The following is a guest post by Chris Stoneff, VP Technical Management, Lieberman Software. A pioneer in privileged identity management, Lieberman Software is a Microsoft Azure partner that also offers administrator access control and enterprise password management.
In recent months, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.
But what's lesser known is many of those breaches began when a cyber attack exploited a single, unsecured privileged account and eventually gained control over the network. And every large enterprise, whether on-premises or in the cloud, is home to potentially hundreds of thousands of vulnerable privileged accounts.
Keys to the IT Kingdom – Privileged Identities
Privileged accounts are the keys to the IT kingdom. They provide the access needed to view and extract data, alter system configuration settings, and run programs on just about every IT asset in an enterprise.
Almost every account on a network has some level of privilege associated with it and is therefore vulnerable to exploitation. In fact, there are so many privileged accounts in large enterprises that many organizations don't know where all of their privileged accounts reside or who has access to them.
Compounding the problem, privileged identities are often shared among IT administrators, with credentials that are rarely – if ever – changed. It's the classic example of too many people having too much access for too long.
Contrary to assumption, privileged identities are not managed by Identity and Access Management (IAM) products because, unlike conventional user logins, privileged accounts aren't typically provisioned. Meanwhile, conventional perimeter security tools like next-generation firewalls protect against known threats but react too late against new, advanced, persistent threats and zero day attacks. Therefore, privileged credentials must be managed by software that's separate from IAM and perimeter security.
The Privileged Account Attack Vector
Cyber attackers need privileged access to carry out their illicit plans, whether it's to install malware or key loggers, steal or corrupt data, or disable hardware. That's why privileged credentials are in such high demand among hackers. In fact, recent research conducted by Mandiant revealed 100% of the data breaches they investigated involved stolen credentials.
A data breach can begin with just one compromised privileged account. Here's how such "land and expand" cyber attacks work:
- Criminal hackers and malicious insiders exploit an unsecured privileged account to gain persistent access.
- Once the hackers gain a foothold in the network, remote access kits, routers, and key loggers are installed.
- From there, the attackers look for SSH keys, passwords, certificates, Kerberos tickets, and hashes of domain administrators on compromised machines.
- When they have these stolen credentials, the hackers can anonymously move from system to system on the network, and extract data at will.
Next-Generation Privilege Management
A truly secure environment requires privileged identities on all systems to be discovered and managed. However, because of the sheer number of privileged accounts in a large enterprise, this can seem overwhelming.
With Lieberman Software's Microsoft Azure Certified privilege management platform, organizations can automatically discover privileged accounts throughout the enterprise (on-premises and in the cloud), bring those accounts under management, and audit access to them.
Each privileged credential is updated as frequently as necessary, even every couple of hours. This negates the damage inflicted by zero day attacks and other advanced threats, because even if an intruder compromises a credential, it has a limited lifetime and is not shared among multiple systems. The stolen credential cannot be leveraged to leapfrog between systems.
Best of all, the land and expand attack is stopped in place.
Visit Lieberman Software in Booth 612 at Microsoft Ignite to see a product demo, or visit www.liebsoft.com/erpm.