the Target, Anthem, OPM breaches all have in common? These cyber security
breaches occurred when a privileged user account was compromised and then
leveraged to gain access to other parts of their endpoint and server
environment, in order to steal sensitive data.
And the key to stopping them? Closing down the security loopholes left
open by local administrator rights and improper credential management.
Jaikumar Vijayan of the Christian Science Monitor published an article, “OPM hack may finally end over use of
‘privileged’ user accounts” which outlines the attack and how several
security experts thing it, and others like it, could have been prevented.
SO, as we
see it there are 2 problems that led to this attack:
Improper password management and exploitation of user credentials
Excess local admin rights leading to endpoint security loopholes
honestly, the fix is actually a relatively simple one, a layered approach to cyber security which Federal CIO Tony Scott says
can be addressed in a “30 Day ‘Cyber Security Sprint’”.
foremost: reduce the number of people who are operating with administrative
rights in your environment. This reduces your attack surface and closes down
security loopholes which can lead to devastating advanced persistent threats
fast track to better, more comprehensive cyber security contains several
elements which are easily achievable, including approaches that we feel are
applicable to all industries.
taking about a layered approach to cyber security, because one solution just
cannot combat the many facets of advanced persistent threats. We’re talking
about solutions that fight a combination of external threats, exploiting
vulnerabilities of inside users, which often go unnoticed for weeks or even months
without the proper visibility (application monitoring, auditing, forensic
analysis) into an environment.
is simple, a combination of PIM, application control, and privilege elevation
capabilities which can work to track, monitor, and audit all admin password activities
and application security across an infrastructure’s endpoints and servers. Key
factors here include:
Account Auditing: understanding who in your environment is operating as a
offers a free Local Admin
Discovery Tool which allows organizations to do just that.
the Principle of Least Privileges: remove administrator rights from as many
users as possible within your environment.
Management allows organizations to granularly control privilege elevations within
your environment once admin rights have been removed.
a fully-automated PIM Solution; password management and other critical
techniques to ensure the security of users who must operate as administrators
in your environment.
collaborates with organizations like CA and Liberman to leverage the
investments that you have already made into these PIM solutions.
and monitor what applications are running in your environment.
Viewfinity Application Control utilizes
application monitoring and forensic analysis, enabling organizations to
understand which applications are running on servers and desktops.
Be prepared to quickly detect, identify,
and remediate any threats in your environment; through technologies that can
collaborate with network security sandboxes and firewalls.
Viewfinity integrates with FireEye, Check Point, and Palo Alto solutions
to accelerate detection, incident response, and remediation efforts via threat management capabilities.
Organizations need to be
prepared with solutions to tackle cyber threats before, during, and after an
attack. Don’t wait for tragedy to strike, speak
with one of the Viewfinity security experts to find out how
your organization can move in the right direction today.