Enterprises are badly burned by security tools that don’t work. When they finally see a solution that does what it purports to do, the shock is palpable.
According to haveIbeenpwned.com, close to 8 billion accounts have been compromised. The site provides a tool to see if any of your passwords have been compromised and are available on the dark-net. Once passwords are compromised, they are easily exposed to bad actors who can use them for brute force attacks and credential stuffing.
People often think that state-sponsored attacks from groups like Lazarus (North Korea), Fancy Bear (Russia) or menuPass (China) only target public federal organizations in Western nations like the U.S. This is simply not the case. In fact, attacks on large financial and retail institutions have increasingly been state-sponsored attacks hoping to create chaos more than just theft. These attacks largely come from U.S.-sanctioned states such as Iran, Russia and North Korea, as these hacking groups have come to realize that attacking private organizations can achieve the same goals as attacking public institutions.
Network segmentation has long been one of the most valuable tools for protecting an enterprise’s assets. Flat, unsegmented networks architectures can allow nosey insiders to easily access sensitive information, while also enabling attackers to move laterally, escalate privileges and spread malware. Segmentation breaks the network into more logical segments and introduces new layers of control and the ability to apply tailored policies for each area.
In the past year, we have seen numerous publicly traded corporations (Marriott and T-Mobile), airlines (Cathay Pacific and Delta), and tech companies (Facebook and Google+) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that insider threats and preventing credential compromise are growing concerns for organizations.
Today, too many organizations are approaching complex cybersecurity challenges by attempting to hire their way out of the problem while building disjointed and ineffective security implementations. In a recent interview with Security Weekly, Preempt CEO Ajit Sancheti explains what the modern threat landscape means for today’s enterprise security teams. His conversation with Paul Asadoorian, Founder and CEO of Security Weekly, also outlines how CISOs can use a Conditional Access security posture to address the challenges of the cybersecurity talent shortage and the unfortunate reality that most organizations can’t see or respond to malicious network activity in real-time.
Topics: Conditional Access
….if you don't even know your users and what they are accessing. (Ha - I got you there with the clickbait title)
Enterprises are often forced to implement multiple moving parts as the traditional network perimeter is no longer sufficient to protect against modern threats. These disjointed security solutions rarely talk to each other, causing security silos and an overwhelming number of distracting security alerts, Preempt CEO Ajit Sancheti explains in a podcast this week.
DevOps and cybersecurity are both top priorities for many enterprises, as well as areas that have experienced considerable innovation recently. And even though these are two very different sides of IT, there are lessons to be learned between the two. Both areas are in the midst of major transitions. For application development the shift is from slow, monolithic releases to fast and responsive development cycles. For cybersecurity the shift is from the old perimeter block/allow enforcement model to more adaptive security that continuously looks for threats across the enterprise.
Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United States National Cybersecurity and Communications Integration Center (NCCIC) released late last year. The alert, titled “Using Rigorous Credential Control to Mitigate Trusted Network Exploitation,” outlines recommendations on how to overcome these challenges. In this blog, I’ll discuss how Conditional Access and detection of malicious use of tools and protocols can address the NCCIC’s recommendations.
The alert provides information on how Advanced Persistent Threat (APT) actors are using multiple mechanisms to acquire legitimate user credentials. Once acquired, attackers can use the credentials to exploit trusted network relationships, in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Some of the suggested NCCIC best practices for administrators to mitigate these threats include rigorous credential controls and privileged-access management, as well as remote-access control and audits of legitimate remote-access logs.