Gary Jolley, IAM Consultant, SecureITsource, Inc.
Many of my friends and contacts are in Information Technology in some shape or form and most are in Cybersecurity and of those many are in IAM / PAM in some fashion. All this expertise around me and here I sit, again, struck by another service vendor that was compromised and my family personal / medical / financial data put at risk. This makes four (4) now from 2014 making it one (1) per year. What frustrates me is knowing how this could have been detected, reported, and stopped dead in its tracks with CyberArk’s Privileged Threat Analytics (PTA). PTA happens to be the industry’s most comprehensive solution for protecting, controlling, and monitoring local network, Intra-net and both your hybrid and cloud environments. PTA also actively and intelligently collects and analyzes privileged account activity data to provide organizations with visibility into potentially malicious behavior and responds immediately to the threat.
Former FBI Director Robert S. Mueller, III, made the famous quote: “There are only two types of companies: Those that have been hacked and those that will be hacked.” No sooner was this printed and we were already changing the end from “will be” to “those that don’t know they’ve been hacked.” Verizon’s 2018 Data Breach Investigation Report (DBIR) details 2,216 confirmed data breaches and that is from a small but diverse cross-section of 67 contributors representing businesses and industries worldwide.
Whether my vendors “Attack Chain” started with being spear phished, social engineered, internal actor or outright hacked, ALL these precursor activities provide many known “Indicators of Compromise” (IOC) to validate that there is a serious problem afoot. There are also well established “Tactics, Techniques and Procedures (TTP), patterns of well-known attacks such as those that bypass security controls or employ Kerberos style authentication attacks. Additional warnings screaming for attention are non-interactive accounts logging into systems, system access taking place off hours, unexpected IP address origination and other account statistical anomalies.
How many of my vendors experienced the full “Attack Chain” and missed their infiltration and reconnaissance phases and missed the lateral movement of this attacker. Most were blissfully unaware until the target objective was obtained, the ultimate exploit was sprung, and now they are an article in the news. Complimenting PTA with the entire CyberArk Privileged Access Security (PAS) solution, of which PTA is a component, manage the privileged accounts that are the primary targets in the attack strategy. Employ PAS to Discover, Manage, Audit, and session record your privileged accounts and rotating the passwords after each use and confound your attacker. Nullify the hash attack methodology by invalidating the hashes by changing the passwords after each use.
Contact us at #SecureITsource to talk about how #CyberArk PTA can detect and stop many attacks in their tracks. Make the hacker earn it.