Enterprises are badly burned by security tools that don’t work. When they finally see a solution that does what it purports to do, the shock is palpable.
Most of us still dream practical, down to earth, old fashioned dreams. And I’d place a bet that not many people, if any, dream about their credentials being stolen. Almost all of my memories from the last 15 years or so are stored digitally. The majority of my day to day activity is managed online. My online persona is almost identical to my physical one. I imagine that many of you are in the same situation.
Topics: Credential Compromise
Across the conference circuit and the general cybersecurity community this year, Zero Trust – a term originally coined in 2010 – has been perhaps the industry’s hottest buzzword. Move over, blockchain and machine learning. In my previous blog, I outlined what Zero Trust means and what lessons the framework offers for the security community. To recap the challenges of Zero Trust: organizations face hurdles around securing legacy applications/network resources and tools and protocols; regulatory headwinds given that the framework can theoretically conflict with global legislation, including GDPR; and the looming reality that the typical large global enterprise lacks the organization-wide visibility and control necessary for implementation. Here, I’ll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential for an over-engineered network overhaul, wasted IT budget, and potentially costly organizational disruption.
(Note: see part two of our Zero Trust blog posts here)
It’s a common question after a major breach: did you do everything you could have to protect your network? Most of the time the answer is...probably not. Often, we live in a false sense of security. We know it, and most of us are OK with it. But let's talk about what’s practical and what steps can be taken to help you get to a better sense of security.
A CISO recently told us that despite having an impressive array of cybersecurity solutions during their transition to the cloud, nothing was tying it all together from a threat standpoint. From her perspective, all the security tools at their disposal were great individually, but lacked visibility across all accounts and all platforms. Further, they didn’t have the ability to identify and respond to threats, as well as user access requests, in a consistent manner. It actually made the job harder and less effective. This vulnerable patchwork approach of disparate vendor solutions is all too common.
It’s increasingly difficult and more complex to be an effective buyer of security products today. Messaging and content overlaps are everywhere, cloud platforms claim to do what endpoint solutions do, and all the while products are constantly pivoting in the middle of operation - often changing their identity and main purpose. At the same time, enterprise and personal priorities change, vendor awards are presented to whoever pays more, analysts are not always aligned, and the list goes on.
Identity, Behavior and Risk. Identity, Behavior and Risk. Almost like a mantra. Think about it for few seconds. Identity, Behavior and Risk are the 3 main pieces of evidence that security personnel would like to deeply understand so they can protect their organization and users from credential compromise
Vendors, especially in the over crowded security space, often must help buyers justify their investment. But what happens when there isn’t a real problem during the test period? This can make it difficult to properly assess. Some security vendors will simulate problems, others may sponsor penetration tests, or they may provide a list of tests and tools, and so on. In the highly competitive End Point market (aka AntiVirus) they will use any tool they may have in the box.
Full disclosure: I wasn’t physically at BlackHat 2017. But my colleagues who attended told me about the keynote by Alex Stamos, CSO at Facebook.
Really, it’s not just me saying that Active Directory is the crown jewel. It's actually them, the hackers, that de facto target the active directory in almost every advanced attack. They look for domain credentials and administrative accounts, they practice domain reconnaissance, privilege elevation, targeted attacks against the domain controller and more. Their motivation is similar to terror. For example: produce widespread fear, obtain recognition and attention of media, steal money, damage facilities and functionalities. This is why it was not surprising to learn about the QakBot Trojan causing a mess.