Is It Time for a Cyber Hygiene Check Up?

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

The National Institute of Standards and Technology (NIST) recently released version 1.1 of its CyberSecurity Framework, which incorporates feedback received from public comments and workshops over the past two years. Though the document is chiefly designed to help improve cyber security risk management in critical infrastructure, the Framework’s principles and best practices can be followed by organizations across industries in order to improve their security posture.

Many of the CyberSecurity Framework’s refinements center around cyber hygiene—or actionable steps that organizations can take to “clean up” current weaknesses and potential vulnerabilities. These steps are particularly important in the wake of massive attacks such as WannaCry. In fact, post-attack studies show that WannaCry’s impact could have largely been prevented if basic security best practices had been applied.

As the CyberSecurity Framework underscores, one of the most effective, preventative steps an organization can take to bolster its security program is to secure privileged accounts, credentials and secrets. Attackers continually look for new ways to exploit an organization’s vulnerabilities, so a “set it and forget it” approach is sure to fail, especially when it comes to privileged access since an company’s sensitive applications and systems can change as a company grows or changes direction. For example, if your organization secured privileged access for Windows built-in accounts on systems with access to sensitive data, then be sure not to stop there but commence work on the next set of systems that deliver the most risk reduction, given time and effort required.

Since the enterprise infrastructure is ever-changing, it’s important to look for new infrastructure in the cloud and new SaaS applications that could have access to sensitive business data. To have the strongest defense against attackers, organizations need to ensure their privileged access security program is up to date and continues to protect their most critical infrastructure, applications, customer data, intellectual property and other vital assets.

The CyberArk Privileged Access Security Cyber Hygiene Program

To help organizations establish and maintain strong a privileged access security program, CyberArk developed customized, step-by-step goals and an actionable process for achieving the highest level of protection against common attacks on privileged accounts, credentials and secrets. The program addresses these types of attacks:

  • Irreversible network takeover attacks: Attackers establish persistence in an organization by performing an attack that is not only hard to identify but also so intrusive that the business must rebuild to remove the attacker—e.g., a Kerberos attack, such as a Golden Ticket.
  • Infrastructure account attacks: Attackers leverage powerful default infrastructure accounts that exist on-premises or in cloud environments and are seldom used in day-to-day operations, but can provide the attacker with excellent opportunities for access to highly sensitive data.
  • Attacks that leverage lateral movement: Attackers often steal credentials by gaining a foothold on endpoints and then moving laterally, for example by using Pass-the-Hash techniques, in order to steal elevated permissions.
  • Targeting credentials used by third-party applications: Attackers compromise third-party applications that are used to perform operations such as deep scans in order to steal their embedded privileged credentials. From here, they execute attack goals while completely circumventing the targeted company’s defenses.
  • Targeting *NIX SSH keys: Attackers leverage unmanaged SSH keys in order to login with root access and takeover the *NIX technology stack. Unix/Linux systems house some of an enterprise’s most sensitive assets and Linux systems are increasingly deployed in the cloud. Individual accounts and credentials—including SSH keys—used to gain root privileges are often overlooked by security teams.
  • Targeting DevOps secrets in the cloud and on-premises: Attackers can compromise secrets embedded in code and Continuous Integration/Continuous Deployment (CI/CD) tools, in order to exploit the environment for more pervasive access.
  • Targeting SaaS admins and privileged business users: Attackers steal credentials used by SaaS administrators and privileged business users, in order to get high level and stealthy access to sensitive systems.

The CyberArk Privileged Access Security Cyber Hygiene Program leverages the extensive experience the CyberArk Security Services team has gained from responding to significant data breaches, including those at many large organizations. Often these breaches have resulted from some of the most common attacks involving privileged access, and each example provides valuable insights into how attackers operate and exploit an organization’s vulnerabilities. Implementing this type of program effectively should help organizations achieve greater risk reduction in less time, and help satisfy security and regulatory objectives with fewer internal resources.

Read our whitepaper to learn more about the CyberArk Privileged Access Security Cyber Hygiene Program and visit here to learn more about how to ramp up your privileged access security program with CyberArk Security Services.

The post Is It Time for a Cyber Hygiene Check Up? appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
980 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel