Skip to content

Posts tagged ‘centrify privileged access management’

Securing Machine Identities Needs To Be A Top Cybersecurity Goal In 2021

Bottom Line:  Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.

Why Machines Are the Most Challenging Threat Surface To Protect

Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.

The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.

According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.

Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.

Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.

The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:

Securing Machine Identities Needs To Be a Top Cybersecurity Goal In 2021

Machine Identities Are Networks’ Weakest Security Link 

According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.

Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:

  • The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
  • It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
  • There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.

How To Strengthen Machine Security

The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.

Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:

  • Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
  • Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
  • Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
  • Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.

Conclusion

Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.

Protecting Privileged Identities In A Post-COVID-19 World

Protecting Privileged Identities In A Post-COVID-19 World

Bottom Line: Every organization needs to digitally reinvent their business, starting at the system level to safely sell and serve customers with minimal physical interaction.

The hard reset every business is going through creates a strong sense of urgency to increase the agility, speed, and scale of selling, as well as customer service options that protect the health of employees, customers, and partners. Customer experience needs to be the cornerstone of digital transformation, with the customers’ health and welfare being the highest priority. Businesses need to realize that digitally reinventing themselves is no longer optional. Every customer-facing system is going to need the best infrastructure, security, and stability for any business to survive and grow.

Securing Infrastructure Needs To Come First

COVID-19 was a wake-up call that companies need to operate as multi-channel players, allowing for physical but, more importantly, virtual presence. For instance, in retail, only those that will step up their efforts in building on-line ordering and associated nation-wide logistics networks will survive in the longer-term. If the cloud was considered an option in the past, it now is mandatory. In turn, the need for security has increased.

Starting with infrastructure, hybrid- and multi-cloud environments need to be augmented with additional system support, new apps, and greater security to support the always-on nature of competing in a virtual world. Providing self-service sales and support across any device at any time and keeping all systems synchronized is going to take more real-time integration, better security, more precise pricing, and so much more.

Consumer electronics manufacturers’ biggest challenge is reinventing their infrastructure while selling and serving customers at the same time. Part of their biggest challenge is protecting privileged access credentials that have become fragmented across hybrid- and multi-cloud environments. Everyone I’ve spoken with is balancing the urgent need for new revenue through new channels on the one hand with intensity to secure infrastructure and the most valuable security assets of all, privileged access credentials.

According to a 2019 study by Centrify among 1,000 IT decision-makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. These are typically used by a small set of technical personnel to access the most critical systems in the IT estate, including modern technologies such as cloud, DevOps, microservices, and more. The CIO of a local financial services and insurance company, who is a former student and friend, told me that “it’s often said that privileged access credentials are the keys to the kingdom, and in these turbulent times they’re the keys to keeping any business running.”

CIOs, CISOs, and their teams are focusing on four key areas today while digitally reinventing themselves to provide more flexible options for customers:

  • Secure every new self-service selling and service channel from breaches.
  • Fast-track cloud projects to become 100% virtual and available.
  • Simplify infrastructure management by integrating IT and Operations Management across hybrid and multi-cloud environments.
  • Improve compliance reporting as well as reduce audit costs and associated fines.

Legacy Privileged Access Management (PAM) Can’t Scale For Today’s Threats

Sophisticated social engineering and breach attempts are succeeding in misdirecting human responses to cyber threats, gaining access to valuable privileged access credentials in the process. Legacy PAM systems based on vaulting away shared and root passwords aren’t designed to protect hybrid cloud and multi-cloud environments. These DevOps systems include containers and microservices, APIs, machines, or services. Furthermore, multi-cloud environments create additional challenges because access management tools used for one vendor cannot be used with another.

Switching from in-person to self-service selling and service creates new challenges and an entirely new series of requirements for identity and access management. These requirements include securing a continually-increasing number of workloads that cause the amount of data in the cloud to grow exponentially. There’s also the need to centralize identities for consistent access controls across hybrid and multi-cloud environments – all happening while a business is busy digitally reinventing itself. Compounding all of these challenges is the need to excel at delivering an excellent user experience without sacrificing security in an increasingly self-service, always-on, 24/7 world.

Securing Privileged Access In A Post-COVID-19 World

If you’re looking for a sure sign any business will be around and growing in twelve months, look at how fast they are digitally reinventing themselves at the infrastructure level and protecting privileged access credentials first. Digital-first businesses are taking a more adaptive approach to consistently controlling access to hybrid infrastructure for both on-premises and remote users now.

Centrify and others are making rapid progress in this area, with Centrify’s Identity-Centric PAM taking a “never trust, always verify, enforce least privilege” approach to securing privileged identities. Centrify’s approach to Identity-Centric PAM establishes per-machine trust so it can defend itself from illegitimate users – whether human or machine  – or those without the right entitlements. It then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment as is illustrated in the graphic below:

Protecting Privileged Identities In A Post-COVID-19 World

Conclusion

Improving customer experiences needs to be at the center of any digital transformation effort. As every business digitally transforms itself to survive and grow in a post-COVID-19 world out of necessity, they must also improve how they secure access to their cloud and on-premises infrastructure. Legacy PAM was designed for a time when all privileged access was constrained to resources inside the network, accessed by humans, using shared/root accounts.

Legacy PAM was not designed for cloud environments, DevOps, containers, or microservices. Furthermore, privileged access requesters are no longer limited to just humans, but also include machines, services, and APIs.

Privileged access requesters need greater agility, adaptability, and speed to support DevOps’ growing roadmap of self-service and increasingly safer apps and platforms. While privileged identities must be protected, DevOps teams need as much agility and speed as possible to innovate at the rapidly changing pace of how customers choose to buy in a post-COVID-19 world.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
  • 71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

  • Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud providers’. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

Why Manufacturing Supply Chains Need Zero Trust

  • According to the 2019 Verizon Data Breach Investigation Report, manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, whereby most breaches involve Phishing and the use of stolen credentials.
  • 50% of manufacturers report experiencing a breach over the last 12 months, 11% of which were severe according to Sikich’s 5th Manufacturing and Distribution Survey, 2019.
  • Manufacturing’s most commonly data compromised includes credentials (49%), internal operations data (41%), and company secrets (36%) according to the 2019 Verizon Data Breach Investigation Report.
  • Manufacturers’ supply chains and logistics partners targeted by ransomware which have either had to cease operations temporarily to restore operations from backup or have chosen to pay the ransom include Aebi SchmidtASCO Industries, and COSCO Shipping Lines.

Small Suppliers Are A Favorite Target, Ask A.P. Møller-Maersk

Supply chains are renowned for how unsecured and porous they are multiple layers deep. That’s because manufacturers often only password-protect administrator access privileges for trusted versus untrusted domains at the operating system level of Windows NT Server, haven’t implemented multi-factor authentication (MFA), and apply a trust but verify mindset only for their top suppliers. Many manufacturers don’t define, and much less enforce, supplier security past the first tier of their supply chains, leaving the most vulnerable attack vectors unprotected.

It’s the smaller suppliers that hackers exploit to bring down many of the world’s largest manufacturing companies. An example of this is how an accounting software package from a small supplier, Linkos Group, was infected with a powerful ransomware agent, NotPetya, bringing one of the world’s leading shipping providers,  A.P. Møller-Maersk, to a standstill. Linkos’ Group accounting software was first installed in the A.P. Møller-Maersk offices in Ukraine. The NotPetya ransomware was able to take control of the local office servers then propagate itself across the entire A.P. Møller-Maersk network. A.P. Møller-Maersk had to reinstall their 4,000 servers, 45,000 PCs, and 2500 applications, and the damages were between $250M to $300M. Security experts consider the ransomware attack on A.P. Møller-Maersk to be one of the most devastating cybersecurity attacks in history. The Ukraine-based group of hackers succeeded in using an accounting software update from one of A.P. Møller-Maersk’s smallest suppliers to bring down one of the world’s largest shipping networks. My recent post, How To Deal With Ransomware In A Zero Trust World explains how taking a Zero Trust Privilege approach minimizes the risk of falling victim to ransomware attacks. Ultimately, treating identity as the new security perimeter needs to be how supply chains are secured. The following geographical analysis of the attack was provided by CargoSmart, showing how quickly NotPetya ransomware can spread through a global network:

CargoSmart provided a Vessel Monitoring Dashboard to monitor vessels during this time of recovery from the cyber attack.

Supply Chains Need To Treat Every Supplier In Their Network As A New Security Perimeter

The more integrated a supply chain, the more the potential for breaches and ransomware attacks. And in supply chains that rely on privileged access credentials, it’s a certainty that hackers outside the organization and even those inside will use compromised credentials for financial gain or disrupt operations. Treating every supplier and their integration points in the network as a new security perimeter is critical if manufacturers want to be able to maintain operations in an era of accelerating cybersecurity threats.

Taking a Zero Trust Privilege approach to securing privileged access credentials will help alleviate the leading cause of breaches in manufacturing today, which is privileged access abuse. By taking a “never trust, always verify, and enforce least privilege” approach, manufacturers can protect the “keys to the kingdom,” which are the credentials hackers exploit to take control over an entire supply chain network.

Instead of relying on trust but verify or trusted versus untrusted domains at the operating system level, manufacturers need to have a consistent security strategy that scales from their largest to smallest suppliers. Zero Trust Privilege could have saved A.P. Møller-Maersk from being crippled by a ransomware attack by making it a prerequisite that every supplier must have ZTP-based security guardrails in place to do business with them.

Conclusion

Among the most porous and easily compromised areas of manufacturing, supply chains are the lifeblood of any production business, yet also the most vulnerable. As hackers become more brazen in their ransomware attempts with manufacturers and privileged access credentials are increasingly sold on the Dark Web, manufacturers need a sense of urgency to combat these threats. Taking a Zero Trust approach to securing their supply chains and operations, helps manufacturers to implement least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, manufacturers can minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs for the modern, hybrid manufacturing enterprise.

How To Deal With Ransomware In A Zero Trust World

  • Lake City, Florida’s city government paid ransomware attackers about $530,000 or 42 Bitcoins, to restore access to systems and data last month.
  • The City of Riviera Beach, Florida, paid ransomware attackers about $600,000 to regain access to their systems last month.
  • Earlier this month, LaPorte County, Indiana paid over $130,000 worth of Bitcoins to ransomware hackers to regain access to part of its computer systems.
  • This week, Louisiana Governor John Bel Edwards activated a state of emergency in response to a wave of ransomware infections that have hit multiple school districts in North Louisiana.

The recent ransomware attacks on Lake City, FloridaRiviera Beach, FloridaLaPorte County, Indiana, the City of Baltimore, Maryland, and a diverse base of enterprises including Eurofins ScientificCOSCONorsk Hydro, the UK Police Federation, and Aebi Schmidt reflect higher ransoms are being demanded than in the past to release high-value systems. There’s been a 44% decline in the number of organizations affected by ransomware in the past two years, yet an 89% increase in ransom demands over the last 12 months according to the Q1, 2019 Ransomware Marketplace Report published by Coveware. The Wall Street Journal’s article “How Ransomware Attacks Are Forcing Big Payments From Cities, Counties” provides an excellent overview of how Ryuk, a ransomware variant, works and is being used to hold unprepared municipalities’ IT networks for ransom.

How To Handle A Ransomware Attack

Interested in learning more about ransomware and how to help municipalities and manufacturers protect themselves against it, I attended Centrify’s recent webinar, “5 Steps To Minimize Your Exposure To Ransomware Attacks”. Dr. Torsten George, noted cybersecurity evangelist, delivered a wealth of insights and knowledge about how any business can protect itself and recover from a ransomware attack. Key insights from his webinar include the following:

  • Ransomware attackers are becoming more sophisticated using spear-phishing emails that target specific individuals and seeding legitimate websites with malicious code – it’s helpful to know the anatomy of an attack. Some recent attacks have even started exploiting smartphone vulnerabilities to penetrate corporate networks, according to Dr. George. The following graphic from the webinar explains how attackers initiate their ransomware attempts by sending a phishing email that might include a malicious attachment or link that leads to a malicious website. When a user clicks on the file/webpage, it unloads the malware and starts executing. It then establishes communications to the Command and Control Server – more often than not via TOR, which is free, open-source software for enabling anonymous communication. In the next step, the files get encrypted, and the end-user gets the infamous ransomware screen. From there on, communications with the end-user is done via TOR or similar technologies. Once the ransom is paid – often via Bitcoin to avoid any traces to the attacker – the private key is delivered to the users to regain access to their data.

  • To minimize the impact of a ransomware attack on any business, Business Continuity and Prevention strategies need to be in place now. A foundation of any successful Business Continuity strategy is following best practices defined by the U.S. Government Interagency Technical Guidance. These include performing regular data backup, penetration testing, and secure backups as the graphic below illustrate:

  • There are six preventative measures every business can take today to minimize the risk and potential business disruption of ransomware, according to the U.S. Government Interagency Technical Guidelines and FBI. One of the most valuable insights gained from the webinar was learning about how every business needs to engrain cybersecurity best practices into their daily routines. Calling it “cyber hygiene,” Dr. George provided insights into the following six preventative measures:

  • Stopping privileged access abuse with a Zero Trust Privilege-based approach reduces ransomware attacks and breaches’ ability to proliferate. Centrify found that 74% of all data breaches involve access to a privileged account. In a separate study, The Forrester Wave™: Privileged Identity Management, Q4 2018, (PDF, 19 pp., no opt-in) found that at least 80% of data breaches have a connection to compromised privileged credentials. Dr. George observed that hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials. Zero Trust Privilege requires granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.
  • One of the most valuable segments of the webinar covered five steps for minimizing an organization’s exposure to ransomware taking a Zero Trust-based approach. The five steps that every organization needs to consider how to reduce the threat of ransomware includes the following:
  1. Immediately Establish A Secure Admin Environment. To prevent malware from spreading during sessions that connect servers with privileged access, establish policies that only authorize privileged access from a “clean” source. This will prevent direct access from user workstations that are connected to the Internet and receive external email messages, which are too easily infected with malware.
  2. Secure remote access from a Zero Trust standpoint first, especially if you are working with remote contractors, outsourced IT, or development staff. When remote access is secured through a Zero Trust-based approach, it alleviates the need for a VPN and handles all the transport security between the secure client and distributed server connector gateways. Ransomware can travel through VPN connections and spread through entire corporate networks. Taking advantage of a reverse proxy approach, there is no logical path to the network, and ransomware is unable to spread from system to the network.
  3. Zoning off access is also a must-have to thwart ransomware attacks from spreading across company networks. The webinar showed how it’s a very good idea to create and enforce a series of access zones that restrict access by privileged users to specific systems and requires multi-factor authentication (MFA) to reach assets outside of their zone. Without passing an MFA challenge, ransomware can’t spread to other systems.
  4. Minimizing attack surfaces is key to stopping ransomware. Minimizing attack surfaces reduces ransomware’s potential to enter and spread throughout a company’s network. Dr. George made the point that vaulting away shared local accounts is a very effective strategy for minimizing attack surfaces. The point was made that ransomware does not always need elevated privileges to spread, but if achieved, the impact will be much more damaging.
  5. Least Privilege Access is foundational to Zero Trust and a must-have on any network to protect against ransomware. When least privilege access is in place, organizations have much tighter, more granular control over which accounts and resources admin accounts and users have access to. Ransomware gets stopped in its tracks when it can’t install files or achieve least privilege access to complete installation of a script or code base.

Conclusion

Ransomware is the latest iteration of a criminal strategy used for centuries for financial gain. Holding someone or something for ransom has now graduated to holding entire cities and businesses hostage until a Bitcoin payment is made. The FBI warns that paying ransomware attackers only fuels more attacks and subsidizes an illegal business model. That’s why taking the preventative steps provided in the Centrify webinar is something every business needs to consider today.

Staying safe from ransomware in the modern threatscape is a challenge, but a Zero Trust Privilege approach can reduce the risk your organization will be the next victim forced to make a gut-wrenching decision of whether or not to pay a ransom.

Roadmap To Zero Trust For Small Businesses

Bottom Line:  Small businesses don’t need to sacrifice security due to budget constraints or productivity requirements – a Zero Trust roadmap can help them keep growing and stop breaches.

Having worked my way through college in a series of small businesses and having neighbors and friends who operate several today, I see how cloud, databases, and network devices save thousands of dollars, hours of tedious work, and streamline operations. Good friends running an AI startup, whose remarkable ability to turn whiteboard discussions into prototypes in a day, are a case in point. Keeping breach attempts from interrupting their growth needs to start with a roadmap to Zero Trust so these businesses can keep flourishing.

Defining A Zero Trust Roadmap

Most successful small businesses and my friends’ growing startup share the common trait of moving at a quick pace. They’re hiring new employees, contractors and adding new locations in days, not months. The startups and small businesses I work with are adding experts in AI, development, machine learning, sales, and marketing from around the world quickly. Each new employee, contractor, and occasional supplier receives their account login to cloud systems used for running the business, and then they’re given their first assignments.

Small Businesses Don’t Need To Sacrifice Speed For Security

Small businesses and startups run so fast there’s often a perception that achieving greater security will slow them down. In a Zero Trust world, they don’t need to spend a lot of sacrifice speed for security. Following a Zero Trust roadmap can protect their systems, valuable intellectual property, and valuable time by minimizing the risk of falling victim to costly breaches.

Here’s what small businesses and startups need to include on their Zero Trust roadmaps to reduce the potential for time-consuming, costly breaches that could steal not just data but market momentum too:

  • Put Multi-Factor Authentication (MFA) into place for every contractor, admin user, and partner account immediately. Implementing MFA is highly recommended as it can reduce the risk of privileged access credential abuse. A recent survey by Centrify found that 74% of all breaches involved privileged access abuse. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
  • Get a shared account and password vault to reduce the risk of being breached by privileged access abuse. Password vaults are a must-have for any business that relies on intellectual property (IP), patents, source code under development, and proprietary data that is pivotal to the company’s growth. Vaults make sure only trusted applications can request privileged account credentials by first identifying, then validating system accounts before passwords are retrieved. Another major advantage of vaults is that they minimize attack surfaces for small businesses and startups.
  • Secure Remote Access needs to be in place to ensure employee, contractor, and IT systems contractors are given least privilege access to only the resources they need. Small businesses and startups growing fast often don’t have the expertise on staff to manage their IT systems. It’s cheaper for many to have an IT service manage server maintenance, upgrades, and security. Secure Remote Access is predicated on the “never trust, always verify, enforce least privilege” Zero Trust approach to grant access to specific resources.
  • Implement real-time audit and monitoring to track all privileged sessions and metadata auditing everything across all systems to deliver a comprehensive picture of intentions and outcomes. Creating and adding to an ongoing chronology of login and resource attempts is invaluable for discovering how a security incident first gets started, and for meeting compliance requirements. It’s much easier to identify and thwart privileged credential abuse based on the insights gained from the single system of record a real-time audit and monitoring service creates. As small businesses and startups grow, the data that real-time audits and monitoring generate are invaluable in proving privileged access is controlled and audited to meet the regulatory compliance requirements of SOX, HIPAA, FISMA, NIST, PCI, MAS, and other regulatory standards.
  • Privileged access credentials to network devices need to be part of the Zero Trust Roadmap. Small businesses and startups face a continual time shortage and sometimes forget to change the manufacturer default passwords which are often weak and well known in the hacker community. That’s why it needs to be a priority to include the network device portfolio in A Zero Trust Privilege-based security roadmap and strategy. Security admins need to have these included in the shared account and passwords vault.

Conclusion

The five factors mentioned here are the start of building a scalable, secure Zero Trust roadmap that will help alleviate the leading cause of breaches today, which is privileged access credential abuse. For small businesses who are outsourcing IT and security administration, the core elements of the Zero Trust roadmap provide them the secure login and a “never trust, always verify, enforce least privilege” strategy that can scale with their business. With Zero Trust Privilege, small businesses and startups will be able to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment

Top 10 Cybersecurity Companies To Watch In 2019

Today’s Threatscape Has Made “Trust But Verify” Obsolete 

The threatscape every business operates in today is proving the old model of “trust but verify” obsolete and in need of a complete overhaul. To compete and grow in the increasingly complex and lethal threatscape of today, businesses need more adaptive, contextually intelligent security solutions based on the Zero Trust Security framework. Zero Trust takes a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. John Kindervag was the first to see how urgent the need was for enterprises to change their approach to cybersecurity, so he created the Zero Trust Security framework in 2010 while at Forrester. Chase Cunningham, Principal Analyst at Forrester, is a mentor to many worldwide wanting to expand their knowledge of Zero Trust and frequently speaks and writes on the topic. If you are interested in cybersecurity in general and Zero Trust specifically, be sure to follow his blog.

AI and machine learning applied to cybersecurity’s most significant challenges is creating a proliferation of commercially successful, innovative platforms. The size and scale of deals in cybersecurity continue to accelerate with BlackBerry’s acquisition of Cylance for $1.4B in cash closing in February of this year being the largest. TD Ameritrade’s annual survey of registered investment advisors (RIA) showed nearly a 6X jump in cybersecurity investments this year compared to 2018.

The top ten cybersecurity companies reflect the speed and scale of innovation happening today that are driving the highest levels of investment this industry has ever seen. The following are the top ten cybersecurity companies to watch in 2019:

Absolute (ABT.TO)  – One of the world’s leading commercial enterprise security solutions, serving as the industry benchmark for endpoint resilience, visibility, and control. The company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the network, and the ultimate level of control and confidence required for the modern enterprise. Embedded in over one billion endpoint devices, Absolute delivers intelligence and real-time remediation capabilities that equip enterprises to stop data breaches at the source.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $124B will be spent on security in 2019 aloneAbsolute’s 2019 Endpoint Security Trends Report finds that much of that spend is in vain, however, revealing that 70% of all breaches still originate on the endpoint. The problem is complexity at the endpoint – it causes security agents to fail invariably, reliably, and predictably.

Absolute’s research found that 42% of all endpoints are unprotected at any given time, and 100% of endpoint security tools eventually fail. As a result, IT leaders see a negative ROI on their security spend. What makes Absolute one of the top 10 security companies to watch in 2019 is their purpose-driven design to mitigate this universal law of security decay.

Enterprises rely on Absolute to cut through the complexity to identify failures, model control options, and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures. The following is an example of the Absolute platform at work:

BlackBerry Artifical Intelligence and Predictive Security  –  BlackBerry is noteworthy for how quickly they are reinventing themselves into an enterprise-ready cybersecurity company independent of the Cylance acquisition. Paying $1.4B in cash for Cylance brings much-needed AI and machine learning expertise to their platform portfolio, an acquisition that BlackBerry is moving quickly to integrate into their product and service strategies. BlackBerry Cylance uses AI and machine learning to protect the entire attack surface of an enterprise with automated threat prevention, detection, and response capabilities. Cylance is also the first company to apply artificial intelligence, algorithmic science, and machine learning to cyber security and improve the way companies, governments, and end users proactively solve the world’s most challenging security problems. Using a breakthrough mathematical process, BlackBerry Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, BlackBerry Cylance provides the technology and services to be truly predictive and preventive against advanced threats. The following screen from CylancePROTECT provides an executive summary of CylancePROTECT usage, from the number of zones and devices to the percentage of devices covered by Auto-Quarantine and Memory Protection, Threat Events, Memory Violations, Agent Versions, and Offline Days for devices.

Centrify –  Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. Industry research firm Gartner predicted Privileged Access Management (PAM) to be the second-fastest growing segment for information security and risk management spending worldwide in 2019 in their recent Forecast Analysis: Information Security and Risk Management, Worldwide, 3Q18 Update (client access required). By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. PAM was also named a Top 10 security project for 2019 in Gartner’s Top 10 Security Projects for 2019 (client access required).
CloudFlare –  Cloudflare is a web performance and security company that provides online services to protect and accelerate websites online. Its online platforms include Cloudflare CDN that distributes content around the world to speed up websites, Cloudflare Optimizer that enables web pages with ad servers and third-party widgets to download Snappy software on mobiles and computers, CloudFlare Security that protects websites from a range of online threats including spam, SQL injection, and DDOS, Cloudflare Analytics that gives insight into website’s traffic including threats and search engine crawlers, Keyless SSL that allows organizations to keep secure sockets layer (SSL) keys private, and Cloudflare applications that help its users install web applications on their websites.

CrowdStrike – Applying machine learning to endpoint detection of IT network threats is how CrowdStrike is differentiating itself in the rapidly growing cybersecurity market today. It’s also one of the top 25 machine learning startups to watch in 2019. Crowdstrike is credited with uncovering Russian hackers inside the servers of the US Democratic National Committee. The company’s IPO was last Tuesday night, with an initial $34/per share price. Their IPO generated $610M at a valuation at one point reaching nearly $7B. Their Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Threat Graph provides real-time analysis of data from endpoint events across the global crowdsourcing community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.

Hunters.AI – Hunters.AI excels at autonomous threat hunting by capitalizing on its autonomous system that connects to multiple channels within an organization and detects the signs of potential cyber-attacks. They are one of the top 25 machine learning startups to watch in 2019. What makes this startup one of the top ten cybersecurity companies to watch in 2019 is their innovative approach to creating AI- and machine learning-based algorithms that continually learn from an enterprise’s existing security data. Hunters.AI generates and delivers visualized attack stories allowing organizations to more quickly and effectively identify, understand, and respond to attacks. Early customers, including Snowflake Computing, whose VP of Security recently said, “Hunters.AI identified the attack in minutes. In my 20 years in security, I have not seen anything as effective, fast, and with high fidelity as what Hunters can do.”  The following is a graphic overview of how their system works:

Idaptive – Idaptive is noteworthy for the Zero Trust approach they are taking to protecting organizations across every threat surface they rely on operate their businesses dally. Idaptive secures access to applications and endpoints by verifying every user, validating their devices, and intelligently limiting their access. Their product and services strategy reflects a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. The Idaptive Next-Gen Access platform combines single single-on (SSO), adaptive multifactor authentication (MFA), enterprise mobility management (EMM) and user behavior analytics (UBA). They have over 2,000 organizations using their platform today. Idaptive was spun out from Centrify on January 1st of this year.

Kount – Kount has successfully differentiated itself in an increasingly crowded cybersecurity marketplace by providing fraud management, identity verification and online authentication technologies that enable digital businesses, online merchants and payment service providers to identify and thwart a wide spectrum of threats in real-time. Kount has been able to show through customer references that their customers can approve more orders, uncover new revenue streams, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with policy and rules management, their customers thwart online criminals and bad actors driving them away from their site, their marketplace and off their network. Kount’s continuously adaptive platform learns of new threats and continuously updates risk scores to further thwart breach and fraud attempts. Kount’s advances in both proprietary techniques and patented technology include: Superior mobile fraud detection, Advanced artificial intelligence, Multi-layer device fingerprinting, IP proxy detection and geo-location, Transaction and custom scoring, Global order linking, Business intelligence reporting, Comprehensive order management, Professional and managed services. Kount protects over 6,500 brands today.

MobileIron –  The acknowledged leader in Mobile Device Management software, MobileIron’s latest series of developments make them noteworthy and one of the top ten cybersecurity companies to watch in 2019.   MobileIron was the first to deliver key innovations such as multi-OS mobile device management (MDM), mobile application management (MAM), and BYOD privacy controls. Last month MobileIron introduced zero sign-on (ZSO), built on the company’s unified endpoint management (UEM) platform and powered by the MobileIron Access solution. “By making mobile devices your identity, we create a world free from the constant pains of password recovery and the threat of data breaches due to easily compromised credentials,” wrote Simon Biddiscombe, MobileIron’s President and Chief Executive Officer in his recent blog post, Single sign-on is still one sign-on too many. Simon’s latest post, MobileIron: We’re making history by making passwords history, provides the company’s vision going forward with ZSO. Zero sign-on eliminates passwords as the primary method for user authentication, unlike single sign-on, which still requires at least one username and password. MobileIron paved the way for a zero sign-on enterprise with its Access product in 2017, which enabled zero sign-on to cloud services on managed devices. Enterprise security teams no longer have to trade off security for better user experience, thanks to the MobileIron Zero Sign-On.

Sumo Logic – Sumo Logic is a fascinating cybersecurity company to track because it shows the ability to take on large-scale enterprise security challenges and turn them into a competitive advantage. An example of this is how quickly the company achieved FedRAMP Ready Designation, getting listed in the FedRAMP Marketplace. Sumo Logic is a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semi-structured, and unstructured data across the entire application lifecycle and stack. More than 2,000 customers around the globe rely on Sumo Logic for the analytics and insights to build, run, and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a multi-tenant, service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value, and growth. Founded in 2010, Sumo Logic is a privately held company based in Redwood City, Calif. and is backed by Accel Partners, Battery Ventures, DFJ, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures and Tiger Global Management.

%d bloggers like this: