Compromised credentials play a role in the vast majority of security breaches. Attackers can’t easily get around modern security mechanisms, so they take the easy way out and steal credentials to get into the network. Ideally, an attacker wants to get privileged credentials, either directly or by moving laterally through the network after gaining low-level access. Privileged credentials allow attackers to steal data, disable systems, and cover their tracks.
Insider attacks are an even greater threat. According to the Insider Threat 2018 Report by Cybersecurity Insiders and Crowd Research Partners, 90 percent of organizations think they are at risk of an insider attack, and 53 percent say they suffered an insider attack in the preceding year. These attacks are often motivated by retribution or corporate espionage. In one high-profile incident in 2018, a disgruntled Tesla employee used administrator privileges to steal trade secrets.
These risks can be reduced through effective privileged access management (PAM). PAM is a set of policies and processes for assigning, controlling, and monitoring administrator-level privileges. It starts with the following four best practices:
Protect privileged credentials in a password vault. A password vault provides a centralized location for storing and securing passwords, SSH keys, and other “secrets.” Best-in-class vaults also enable regular rotation of passwords and the use of one-time passwords that are valid for a single session.
Monitor privileged access sessions. Activity associated with privileged credentials should be monitored in real time and recorded for later review. Administrators should have the ability to detect and shut down suspicious activity, such as access from an unknown system or IP address or attempts to manipulate system configurations or data.
Use behavioral analytics and other techniques to detect threats. Advanced threat intelligence tools can spot anomalies, correlate activity faster than humans, and generate meaningful alerts that allow IT teams to focus their efforts on the greatest risks.
Manage and strictly control endpoint privileges. Users should only be given the level of access they need to perform their primary job functions. Organizations should remove local admin rights on endpoints, temporarily elevating privileges as needed for specific applications or business requirements.
CyberArk’s Core Privileged Access Security platform checks all the boxes when it comes to PAM best practices. The Enterprise Password Vault provides advanced protection for privileged credentials along with automatic password rotation and uniform enforcement of access policies across on-premises, cloud, and DevOps environments. The vault enables users to check out credentials as needed and maintains detailed audit trails for reporting and compliance.
With Privileged Session Manager, IT and security teams can monitor and analyze privileged activity in real time so they can discover an attack chain early and disrupt the process. Video recordings of sessions and detailed logs simplify audits and compliance. Risk-based session review is augmented by CyberArk’s Privileged Threat Analytics, which uses best-of-breed detection to speed incident response.
Endpoint Privilege Manager is an add-on solution that helps organizations implement least-privilege access on all endpoints. This powerful tool locates and removes local admin rights, detects and blocks suspected credential theft attempts, and contains attackers at the endpoint to limit lateral movement.
Let Clango engineers show you how the CyberArk platform can help you implement PAM best practices and protect against external and insider threats.
For more information about effective privileged access management, please send us an email at (firstname.lastname@example.org).