Skip to content

Posts from the ‘Forrester Zero Trust Framework’ Category

10 Ways To Own Your Cybersecurity In 2020

10 Ways To Own Your Cybersecurity In 2020

Bottom Line: One of the best New Year’s resolutions anyone can make is to learn new ways to secure their personal and professional lives online, starting with ten proven ways they can take greater control over their own cybersecurity.

For many professionals, their personal and professional lives have blended together thanks to the growing number of connected, IoT-capable devices, including cars, home security systems, smartphones, virtual assistants including Amazon Echo, Google Home, WiFi routers, and more. It’s typical to find homes with two dozen or more connected devices that are relied for everything going on in a person’s life from personal interests, connecting with friends, and getting work done.

It’s Time to Secure Every Area of Your Smart, Connected World

Faced with chronic time shortages, many people rely on smart, connected devices supported by AI and machine learning to get more done in less time. They’re proliferating today because they’ve proven to be very effective at personalizing experiences while providing the added convenience of being always on and available to help. Smart, connected devices are an extension of a person’s identity today as they contain insights into buying behavior and, in some cases, actual conversations. The more these devices are protected, the more a person’s identity and most valuable resource of all – time – is protected too.

Strengthening your own cybersecurity starts by seeing every device and the apps you use as potential attack surfaces that need to be protected. Just as you wouldn’t likely leave any of the physical doors to your home unprotected and locked, you need to secure all the digital entrances to your home and person. Like the CEO and cybersecurity team of any organization who is focusing on how to reduce the risk of a breach, the same level of intensity and vigilance to personal cybersecurity needs to become the new normal.

10 Ways You Can Own Your Cybersecurity

The following are the top ten ways you can take control and own your own security. Several of the ways mentioned below are from the recent Centrify webinar, Cybersecurity Best Practices: The Basics and Beyond:

  • Replace weak passwords used on multiple accounts with a unique, longer password for each online account. Start by getting away from having the same password for multiple accounts. When a single account gets hacked, it can easily lead to all the others with the same password and comparable user ID. Passwords are proving to be the weakest attack vector there is for personal information today. World Password Day serves as a reminder every May to use stronger, different passwords on each account.
  • Start researching and choose a Password Manager that is flexible enough to match how you like to work. It’s time to get beyond Post-It notes and paper-based approaches to managing your own passwords now. Dashlane, LastPass, and OneLogin are all excellent password managers worth checking out. If you’re not sure password managers are worth it, I’ve seen them add an additional layer of security to personal and work accounts that would not have otherwise been available. Some will even notify you when an account you have might have been breached, and recommend a new password for you. A screen capture from the webinar illustrates the differences between personal, professional and Privileged Access Management (PAM) levels of password security:

10 Ways To Own Your Cybersecurity In 2020

  • Use single-sign-on (SSO) if available for systems at work, even if you’re logging in at the office. SSO systems use temporary tokens, which have proven to be more reliable than static credentials. One of the primary design goals of SSO is to authenticate your identity once, and give you access to the applications and system resources you need and are entitled to access to get work done.
  • Vault away passwords to critical systems and data. In the privileged access world of Cybersecurity operations in any organization, password vaults have become commonplace. Password vaults are similar to password managers many people use for their personal devices, web applications, and sites they regularly visit. In the case of a password vault, privileged credentials are checked in and out by admins, with each password automatically rotating to ensure greater randomization.
  • Enable security on all the devices you received over the holidays, starting with your WiFi router. If you’ve never set an admin password on your WiFi router and the two guest access points they typically have, now is a great time to do that. If you have an Amazon Echo or Google Home, manually disable the microphones. On the Echo, press the microphone button until the external ring turns red. On Google Home, use the small switch on the side to turn off the microphone..On an Amazon Alexa, it’s possible to review voice recordings associated with your account and delete the voice recordings one by one, by date range, by Alexa-enabled device, or all at once by visiting Settings > Alexa Privacy in the Alexa app or https://www.amazon.com/alexaprivacysettings. It’s a good idea to use PIN protection to disable voice purchases too. If you have Baby Monitors in your home, connect to them using a secured WiFi connection, not Bluetooth. Have everything behind your home firewall, so there’s a minimal number of threat surfaces in your home.
  • Take few of the many LinkedIn learning courses on practical cybersecurity to stay current on the latest techniques. LinkedIn Learning has 19 courses available today that are focused on practical cybersecurity steps you can take to protect your company’s systems and your own. You can find all the 19 courses here. LinkedIn Learning has 462 learning resources available today, available here. I’ve taken a few over a lunch break and have found them informative, interesting, and useful.
  •  Realize that you may be getting phishing and spear-phishing e-mails every week. Cybercriminals are becoming increasingly sophisticated in their use of browser plug-ins to pop up messages asking for your login and password information for sites. Combining the latest information from LinkedIn, Facebook, Twitter, and other sites, hackers often target new employees and with spearfishing campaigns where they impersonate a CEO and other senior-level executives. Spearfishing attempts can be easily thwarted by calling the supposed sender to ask if the request is legitimate. A second way to spot phishing and spear-fishing attempts is they will ask you for one or more of the pieces of information needed for completing a Multi-Factor Authentication (MFA) login to an account. Misspelled words, questionable e-mail addresses, and unsecured domains and websites are also a sure tip-off of a phishing attempt.
  • Bring Your Own Device (BYOD) greatly expands the enterprise attack surface. Define the success of a BYOD security strategy by how well it immediately shuts down access to confidential data and systems first. Being able to immediately block access to confidential systems and data is the most important aspect of securing any BYOD across a network. It’s common for BYOD enablement strategies to include integrations to Dropbox, Slack, Salesforce and Workday, Slack, Salesforce, and others.
  • Always use Multi-Factor Authentication (MFA) everywhere it’s offered. MFA is based on three or more factors that can authenticate who you are. Something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins) or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). Google, for example, provides MFA as part of their account management to every account holder, in addition to a thorough security check-up, which is useful for seeing how many times a given password has been reused.

10 Ways To Own Your Cybersecurity In 2020

  • Determine where you and your company are from a privileged access maturity standpoint. Centrify shared the four stages of privileged access security on the webinar, and each phase is a useful benchmark for anyone or organization looking to improve their cybersecurity effectiveness. Centrify found in a recent survey that 42% of organizations are at the nonexistent phase of the model. As an organization progresses up the model, there’s greater accountability and visibility for each aspect of a cybersecurity strategy. For individuals, the progression is much the same, all leading to a lower risk of a breach and stolen privileged access credentials occurring.

10 Ways To Own Your Cybersecurity In 2020

Conclusion

While not every user in an organization is going to have privileged entitlements, it is up to every individual to take ownership of their cybersecurity hygiene to ensure they don’t become the most-easily-exploited employee in the company. That’s what the bad guys are looking for: the easiest way in. Why try to hack in against sophisticated technology when they can just guess your easy password, or get you to hand it over to them by phishing? Be cyber smart in 2020 – these ten tips might save you from being the weakest link that could cost your organization millions.

Machine Learning Is Helping To Stop Security Breaches With Threat Analytics

Bottom Line: Machine learning is enabling threat analytics to deliver greater precision regarding the risk context of privileged users’ behavior, creating notifications of risky activity in real time, while also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow-up.

Separating Security Hacks Fact from Fiction

It’s time to demystify the scale and severity of breaches happening globally today. A commonly-held misconception or fiction is that millions of hackers have gone to the dark side and are orchestrating massive attacks on any and every business that is vulnerable. The facts are far different and reflect a much more brutal truth, which is that businesses make themselves easy to hack into by not protecting their privileged access credentials. Cybercriminals aren’t expending the time and effort to hack into systems; they’re looking for ingenious ways to steal privileged access credentials and walk in the front door. According to Verizon’s 2019 Data Breach Investigations Report, ‘Phishing’ (as a pre-cursor to credential misuse), ‘Stolen Credentials’, and ‘Privilege Abuse’ account for the majority of threat actions in breaches (see page 9 of the report).

It only really takes one compromised credential to potentially impact millions — whether it’s millions of individuals or millions of dollars. Undeniably, identities and the trust we place in them are being used against us. They have become the Achilles heel of our cybersecurity practices. According to a recent study by Centrify among 1,000 IT decision makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. This number closely aligns with Forrester Research’s estimate “that at least 80% of data breaches . . . [involved] compromised privileged credentials, such as passwords, tokens, keys, and certificates.”

While the threat actors might vary according to Verizon’s 2019 Data Breach Investigations Report, the cyber adversaries’ tactics, techniques, and procedures are the same across the board. Verizon found that the fastest growing source of threats are from internal actors, as the graphic from the study illustrates below:


Internal actors are the fastest growing source of breaches because they’re able to obtain privileged access credentials with minimal effort, often obtaining them through legitimate access requests to internal systems or harvesting their co-workers’ credentials by going through the sticky notes in their cubicles. Privileged credential abuse is a challenge to detect as legacy approaches to cybersecurity trust the identity of the person using the privileged credentials. In effect, the hacker is camouflaged by the trust assigned to the privileged credentials they have and can roam internal systems undetected, exfiltrating sensitive data in the process.

The reality is that many breaches can be prevented by some of the most basic Privileged Access Management (PAM) tactics and solutions, coupled with a Zero Trust approach. Most organizations are investing the largest chunk of their security budget on protecting their network perimeter rather than focusing on security controls, which can affect positive change to protect against the leading attack vector: privileged access abuse.

The bottom line is that investing in securing perimeters leaves the most popular attack vector of all unprotected, which are privileged credentials. Making PAM a top priority is crucial to protect any business’ most valuable asset; it’s systems, data, and the intelligence they provide. Gartner has listed PAM on its Top 10 Security Projects for the past two years for a good reason.

Part of a cohesive PAM strategy should include machine learning-based threat analytics to provide an extra layer of security that goes beyond a password vault, multi-factor authentication (MFA), or privilege elevation.

How Machine Learning and Threat Analytics Stop Privileged Credential Abuse 

Machine learning algorithms enable threat analytics to immediately detect anomalies and non-normal behavior by tracking login behavioral patterns, geolocation, and time of login, and many more variables to calculate a risk score. Risk scores are calculated in real-time and define if access is approved, if additional authentication is needed, or if the request is blocked entirely.

Machine learning-based threat analytics also provide the following benefits:

  • New insights into privileged user access activity based on real-time data related to unusual recent privilege change, the command runs, target accessed, and privilege elevation.
  • Gain greater understanding and insights into the specific risk nature of specific events, computing a risk score in real time for every event expressed as high, medium, or low level for any anomalous activity.
  •  Isolate, identify, and track which security factors triggered an anomaly alert.
  • Capture, play, and analyze video sessions of anomalous events within the same dashboard used for tracking overall security activity.
  • Create customizable alerts that provide context-relevant visibility and session recording and can also deliver notifications of anomalies, all leading to quicker, more informed investigative action.

What to Look for In Threat Analytics 
Threat analytics providers are capitalizing on machine learning to improve the predictive accuracy and usability of their applications continually. What’s most important is for any threat analytics application or solution you’re considering to provide context-aware access decisions in real time. The best threat analytics applications on the market today are using machine learning as the foundation of their threat analytics engine. These machine learning-based engines are very effective at profiling the normal behavior pattern for any user on any login attempt, or any privileged activity including commands, identifying anomalies in real time to enable risk-based access control. High-risk events are immediately flagged, alerted, notified, and elevated to IT’s attention, speeding analysis, and greatly minimizing the effort required to assess risk across today’s hybrid IT environments.

The following is the minimum set of features to look for in any privilege threat analytics solution:

  • Immediate visibility with a flexible, holistic view of access activity across an enterprise-wide IT network and extended partner ecosystem. Look for threat analytics applications that provide dashboards and interactive widgets to better understand the context of IT risk and access patterns across your IT infrastructure. Threat analytics applications that give you the flexibility of tailoring security policies to every user’s behavior and automatically flagging risky actions or access attempts, so that you’ll gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data.
  • They have intuitively designed and customizable threat monitoring and investigation screens, workflows, and modules. Machine learning is enabling threat analytics applications to deliver more contextually-relevant and data-rich insights than has ever been possible in the past. Look for threat analytics vendors who offer intuitively designed and customizable threat monitoring features that provide insights into anomalous activity with a detailed timeline view. The best threat analytics vendors can identify the specific factors contributing to an anomaly for a comprehensive understanding of a potential threat, all from a single console. Security teams can then view system access, anomaly detection in high resolutions with analytics tools such as dashboards, explorer views, and investigation tools.
  • Must provide support for easy integration to Security Information and Event Management (SIEM) tools. Privileged access data is captured and stored to enable querying by log management and SIEM reporting tools. Make sure any threat analytics application you’re considering has installed, and working integrations with SIEM tools and platforms such as Micro Focus® ArcSight™, IBM® QRadar™, and Splunk® to identify risks or suspicious activity quickly.
  • Must Support Alert Notification by Integration with Webhook-Enabled Endpoints. Businesses getting the most value out of their threat analytics applications are integrating with Slack or existing onboard incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touch points and improving time to respond. When an alert event occurs, the threat analytics engine allows the user to send alerts into third-party applications via Webhook. This capability enables the user to respond to a threat alert and contain the impact of a breach attempt.

Conclusion 
CentrifyForresterGartner, and Verizon each have used different methodologies and reached the same conclusion from their research: privileged access abuse is the most commonly used tactic for hackers to exfiltrate sensitive data. Breaches based on privileged credential abuse are extremely difficult to stop, as these credentials often have the greatest levels of trust and access rights associated with them. Leveraging threat analytics applications using machine learning that is adept at finding anomalies in behavioral data and thwarting a breach by denying access is proving very effective against privileged credential abuse.

Companies, including Centrify, use risk scoring combined with adaptive MFA to empower a least-privilege access approach based on Zero Trust. This Zero Trust Privilege approach verifies who or what is requesting privileged access, the context behind the request, and the risk of the access environment to enforce least privilege. These are the foundations of Zero Trust Privilege and are reflected in how threat analytics apps are being created and improved today.

Analytics Are Empowering Next-Gen Access And Zero Trust Security

Employee identities are the new security perimeter of any business.

80% of IT security breaches involve privileged credential access according to a Forrester study. According to the Verizon Mobile Security Index 2018 Report, 89% of organizations are relying on just a single security strategy to keep their mobile networks safe. And with Gartner predicting worldwide security spending reaching $96B this year, up 8% from 2017, it’s evident enterprises must adopt a more vigilant, focused strategy for protecting every threat surface and access point of their companies. IT security strategies based on trusted and untrusted domains are being rendered insufficient as hackers camouflage their attacks through compromised, privileged credentials. It’s happening so often that eight in ten breaches are now the result of compromised employee identities.

Thus, taking a Zero Trust Security (ZTS) approach to ensure every potential threat surface and endpoint, both within and outside a company, is protected, has become vital in today’s dynamic threat landscape. ZTS is an essential strategy for any digital business whose perimeters flex in response to customer demand, are using the Internet of Things (IoT) sensors to streamline supply chain and production logistics, and have suppliers, sales teams, support, and services all using mobile apps.  ZTS begins with Next-Gen Access (NGA) by providing companies with the agility they need to secure applications, devices, endpoints, and infrastructure as quickly as needed to support company growth. Both NGA and ZTS are empowered by analytics to anticipate and thwart a wide variety of cyber threats, the most common of which is compromised credential access.

How NGA Leverages Analytics to Secure Every Endpoint

NGA validates every access attempt by capturing and quickly analyzing a wide breadth of data including user identity, device, device operating system, location, time, resource request, and several other factors. As NGA is designed to verify every user and access attempt, it’s foundational to attaining Zero Trust Security across an IT infrastructure. One of the fascinating areas of innovation in enterprise security today is the rapid adoption of analytics and machine learning for verifying users across diverse enterprise networks. NGA platforms calculate and assign a risk score to every access attempt, determining immediately if verified users will get immediate access to resources requested, or be asked to verify their identity further through Multi-Factor Authentication (MFA).

Machine learning-based NGA platforms including Centrify calculate a risk score that quantifies the relative level of trust based on every access attempt across an IT infrastructure. NGA platforms rely on machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline verified user’s access while thwarting many potential threats ― the most common of which is compromised credentials. IT security teams can combine the insights gained from machine learning, user profiles, and contextual intelligence to fine-tune the variables and attributes that calculate risk scores using cloud-enabled analytics services.  An example of Centrify’s Analytics Services dashboard is shown below:

Visibility and Analytics are a Core Pillar of ZTS

Analytics, machine learning and their combined potential to produce contextual intelligence, real-time risk scores, and secure company perimeters to the individual access attempt level need a continual stream of data to increase their accuracy. Forrester’s Zero Trust Framework, shown below, illustrates how an enterprise-wide ZTS security strategy encompasses workloads, networks, devices, and people.  NGA is the catalyst that makes ZTS scale into each of these areas. It’s evident from the diagram how essential visibility and analytics are to a successful ZTS strategy. NGA provides incident data including reports of anomalous or atypical login and attempted resource behavior. Visibility and analytics applications from IBM, Splunk, Sumologic, and others are relied on to aggregate the data, anticipating and predicting breaches and advanced attacks. The result is a ZTS security strategy that begins with NGA that flexes and scales to the individual perimeter level as a digital business grows.

Source: What ZTX Means For Vendors And Users, Forrester Research Blog, January 23, 2018., Chase Cunningham, Principal Analyst.

Conclusion

Every company, whether they realize it or not, is in a race against time to secure every threat surface that could be compromised and used to steal or destroy data and systems.  Relying on yesterday’s security technologies to protect against tomorrow’s sophisticated, well-orchestrated threats isn’t scaling. Reading through the Verizon Mobile Security Index 2018 Report illustrates why Zero Trust Security is the future. Improving visibility throughout the network and reducing the time to breach detection, stopping malware propagation and reducing the scope and cost of internal and regulatory-mandated compliance requirements are just a few of the business benefits. Analytics and machine learning are the fuel enabling NGA to scale and support ZTS strategies’ success today.

%d bloggers like this: