Posts tagged ‘Centrify’

Apr 22

Machines Protecting Themselves Is The Future Of Cybersecurity

Bottom Line: Existing approaches to securing IT infrastructure are proving unreliable as social engineering and breach attempts succeed in misdirecting human responses to cyber threats, accentuating the need for machines to protect themselves.

Any nations’ digital infrastructure and the businesses it supports are its most vital technology resources, as the COVID-19 pandemic makes clear. Cybercriminal and advanced persistent threat (APT) groups are attempting to capitalize on the disruption that COVID-19 is creating to engage in malicious cyber activity. It’s become so severe that the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert, COVID-19 Exploited by Malicious Cyber Actors earlier this month.

“If you’re in the Department of Defense, your doctrine says land, sea, air, space, cyber. An entirely new domain of warfare, but fundamentally, an entirely new domain of human existence. That’s really disruptive,” said General Michael Hayden during his keynote at the 2017 Institute for Critical Infrastructure Technology (ICIT) Winter Summit. General Hayden’s comments are prescient of the world in 2020.

In the same keynote, he said that it’s essential that cyber-threats and the actors carrying them out be treated as invading armies and cyber-attacks be considered an act of war. “We self-organize and use business models to guide our self-organization,” General Hayden said. “We will have to rely on ourselves and the private sector in a way that we have not relied on ourselves for security.”

General Hayden’s’ comments are a call to action to the private sector to take the initiative and innovate quickly to secure the cyber-domain. Machines protecting themselves is an area noteworthy for its innovative technologies for securing IT infrastructures and the networks that comprise them.

Exploring An Approach to How Machines Protect Themselves

Wanting to learn more about how machines would be able to protect themselves automatically, I spoke with Centrify’s Chief Strategy Officer, David McNeely. He explained that one of the best ways is to have a client that is an integral part of any operating system act as an intermediary that establishes a trusted identity for each client system on a network. The client would then be able to authenticate every login attempt and request for resources by verifying each login through an authoritive security management platform such as Active Directory (AD).

McNeely explained how Centrify’s approach to having machines protect themselves using clients integrated with operating systems. “The client is designed to enable the computer to authenticate users. It must have a trusted relationship with the authoritative identity service in the organization that manages user accounts, this is usually Active Directory. The computer account and trust relationship is what enables strong authentication of user login requests” he said.

He continued, “Self-defending machines address the paradigm shift occurring in cybersecurity today where protection cannot be enforced at the network boundary. In the past, trusted networks were defined by administrators using network protection tools such as VLANs, firewalls and VPNs in order to protect a group of machines on that network. With self-defending machines, it’s possible to implement a true Zero Trust approach more fully where the network cannot be trusted.”

The following is a graphic of how Centrify is approaching machine-to-machine Zero Trust across distributed environments:

Centrify’s approach is based on servers protecting themselves by enforcing a policy defined by IT administrators as stored in Active Directory (AD) or Centrify’s Privileged Access Service. Clients then carry out the orders, enforcing centrally managed policies for each of the following scenarios:

Define who can login, making sure only authorized personnel are allowed access.
Whether clients should initiate the process of enforcing MFA or not, to make sure the login attempt isn’t a bot, fake ID, or incorrect human.
Whether audit is required or not of the login session and if so, what conditions define if it should be recorded or not.
Which privileges are granted to each user and for how long once they’ve gained access to systems.

Why The NIST 800-207 Standard Matters

The National Institute of Standards and Technology (NIST) has defined Zero Trust architecture as a set of guiding principles that organizations can use to improve their security posture. You can view the publication online here: NIST Zero Trust Special Publication 800-207, Zero Trust Architecture (PDF, 58 pp., no opt-in).

Organizations need to continually evaluate their existing cybersecurity defenses in light of the Tenets of Zero Trust in order to continually improve their security postures. The NIST standard underscores the importance of how security architecture matters. For example, defenses to protect assets need to be as close to the asset as possible, much like in a war. In this new era of cyberwarfare, soldiers will need their own body armor and tools to defend against an adversary. Similarly, it is important to arm each server with appropriate defenses to protect against cyberthreats.

Conclusion

General Hayden’s challenge to private industry to pick up the pace of innovation so the nations’ cyber-domain is secure resonates with every cybersecurity company I’ve spoken with. One of the most noteworthy is Centrify, who has devised an enterprise-ready approach for machines to protect themselves across infrastructure and network configurations. It’s Identity-Centric approach to authenticating every login attempt and request for resources by verifying each login – through Active Directory (AD) or the cloud-based, FedRAMP-authorized Centrify Privileged Access Service – differentiates its approach from other cybersecurity vendors attempting to empower machine self-defense.

Mar 18

Why Your Biometrics Are Your Best Password

Bottom Line: Biometrics are proving to be better than passwords because they’re easier to use, provide greater privacy and security, and are gaining standardization across a broad base of mobile, desktop, and server devices that users rely on to access online services.

In keeping with the theme of this year’s RSA Conference of Human Element, vendors offering passwordless authentication were out in force. Centrify, Entrust Datacard, HID Global, Idaptive, ImageWare, MobileIron, Thales, and many others promoted their unique approaches to passwordless authentication, leveraging the FIDO2 standard. FIDO2 is the latest set of specifications from the FIDO Alliance, an industry standards organization that provides interoperability testing and certification for servers, clients, and authenticators that meet FIDO2 specifications.

The Alliance has introduced a new Universal Server certification for servers that interoperate with all FIDO authenticator types (FIDO UAF, WebAuthn, and CTAP). The following graphic explains how the FIDO2 architecture authenticates every account requesting access to resources on a secured system:

The security industry has been trying to kill the password for decades. It has long been viewed as a weakness, primarily because of the human element: people continue to use weak passwords, on multiple accounts, at work, and in their personal lives. 81% of data breaches involve weak, stolen, default, or otherwise compromised credentials, according to a Verizon Data Breach Investigations Report.

Usernames and passwords (“something you know”) was the best factor of authentication available for decades yet didn’t provide enough of a barrier to hackers. Then came two-factor authentication, which added “something you have” as a second factor, such as a smartphone, key card, token, or other tangible item associated with the user.

Today everyone lives in a multi-factor authentication (MFA) world where cybersecurity technologists have added another factor: “something you are.” This is where biometrics come in, and facial recognition, fingerprint scanning, retinal scanning, and other forms of bio-identification have become normal thanks to technologies like Apple’s Touch ID and Face ID. Many people have already been using these technologies for years on their iPhones.

The reality is that these additional factors based on “something you have” or “something you are” are both much stronger than “something you know,” such as a password or PIN. Not only can the latter be easily stolen, guessed, or phished for, but authentication based on biometrics is very hard to fake or duplicate.

In short, by using the two newer factors of authentication, everyone who uses an electronic device daily is moving closer to a passwordless reality. Cybersecurity technologists are going to continue making authentication easier and more secure to improve user experiences and reduce the threat of a breach.

Privileged Admin Passwords Need To Be The First To Go

Key lessons learned from visiting with the 30 or so vendors who claimed to support passwordless authentication include the following:

Centrify was the only vendor who prioritized enforcing FIDO2-based privileged administrator logins. It was also one of the few that specifically mentioned support for Apple’s Touch ID and Face ID, as well as Windows Hello, showing full support for the FIDO2 standard.
Windows Hello and Windows Hello for Business are table stakes in passwordless authentication, all vendors claim and can demo this capability.
Combining multiple forms of biometrics is proving problematic for the majority of vendors, as evidenced by the inconsistent demos on the show floor. No one could conclusively demo multiple types of biometrics for their solutions on the fly in a demo environment while at RSA. Of the many vendors claiming this capability, Centrify’s approach is the most unique in that privileged user identities are verified, satisfying a valuable pillar of its Identity-Centric PAM approach.
All vendors claiming FIDO2 compliance were able to demonstrate Apple’s Touch ID electronic fingerprint recognition, while Apple Face ID facial recognition product demos were hit or miss. If you are evaluating biometrics vendors who claim FIDO2 compliance be sure to stress-test facial recognition, as the demos on the show floor made it clear there’s work to do in this area.
Product management teams have been studying the NIST 800-53 high-assurance authentication controls standard and integrating it into their roadmaps. The 170 controls that comprise the NIST 800-53 standard are being adopted quickly across the vendors who claim passwordless authentication as a core strength in their product strategies. Using biometrics eliminates the risk of credential theft techniques and provides better alignment with the NIST 800-53 high-assurance authentication controls standard.
Vendors are at varying levels of maturity when it comes to being able to capitalize on the metadata biometrics provides, with a few claiming to have real-time analytics. Every vendor had a different response to how they manage the massive amount of metadata being generated by their biometrics, which all claim also to support analytics. After speaking with the vendors at RSA, analytics used to authenticate rather than just report activity is far more effective. I had a chance to talk to Dr. Torsten George, Cybersecurity Evangelist at Centrify, who said, “Centrify’s support for the FIDO2 standard is a direct result of our ongoing commitment to our customers and their requests for biometric authentication of privileged user identities. Combining our support for the FIDO2 standard with our existing multi-factor authentication and real-time analytics capabilities, we’re able to greatly reduce the risk of security breaches that might exploit weak, default, or stolen privileged credentials.”

Conclusion

RSA’s theme Human Element was prescient from the heavy emphasis on passwordless authentication at this year’s conference. FIDO2 is getting solid support across the cybersecurity vendors who chose to exhibit there, which is great for enterprises, organizations, and small businesses who need to defend themselves. Of the many vendors there, Centrify’s approach stood out based on its unique approach to authenticating privileged user identities for its Identity-Centric PAM platform.

FIDO2 ultimately makes security stronger and less disruptive because it can not only eliminate passwords but also make the user experience more seamless and less likely to be circumvented. Passwordless authentication ensures that login credentials are unique across every website, never stored on a server, and never leave the user’s device. This security model helps eliminate the risks of phishing, as well as all forms of password theft and replay attacks.

We’re closer than ever before to the elusive goal of a passwordless future.

Feb 3

Top 10 Cybersecurity Companies To Watch In 2020

Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast.
Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems.
Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR.
Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019.

AI, Machine Learning And The Race To Improve Cybersecurity

The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries.

The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud.

The following are the top ten cybersecurity companies to watch in 2020:

Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value.

Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints.

Centrify – Centrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure.

Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials.

Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel.

Infoblox – Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability, and automation, Infoblox can cut manual tasks by 70% and make organizations’ threat analysts 3x more productive.

While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI application, built on their BloxOne cloud-native platform, helps enable IT professionals to manage their networks, whether they’re based on on-prem, cloud-based, or hybrid architectures. BloxOne Threat Defense application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000.

Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today.

Mimecast – Mimecast improves the way companies manage confidential, mission-critical business communication and data. The company’s mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web.

MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future.

One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid.

SECURITI.ai – SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA, and bolster their brands.

The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in).

Transmit Security – The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

Dec 20

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Tim Steinkopf is CEO at Centrify, where he leads the management, strategic direction, and execution of the company’s vision. Tim initially joined Centrify as Chief Financial Officer in October 2011 and took over as CEO in January 2019. Before Centrify, he held CFO positions at Secure Computing Corporation (acquired by McAfee), SumTotal Systems, Purfresh, and Silicon Entertainment. Tim has also held executive and management positions with Watt/Peterson and Ernst & Young.

Under Tim’s leadership, Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. Centrify’s many honors include being awarded Gartner Peer Insights Customer’s Choice 2019 award earlier this year.

Tim is also a member of the Forbes Tech Council, and his latest article, Five Skills Necessary To Transition From CFO to CEO, shares how the lessons he learned from serving as a CFO for over two decades prepared him for the role of CEO. He says the one clear key attribute of CFOs is the ability to apply a metrics-driven approach to all facets of a business. The ability to orchestrate initiatives, programs, and strategies across the many departments of a company and have them all contribute to the metrics that define organizational success is vital and provides CFOs invaluable training in their progression to leading a company.

I had the opportunity to sit down with Tim recently for an executive Q&A to learn how Centrify is separating itself from the pack in crowded cybersecurity space, under his leadership and in partnership with private equity investor Thoma Bravo:

Louis: Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. What are the most effective growth strategies that also deliver strong profitability today that keep Centrify growing?

Tim: I’m going to break this into two pieces because I think there’s a difference between growth versus profitability.

On the growth side, you can only attain the Inc. 5000 ranking by looking at a cumulative period of time. So, it isn’t that we’ve just grown for six years, it’s that we’ve had the ability to sustain growth over a rolling four-year period. To maintain placement on that list, we’ve had to excel at the details of how we serve our customers. It is quite an accomplishment and congratulations to all the current and former Centrify employees who were involved in that.

The real driver is our history of innovation. Centrify has always been an innovator, and we’ve always paid attention to our market, our drivers, and what our customers are saying. We’re trying to be a step or two ahead of our customers. If you’re able to do that, and you’re able to continue to innovate, then you can drive additional adoption of your solution set, and continue to drive growth.

Profitability does go hand in hand, but it’s slightly different because now you’re talking about effective, efficient growth. As CFO, I always had an eye on ROI and how to put capital, resources, and additional headcount to use, such that we could drive growth. Then you often ask yourself if you are driving it as efficiently as possible. And that’s where making the right kind of bets in technology for running and growing the business make a difference. It’s also about deploying into the correct markets so that you can land and then sustain growth.

Louis: In a previous interview, you mentioned the need for balanced metrics and change management strategies. Would you like to comment on those aspects of being a CEO?

Tim: It all comes down to the role of the CEO, leading a company to accomplish its goals. CEOs report to the board of directors, who ultimately set the goals for any company. And when you’re a CEO, you want to do everything possible to get to those goals. Knowing how the different parts of the company run and knowing where and how to allocate resources and change management all contributes to achieving the company’s goals.

Louis: How has Thoma Bravo, after becoming the majority investor in Centrify, helped your company pursue new partner, product, and service initiatives?

Tim: TB is known for placing winning bests, and investing in Centrify is a real feather in our cap. It’s seen by partners, prospects, and customers as a vote of confidence. We’ve been in business for over 15 years, are perennially in the Gartner Magic Quadrant, a leader in the Forrester Wave, and a leader in the channel as recognized by Computer Reseller news. We’ve got our own pedigree, and that’s great. Then you add on the fact that TB is a majority investor, and our reputation is even stronger.

Regarding product and service initiatives, TB spends a lot of time and effort on each investment, and they have a great track record, specifically in InfoSec and cybersecurity. They came in and said, “Hey, our investment thesis is to take Centrify and split it into two companies, where each will have a better ability to focus and compete, and that will drive more efficient resource allocation, and growth opportunities.” Centrify current iteration formed as a result of the investment thesis being implemented, and we’re excelling in our chosen market.

Louis: Gartner Peer Insights awarded Centrify with the 2019 Customer’s Choice recognition recently. What do you attribute your customers’ success to, and their willingness to share their stories online on forums include Gartner’s Peer Insights and others? They’re so critical to sale cycles right now.

Tim: Customer references are so important, and this is where we have to give credit to the greater Centrify organization. We have a customer-centric attitude, and that is why our customers are willing to speak up, which gives us the opportunity to compete and win awards, including Customer’s Choice 2019 and others.

Behind the scenes, it includes building and delivering a solid solution set combined with services. Once our solution is installed, we work quickly and in close collaboration with our customers to make sure it’s working and meeting their requirements. We view every customer relationship as a partnership, and how we implement our identity-centric PAM solutions for them is essential to a successful journey for them. We measure our success by our customers’ results, and if they are achieving their goals.

Louis: Privileged Access Management (PAM) shows potential in 2020 as a growth market. What are Centrify’s plans to capitalize on this market momentum?

Tim: That’s absolutely the market we’re in and serving customers with solutions for today. Going back 10 to 15 years, legacy approaches to PAM were thought of only in terms of password vaulting. We’ve strived to stay in step with our customers, as they’ve shown us that deploying a vault-only approach to PAM is not enough. They need to move beyond the vault and move to an identity-centric approach.

When organizations deploy a vault-only solution, they’re enabling login with shared admin or root accounts, and so that is a generic approach that is not identity-centric. Centrify’s solution helps organizations to centralize authentication and have their employees request access to specific resources with specific privilege elevation rights while also tracking all activity for audits, compliance, forensics, and regulatory purposes. Our customers place a high value on all of these aspects of our solution as it provides non-repudiation across their environments and better protects resources against cyberthreats.

The real potential for growth are the drivers moving PAM beyond the vault. It’s becoming more identity-centric, with a least privilege access approach. That message is resonating across the industry, and people get it. The biggest driver is the fact that 80% of the breaches are occurring because privileged credentials are getting compromised. Since they’re not identity-centric, too much privilege exists, which means the attack surface is greater, and it continues to get breached.

Louis: What are the most challenging aspects of being CEO of a fast-growing cyber security company today?

Tim: The most challenging aspects of being a CEO are the most exciting. One of the most energizing is competing in a very dynamic market. That’s what motivates me and why I’ve been in tech a long time.

Advances in technology drive the market, and it motivates companies, customers, and investors to take advantage of those advances and drive their business forward. At Centrify, our core focus is to capitalize on technology gains to help our customers achieve their goals by bringing new products to market. These include cloud, Infrastructure-as-a-Service (IaaS), machine learning, and other key strategic technologies. We’re always interested in utilizing new technologies, as the bad actors are also doing their own development of new ways to compromise our customers and their systems. They are looking for the weakest link.

We are completely committed to what we’re doing to stay ahead of those bad actors. Since technology continues to evolve and change, it makes the industry/market very dynamic.

Louis: When you visit with Centrify customers, what’s the most interesting feedback you’re hearing from them?

Tim: Our customer is normally the infrastructure and/or security people and teams. Who we primarily interact with is determined by the structure of a given customer’s organization. The people deploying, running, and supporting the networks and IT environments, who are responsible for those areas, are who we primarily work with.

The one common theme we hear from them is that they’re just trying to keep up. They look to us for help doing that, specifically how they can make privileged access management more efficient and effective across their organizations. Our customers look to Centrify so they can capitalize on our decades of expertise and complete commitment to providing privileged access management solutions that scale with their business.

They all know that it only takes one compromised, privileged credential to ruin their day, affecting millions of customers and costing hundreds of thousands (or millions) of dollars. One of our challenges in helping our customers is to help them face the challenge of educating upwards in their organizations as to the importance of having the proper tools for cybersecurity.

Louis: When you get invited into a prospect’s bake-off to compare PAM vendors, why does Centrify win? And how do you proceed into a Proof of Concept following winning a bake-off?

Tim: The number one reason we win is because we have a strong vision around identity-centric privileged access management. In addition, many organizations are undergoing digital transformations, and the majority of organizations have a hybrid IT and cloud environment. This includes on-premises, hybrid cloud and multi-cloud environments, and ephemeral environments. The ability to manage all of those different aspects with a central approach to identity is much more efficient and effective in the long run.

We see customers looking to make this their ongoing infrastructure deployment strategy, which will set them up for the future. That, and having a more encompassing solution set that addresses their greatest security risks are how we are differentiating today.

Louis: Your customer base appears to have a robust multi-cloud strategy, combining AWS, Microsoft Azure, and Google Cloud Platform. What’s a major challenge many are facing when migrating to cloud, and what does the future look like in terms of securing their identity and privileged access?

Tim: Multi-cloud didn’t really shape our strategy because we are based on a central repository for identity. Implicit in that approach is having everybody log in as themselves while providing them the freedom to do their jobs. And when it comes to least privileged access, we focus on allowing just enough access to every member to get their work done, while tracking every login to ensure compliance.

We’ve always supported that vision with an architecture that would span on-premises and cloud systems because nobody is going to completely do multi-cloud overnight. It’s a journey that begins by recognizing the business need for a hybrid IT environment that includes multi-cloud integration and platforms.

Our architecture is based on a cloud-based privileged access service that connects to wherever our customer’s identity store is. Through the use of cloud connectors, we can provide centralized identity and privileged access into your workloads running within a Virtual Private Cloud (VPC). We find most customers have multiple VPCs and their architected to be generic, which reflects the fact our customers end up with more than one infrastructure as a service platform provider. We’re able to handle that and provide privileged access management across all those environments.

It’s the strength of our privileged access service and our cloud connectors give our customers the option of selecting a thin client that deploys on their workloads within different VPCs, and then comes back to the service and communicates with various connected identity stores. It’s designed to be a very efficient architecture, and it plays well in ephemeral, quickly-changing elastic environments to support the requirements and scale needs of the business. Our architecture flexes and provides identity and privileged access management across their unique cloud and on-premise system configurations.

Dec 2

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams. Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

Nov 30

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud providers’. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

Nov 29

7 Signs It’s Time To Get Focused On Zero Trust

When an experienced hacker can gain access to a company’s accounting and financial systems in 7 minutes or less after obtaining privileged access credentials, according to Ponemon, it’s time to get focused on Zero Trust Security. 2019 is on its way to being a record year for ransomware attacks, which grew 118% in Q1 of this year alone, according to McAfee Labs Threat Report. Data breaches on healthcare providers reached an all-time high in July of this year driven by the demand for healthcare records that range in price from $250 to over $1,000 becoming best-sellers on the Dark Web. Cybercriminals are using AI, bots, machine learning, and social engineering techniques as part of sophisticated, well-orchestrated strategies to gain access to banking, financial services, healthcare systems, and many other industries’ systems today.

Enterprises Need Greater Urgency Around Zero Trust

The escalating severity of cyberattacks and their success rates are proving that traditional approaches to cybersecurity based on “trust but verify” aren’t working anymore. What’s needed is more of a Zero Trust-based approach to managing every aspect of cybersecurity. By definition, Zero Trust is predicated on a “never trust, always verify” approach to access, from inside or outside the network. Enterprises need to begin with a Zero Trust Privilege-based strategy that verifies who is requesting access, the context of the request, and the risk of the access environment.

How urgent is it for enterprises to adopt Zero Trust? A recent survey of 2,000 full-time UK workers, completed by Censuswide in collaboration with Centrify, provides seven signs it’s time for enterprises to get a greater sense of urgency regarding their Zero Trust frameworks and initiatives. The seven signs are as follows:

77% of organizations’ workers admit that they have never received any form of cybersecurity skills training from their employer. In this day and age, it’s mind-blowing that three of every four organizations aren’t providing at least basic cybersecurity training, whether they intend to adopt Zero Trust or not. It’s like freely handing out driver’s licenses to anyone who wants one so they can drive the freeways of Los Angeles or San Francisco. The greater the training, the safer the driver. Likewise, the greater the cybersecurity training, the safer the worker, company and customers they serve.
69% of employees doubt the cybersecurity processes in place in their organizations today. When the majority of employees don’t trust the security processes in place in an organization, they invent their own, often bringing their favorite security solutions into an enterprise. Shadow IT proliferates, productivity often slows down, and enterprise is more at risk of a breach than ever before. When there’s no governance or structure to managing data, cybercriminals flourish.
63% of British workers interviewed do not realize that unauthorized access to an email account without the owner’s permission is a criminal offense. It’s astounding that nearly two-thirds of the workers in an organization aren’t aware that unauthorized access to another person’s email account without their permission is a crime. The UK passed into law 30 years ago the Computer Misuse Act. The law was created to protect individuals’ and organizations’ electronic data. The Act makes it a crime to access or modify data stored on a computer without authorization to do so. The penalties are steep for anyone found guilty of gaining access to a computer without permission, starting with up to two years in prison and a £5,000 fine. It’s alarming how high the lack of awareness is of this law, and an urgent call to action to prioritize organization-wide cybersecurity training.
27% of workers use the same password for multiple accounts. The Consensus survey finds that workers are using identical passwords for their work systems, social media accounts, and both personal and professional e-mail accounts. Cybersecurity training can help reduce this practice, but Zero Trust is badly needed to protect privileged access credentials that may have identical passwords to someone’s Facebook account, for example.
14% of employees admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office. Organizations need to make it as difficult as possible for bad actors and cybercriminals to gain access to passwords instead of sharing them in handwritten notebooks and on Post-It notes. Any organization with this problem needs to immediately adopt Multi-Factor Authentication (MFA) as an additional security measure to ensure compromised passwords don’t lead to unauthorized access. For privileged accounts, use a password vault, which can make handwritten password notes (and shared passwords altogether) obsolete.
14% do not use multi-factor authentication for apps or services unless forced to do so. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure unsecured. Not securing privileged access credentials with MFA or, at the very least, vaulting them is like handing the keys to the kingdom to cybercriminals going after privileged account access. Securing privileged credentials needs to begin with a Zero Trust-based approach that verifies who is requesting access, the context of the request, and the risk of the access environment.
1 out of every 25 employees hacks into a colleague’s email account without permission. In the UK, this would be considered a violation of the Computer Misuse Act, which has some unfortunate outcomes for those found guilty of violating it. The Censuswide survey also found that one in 20 workers have logged into friend’s Facebook accounts without permission. If you work in an organization of over 1,000 people, for example, 40 people in your company have most likely hacked into a colleague’s email account, opening up your entire company to legal liability.

Conclusion

Leaving cybersecurity to chance and hoping employees will do the right thing isn’t a strategy; it’s an open invitation to get hacked. The Censuswide survey and many others like it reflect a fundamental truth that cybersecurity needs to become part of the muscle memory of any organization to be effective. As traditional IT network perimeters dissolve, enterprises need to replace “trust but verify” with a Zero Trust-based framework. Zero Trust Privilege mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Leaders in this area include Centrify, who combines password vaulting with brokering of identities, multi-factor authentication enforcement, and “just enough” privilege, all while securing remote access and monitoring of all privileged sessions.

Nov 11

Securing Multi-Cloud Manufacturing Systems In A Zero Trust World

Bottom Line: Private equity firms are snapping up manufacturing companies at a quick pace, setting off a merger and acquisition gold rush, while leaving multi-cloud manufacturing systems unprotected in a Zero Trust world.

Securing the Manufacturing Gold Rush of 2019

The intensity private equity (PE) firms have for acquiring and aggregating manufacturing businesses is creating an abundance of opportunities for cybercriminals to breach the resulting businesses. For example, merging formerly independent infrastructures often leads to manufacturers maintaining — at least initially — multiple identity repositories such as Active Directory (AD), which contain privileged access credentials, usernames, roles, groups, entitlements, and more. Identity repository sprawl ultimately contributes to maintenance headaches but, more importantly, security blind spots that are being exploited by threat actors regularly. A contributing factor is a fact that private equity firms rarely have advanced cybersecurity expertise or skills and therefore don’t account for these details in their business integration plans. As a result, they often rely on an outdated “trust but verify” approach, with trusted versus untrusted domains and legacy approaches to identity access management.

The speed PE firms are driving the manufacturing gold rush is creating a sense of urgency to stand up new businesses fast – leaving cybersecurity as an afterthought, if even a consideration at all. Here are several insights from PwC’s Global Industrial Manufacturing Deals Insights, Q2 2019 and Private Equity Trend Report, 2019, Powering Through Uncertainty:

39% of all PE investors rate the industrial manufacturing sector as the most attractive for acquiring and rolling up companies into new businesses.
The manufacturing industry saw a 31% increase in deal value from Q1 2019 to Q2 2019 with industrial manufacturing megadeals driving deal value to $27.4B in Q2, 2019, on 562 deals.
Year-to-date North American manufacturing has generated 184 deals worth $15.2B in 2019.
Worldwide and North American cross-sector manufacturing deal volumes increased by 32% and 30% in Q2, 2019 alone.

PE firms are also capitalizing on how many family-run manufacturers are in the midst of a generational change in ownership. Company founders are retiring, and their children, nearly all of whom were raised working on the shop floor, are ready to sell. PE firms need to provide more cybersecurity guidance during these transactions to secure companies in transition. Here’s why:

According to the 2019 Verizon Data Breach Investigation Report, manufacturing has been experiencing an increase in financially-motivated breaches in the past couple of years, whereby most incidents involve Phishing and the use of stolen credentials.
Manufacturing’s most commonly compromised data includes credentials (49%), internal operations data (41%), and company secrets (36%) according to the 2019 Verizon Data Breach Investigation Report.
50% of manufacturers report experiencing a data breach or cyber-attack over the last 12 months, 11% of which were severe, according to the Sikich M&D Report 2019.
It’s the smaller suppliers in the supply chain or M&A process that hackers are starting to exploit to bring down many of the world’s largest manufacturing companies. Just ask one of the world’s leading shipping providers, A.P. Møller-Maersk.

How To Secure Multi-Cloud Manufacturing Systems in a Zero Trust World

To stop the cybercriminals’ gold rush, merged manufacturing businesses need to take the first step of adopting an approach to secure each acquired company’s identity repositories, whether on-premises or in the cloud. For example, instead of having to reproduce or continue to manage the defined rights and roles for users in each AD, manufacturing conglomerates can better secure their combined businesses using a Multi-Directory Brokering approach.

Multi-Directory Brokering, such as the solution offered by Privileged Access Management provider Centrify, empowers an organization to use its existing or preferred identity directory as a single source of truth across the organization, brokering access based on a single identity rather than having to manage user identities across multiple directories. For example, if an organization using AD acquires an organization using a different identity repository or has multiple cloud platforms, it can broker access across the environment no matter where the “master” identity for an individual exists. This is particularly important when it comes to privileged access to critical systems and data, as “identity sprawl” can leave gaping holes to be exploited by bad actors.

Multi-Directory Brokering is public cloud-agnostic, making it possible to support Windows and Linux instances in one or multiple Infrastructure-as-a-Service (IaaS) platforms to secure multi-cloud manufacturing systems. The following diagram illustrates how Multi-Directory Brokering scales to support multi-cloud manufacturing systems that often rely on hybrid multi-cloud configurations.

Securing Multi-Cloud Manufacturing Systems In A Zero Trust World

Manufacturers who are the most negatively impacted by the trade wars are redesigning and re-routing their supply chains to eliminate tariffs, so they don‘t have to raise their prices. Multi-cloud manufacturing systems are what they’re relying on to accomplish that. The future of their business will be heavily reliant upon how well they can secure the multi-cloud configurations of their systems. That’s why Multi-Directory Brokering makes so much sense for manufacturers today, especially those looking for an exit strategy with a PE firm.

The PE firms driving the merger and acquisition (M&A) frenzy in specific sectors of manufacturing need to take a closer look at how Identity and Access Management (IAM) is being implemented in the manufacturing conglomerates they are creating. With manufacturing emerging as a hot industry for PE, M&A, and data breaches, it’s time to move beyond replicating Active Directories and legacy approaches to IAM. One of the most important aspects of a successful acquisition is enabling administrators, developers, and operations teams to access systems securely, without massive incremental cost, effort, and complexity.

Conclusion

The manufacturing gold rush for PE firms doesn’t have to be one for cybercriminals as well. PE firms and the manufacturing companies they are snapping up need to pay more attention to cybersecurity during the initial integration phases of combining operations, including how they manage identities and access. Cybercriminals and bad actors both within and outside the merged companies are lying in wait, looking for easy-exploitable gaps to exfiltrate sensitive data for monetary gain, or in an attempt to thwart the new company’s success.

Sources:

Global industrial manufacturing deals insights: Q2 2019, PwC, 2019. A PDF of the study is accessible here (6 pp., no opt-in).

Private Equity Trend Report, 2019, Powering Through Uncertainty, PwC, February 2019, 80 pp., PDF, no opt-in.

Sep 5

1 Comment

Why Manufacturing Supply Chains Need Zero Trust

According to the 2019 Verizon Data Breach Investigation Report, manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, whereby most breaches involve Phishing and the use of stolen credentials.
50% of manufacturers report experiencing a breach over the last 12 months, 11% of which were severe according to Sikich’s 5^th Manufacturing and Distribution Survey, 2019.
Manufacturing’s most commonly data compromised includes credentials (49%), internal operations data (41%), and company secrets (36%) according to the 2019 Verizon Data Breach Investigation Report.
Manufacturers’ supply chains and logistics partners targeted by ransomware which have either had to cease operations temporarily to restore operations from backup or have chosen to pay the ransom include Aebi Schmidt, ASCO Industries, and COSCO Shipping Lines.

Small Suppliers Are A Favorite Target, Ask A.P. Møller-Maersk

Supply chains are renowned for how unsecured and porous they are multiple layers deep. That’s because manufacturers often only password-protect administrator access privileges for trusted versus untrusted domains at the operating system level of Windows NT Server, haven’t implemented multi-factor authentication (MFA), and apply a trust but verify mindset only for their top suppliers. Many manufacturers don’t define, and much less enforce, supplier security past the first tier of their supply chains, leaving the most vulnerable attack vectors unprotected.

It’s the smaller suppliers that hackers exploit to bring down many of the world’s largest manufacturing companies. An example of this is how an accounting software package from a small supplier, Linkos Group, was infected with a powerful ransomware agent, NotPetya, bringing one of the world’s leading shipping providers, A.P. Møller-Maersk, to a standstill. Linkos’ Group accounting software was first installed in the A.P. Møller-Maersk offices in Ukraine. The NotPetya ransomware was able to take control of the local office servers then propagate itself across the entire A.P. Møller-Maersk network. A.P. Møller-Maersk had to reinstall their 4,000 servers, 45,000 PCs, and 2500 applications, and the damages were between $250M to $300M. Security experts consider the ransomware attack on A.P. Møller-Maersk to be one of the most devastating cybersecurity attacks in history. The Ukraine-based group of hackers succeeded in using an accounting software update from one of A.P. Møller-Maersk’s smallest suppliers to bring down one of the world’s largest shipping networks. My recent post, How To Deal With Ransomware In A Zero Trust World explains how taking a Zero Trust Privilege approach minimizes the risk of falling victim to ransomware attacks. Ultimately, treating identity as the new security perimeter needs to be how supply chains are secured. The following geographical analysis of the attack was provided by CargoSmart, showing how quickly NotPetya ransomware can spread through a global network:

CargoSmart provided a Vessel Monitoring Dashboard to monitor vessels during this time of recovery from the cyber attack.

Supply Chains Need To Treat Every Supplier In Their Network As A New Security Perimeter

The more integrated a supply chain, the more the potential for breaches and ransomware attacks. And in supply chains that rely on privileged access credentials, it’s a certainty that hackers outside the organization and even those inside will use compromised credentials for financial gain or disrupt operations. Treating every supplier and their integration points in the network as a new security perimeter is critical if manufacturers want to be able to maintain operations in an era of accelerating cybersecurity threats.

Taking a Zero Trust Privilege approach to securing privileged access credentials will help alleviate the leading cause of breaches in manufacturing today, which is privileged access abuse. By taking a “never trust, always verify, and enforce least privilege” approach, manufacturers can protect the “keys to the kingdom,” which are the credentials hackers exploit to take control over an entire supply chain network.

Instead of relying on trust but verify or trusted versus untrusted domains at the operating system level, manufacturers need to have a consistent security strategy that scales from their largest to smallest suppliers. Zero Trust Privilege could have saved A.P. Møller-Maersk from being crippled by a ransomware attack by making it a prerequisite that every supplier must have ZTP-based security guardrails in place to do business with them.

Conclusion

Among the most porous and easily compromised areas of manufacturing, supply chains are the lifeblood of any production business, yet also the most vulnerable. As hackers become more brazen in their ransomware attempts with manufacturers and privileged access credentials are increasingly sold on the Dark Web, manufacturers need a sense of urgency to combat these threats. Taking a Zero Trust approach to securing their supply chains and operations, helps manufacturers to implement least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, manufacturers can minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs for the modern, hybrid manufacturing enterprise.

Aug 25

The Truth About Privileged Access Security On AWS And Other Public Clouds

Bottom Line: Amazon’s Identity and Access Management (IAM) centralizes identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today.

AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with the essentials to support IAM, the free version often doesn’t go far enough to support PAM at the enterprise level. To AWS’s credit, they continue to invest in IAM features while fine-tuning how Config Rules in their IAM can create alerts using AWS Lambda. AWS’s native IAM can also integrate at the API level to HR systems and corporate directories, and suspend users who violate access privileges.

In short, native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud, and more provides enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments.

The Truth about Privileged Access Security on Cloud Providers Like AWS

The essence of the Shared Responsibility Model is assigning responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities to AWS and assign the securing of operating systems, platforms, and data to customers. The AWS version of the Shared Responsibility Model, shown below, illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

AWS provides basic IAM support that protects its customers against privileged credential abuse in a homogenous AWS-only environment. Forrester estimates that 80% of data breaches involve compromised privileged credentials, and a recent survey by Centrify found that 74% of all breaches involved privileged access abuse.

The following are the four truths about privileged access security on AWS (and, generally, other public cloud providers):

Customers of AWS and other public cloud providers should not fall for the myth that cloud service providers can completely protect their customized and highly individualized cloud instances. As the Shared Responsibility Model above illustrates, AWS secures the core areas of their cloud platform, including infrastructure and hosting services. AWS customers are responsible for securing operating systems, platforms, and data and most importantly, privileged access credentials. Organizations need to consider the Shared Responsibility Model the starting point on creating an enterprise-wide security strategy with a Zero Trust Security framework being the long-term goal. AWS’s IAM is an interim solution to the long-term challenge of achieving Zero Trust Privilege across an enterprise ecosystem that is going to become more hybrid or multi-cloud as time goes on.
Despite what many AWS integrators say, adopting a new cloud platform doesn’t require a new Privileged Access Security model. Many organizations who have adopted AWS and other cloud platforms are using the same Privileged Access Security Model they have in place for their existing on-premises systems. The truth is the same Privileged Access Security Model can be used for on-premises and IaaS implementations. Even AWS itself has stated that conventional security and compliance concepts still apply in the cloud. For an overview of the most valuable best practices for securing AWS instances, please see my previous post, 6 Best Practices For Increasing Security In AWS In A Zero Trust World.
Hybrid cloud architectures that include AWS instances don’t need an entirely new identity infrastructure and can rely on advanced technologies, including Multi-Directory Brokering. Creating duplicate identities increases cost, risk, and overhead and the burden of requiring additional licenses. Existing directories (such as Active Directory) can be extended through various deployment options, each with their strengths and weaknesses. Centrify, for example, offers Multi-Directory Brokering to use whatever preferred directory already exists in an organization to authenticate users in hybrid and multi-cloud environments. And while AWS provides key pairs for access to Amazon Elastic Compute Cloud (Amazon EC2) instances, their security best practices recommend a holistic approach should be used across on-premises and multi-cloud environments, including Active Directory or LDAP in the security architecture.
It’s possible to scale existing Privileged Access Management systems in use for on-premises systems today to hybrid cloud platforms that include AWS, Google Cloud, Microsoft Azure, and other platforms. There’s a tendency on the part of system integrators specializing in cloud security to oversell cloud service providers’ native IAM and PAM capabilities, saying that a hybrid cloud strategy requires separate systems. Look for system integrators and experienced security solutions providers who can use a common security model already in place to move workloads to new AWS instances.

Conclusion

The truth is that Identity and Access Management solutions built into public cloud offerings such as AWS, Microsoft Azure, and Google Cloud are stop-gap solutions to a long-term security challenge many organizations are facing today. Instead of relying only on a public cloud provider’s IAM and security solutions, every organization’s cloud security goals need to include a holistic approach to identity and access management and not create silos for each cloud environment they are using. While AWS continues to invest in their IAM solution, organizations need to prioritize protecting their privileged access credentials – the “keys to the kingdom” – that if ever compromised would allow hackers to walk in the front door of the most valuable systems an organization has. The four truths defined in this article are essential for building a Zero Trust roadmap for any organization that will scale with them as they grow. By taking a “never trust, always verify, enforce least privilege” strategy when it comes to their hybrid- and multi-cloud strategies, organizations can alleviate costly breaches that harm the long-term operations of any business.

Focusing on AI & Machine Learning's Impact On The Future Of Enterprise Software

Posts tagged ‘Centrify’

Machines Protecting Themselves Is The Future Of Cybersecurity

Like this:

Why Your Biometrics Are Your Best Password

Like this:

Top 10 Cybersecurity Companies To Watch In 2020

Like this:

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Like this:

10 Predictions How AI Will Improve Cybersecurity In 2020

Like this:

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

Like this:

7 Signs It’s Time To Get Focused On Zero Trust

Like this:

Securing Multi-Cloud Manufacturing Systems In A Zero Trust World

Like this:

Why Manufacturing Supply Chains Need Zero Trust

Like this:

The Truth About Privileged Access Security On AWS And Other Public Clouds

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Pages

Categories

Search

Focusing on AI & Machine Learning's Impact On The Future Of Enterprise Software

Posts tagged ‘Centrify’

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Pages

Categories

Search