Skip to content

Posts tagged ‘Zero Trust Privilege’

Why Manufacturing Supply Chains Need Zero Trust

  • According to the 2019 Verizon Data Breach Investigation Report, manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, whereby most breaches involve Phishing and the use of stolen credentials.
  • 50% of manufacturers report experiencing a breach over the last 12 months, 11% of which were severe according to Sikich’s 5th Manufacturing and Distribution Survey, 2019.
  • Manufacturing’s most commonly data compromised includes credentials (49%), internal operations data (41%), and company secrets (36%) according to the 2019 Verizon Data Breach Investigation Report.
  • Manufacturers’ supply chains and logistics partners targeted by ransomware which have either had to cease operations temporarily to restore operations from backup or have chosen to pay the ransom include Aebi SchmidtASCO Industries, and COSCO Shipping Lines.

Small Suppliers Are A Favorite Target, Ask A.P. Møller-Maersk

Supply chains are renowned for how unsecured and porous they are multiple layers deep. That’s because manufacturers often only password-protect administrator access privileges for trusted versus untrusted domains at the operating system level of Windows NT Server, haven’t implemented multi-factor authentication (MFA), and apply a trust but verify mindset only for their top suppliers. Many manufacturers don’t define, and much less enforce, supplier security past the first tier of their supply chains, leaving the most vulnerable attack vectors unprotected.

It’s the smaller suppliers that hackers exploit to bring down many of the world’s largest manufacturing companies. An example of this is how an accounting software package from a small supplier, Linkos Group, was infected with a powerful ransomware agent, NotPetya, bringing one of the world’s leading shipping providers,  A.P. Møller-Maersk, to a standstill. Linkos’ Group accounting software was first installed in the A.P. Møller-Maersk offices in Ukraine. The NotPetya ransomware was able to take control of the local office servers then propagate itself across the entire A.P. Møller-Maersk network. A.P. Møller-Maersk had to reinstall their 4,000 servers, 45,000 PCs, and 2500 applications, and the damages were between $250M to $300M. Security experts consider the ransomware attack on A.P. Møller-Maersk to be one of the most devastating cybersecurity attacks in history. The Ukraine-based group of hackers succeeded in using an accounting software update from one of A.P. Møller-Maersk’s smallest suppliers to bring down one of the world’s largest shipping networks. My recent post, How To Deal With Ransomware In A Zero Trust World explains how taking a Zero Trust Privilege approach minimizes the risk of falling victim to ransomware attacks. Ultimately, treating identity as the new security perimeter needs to be how supply chains are secured. The following geographical analysis of the attack was provided by CargoSmart, showing how quickly NotPetya ransomware can spread through a global network:

CargoSmart provided a Vessel Monitoring Dashboard to monitor vessels during this time of recovery from the cyber attack.

Supply Chains Need To Treat Every Supplier In Their Network As A New Security Perimeter

The more integrated a supply chain, the more the potential for breaches and ransomware attacks. And in supply chains that rely on privileged access credentials, it’s a certainty that hackers outside the organization and even those inside will use compromised credentials for financial gain or disrupt operations. Treating every supplier and their integration points in the network as a new security perimeter is critical if manufacturers want to be able to maintain operations in an era of accelerating cybersecurity threats.

Taking a Zero Trust Privilege approach to securing privileged access credentials will help alleviate the leading cause of breaches in manufacturing today, which is privileged access abuse. By taking a “never trust, always verify, and enforce least privilege” approach, manufacturers can protect the “keys to the kingdom,” which are the credentials hackers exploit to take control over an entire supply chain network.

Instead of relying on trust but verify or trusted versus untrusted domains at the operating system level, manufacturers need to have a consistent security strategy that scales from their largest to smallest suppliers. Zero Trust Privilege could have saved A.P. Møller-Maersk from being crippled by a ransomware attack by making it a prerequisite that every supplier must have ZTP-based security guardrails in place to do business with them.

Conclusion

Among the most porous and easily compromised areas of manufacturing, supply chains are the lifeblood of any production business, yet also the most vulnerable. As hackers become more brazen in their ransomware attempts with manufacturers and privileged access credentials are increasingly sold on the Dark Web, manufacturers need a sense of urgency to combat these threats. Taking a Zero Trust approach to securing their supply chains and operations, helps manufacturers to implement least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, manufacturers can minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs for the modern, hybrid manufacturing enterprise.

The Truth About Privileged Access Security On AWS And Other Public Clouds

 

Bottom Line: Amazon’s Identity and Access Management (IAM) centralizes identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today.

AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with the essentials to support IAM, the free version often doesn’t go far enough to support PAM at the enterprise level. To AWS’s credit, they continue to invest in IAM features while fine-tuning how Config Rules in their IAM can create alerts using AWS Lambda. AWS’s native IAM can also integrate at the API level to HR systems and corporate directories, and suspend users who violate access privileges.

In short, native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud, and more provides enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments.

The Truth about Privileged Access Security on Cloud Providers Like AWS

The essence of the Shared Responsibility Model is assigning responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities to AWS and assign the securing of operating systems, platforms, and data to customers. The AWS version of the Shared Responsibility Model, shown below, illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

AWS provides basic IAM support that protects its customers against privileged credential abuse in a homogenous AWS-only environment. Forrester estimates that 80% of data breaches involve compromised privileged credentials, and a recent survey by Centrify found that 74% of all breaches involved privileged access abuse.

The following are the four truths about privileged access security on AWS (and, generally, other public cloud providers):

  1. Customers of AWS and other public cloud providers should not fall for the myth that cloud service providers can completely protect their customized and highly individualized cloud instances. As the Shared Responsibility Model above illustrates, AWS secures the core areas of their cloud platform, including infrastructure and hosting services. AWS customers are responsible for securing operating systems, platforms, and data and most importantly, privileged access credentials. Organizations need to consider the Shared Responsibility Model the starting point on creating an enterprise-wide security strategy with a Zero Trust Security framework being the long-term goal. AWS’s IAM is an interim solution to the long-term challenge of achieving Zero Trust Privilege across an enterprise ecosystem that is going to become more hybrid or multi-cloud as time goes on.
  2. Despite what many AWS integrators say, adopting a new cloud platform doesn’t require a new Privileged Access Security model. Many organizations who have adopted AWS and other cloud platforms are using the same Privileged Access Security Model they have in place for their existing on-premises systems. The truth is the same Privileged Access Security Model can be used for on-premises and IaaS implementations. Even AWS itself has stated that conventional security and compliance concepts still apply in the cloud. For an overview of the most valuable best practices for securing AWS instances, please see my previous post, 6 Best Practices For Increasing Security In AWS In A Zero Trust World.
  3. Hybrid cloud architectures that include AWS instances don’t need an entirely new identity infrastructure and can rely on advanced technologies, including Multi-Directory Brokering. Creating duplicate identities increases cost, risk, and overhead and the burden of requiring additional licenses. Existing directories (such as Active Directory) can be extended through various deployment options, each with their strengths and weaknesses. Centrify, for example, offers Multi-Directory Brokering to use whatever preferred directory already exists in an organization to authenticate users in hybrid and multi-cloud environments. And while AWS provides key pairs for access to Amazon Elastic Compute Cloud (Amazon EC2) instances, their security best practices recommend a holistic approach should be used across on-premises and multi-cloud environments, including Active Directory or LDAP in the security architecture.
  4. It’s possible to scale existing Privileged Access Management systems in use for on-premises systems today to hybrid cloud platforms that include AWS, Google Cloud, Microsoft Azure, and other platforms. There’s a tendency on the part of system integrators specializing in cloud security to oversell cloud service providers’ native IAM and PAM capabilities, saying that a hybrid cloud strategy requires separate systems. Look for system integrators and experienced security solutions providers who can use a common security model already in place to move workloads to new AWS instances.

Conclusion

The truth is that Identity and Access Management solutions built into public cloud offerings such as AWS, Microsoft Azure, and Google Cloud are stop-gap solutions to a long-term security challenge many organizations are facing today. Instead of relying only on a public cloud provider’s IAM and security solutions, every organization’s cloud security goals need to include a holistic approach to identity and access management and not create silos for each cloud environment they are using. While AWS continues to invest in their IAM solution, organizations need to prioritize protecting their privileged access credentials – the “keys to the kingdom” – that if ever compromised would allow hackers to walk in the front door of the most valuable systems an organization has. The four truths defined in this article are essential for building a Zero Trust roadmap for any organization that will scale with them as they grow. By taking a “never trust, always verify, enforce least privilege” strategy when it comes to their hybrid- and multi-cloud strategies, organizations can alleviate costly breaches that harm the long-term operations of any business.

Your Mobile Phone Is Your Identity. How Do You Protect It?

 The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M. U.S.-based breaches average $8.19M in losses, leading all nations. Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach. Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average). These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 - 75 of the report. Key insights from the report include the following: Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained. U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively. Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below. Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes: Conclusion Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third. The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization. Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

  • The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M.
  • U.S.-based breaches average $8.19M in losses, leading all nations.
  • Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach.
  • Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average).

These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 – 75 of the report.

Key insights from the report include the following:

  • Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained.

  • U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively.

  • Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below.

  • Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and the human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes:

Conclusion

Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third.  The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization.

Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

How To Deal With Ransomware In A Zero Trust World

  • Lake City, Florida’s city government paid ransomware attackers about $530,000 or 42 Bitcoins, to restore access to systems and data last month.
  • The City of Riviera Beach, Florida, paid ransomware attackers about $600,000 to regain access to their systems last month.
  • Earlier this month, LaPorte County, Indiana paid over $130,000 worth of Bitcoins to ransomware hackers to regain access to part of its computer systems.
  • This week, Louisiana Governor John Bel Edwards activated a state of emergency in response to a wave of ransomware infections that have hit multiple school districts in North Louisiana.

The recent ransomware attacks on Lake City, FloridaRiviera Beach, FloridaLaPorte County, Indiana, the City of Baltimore, Maryland, and a diverse base of enterprises including Eurofins ScientificCOSCONorsk Hydro, the UK Police Federation, and Aebi Schmidt reflect higher ransoms are being demanded than in the past to release high-value systems. There’s been a 44% decline in the number of organizations affected by ransomware in the past two years, yet an 89% increase in ransom demands over the last 12 months according to the Q1, 2019 Ransomware Marketplace Report published by Coveware. The Wall Street Journal’s article “How Ransomware Attacks Are Forcing Big Payments From Cities, Counties” provides an excellent overview of how Ryuk, a ransomware variant, works and is being used to hold unprepared municipalities’ IT networks for ransom.

How To Handle A Ransomware Attack

Interested in learning more about ransomware and how to help municipalities and manufacturers protect themselves against it, I attended Centrify’s recent webinar, “5 Steps To Minimize Your Exposure To Ransomware Attacks”. Dr. Torsten George, noted cybersecurity evangelist, delivered a wealth of insights and knowledge about how any business can protect itself and recover from a ransomware attack. Key insights from his webinar include the following:

  • Ransomware attackers are becoming more sophisticated using spear-phishing emails that target specific individuals and seeding legitimate websites with malicious code – it’s helpful to know the anatomy of an attack. Some recent attacks have even started exploiting smartphone vulnerabilities to penetrate corporate networks, according to Dr. George. The following graphic from the webinar explains how attackers initiate their ransomware attempts by sending a phishing email that might include a malicious attachment or link that leads to a malicious website. When a user clicks on the file/webpage, it unloads the malware and starts executing. It then establishes communications to the Command and Control Server – more often than not via TOR, which is free, open-source software for enabling anonymous communication. In the next step, the files get encrypted, and the end-user gets the infamous ransomware screen. From there on, communications with the end-user is done via TOR or similar technologies. Once the ransom is paid – often via Bitcoin to avoid any traces to the attacker – the private key is delivered to the users to regain access to their data.

  • To minimize the impact of a ransomware attack on any business, Business Continuity and Prevention strategies need to be in place now. A foundation of any successful Business Continuity strategy is following best practices defined by the U.S. Government Interagency Technical Guidance. These include performing regular data backup, penetration testing, and secure backups as the graphic below illustrate:

  • There are six preventative measures every business can take today to minimize the risk and potential business disruption of ransomware, according to the U.S. Government Interagency Technical Guidelines and FBI. One of the most valuable insights gained from the webinar was learning about how every business needs to engrain cybersecurity best practices into their daily routines. Calling it “cyber hygiene,” Dr. George provided insights into the following six preventative measures:

  • Stopping privileged access abuse with a Zero Trust Privilege-based approach reduces ransomware attacks and breaches’ ability to proliferate. Centrify found that 74% of all data breaches involve access to a privileged account. In a separate study, The Forrester Wave™: Privileged Identity Management, Q4 2018, (PDF, 19 pp., no opt-in) found that at least 80% of data breaches have a connection to compromised privileged credentials. Dr. George observed that hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials. Zero Trust Privilege requires granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.
  • One of the most valuable segments of the webinar covered five steps for minimizing an organization’s exposure to ransomware taking a Zero Trust-based approach. The five steps that every organization needs to consider how to reduce the threat of ransomware includes the following:
  1. Immediately Establish A Secure Admin Environment. To prevent malware from spreading during sessions that connect servers with privileged access, establish policies that only authorize privileged access from a “clean” source. This will prevent direct access from user workstations that are connected to the Internet and receive external email messages, which are too easily infected with malware.
  2. Secure remote access from a Zero Trust standpoint first, especially if you are working with remote contractors, outsourced IT, or development staff. When remote access is secured through a Zero Trust-based approach, it alleviates the need for a VPN and handles all the transport security between the secure client and distributed server connector gateways. Ransomware can travel through VPN connections and spread through entire corporate networks. Taking advantage of a reverse proxy approach, there is no logical path to the network, and ransomware is unable to spread from system to the network.
  3. Zoning off access is also a must-have to thwart ransomware attacks from spreading across company networks. The webinar showed how it’s a very good idea to create and enforce a series of access zones that restrict access by privileged users to specific systems and requires multi-factor authentication (MFA) to reach assets outside of their zone. Without passing an MFA challenge, ransomware can’t spread to other systems.
  4. Minimizing attack surfaces is key to stopping ransomware. Minimizing attack surfaces reduces ransomware’s potential to enter and spread throughout a company’s network. Dr. George made the point that vaulting away shared local accounts is a very effective strategy for minimizing attack surfaces. The point was made that ransomware does not always need elevated privileges to spread, but if achieved, the impact will be much more damaging.
  5. Least Privilege Access is foundational to Zero Trust and a must-have on any network to protect against ransomware. When least privilege access is in place, organizations have much tighter, more granular control over which accounts and resources admin accounts and users have access to. Ransomware gets stopped in its tracks when it can’t install files or achieve least privilege access to complete installation of a script or code base.

Conclusion

Ransomware is the latest iteration of a criminal strategy used for centuries for financial gain. Holding someone or something for ransom has now graduated to holding entire cities and businesses hostage until a Bitcoin payment is made. The FBI warns that paying ransomware attackers only fuels more attacks and subsidizes an illegal business model. That’s why taking the preventative steps provided in the Centrify webinar is something every business needs to consider today.

Staying safe from ransomware in the modern threatscape is a challenge, but a Zero Trust Privilege approach can reduce the risk your organization will be the next victim forced to make a gut-wrenching decision of whether or not to pay a ransom.

Roadmap To Zero Trust For Small Businesses

Bottom Line:  Small businesses don’t need to sacrifice security due to budget constraints or productivity requirements – a Zero Trust roadmap can help them keep growing and stop breaches.

Having worked my way through college in a series of small businesses and having neighbors and friends who operate several today, I see how cloud, databases, and network devices save thousands of dollars, hours of tedious work, and streamline operations. Good friends running an AI startup, whose remarkable ability to turn whiteboard discussions into prototypes in a day, are a case in point. Keeping breach attempts from interrupting their growth needs to start with a roadmap to Zero Trust so these businesses can keep flourishing.

Defining A Zero Trust Roadmap

Most successful small businesses and my friends’ growing startup share the common trait of moving at a quick pace. They’re hiring new employees, contractors and adding new locations in days, not months. The startups and small businesses I work with are adding experts in AI, development, machine learning, sales, and marketing from around the world quickly. Each new employee, contractor, and occasional supplier receives their account login to cloud systems used for running the business, and then they’re given their first assignments.

Small Businesses Don’t Need To Sacrifice Speed For Security

Small businesses and startups run so fast there’s often a perception that achieving greater security will slow them down. In a Zero Trust world, they don’t need to spend a lot of sacrifice speed for security. Following a Zero Trust roadmap can protect their systems, valuable intellectual property, and valuable time by minimizing the risk of falling victim to costly breaches.

Here’s what small businesses and startups need to include on their Zero Trust roadmaps to reduce the potential for time-consuming, costly breaches that could steal not just data but market momentum too:

  • Put Multi-Factor Authentication (MFA) into place for every contractor, admin user, and partner account immediately. Implementing MFA is highly recommended as it can reduce the risk of privileged access credential abuse. A recent survey by Centrify found that 74% of all breaches involved privileged access abuse. Centrify also found that 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
  • Get a shared account and password vault to reduce the risk of being breached by privileged access abuse. Password vaults are a must-have for any business that relies on intellectual property (IP), patents, source code under development, and proprietary data that is pivotal to the company’s growth. Vaults make sure only trusted applications can request privileged account credentials by first identifying, then validating system accounts before passwords are retrieved. Another major advantage of vaults is that they minimize attack surfaces for small businesses and startups.
  • Secure Remote Access needs to be in place to ensure employee, contractor, and IT systems contractors are given least privilege access to only the resources they need. Small businesses and startups growing fast often don’t have the expertise on staff to manage their IT systems. It’s cheaper for many to have an IT service manage server maintenance, upgrades, and security. Secure Remote Access is predicated on the “never trust, always verify, enforce least privilege” Zero Trust approach to grant access to specific resources.
  • Implement real-time audit and monitoring to track all privileged sessions and metadata auditing everything across all systems to deliver a comprehensive picture of intentions and outcomes. Creating and adding to an ongoing chronology of login and resource attempts is invaluable for discovering how a security incident first gets started, and for meeting compliance requirements. It’s much easier to identify and thwart privileged credential abuse based on the insights gained from the single system of record a real-time audit and monitoring service creates. As small businesses and startups grow, the data that real-time audits and monitoring generate are invaluable in proving privileged access is controlled and audited to meet the regulatory compliance requirements of SOX, HIPAA, FISMA, NIST, PCI, MAS, and other regulatory standards.
  • Privileged access credentials to network devices need to be part of the Zero Trust Roadmap. Small businesses and startups face a continual time shortage and sometimes forget to change the manufacturer default passwords which are often weak and well known in the hacker community. That’s why it needs to be a priority to include the network device portfolio in A Zero Trust Privilege-based security roadmap and strategy. Security admins need to have these included in the shared account and passwords vault.

Conclusion

The five factors mentioned here are the start of building a scalable, secure Zero Trust roadmap that will help alleviate the leading cause of breaches today, which is privileged access credential abuse. For small businesses who are outsourcing IT and security administration, the core elements of the Zero Trust roadmap provide them the secure login and a “never trust, always verify, enforce least privilege” strategy that can scale with their business. With Zero Trust Privilege, small businesses and startups will be able to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment

Top 10 Cybersecurity Companies To Watch In 2019

Today’s Threatscape Has Made “Trust But Verify” Obsolete 

The threatscape every business operates in today is proving the old model of “trust but verify” obsolete and in need of a complete overhaul. To compete and grow in the increasingly complex and lethal threatscape of today, businesses need more adaptive, contextually intelligent security solutions based on the Zero Trust Security framework. Zero Trust takes a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. John Kindervag was the first to see how urgent the need was for enterprises to change their approach to cybersecurity, so he created the Zero Trust Security framework in 2010 while at Forrester. Chase Cunningham, Principal Analyst at Forrester, is a mentor to many worldwide wanting to expand their knowledge of Zero Trust and frequently speaks and writes on the topic. If you are interested in cybersecurity in general and Zero Trust specifically, be sure to follow his blog.

AI and machine learning applied to cybersecurity’s most significant challenges is creating a proliferation of commercially successful, innovative platforms. The size and scale of deals in cybersecurity continue to accelerate with BlackBerry’s acquisition of Cylance for $1.4B in cash closing in February of this year being the largest. TD Ameritrade’s annual survey of registered investment advisors (RIA) showed nearly a 6X jump in cybersecurity investments this year compared to 2018.

The top ten cybersecurity companies reflect the speed and scale of innovation happening today that are driving the highest levels of investment this industry has ever seen. The following are the top ten cybersecurity companies to watch in 2019:

Absolute (ABT.TO)  – One of the world’s leading commercial enterprise security solutions, serving as the industry benchmark for endpoint resilience, visibility, and control. The company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the network, and the ultimate level of control and confidence required for the modern enterprise. Embedded in over one billion endpoint devices, Absolute delivers intelligence and real-time remediation capabilities that equip enterprises to stop data breaches at the source.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $124B will be spent on security in 2019 aloneAbsolute’s 2019 Endpoint Security Trends Report finds that much of that spend is in vain, however, revealing that 70% of all breaches still originate on the endpoint. The problem is complexity at the endpoint – it causes security agents to fail invariably, reliably, and predictably.

Absolute’s research found that 42% of all endpoints are unprotected at any given time, and 100% of endpoint security tools eventually fail. As a result, IT leaders see a negative ROI on their security spend. What makes Absolute one of the top 10 security companies to watch in 2019 is their purpose-driven design to mitigate this universal law of security decay.

Enterprises rely on Absolute to cut through the complexity to identify failures, model control options, and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures. The following is an example of the Absolute platform at work:

BlackBerry Artifical Intelligence and Predictive Security  –  BlackBerry is noteworthy for how quickly they are reinventing themselves into an enterprise-ready cybersecurity company independent of the Cylance acquisition. Paying $1.4B in cash for Cylance brings much-needed AI and machine learning expertise to their platform portfolio, an acquisition that BlackBerry is moving quickly to integrate into their product and service strategies. BlackBerry Cylance uses AI and machine learning to protect the entire attack surface of an enterprise with automated threat prevention, detection, and response capabilities. Cylance is also the first company to apply artificial intelligence, algorithmic science, and machine learning to cyber security and improve the way companies, governments, and end users proactively solve the world’s most challenging security problems. Using a breakthrough mathematical process, BlackBerry Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, BlackBerry Cylance provides the technology and services to be truly predictive and preventive against advanced threats. The following screen from CylancePROTECT provides an executive summary of CylancePROTECT usage, from the number of zones and devices to the percentage of devices covered by Auto-Quarantine and Memory Protection, Threat Events, Memory Violations, Agent Versions, and Offline Days for devices.

Centrify –  Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. Industry research firm Gartner predicted Privileged Access Management (PAM) to be the second-fastest growing segment for information security and risk management spending worldwide in 2019 in their recent Forecast Analysis: Information Security and Risk Management, Worldwide, 3Q18 Update (client access required). By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. PAM was also named a Top 10 security project for 2019 in Gartner’s Top 10 Security Projects for 2019 (client access required).
CloudFlare –  Cloudflare is a web performance and security company that provides online services to protect and accelerate websites online. Its online platforms include Cloudflare CDN that distributes content around the world to speed up websites, Cloudflare Optimizer that enables web pages with ad servers and third-party widgets to download Snappy software on mobiles and computers, CloudFlare Security that protects websites from a range of online threats including spam, SQL injection, and DDOS, Cloudflare Analytics that gives insight into website’s traffic including threats and search engine crawlers, Keyless SSL that allows organizations to keep secure sockets layer (SSL) keys private, and Cloudflare applications that help its users install web applications on their websites.

CrowdStrike – Applying machine learning to endpoint detection of IT network threats is how CrowdStrike is differentiating itself in the rapidly growing cybersecurity market today. It’s also one of the top 25 machine learning startups to watch in 2019. Crowdstrike is credited with uncovering Russian hackers inside the servers of the US Democratic National Committee. The company’s IPO was last Tuesday night, with an initial $34/per share price. Their IPO generated $610M at a valuation at one point reaching nearly $7B. Their Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Threat Graph provides real-time analysis of data from endpoint events across the global crowdsourcing community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.

Hunters.AI – Hunters.AI excels at autonomous threat hunting by capitalizing on its autonomous system that connects to multiple channels within an organization and detects the signs of potential cyber-attacks. They are one of the top 25 machine learning startups to watch in 2019. What makes this startup one of the top ten cybersecurity companies to watch in 2019 is their innovative approach to creating AI- and machine learning-based algorithms that continually learn from an enterprise’s existing security data. Hunters.AI generates and delivers visualized attack stories allowing organizations to more quickly and effectively identify, understand, and respond to attacks. Early customers, including Snowflake Computing, whose VP of Security recently said, “Hunters.AI identified the attack in minutes. In my 20 years in security, I have not seen anything as effective, fast, and with high fidelity as what Hunters can do.”  The following is a graphic overview of how their system works:

Idaptive – Idaptive is noteworthy for the Zero Trust approach they are taking to protecting organizations across every threat surface they rely on operate their businesses dally. Idaptive secures access to applications and endpoints by verifying every user, validating their devices, and intelligently limiting their access. Their product and services strategy reflects a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. The Idaptive Next-Gen Access platform combines single single-on (SSO), adaptive multifactor authentication (MFA), enterprise mobility management (EMM) and user behavior analytics (UBA). They have over 2,000 organizations using their platform today. Idaptive was spun out from Centrify on January 1st of this year.

Kount – Kount has successfully differentiated itself in an increasingly crowded cybersecurity marketplace by providing fraud management, identity verification and online authentication technologies that enable digital businesses, online merchants and payment service providers to identify and thwart a wide spectrum of threats in real-time. Kount has been able to show through customer references that their customers can approve more orders, uncover new revenue streams, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with policy and rules management, their customers thwart online criminals and bad actors driving them away from their site, their marketplace and off their network. Kount’s continuously adaptive platform learns of new threats and continuously updates risk scores to further thwart breach and fraud attempts. Kount’s advances in both proprietary techniques and patented technology include: Superior mobile fraud detection, Advanced artificial intelligence, Multi-layer device fingerprinting, IP proxy detection and geo-location, Transaction and custom scoring, Global order linking, Business intelligence reporting, Comprehensive order management, Professional and managed services. Kount protects over 6,500 brands today.

MobileIron –  The acknowledged leader in Mobile Device Management software, MobileIron’s latest series of developments make them noteworthy and one of the top ten cybersecurity companies to watch in 2019.   MobileIron was the first to deliver key innovations such as multi-OS mobile device management (MDM), mobile application management (MAM), and BYOD privacy controls. Last month MobileIron introduced zero sign-on (ZSO), built on the company’s unified endpoint management (UEM) platform and powered by the MobileIron Access solution. “By making mobile devices your identity, we create a world free from the constant pains of password recovery and the threat of data breaches due to easily compromised credentials,” wrote Simon Biddiscombe, MobileIron’s President and Chief Executive Officer in his recent blog post, Single sign-on is still one sign-on too many. Simon’s latest post, MobileIron: We’re making history by making passwords history, provides the company’s vision going forward with ZSO. Zero sign-on eliminates passwords as the primary method for user authentication, unlike single sign-on, which still requires at least one username and password. MobileIron paved the way for a zero sign-on enterprise with its Access product in 2017, which enabled zero sign-on to cloud services on managed devices. Enterprise security teams no longer have to trade off security for better user experience, thanks to the MobileIron Zero Sign-On.

Sumo Logic – Sumo Logic is a fascinating cybersecurity company to track because it shows the ability to take on large-scale enterprise security challenges and turn them into a competitive advantage. An example of this is how quickly the company achieved FedRAMP Ready Designation, getting listed in the FedRAMP Marketplace. Sumo Logic is a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semi-structured, and unstructured data across the entire application lifecycle and stack. More than 2,000 customers around the globe rely on Sumo Logic for the analytics and insights to build, run, and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a multi-tenant, service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value, and growth. Founded in 2010, Sumo Logic is a privately held company based in Redwood City, Calif. and is backed by Accel Partners, Battery Ventures, DFJ, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures and Tiger Global Management.

Machine Learning Is Helping To Stop Security Breaches With Threat Analytics

Bottom Line: Machine learning is enabling threat analytics to deliver greater precision regarding the risk context of privileged users’ behavior, creating notifications of risky activity in real time, while also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow-up.

Separating Security Hacks Fact from Fiction

It’s time to demystify the scale and severity of breaches happening globally today. A commonly-held misconception or fiction is that millions of hackers have gone to the dark side and are orchestrating massive attacks on any and every business that is vulnerable. The facts are far different and reflect a much more brutal truth, which is that businesses make themselves easy to hack into by not protecting their privileged access credentials. Cybercriminals aren’t expending the time and effort to hack into systems; they’re looking for ingenious ways to steal privileged access credentials and walk in the front door. According to Verizon’s 2019 Data Breach Investigations Report, ‘Phishing’ (as a pre-cursor to credential misuse), ‘Stolen Credentials’, and ‘Privilege Abuse’ account for the majority of threat actions in breaches (see page 9 of the report).

It only really takes one compromised credential to potentially impact millions — whether it’s millions of individuals or millions of dollars. Undeniably, identities and the trust we place in them are being used against us. They have become the Achilles heel of our cybersecurity practices. According to a recent study by Centrify among 1,000 IT decision makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. This number closely aligns with Forrester Research’s estimate “that at least 80% of data breaches . . . [involved] compromised privileged credentials, such as passwords, tokens, keys, and certificates.”

While the threat actors might vary according to Verizon’s 2019 Data Breach Investigations Report, the cyber adversaries’ tactics, techniques, and procedures are the same across the board. Verizon found that the fastest growing source of threats are from internal actors, as the graphic from the study illustrates below:


Internal actors are the fastest growing source of breaches because they’re able to obtain privileged access credentials with minimal effort, often obtaining them through legitimate access requests to internal systems or harvesting their co-workers’ credentials by going through the sticky notes in their cubicles. Privileged credential abuse is a challenge to detect as legacy approaches to cybersecurity trust the identity of the person using the privileged credentials. In effect, the hacker is camouflaged by the trust assigned to the privileged credentials they have and can roam internal systems undetected, exfiltrating sensitive data in the process.

The reality is that many breaches can be prevented by some of the most basic Privileged Access Management (PAM) tactics and solutions, coupled with a Zero Trust approach. Most organizations are investing the largest chunk of their security budget on protecting their network perimeter rather than focusing on security controls, which can affect positive change to protect against the leading attack vector: privileged access abuse.

The bottom line is that investing in securing perimeters leaves the most popular attack vector of all unprotected, which are privileged credentials. Making PAM a top priority is crucial to protect any business’ most valuable asset; it’s systems, data, and the intelligence they provide. Gartner has listed PAM on its Top 10 Security Projects for the past two years for a good reason.

Part of a cohesive PAM strategy should include machine learning-based threat analytics to provide an extra layer of security that goes beyond a password vault, multi-factor authentication (MFA), or privilege elevation.

How Machine Learning and Threat Analytics Stop Privileged Credential Abuse 

Machine learning algorithms enable threat analytics to immediately detect anomalies and non-normal behavior by tracking login behavioral patterns, geolocation, and time of login, and many more variables to calculate a risk score. Risk scores are calculated in real-time and define if access is approved, if additional authentication is needed, or if the request is blocked entirely.

Machine learning-based threat analytics also provide the following benefits:

  • New insights into privileged user access activity based on real-time data related to unusual recent privilege change, the command runs, target accessed, and privilege elevation.
  • Gain greater understanding and insights into the specific risk nature of specific events, computing a risk score in real time for every event expressed as high, medium, or low level for any anomalous activity.
  •  Isolate, identify, and track which security factors triggered an anomaly alert.
  • Capture, play, and analyze video sessions of anomalous events within the same dashboard used for tracking overall security activity.
  • Create customizable alerts that provide context-relevant visibility and session recording and can also deliver notifications of anomalies, all leading to quicker, more informed investigative action.

What to Look for In Threat Analytics 
Threat analytics providers are capitalizing on machine learning to improve the predictive accuracy and usability of their applications continually. What’s most important is for any threat analytics application or solution you’re considering to provide context-aware access decisions in real time. The best threat analytics applications on the market today are using machine learning as the foundation of their threat analytics engine. These machine learning-based engines are very effective at profiling the normal behavior pattern for any user on any login attempt, or any privileged activity including commands, identifying anomalies in real time to enable risk-based access control. High-risk events are immediately flagged, alerted, notified, and elevated to IT’s attention, speeding analysis, and greatly minimizing the effort required to assess risk across today’s hybrid IT environments.

The following is the minimum set of features to look for in any privilege threat analytics solution:

  • Immediate visibility with a flexible, holistic view of access activity across an enterprise-wide IT network and extended partner ecosystem. Look for threat analytics applications that provide dashboards and interactive widgets to better understand the context of IT risk and access patterns across your IT infrastructure. Threat analytics applications that give you the flexibility of tailoring security policies to every user’s behavior and automatically flagging risky actions or access attempts, so that you’ll gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data.
  • They have intuitively designed and customizable threat monitoring and investigation screens, workflows, and modules. Machine learning is enabling threat analytics applications to deliver more contextually-relevant and data-rich insights than has ever been possible in the past. Look for threat analytics vendors who offer intuitively designed and customizable threat monitoring features that provide insights into anomalous activity with a detailed timeline view. The best threat analytics vendors can identify the specific factors contributing to an anomaly for a comprehensive understanding of a potential threat, all from a single console. Security teams can then view system access, anomaly detection in high resolutions with analytics tools such as dashboards, explorer views, and investigation tools.
  • Must provide support for easy integration to Security Information and Event Management (SIEM) tools. Privileged access data is captured and stored to enable querying by log management and SIEM reporting tools. Make sure any threat analytics application you’re considering has installed, and working integrations with SIEM tools and platforms such as Micro Focus® ArcSight™, IBM® QRadar™, and Splunk® to identify risks or suspicious activity quickly.
  • Must Support Alert Notification by Integration with Webhook-Enabled Endpoints. Businesses getting the most value out of their threat analytics applications are integrating with Slack or existing onboard incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touch points and improving time to respond. When an alert event occurs, the threat analytics engine allows the user to send alerts into third-party applications via Webhook. This capability enables the user to respond to a threat alert and contain the impact of a breach attempt.

Conclusion 
CentrifyForresterGartner, and Verizon each have used different methodologies and reached the same conclusion from their research: privileged access abuse is the most commonly used tactic for hackers to exfiltrate sensitive data. Breaches based on privileged credential abuse are extremely difficult to stop, as these credentials often have the greatest levels of trust and access rights associated with them. Leveraging threat analytics applications using machine learning that is adept at finding anomalies in behavioral data and thwarting a breach by denying access is proving very effective against privileged credential abuse.

Companies, including Centrify, use risk scoring combined with adaptive MFA to empower a least-privilege access approach based on Zero Trust. This Zero Trust Privilege approach verifies who or what is requesting privileged access, the context behind the request, and the risk of the access environment to enforce least privilege. These are the foundations of Zero Trust Privilege and are reflected in how threat analytics apps are being created and improved today.

How The Top 21% Of PAM-Mature Enterprises Are Thwarting Privileged Credential Breaches

  • Energy, Technology & Finance are the most mature industries when it comes to Privileged Access Management (PAM) adoption and uses, outscoring peer industries by a wide margin.
  • 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
  • 52% of organizations are using shared accounts for controlling privileged access, increasing the probability of privileged credential abuse.

These and many other fascinating insights are from the recently published Centrify 2019 Zero Trust Privilege Maturity Model Report created in partnership with Techvangelism. You can download a copy of the study here (PDF, 22 pp., no opt-in). Over 1,300 organizations participated in the survey from 11 industries with Technology, Finance, and Healthcare, comprising 50% of all organizations participating. Please see page 4 of the study for additional details regarding the methodology.

What makes this study noteworthy is that it’s the first of its kind to create a Zero Trust Privilege Maturity Model designed to help organizations better understand and define their ability to discover, protect, secure, manage, and provide privileged access. Also, this model can be used to help mature existing security implementations towards one that provides the greatest level of protection of identity, privileged access, and its use.

Key takeaways from the study include the following:

  • The top 21% of enterprises who excel at thwarting privileged credential breaches share a common set of attributes that differentiate them from their peers. Enterprises who most succeed at stopping security breaches have progressed beyond vault- and identity-centric techniques by hardening their environments through the use of centralized management of service and application accounts and enforcing host-based session, file, and process auditing. In short, the most secure organizations globally have reached a level of Privileged Access Management (PAM) maturity that reduces the probability of a breach successfully occurring due to privileged credential abuse.

  • Energy, Technology & Finance are the most mature industries adopting Privileged Access Management (PAM), outscoring peer industries by a wide margin. Government, Education, and Manufacturing are the industries most lagging in their adoption of Zero Trust Privilege (ZTP), making them the most vulnerable to breaches caused by privileged credential abuse. Education and Manufacturing are the most vulnerable industries of all, where it’s common for multiple manufacturing sites to use shared accounts for controlling privileged access. The study found shared accounts for controlling privileged access is commonplace, with 52% of all organizations reporting this occurring often. Presented below are the relative levels of Zero Trust Privilege Maturity by demographics, with the largest organizations having the most mature approaches to ZTP, which is expected given the size and scale of their IT and cybersecurity departments.

  • 51% of organizations do not control access to transformational technologies with privileged access, including modern attack surfaces such as cloud workloads (38%), Big Data projects (65%), and containers (50%). Artificial Intelligence (AI)/Bots and Internet of Things (IoT) are two of the most vulnerable threat surfaces according to the 1,300 organizations surveyed. Just 16% of organizations have implemented a ZTP strategy to protect their AI/Bots technologies, and just 25% have implemented them for IoT. The graphic below compares usage or plans by transformational technologies.

  • 58% of organizations aren’t using MFA for server login, and 25% have no plans for a password vault, two areas that are the first steps to defining a Privileged Access Management (PAM) strategy. Surprisingly, 26% do not use and do not plan to use MFA for server login, while approximately 32% do plan to use MFA for server logins. Organizations are missing out on opportunities to significantly harden their security posture by adopting password vaults and implementing MFA across all server logins. These two areas are essential for implementing a ZTP framework.

Conclusion

To minimize threats – both external and internal – Privileged Access Management needs to go beyond the fundamental gateway-based model and look to encompass host-enforced privileged access that addresses every means by which the organization leverages privileged credentials. With just 21% of organizations succeeding with mature Zero Trust Privilege deployments, 79% are vulnerable to privileged credential abuse-based breaches that are challenging to stop. Privileged credentials are the most trusted in an organization, allowing internal and external hackers the freedom to move throughout networks undetected. That’s why understanding where an organization is on the spectrum of ZTP maturity is so important, and why the findings from the Centrify and Techvangelism 2019 Zero Trust Privilege Maturity Model Report are worth noting and taking action on.

How To Improve Privileged User’s Security Experiences With Machine Learning

Bottom Line: One of the primary factors motivating employees to sacrifice security for speed are the many frustrations they face, attempting to re-authenticate who they are so they can get more work done and achieve greater productivity.

How Bad Security Experiences Lead to a Breach

Every business is facing the paradox of hardening security without sacrificing users’ login and system access experiences. Zero Trust Privilege is emerging as a proven framework for thwarting privileged credential abuse by verifying who is requesting access, the context of the request, and the risk of the access environment across every threat surface an organization has.

Centrify’s recent survey Privileged Access Management In The Modern Threatscape found that 74% of data breaches start with privileged credential abuse. Forrester estimates that 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates. On the Dark Web, privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags.

Frustrated with wasting time responding to the many account lock-outs, re-authentication procedures, and login errors outmoded Privileged Access Management (PAM) systems require, IT Help Desk teams, IT administrators, and admin users freely share privileged credentials, often resulting in them eventually being offered for sale on the Dark Web.

The Keys to the Kingdom Are In High Demand

18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey. State-sponsored and organized crime organizations offer to pay bounties in bitcoin for privileged credentials for many of the world’s largest financial institutions on the Dark Web. And with the typical U.S.-based enterprise losing on average $7.91M from a breach, more than double the global average of $3.86M according to IBM’s 2018 Data Breach Study, it’s clear that improving admin user experiences to reduce the incidence of privileged credential sharing needs to happen now.

How Machine Learning Improves Admin User Experiences and Thwarts Breaches

Machine learning is making every aspect of security experiences more adaptive, taking into account the risk context of every privileged access attempt across any threat surface, anytime. Machine learning algorithms can continuously learn and generate contextual intelligence that is used to streamline verified privileged user’s access while thwarting many potential threats ― the most common of which is compromised credentials.

The following are a few of the many ways machine learning is improving privileged users’ experiences when they need to log in to secure critical infrastructure resources:

  • Machine learning is making it possible to provide adaptive, personalized login experiences at scale using risk-scoring of every access attempt in real-time, all contributing to improved user experiences. Machine learning is making it possible to implement security strategies that flex or adapt to risk contexts in real-time, assessing every access attempt across every threat surface, and generating a risk score in milliseconds. Being able to respond in milliseconds, or real-time is essential for delivering excellent admin user experiences. The “never trust, always verify, enforce least privilege” approach to security is how many enterprises from a broad base of industries including leading financial services and insurance companies are protecting every threat surface from privileged access abuse. CIOs at these companies say taking a Zero Trust approach with a strong focus on Zero Trust Privilege corporate-wide is redefining the legacy approach to Privileged Access Management by delivering cloud-architected Zero Trust Privilege to secure access to infrastructure, DevOps, cloud, containers, Big Data, and other modern enterprise use cases. Taking a Zero Trust approach to security enables their departments to roll out new services across every threat surface their customers prefer to use without having to customize security strategies for each.
  • Quantify, track and analyze every potential security threat and attempted breach and apply threat analytics to the aggregated data sets in real-time, thwarting data exfiltration attempts before they begin. One of the tenets or cornerstones of Zero Trust Privilege is adaptive control. Machine learning algorithms continually “learn” by continuously analyzing and looking for anomalies in users’ behavior across every threat surface, device, and login attempt. When any users’ behavior appears to be outside the threshold of constraints defined for threat analytics and risk scoring, additional authentication is immediately requested, and access denied to requested resources until an identity can be verified. Machine learning makes adaptive preventative controls possible.
  • When every identity is a new security perimeter, machine learnings’ ability to provide personalization at scale for every access attempt on every threat surface is essential for enabling a company to keep growing. Businesses that are growing the fastest often face the greatest challenges when it comes to improving their privileged users’ experiences. Getting new employees productive quickly needs to be based on four foundational elements. These include verifying the identity of every admin user, knowing the context of their access request, ensuring it’s coming from a clean source, and limiting access as well as privilege. Taken together, these pillars form the foundation of a Zero Trust Privilege.

Conclusion

Organizations don’t have to sacrifice security for speed when they’re relying on machine learning-based approaches for improving the privileged user experience. Today, a majority of IT Help Desk teams, IT administrators, and admin users are freely sharing privileged credentials to be more productive, which often leads to breaches based on privileged access abuse. By taking a machine learning-based approach to validate every access request, the context of the request, and the risk of the access environment, roadblocks in the way of greater privileged user productivity disappear. Privileged credential abuse is greatly minimized.

How To Improve Supply Chains With Machine Learning: 10 Proven Ways

Bottom line: Enterprises are attaining double-digit improvements in forecast error rates, demand planning productivity, cost reductions and on-time shipments using machine learning today, revolutionizing supply chain management in the process.

Machine learning algorithms and the models they’re based on excel at finding anomalies, patterns and predictive insights in large data sets. Many supply chain challenges are time, cost and resource constraint-based, making machine learning an ideal technology to solve them. From Amazon’s Kiva robotics relying on machine learning to improve accuracy, speed and scale to DHL relying on AI and machine learning to power their Predictive Network Management system that analyzes 58 different parameters of internal data to identify the top factors influencing shipment delays, machine learning is defining the next generation of supply chain management. Gartner predicts that by 2020, 95% of Supply Chain Planning (SCP) vendors will be relying on supervised and unsupervised machine learning in their solutions. Gartner is also predicting by 2023 intelligent algorithms, and AI techniques will be an embedded or augmented component across 25% of all supply chain technology solutions.

The ten ways that machine learning is revolutionizing supply chain management include:

  • Machine learning-based algorithms are the foundation of the next generation of logistics technologies, with the most significant gains being made with advanced resource scheduling systems. Machine learning and AI-based techniques are the foundation of a broad spectrum of next-generation logistics and supply chain technologies now under development. The most significant gains are being made where machine learning can contribute to solving complex constraint, cost and delivery problems companies face today. McKinsey predicts machine learning’s most significant contributions will be in providing supply chain operators with more significant insights into how supply chain performance can be improved, anticipating anomalies in logistics costs and performance before they occur. Machine learning is also providing insights into where automation can deliver the most significant scale advantages. Source: McKinsey & Company, Automation in logistics: Big opportunity, bigger uncertainty, April 2019. By Ashutosh Dekhne, Greg Hastings, John Murnane, and Florian Neuhaus

  • The wide variation in data sets generated from the Internet of Things (IoT) sensors, telematics, intelligent transport systems, and traffic data have the potential to deliver the most value to improving supply chains by using machine learning. Applying machine learning algorithms and techniques to improve supply chains starts with data sets that have the greatest variety and variability in them. The most challenging issues supply chains face are often found in optimizing logistics, so materials needed to complete a production run arrive on time. Source: KPMG, Supply Chain Big Data Series Part 1

  • Machine learning shows the potential to reduce logistics costs by finding patterns in track-and-trace data captured using IoT-enabled sensors, contributing to $6M in annual savings. BCG recently looked at how a decentralized supply chain using track-and-trace applications could improve performance and reduce costs. They found that in a 30-node configuration when blockchain is used to share data in real-time across a supplier network, combined with better analytics insight, cost savings of $6M a year is achievable. Source: Boston Consulting Group, Pairing Blockchain with IoT to Cut Supply Chain Costs, December 18, 2018, by Zia Yusuf, Akash Bhatia, Usama Gill, Maciej Kranz, Michelle Fleury, and Anoop Nannra

  • Reducing forecast errors up to 50% is achievable using machine learning-based techniques. Lost sales due to products not being available are being reduced up to 65% through the use of machine learning-based planning and optimization techniques. Inventory reductions of 20 to 50% are also being achieved today when machine learning-based supply chain management systems are used. Source: Digital/McKinsey, Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? (PDF, 52 pp., no opt-in).

  • DHL Research is finding that machine learning enables logistics and supply chain operations to optimize capacity utilization, improve customer experience, reduce risk, and create new business models. DHL’s research team continually tracks and evaluates the impact of emerging technologies on logistics and supply chain performance. They’re also predicting that AI will enable back-office automation, predictive operations, intelligent logistics assets, and new customer experience models. Source: DHL Trend Research, Logistics Trend Radar, Version 2018/2019 (PDF, 55 pp., no opt-in)

  • Detecting and acting on inconsistent supplier quality levels and deliveries using machine learning-based applications is an area manufacturers are investing in today. Based on conversations with North American-based mid-tier manufacturers, the second most significant growth barrier they’re facing today is suppliers’ lack of consistent quality and delivery performance. The greatest growth barrier is the lack of skilled labor available. Using machine learning and advanced analytics manufacturers can discover quickly who their best and worst suppliers are, and which production centers are most accurate in catching errors. Manufacturers are using dashboards much like the one below for applying machine learning to supplier quality, delivery and consistency challenges. Source: Microsoft, Supplier Quality Analysis sample for Power BI: Take a tour, 2018

  • Reducing risk and the potential for fraud, while improving the product and process quality based on insights gained from machine learning is forcing inspection’s inflection point across supply chains today. When inspections are automated using mobile technologies and results are uploaded in real-time to a secure cloud-based platform, machine learning algorithms can deliver insights that immediately reduce risks and the potential for fraud. Inspectorio is a machine learning startup to watch in this area. They’re tackling the many problems that a lack of inspection and supply chain visibility creates, focusing on how they can solve them immediately for brands and retailers. The graphic below explains their platform. Source: Forbes, How Machine Learning Improves Manufacturing Inspections, Product Quality & Supply Chain Visibility, January 23, 2019

  • Machine learning is making rapid gains in end-to-end supply chain visibility possible, providing predictive and prescriptive insights that are helping companies react faster than before. Combining multi-enterprise commerce networks for global trade and supply chain management with AI and machine learning platforms are revolutionizing supply chain end-to-end visibility. One of the early leaders in this area is Infor’s Control Center. Control Center combines data from the Infor GT Nexus Commerce Network, acquired by the company in September 2015, with Infor’s Coleman Artificial Intelligence (AI) Infor chose to name their AI platform after the inspiring physicist and mathematician Katherine Coleman Johnson, whose trail-blazing work helped NASA land on the moon. Be sure to pick up a copy of the book and see the movie Hidden Figures if you haven’t already to appreciate her and many other brilliant women mathematicians’ many contributions to space exploration. ChainLink Research provides an overview of Control Center in their article, How Infor is Helping to Realize Human Potential, and two screens from Control Center are shown below.

  • Machine learning is proving to be foundational for thwarting privileged credential abuse which is the leading cause of security breaches across global supply chains. By taking a least privilege access approach, organizations can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and the costs of operating a modern, hybrid enterprise. CIOs are solving the paradox of privileged credential abuse in their supply chains by knowing that even if a privileged user has entered the right credentials but the request comes in with risky context, then stronger verification is needed to permit access.  Zero Trust Privilege is emerging as a proven framework for thwarting privileged credential abuse by verifying who is requesting access, the context of the request, and the risk of the access environment.  Centrify is a leader in this area, with globally-recognized suppliers including Cisco, Intel, Microsoft, and Salesforce being current customers.  Source: Forbes, High-Tech’s Greatest Challenge Will Be Securing Supply Chains In 2019, November 28, 2018.
  • Capitalizing on machine learning to predict preventative maintenance for freight and logistics machinery based on IoT data is improving asset utilization and reducing operating costs. McKinsey found that predictive maintenance enhanced by machine learning allows for better prediction and avoidance of machine failure by combining data from the advanced Internet of Things (IoT) sensors and maintenance logs as well as external sources. Asset productivity increases of up to 20% are possible and overall maintenance costs may be reduced by up to 10%. Source: Digital/McKinsey, Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? (PDF, 52 pp., no opt-in).

References

Accenture, Reinventing The Supply Chain With AI, 20 pp., PDF, no opt-in.

Bendoly, E. (2016). Fit, Bias, and Enacted Sensemaking in Data Visualization: Frameworks for Continuous Development in Operations and Supply Chain Management Analytics. Journal Of Business Logistics37(1), 6-17.

Boston Consulting Group, Pairing Blockchain with IoT to Cut Supply Chain Costs, December 18, 2018, by Zia Yusuf, Akash Bhatia, Usama Gill, Maciej Kranz, Michelle Fleury, and Anoop Nannra

%d bloggers like this: