Zero trust: Data breach prevention is all about breaking the kill chain

Breaches to enterprise security are often an inside, albeit unintentionally, thanks in part to the rise of privileged users. Once hackers gain access to a system, they use the access levels of a certain user to make lateral moves and ultimately wreak havoc.

Compromising privileged user credentials is one of the most common attacks organizations face, said Dale Gardner, director of product marketing CA Technologies, in a recent webinar hosted by IT World Canada, Are Your Must Trusted Employees Your Biggest Security Risk?

“Privileged users used to be a small number of individuals in an organization.” But this has changed thanks to the advent of virtualized environments and cloud computing coupled with increased access given to business partners and suppliers. “With those you see a growth in the number of administrators within the organizations and expansion of the attack surface.”

High profile breaches in the last few years have been key in driving interested in privileged access management (PAM), said Gardner. The one thing Home Depot, Anthem and Ashley Madison all have in common are privileged access credentials. In the case of Ashley Madison, source code from its system was dumped into the public domain and it included passwords to access third-party technology services such as Amazon Web Services.

“Increasingly we’re being concerned about espionage,” he said. “Attackers are moving beyond cybercrime to higher stakes gambits.”

Gardner said an effective method to prevent or detect breaches is to envision a kill chain, which is a way to look at how hackers get into a system and what they have to get what they want. “By understanding that and having a predictable series of events, you find opportunities to stop the chain of events.”

Generally, when an attacker gets inside a network, odds are the system the hacker landed in is not the end target. Instead, he will make lateral moves by elevating privilege in the system and repeat as necessary until the desired information attained or the desired damage is done. “An attacker can keep trying,” said Gardner. “A defender just has to make one mistake.”

A lot of environments lack PAM, making it easy for hackers to circumvent weak or default passwords, he said, and without automation in place, it becomes operationally difficult to manage passwords. Multi-factor authentication used to be difficult and expensive but the economics have changed and it’s now simpler to implement. “It’s reached a point where it’s best practice.”

Gardner said the best approach is one of “zero trust” where users are first authenticated but not given access to any specific resource until a policy has been defined in the system. Meanwhile, fear, uncertainty and doubt – the FUD Factor – helps to get the attention of senior management and convince them that security technology such as PAM is worth the investment, but using the kill chain illustration to demonstrate there are solutions to solve the problem goes even further.

Gardner said organizations are at various stages in the PAM maturity model. Technology is part of it, but processes and having management engaged with it are also necessary. Enterprises in the early stage are generally relying on technology that came with a specific application to manage access and the moving on to various point solutions. At a certain point, he said, PAM ideally stops being its own thing and becomes part of an enterprise’s overall governance model.

“It’s important for organizations to have a roadmap.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now