP session recording.
- Termination of all active connections automatically on network elements for maintenance mode.
- Session “take-over” and “session-leave” functionality by the privileged users on active sessions.
- Unified visibility with searchable command/keystroke logs and full play-back video recordings.
- Stop attacks with least privilege functions, including command or application-based restrictions, managerial approval, geolocation confirmation, Multi-factor authentication/authorization, time & date-based access.
- Enforces role-based security policies centrally and silently.
- Meet regulatory compliance mandates including GDPR, ISO 27001, SOX, HIPAA, PCI.
- Single-Sign-On and 2-Factor Authentication support, makes system passwords invisible to users.
- Extend Active Directory group policies to IT and network infrastructure and support compliance.
- No agents, extensions, or applets. No hassle.
- Isolate Third Party access, control configuration changes, record all activities, and watch/participate in live sessions.
- Enable secure connections to any system, application, appliance, or website without disclosing the credentials.
We’d appreciate the opportunity to discuss how your organization can benefit from our technology and approach to ensure “inside the perimeter” threats are expertly addressed.
Over the past two decades, with the rise of the Internet and the growth of cloud services, enterprises, and organizations, including government agencies, have transformed the way they do business and serve their constituents.
Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.
Weak passwords have long been the Achilles heel of IT teams, and despite all the best intentions, corporate policies, education, and workarounds, passwords aren’t going away any time soon. There is some buzz around password-less access, but there are good arguments to suggest that passwords should play a fundamental role in authenticating access.