THE FIVE DEADLY SINS OF PRIVILEGED ACCESS MANAGEMENT

Similar documents
Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

the SWIFT Customer Security

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

Mapping BeyondTrust Solutions to

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

10 FOCUS AREAS FOR BREACH PREVENTION

Use Cases for Unix & Linux

CyberArk Privileged Threat Analytics

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Security Professionals

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Tripwire State of Container Security Report

Device Discovery for Vulnerability Assessment: Automating the Handoff

Best Practices in Securing a Multicloud World

The 2017 State of Endpoint Security Risk

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Traditional Security Solutions Have Reached Their Limit

Spotlight Report. Information Security. Presented by. Group Partner

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Tripwire State of Cyber Hygiene Report

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

THALES DATA THREAT REPORT

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Mastering The Endpoint

align security instill confidence

Implementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions

RSA NetWitness Suite Respond in Minutes, Not Months

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Next Generation Privilege Identity Management

Securing Your Cloud Introduction Presentation

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

2017 THALES DATA THREAT REPORT

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Skybox Security Vulnerability Management Survey 2012

IT Needs More Control

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

locuz.com SOC Services

THALES DATA THREAT REPORT

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

PowerBroker Password Safe Version 6.6

MITIGATE CYBER ATTACK RISK

Choosing the Right Security Assessment

A Technical Solutions Guide for Privileged Password & Session Management Use Cases

Build Your Zero Trust Security Strategy With Microsegmentation

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Survey Results: Virtual Insecurity

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Modern Database Architectures Demand Modern Data Security Measures

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Rethink Enterprise Endpoint Security In The Cloud Computing Era

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

An ICS Whitepaper Choosing the Right Security Assessment

TechValidate Survey Report: SaaS Application Trends and Challenges

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015

SYMANTEC DATA CENTER SECURITY

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

with Advanced Protection

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Security Readiness Assessment

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

mhealth SECURITY: STATS AND SOLUTIONS

Cloud Customer Architecture for Securing Workloads on Cloud Services

The Problem with Privileged Users

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

Vulnerability Management Trends In APAC

Tenable.io for Thycotic

Providing a Rapid Response to Meltdown and Spectre for Hybrid IT. Industry: Computer Security and Operations Date: February 2018

RiskSense Attack Surface Validation for IoT Systems

Mapping BeyondTrust Solutions to

Incident Response Services

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Benefits of Implementing a SaaS Cybersecurity Solution Andras Cser, VP Principal Analyst

Attackers Process. Compromise the Root of the Domain Network: Active Directory

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

IBM Cloud Internet Services: Optimizing security to protect your web applications

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Go mobile. Stay in control.

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Server Protection Buyers Guide

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

Transcription:

THE FIVE DEADLY SINS OF PRIVILEGED ACCESS MANAGEMENT

Introduction For years, security experts have outlined the best practices for privileged access management in an effort to reduce problems associated with the abuse of privileged credentials. Despite this, IT organizations continue to struggle with privileged access management. Take a look inside any large enterprise and you ll likely find that passwords are still not under complete control, users with administrator privileges are still causing problems and far too many system vulnerabilities open pathways to privileged accounts. 7% Canada 1% Netherlands 70% U.S. 1% Mexico 2% U.K. 1% Switzerland 1% India 1% Phillipines 2% S. Africa 1% Singapore Survey Methodology BeyondTrust surveyed 474 IT professionals 2% Argentina 2% Brazil 2% Aus from around the world with involvement in privileged access management in May and June 2017. 2

Why is that? BeyondTrust decided to explore this question with our annual Privileged Access Management survey. Having analyzed the results, we ve compiled a list of the Five Deadly Sins of Privileged Access Management. Think our title is too dramatic? Consider this: These five deadly sins cost the typical enterprise nearly $4M annually resulting from lost productivity, costs to mitigate incidents and legal or compliance issues. What keeps IT awake at night? Why We Care: Protecting Valuable Enterprise Information We asked respondents to list the most important enterprise assets they are protecting. The top three Misuse of personally identifiable information Downtime of computing systems Loss of intellectual property assets were personally identifiable information (PII), against downtime and loss of intellectual property (IP). That makes sense: As more and more enterprises engage with digital transformation crucial enterprise information becomes more valuable. 3

Where do we fall short? How can enterprises protect their important digital information assets? Respondents told us the most crucial security measures are privileged account management, privileged session management and privilege elevation management. With 80% of data breaches the result of the abuse or misuse of privileged credentials 1, this is to be expected. 80% of data breaches result in the abuse or misuse of privileged credentials 1 Aspects of privileged access management IT finds important What wasn t expected was how many enterprises continue to struggle in this area. Despite their high motivation to protect enterprise information, and their laser focus on privilege access management, we identified five areas in which many enterprises continue to fall short. What follows are the Five Deadly Sins of Privileged Access Management. Privileged account mgmt Privileged session mgmt Privilege elevation mgmt 1 The Forrester Wave : Privileged Identity Management, Q3 2016. Forrester. Andras Cser. July 8, 2016. 4

The First Deadly Sin: Apathy It isn t that IT doesn t know better. When asked to list the top threats associated with passwords respondents listed sharing passwords, not changing default passwords and using weak passwords. No surprises there. Yet despite knowing better, respondents admitted that many of these same bad practices are common within their organization. A third of the respondents report users routinely share passwords with each other, and a fourth report the use of weak passwords. Shockingly, one in five report many users don t even change the default passwords! Regarding password practices, organizations believe the threat is high for: 79% 76% 75% Users sharing passwords with other users Not changing default passwords Using weak passwords Even though the threat level is high, respondents report bad password practices still persist 5

Please rate the threat level from each of the following password management (Somewhat/Extremely High) How frequently have you experienced security problems due to the following insecure practices? (Somewhat/Extremely Frequently) Users sharing passwords with other users Users sharing passwords 79% 22% with other users Using default passwords (not changing the password the device ships with) 76% Allow users to run as administrators on their machines Reusing the same passwords for multiple systems 21% 20% Using weak passwords (like monkey or 12345 ) 75% Not having control over applications on users machines 19% Using passwords that are too simple 18% Reusing the same passwords for multiple systems 73% Keeping passwords for too long without changing them 18% Using dictionary passwords (i.e., words that are found in the dictionary) 69% Allowing administrators to have root access to Unix or Linux boxes Using default passwords (like secret or password ) 16% 17% Keeping passwords for too long without changing them 69% Using dictionary passwords (i.e., words that are found in the dictionary) 13% 6

The Second Deadly Sin: Greed How much privilege does an end user really need? Users will say they need complete privilege. Yet allowing users to run as administrators on their machines is recognized by respondents as their biggest threat, followed by not having control over applications on users machines. High Threat level: 79% Say allowing users to run as administrators 68% Say not having control over applications on users machines Common Practice: 38% Report it is common for users to run as administrators 22% Say its caused downtime Despite this knowledge, nearly two in five say it is common for users to run as administrators on their machines. It is no surprise that many respondents say these practices have directly caused downtime of computing systems. Basic security best practices should be to remove all excessive privileges 7

The Third Deadly Sin: Pride One in five respondents say attacks combining privileged access with exploitation of an unpatched vulnerability are common. These dangerous attack vectors, such as ransomware, thrive on system weaknesses and excessive access that allows lateral movement. 18% Say attacks that combine privileged access with exploitation of an unpatched vulnerability are common Simply patching known system vulnerabilities can prevent most of today s commonly-reported attack vectors. So why doesn t IT stay current on their patches? As they say, pride cometh before the fall. Properly patching your system can reduce your attack surface by nearly 20% 20% 8

The Fourth Deadly Sin: Ignorance Two-thirds of respondents say managing least privilege for Unix/Linux servers is somewhat to extremely important. The question is how do you manage it. One popular option is Sudo. However, just 29 percent say Sudo meets their needs. Sudo s failings as a deterrent to successful cyberattacks on Linux platforms is welldocumented. Why trust the security, compliance, or continuity of your business to a free tool with known Say managing least privilege for Unix/Linux is important 68% 29% Say Sudo meets their needs best practice flaws? The most commonly cited problems with Sudo include being time-consuming to use, complexity and poor version control. Despite this, the typical respondent runs Sudo on 40 workstations and 25 servers. 9

The Fifth Deadly Sin: Envy Organizations are moving to the cloud with a vengeance. As with all platforms, protecting against privileged access abuse is crucial for cloud workloads. Unprotected SaaS workloads can lead to a host of problems; some immediate, some longer lasting. 37% not involved in protecting SaaS applications 63% report protecting SaaS Applications Yet, more than a third report that they are not involved in protecting SaaS applications from privileged access abuse. It is not up to the provider to protect your cloud workloads, it is up to IT. Privileged access must be secured consistently across all channels onpremises, IaaS, SaaS and PaaS. Privileged access must be secured consistently across all channels 10

Where to go from here Personally Identifiable Information (PII) must be protected at all costs, otherwise organizations can face costs of up to $4 million per year mitigating the damages of unwanted access to it. To protect access to this data, organizations tell us that they must protect privileged accounts (but it s done inconsistently), remove admin rights from users (well, most of them anyway), tackle the vulnerabilities that can be used to exploit elevated privileges (sorta), take control over Unix and Linux accounts (sudo), and prioritize the protection of vulnerable SaaS privileges (or not). How do organizations finally, once and for all, implement these measures? We ll cover that next. 11

Battling the Five Deadly Sins Below are five steps you can take today to reaffirm that you believe in privileged access management: 1. Deploy enterprise password management globally across all data centers, virtual and cloud. The data from the study reveals that there is still quite a bit of work to do to get control of enterprise credentials. Namely, eliminating the sharing of credentials and getting control over embedded credentials hardcoded in applications and service accounts. A centralized password management solution that includes built-in session monitoring will ensure that both important capabilities are met with strong workflow and ease of use for your high-maintenance users. 2. Remove local admin rights from ALL Windows and Mac end users immediately. 94% of Microsoft system vulnerabilities in 2016 can be attributed to users with admin rights. Once all users are standard users, IT teams can elevate a user s access to specific applications to perform whatever action is necessary as part of their role without elevating the entire user on the machine. The benefit? When the next ransomware variant breaks out, your end-users machines will be contained, preventing further propagation. It will save your IT team and help desk many headaches, and save the business from possible downtime. As well, you can use asset and application vulnerability insights to help you make better decisions on elevating privileges. 3. Prioritize and patch vulnerabilities. Consider the cyber-attack chain. Attackers exploit asset vulnerabilities, hijack elevated privileges or compromised credentials, and move laterally until they achieve their objective. What s the first step in that chain? Right. Vulnerabilities. Like we mentioned above, better prioritization and patching of vulnerabilities gives you better insight into whether to delegate privileges to an asset or application. The result is better intelligence and less risk of unknowns. 12

4. Replace sudo for complete protection of Unix/Linux servers. With pressure on budgets, organizations may have to use sudo, but it doesn t offer the industrial-strength capabilities that today s security needs, for example: Analyzing user behavior by correlating keystroke logs, session recordings and privileged events against asset vulnerability data and security intelligence from best-of-breed security solutions Elevating privileges for standard users through fine-grained, policy-based controls Utilizing contextual factors such as time, day and location to make privilege elevation decisions Auditing and reporting on changes to critical system, application, and data files Achieving policy-driven command control and auditing down to the system level Enabling a host-based and/or proxy-based approach to privilege management Unifying policy, management, reporting and analytics, upgrades and more across all privilege management systems 5. Unify privileged access management on-premise, in the cloud into a single console for management, policy, reporting and analytics. As organizations race to adopt *aas to keep pace with business demands, IT must provide the same level of protection to cloud-based systems as for on-premise systems. This includes capabilities such as: Enabling automation for DevOps Finding, grouping and scanning cloud assets Protecting virtual and cloud management consoles and instances Using a cloud access service broker to enable third-party access Performing vulnerability assessments for hybrid and public cloud infrastructures The trick, though, is to secure and enable the cloud without gaps in effect unifying your privileged access policies across on-premise and cloud environments. 13

Why BeyondTrust? BeyondTrust delivers what leading industry analysts including KuppingerCole, Forrester, Gartner and Quadrant Research and others consider to be the most complete and integrated privileged access management platform available on the market. The PowerBroker Privileged Access Management Platform is an integrated solution to provide control and visibility over all privileged accounts and users across Windows, Mac, Unix and Linux desktop and server platforms. By uniting best of breed capabilities that many alternative providers offer as disjointed tools, the PowerBroker platform simplifies deployments, reduces costs, improves system security and closes gaps to reduce privileged risks. Nearly 4,000 customers worldwide are using PowerBroker every day to: Reduce the attack surface by eliminating the sharing of privileged accounts and delegating permissions without exposing credentials Monitor privileged user, session and file activities for unauthorized access and/or changes to key files and directories Analyze asset and user behavior to detect suspect and/or malicious activities of insiders and/or compromised accounts For more information on how BeyondTrust can help you repent your security sins and be reborn as a Privileged Access Management Saint, contact us at www.beyondtrust.com 14

THE 5 DEADLY SINS of Privileged Access Management Security experts have outlined the best practices for privileged access management for years in an effort to reduce problems associated with the abuse of privileged credentials. Despite this, IT organizations continue to struggle. BeyondTrust decided to explore this issue with our annual Privileged Access Management survey. What keeps IT awake at night? Aspects of privileged access management IT find important Misuse of personally identifiable information Downtime of computing systems Loss of intellectual property Privileged account management Privileged session management Privilege elevation management Enterprises continue to struggle despite their motivation to protect enterprise information Organizations believe the threat is high for: 22 % APATHY: Not deploying privileged password management 79 % Sharing passwords 76 % Using default passwords 75 % Using weak of respondents report bad password practices still persist High Threat Level: Say allowing users to run as admins GREED: Too many holdout admin users passwords 71 % Say not having control over applications on users machines 68 % 38 % Report it is common for users to run as admins 22 % Say allowing it has caused downtime PRIDE: Ignoring risks of excessive privileges Common Practice: Basic security standards should be to remove all excessive privileges 18 % 20 % Say attacks that combine privileged access with exploitation of an unpatched vulnerability are common Properly patching your system can reduce your attack surface by nearly 20% IGNORANCE: Believing Sudo is enough Say managing least privilege for Unix/Linux is important 29 % 68 % ENVY: Ignoring SaaS risks Say Sudo meets their needs 37 % 63 % Report Not involved in protecting SaaS application protecting SaaS applications Privileged access must be secured consistently across all channels Who We Talked To U.S. 70% Main Office location Departments Industries Canada 7% Mexico 1% Brazil 2% Argentina 2% U.K. 2% South Africa 2% Netherlands 1% Switzerland 1% India 1% Philippines 1% Singapore 1% Australia 2% 474 JUNE conducted 23 May-June responses 2017 questions 9% Other 2% Customer Service 2% Sales 3% Finance 4% Administration 6% Engineering 7% IS 68% Technology Technology Financial Other Government Healthcare Education Manufacturing Insurance Communications /Media Retail Utilities 7% 7% 6% 4% 4% 4% 3% 11% 14% 13% 22% For more information, including 5 steps you can take to reaffirm that you believe in privileged access management, download our free report. Source: BeyondTrust 2017 Privilege Benchmarking Study DOWNLOAD REPORT www.beyondtrust.com/5-sins-pam

Copyright 1999-2017 BeyondTrust Inc. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback