Over the last few months, the world has witnessed the disclosure that nation states are utilizing their inventory of zero day exploits – code that cyber attackers use to take advantage of not yet known security holes in software – to gain control over high profile targets.
One of the key takeaways from these exploits is that some privileged identity management solutions have failed to prevent nation state attackers from gaining privileged access.
Privileged identity management involves sorting out who has elevated permissions to carry out tasks like accessing files, installing and running programs and changing configuration settings. Interestingly, Target, JPMorgan and Home Depot all had privilege management software from some of our competitors, but it failed to protect these organizations due to either technology shortcomings or IT process issues.
Indeed, there are some pertinent lessons learned when it comes to organizations’ attitudes and practices toward privileged identity management and the security of their business-critical systems.
Don’t Bring a Knife to a Gunfight
The common problems amongst all of these recent high profile data breaches are the lack of privilege identity coverage and the slow speed of the mitigation process. Many systems were breached because companies either could not fully deploy their purchased privileged identity management solutions, or the purchased solutions were slow and labor intensive to deploy. In any case, attackers were able to find systems and identities that were missed, and were able to exploit this lack of coverage to their benefit.
The simple lesson is this. If cyber attackers are using automated hacking tools – which they are – and you are trying to manage your environments with tools that require manual labor to implement, then you have already lost the war.
Anybody Can be a Target of Nation-State Attackers
Those companies that believe they are not subject to attack because they are not a worthy enough target should understand that all systems in most IP address ranges are attacked without mercy. It is true that certain ranges are skipped because they are marked as “friends” or “allies” of specific attackers, or are particularly well known to trigger undesired responses against attackers. But, otherwise, all bets are off.
Both Russia and China launch regular cyber-attacks on Western nations, and these attacks bypass their own territories and allies. This situation is well understood by both sides in cyber warfare. You can see a great visualization of this scenario in real time at: http://map.ipviking.com/
Attackers go for the weak links and high profile marks; and for those that are both – they better be prepared.
If It’s Broke, Fix It
The resistance of repeatedly breached companies to replace their failed manual privilege management products with an automated and adaptive privilege management solution like we develop – which is actually designed to match the modern security threats that most enterprises now face – is mind boggling.
As the saying goes: repeating the same behavior and expecting a different outcome is the definition of insanity. Such insane behavior is a breach of fiduciary responsibility by senior management at these companies.
Minimize Security Breach Losses
Cyber-defense today is not about stopping intrusions. It is about creating architectures and processes that minimize losses and limit how far into the network intruders can go after they do manage to penetrate the perimeter with zero day attacks and similar exploits. This means having fully automated security technology that can operate at scale and depth without the need for continuous human interaction.
The use of zero day attacks and sophisticated phishing emails by advanced criminal hackers and nation state attackers guarantees that intruders will be able to establish a foothold. From that foothold, attackers will look for credentials of all types – including passwords, hashes, tickets, keys and certificates – that will allow them to switch from their expensive zero day technology to simple peer-level access. Gaining control over credentials on a system will allow for the attacker to achieve lateral movement from system to system.
Our strategy is to use technology that scales and operates autonomously to disrupt the attacker’s strategy on a continuous remediation basis. We seek to reduce the lifetimes of credentials from months to hours and keep humans out of the process of configuring this technology.
Become a Cyber Defense Warrior
There is a need for fundamental change in the way we run our IT infrastructures. This includes refreshing the security knowledge and duties of everyone in the senior management chain.
It is our hope that companies can learn from the mistakes of those organizations that were so explicitly and publicly breached. The time is now for businesses to quit burying their heads in the sand, hoping they have IT security covered.
Some company boards of directors should dismiss their senior management and replace them with leaders ready to step up their game and act as cyber-defense warriors, not recurring victims with no ideas other than simply repeating failed strategies.