At the recent Gartner Security & Risk Management Summit, analysts presented their findings on the top technologies for information security and their implications for security organizations in 2018. At the event Neil MacDonald highlighted Top 10 Security Projects for Security and Risk Management Organizations. He continues by emphasizing that these are projects with real supporting technologies that CISOs should be exploring.
So, when MacDonald revealed the top 10 and we found that there were 4 areas that Preempt addresses, we were excited that this list truly validates our vision. We see Identity as the new perimeter for effective threat prevention. There is a convergence that is happening in the enterprise. For enterprises to be more effective at preventing threats and breaches, the identity teams and security teams must come together and approach the problem in a new, continuous, adaptive and preemptive way.
Here are the four priorities that Preempt addresses for organizations: Numbers 1, 2, 5 & 6
No. 1 - Privileged Account Management.
Making it harder for attackers to compromise privileged accounts must be a priority. In response to the risks posed by cyber attacks and breaches, we see that many organizations are investing in additional security controls to more proactively manage their privileged users and control the use of administrative tools they use to complete their work. The key here is to focus on the larger goal of stopping attacks and reducing risk. To do this, CISOs need to look at how they can use an identity, behavior and risk-based approach to not only monitor privileged users and high value systems, but also add both mandatory and adaptive controls to verify identity in real time. Leveraging multi-factor authentication (MFA) or other methods to verify identity and manage access for privileged users , can ensure that privileged accounts are used only for legitimate purposes, and can be customized by policy.
No. 2 - CARTA-inspired vulnerability management.
Last year, Gartner revealed the continuous adaptive risk and trust assessment (CARTA) framework. CARTA pushes enterprises to embrace a continuously adaptive approach to information security because binary decisions – black or white, allow or block – do not work anymore. Enterprises have to think about how to enable transactions when all the information is not available or there is a known level of risk. A CARTA mindset allows enterprises to make decisions based on risk and trust. In the Top 10 list, Gartner suggests extending CARTA as a way to also address vulnerability management. Continuous threat detection should be able to help with detecting anomalous activity and risky behavior but also the use of tools and protocols, vulnerabilities, and misconfigurations. Having this visibility provides the ability to proactively reduce areas of greatest risk and prioritize efforts. However, this should be looked at with the broader CARTA framework in mind. Strategies are shifting to become continuously adaptive and responsive in real-time to threats that require more situational context. Static solutions to identify and respond to threats are ineffective.
You can download a complimentary copy of the Gartner Report "Seven Imperatives to Adopt a CARTA Strategic Approach" here.
No. 5 - Microsegmentation and flow visibility.
The goal here is being able to prevent lateral movement. “If and when the bad guys get in, they can’t move unimpeded,” explained MacDonald. When you have continuous visibility into the behavior of every user, device, application and resource on the network — including privileged users and service accounts — and you can classify users and machines based on their real time network activity, you then have the ability to preempt threats. You can expose the behavior of careless users, malicious insiders, attackers, compromised accounts, lateral movement, attempts to escalate privilege and attacks against internal infrastructure. Once they have been exposed, they can be stopped in real-time, preventing the spread of an attack. Combining visibility and analytics with the ability to prevent malicious activity will be a mandatory requirements for solutions going forward. From a non-behavioristic perspective, this can also help with eliminating the need for segmentation. For example, we have seen some customers approach the problem by virtually segmenting their contractors that are on the network and only allowing them to access a limited set of servers with anything else requiring them to get specific authorization.
No. 6 Detection and response.
There’s an old saying in security, “it not if you get breached, it’s when.” The project that Gartner outlines here is for organizations looking to add endpoint-network or user-based approaches for advanced threat detection, investigation and response capabilities. One of the technologies they recommend is User and Entity Behavior Analytics (UEBA). We have always believed that UEBA is the starting point, it’s not the destination. While traditional UEBA is good at detection and providing intelligence for investigation purposes, it is lacking on the prevention side. Organizations need to be able to detect anomalous and risky behavior and have the ability to respond in real-time using a flexible policy based approached with a graduated set of responses. Anomalies are natural part of networks, employees change their habits due to various reasons and this is OK. It could be their working habits or role changed and it could be an org change. Suspicious activity can be verified and malicious activity can be prevented. The goal? Enable enterprises to effectively manage security without adding hard-to-find security analysts.
In our opinion, to have more effective security, enterprises need to have a more holistic view of identity and combine threat detection and real time response within a single solution. Interested in learning more about how to implement components of CARTA into your organization? We’re having a webinar on July 18 on “Putting Gartner’s CARTA into Action to Prevent Threats and Security Breaches” Register now.
Want to get started today to reduce your risk? We’re always happy to show a demo of our solution and discuss how we are solving customer use cases but you can also start by downloading our free Preempt Inspector App. Preempt Inspector will give you a fast a free enterprise health assessment for passwords, detecting stealthy admins and more giving you actionable results that you can use to reduce your risk of a credential-based attack.