PREDI C TI VE I NTEL L I GE NC E
Don’t underestimate
the power
of privilege
With traditional perimeter security tools unable to cope
with advanced cyberattacks, John Hathaway, Regional
Vice President – Middle East and India at BeyondTrust,
tells Intelligent CISO about the benefits of Privileged Access
Management (PAM). He says: “Modern PAM technology can
ensure that only authorised individuals have access to your powerful
privileged accounts and only in a fully audited manner.”
I
n today’s world
cyberattacks
have become
ubiquitous.
Consider the
famous words of
former Cisco CEO
John Chambers: “There are two types
of companies: Those that have been
hacked and those who don't know they
have been hacked.”
So, if it’s inevitable that intruders will
get in, the question you should ask is:
How will I protect my organisation after
hackers breach our network perimeter?
The privileged account
attack vector
First, consider what usually happens
during a cyberattack. Obviously, hackers
www.intelligentciso.com
|
Issue 13
get inside your network. And they do it
with social engineering, phishing emails,
malicious insiders, zero-days, or a host
of other tactics.
Most of these attacks can quite easily
defeat traditional perimeter security
tools like antivirus or firewalls that are
defending against yesterday’s threats.
Once they’re inside, the intruders look
for ways to expand their access. To do
that, they install remote access kits,
routers and key loggers.
During this phase of an attack, hackers
seek SSH keys, passwords, certificates,
Kerberos tickets and hashes of
domain administrators. Their goal is
to extract the credentials that will let
them escalate their access, gain lateral
movement throughout the network and
anonymously steal data at will. In our
automated world, this entire ‘land and
expand’ process can be conducted
surprisingly quickly.
But usually the attackers will take their
time. They’ll quietly monitor and record
activity on your systems and then use
the information they gather to expand
their control of your environment.
According to research from Ponemon,
hackers lurk on the network for an
average of 206 days before being
discovered. That’s a lot of time for a
malicious entity to anonymously prowl
your network.
The key factor in this process is
privileged access. With access to
an unsecured privileged account, an
attacker can view and extract sensitive
data, change system configuration
settings and run programs on almost
33