Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/30/2017
09:00 AM
Ericka Chickowski
Ericka Chickowski
Sponsored Article
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Counter Attack: Control the Credentials, Control the Compromise

Why edge-based solutions at the identity layer have become one of the only consistent control points left in today's perimeter-less world.

It's only fall and 2017 is already shaping up to be yet another record-breaking year for data breach statistics. In fact, according to the stats collected by the Breach Level Index, the number of records stolen surpassed the total for all of last year by the time we reached the halfway mark of this year. The breach headlines over the past month only serve to punctuate these dismal numbers: High impact compromises at Equifax, the Securities and Exchange Commmision, and Deloitte prove that even those organizations with considerable investments in cybersecurity are not immune to successful attacks.

The obvious question is 'Why?' Why are attackers still managing to compromise data and systems with seeming ease? There are lots of answers to that question. But top among them is the fact that most organizations today still operate under the fiction that cybersecurity primarily equates to network security.

Here's the reality. All those walls we've spent building up around the network are largely irrelevant today. Today's enterprises must safeguard a growing body of data, accessed by an increasing number of users from a mushrooming number of applications and devices. Enterprises have less control than ever over the networks users work off of, the devices they use to conduct business, and sometimes even over the infrastructure used to store that data.

And yet the security industry continues to bang its heads against the wall. It overinvests in perimeter technology and keeps doing things the way it always has, even though the safeguards they've invested in at the network layer are lost when users work off the network, when they rely heavily on insecure cloud storage, or when they're accessing secure data via insecure devices.

The fact is that edge-based solutions such as those at the identity layer have become one of the only consistent control points left in this perimeter-less world. And yet, according to recent figures, fewer than half of today's organizations invest in identity management of any kind.

Hackers know it, too. Credential harvesting and credential stuffing attacks are becoming some of the most standard and fruitful tactics for today's threat actors. One recent study shows that automated credential stuffing attempts make up more than 90% of all login activity on Internet-facing systems at Fortune 100 firms. And according to the Verizon Data Breach Investigation Report (DBIR) this year, 81% of today's breaches involve either stolen or weak passwords.

If organizations are going to meet these threats head on and start making a difference in 2018 breach numbers, they need to recognize that legacy approaches to defense don't make as much sense in today's threat landscape.  This means stepping up their game with regard to identity and account-level controls. This means putting the people, process and technology in place to bolster authentication across the infrastructure, whether on-prem or in the cloud, so that weak passwords are no longer an Achilles heel. It means instituting controls to ensure user entitlements match their roles and that privileged accounts can't cause compromises across vast swaths of cloud accounts. And it means putting in the identity-based controls and visibility that give IT the ability to know who accesses what and when, and are alerted when risky behavior is exhibited.

Ultimately the real prevention mechanisms for modern breaches comes down to the user level. Until organizations recognize that fact, theywe'll keep seeing the same breach stories with different names on them hitting the headlines.


Learn how to protect against data breaches with Okta


 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
11/30/2017 | 11:57:08 AM
Interesting article
One thing I was curious about, if someone let's say places a key-logger in your environment or places a worm where the worm's or key-logger's only purpose is to capture keystokes or usernames/passwords, then your premise "Control the Credentials, Control the Compromise" would be circumvented.

Also, if someone accessed a website or nefarious email, then you would still control the credentials, but the access to the system would be in the form of an APT or root-kit but is downloaded in the background, thus again, your system is compromised, and you still have control of the credentials.

This is not a silver bullet solution, we can only try to security our environment by controlling the Keys/Credentials, NGFW, locked down servers, Zone policies, SIEM devices, trained staff, but with all of that, they could access our servers over the power lines (EoP). Good luck with your commentary, it seems there are a few things that have been left out as part of the discussion.

T

 
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33624
PUBLISHED: 2021-06-23
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
CVE-2021-3526
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1177
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1942
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2011-1955
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.