Service Accounts can represent tremendous security risk for enterprises. And many of our customers struggle with how to best identify, control and protect these accounts. Let’s take a closer look at what service accounts are and what organizations can do to protect service accounts from attackers and insiders.
NotPetya, a recent malware, masquerading as the known Petya ransomware started wreaking havoc at a world scale last week. Initially, it looked like another wave in the malware storm that started with Shadow Brokers’ publication of EternalBlue and other zero-day vulnerabilities in Windows OS. And, in fact, NotPetya used EternalBlue as one of the lateral movement methods in its arsenal. But, apparently, the developers of NotPetya wanted to hit some high-value targets and the risk that these networks had already been fully patched would have ruined their attack.
While a 2017 Harvey Nash/KPMG survey of nearly 4,500 CIOs and tech leaders globally found that cyber security vulnerability is at an all-time high, the biggest jump in threats came from insider attacks which increased from 40 percent to 47 percent over the last year. And that’s a modest estimate; reports from an IBM Security survey suggested that 60 percent of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.
Earlier this week, I published an article with ITSP Magazine that discusses a newly brewing concept within Enterprises around penalizing employees for bad security behavior. Can you imagine if your company penalized you for clicking on a phishing link? Or because you bent the security rules in order to get something done more easily?
In the past year I have seen a big shift in the conversations I've had with CISOs. What used to be all about how to keep the bad guys out, is now about, how do I manage the threats that are already on the inside. Their security strategies are broadening to address Insider Threats and they are implementing, or looking to implement, technologies and solutions to help them better understand what’s really going on inside their organization and to find ways to reduce their risk.
True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples.
Think about this statement: “Half of the people you know are below average.” In simple terms, it means that statistically most of the people you know are considered to have average intelligence, or just below or above the line. Does this mean they are dangerous? Does it mean you should reconsider your friendship? Let’s not jump to conclusions just yet.
Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.
With the RSA Conference 2017 kicking off next week, the entire Preempt team has been excitedly preparing for it. We are looking forward to participating with the who’s who of security vendors and meeting with top security professionals onsite.
The risks to employees and organizations from stolen or compromised credentials and information are well-known. And with hackers and insiders becoming more advanced and sophisticated in their techniques the global threat is increasing. At a recent IT security forum, I was speaking with a customer about an Alert (TA16-250A) that the United States Computer Emergency Readiness Team (US-CERT) released on “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations” and how User and Entity Behavior Analytics (UEBA)can help address some of their recommendations.