Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/24/2018
09:00 AM
By Adam Bosnian, Executive Vice President of Global Business Development, CyberArk
By Adam Bosnian, Executive Vice President of Global Business Development, CyberArk
Sponsored Article
50%
50%

Privileged Access & the Future of Security

Prioritizing privileged access can dramatically reduce the business impact of an attack. Here are five reasons why.

Industry research firm Gartner this month released the first-ever Magic Quadrant for Privileged Access Management (registration required). It is, in our view, a significant milestone for the industry.  

Privileged credentials exist everywhere. The adoption of cloud, DevOps, robotic process automation, and the Internet of Things have dramatically expanded the threat landscape. Attackers know this, which is why nearly 100% of all advanced attacks today rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure.

While there is no silver bullet for achieving bullet-proof cybersecurity, organizations can dramatically reduce the impact of an attack by prioritizing privileged access . These five reasons show why securing privileged access matters more today than ever before:

1. Privileged Access Provides a Pathway to Critical Assets
Attacks that reach the domain controller level can lead to a hostile takeover of network and assets. Attackers are starting to apply this approach to new environments, targeting cloud consoles and orchestration tools to gain control overall all infrastructure. Attackers who gain this level of privileged access can control any server, controller, endpoint or piece of data, anywhere on a network. They can run commands, or download/install anything they want. Regardless of the environment, privileged access management helps secure tier0/critical assets. 

2. Humans Are Going to Be Human – Trust is Not a Security Policy
Humans are always the weakest link in the cybersecurity chain. Whether it’s privileged users abusing their level of access, or attackers targeting and stealing privileges from users to masquerade as a privileged insider, having a privileged access management program in place to protect from these abuses is paramount. Privilege is also the control that makes sure that the right people have only the necessary levels of access to sensitive applications and infrastructure to do their jobs, ensures that the activities occurring within an environment aren’t malicious, or if they are, enables security operations teams to take quick action.

3. Privileges Proliferate across Machines and Applications
For systems to work together, they have to access one another. That’s why the number of machines and applications that require privileged access vastly outnumber the number of people. These non-human entities are harder to monitor, keep track of, or even identify. Commercial apps typically require access to various parts of the network, which attackers can exploit. A good privilege strategy accounts for everywhere privileges live and detects anomalous activities as they occur.

4. Privileges at the Endpoint
Every single workstation in an organization contains privilege by default. Built-in admin accounts allow IT to fix issues locally, but creates a massive security gap that attackers target and exploit. Attackers can exploit these risky systems by getting in and then jumping laterally from workstation to workstation until they reach what they are looking for.

A proactive privileged access security program should account for the comprehensive removal of local administrative rights on workstations. Without this step, attackers can easily move laterally into – and around – the network.

5. Achieving Compliance Revolves around Privilege
Putting privileged access at the forefront of an organization’s security and risk management strategy enables the recording and logging of all activities that relate to critical IT infrastructure and/or sensitive information. The ability to monitor and detect suspicious events in an environment is very important. But without a clear focus on what presents the most amount of risk – unmanaged, unmonitored and unprotected privileged access – the business will remain vulnerable.

To download a complimentary copy of the Gartner Magic Quadrant for Privileged Access Management, please click here.

Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Dale Gardner, Justin Taylor, Abhyuday Data, Michael Kelley, 3 December 2018.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

About the Author:
Adam Bosnian is executive vice president at CyberArk, where he is responsible for managing and expanding global strategic relationships with technology partners. As an early member of the CyberArk management team, Bosnian led the industry to define the market for privileged account security and has played a key role in helping to secure and maintain CyberArk’s leadership in the space.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.