Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

Lessons Learned: In the Principle Of “Least Privilege,” Where Do Companies Fall Short? By Raj Dodhiawala, President, Remediant Lateral movement using compromised admin credentials is integral to almost all ransomware and malware attacks today. Specifically exploiting privilege sprawl—or the always-on, alwaysavailable administrative access to servers, workstations, and laptops—has become a lucrative opportunity for cyber attackers, allowing them to significantly increase their rate of success with stolen credentials and elevated privileges and, due to implicit trust between systems, the ease of damaging lateral movement. According to Verizon’s 2021 DBIR report, 74% of cyber-attacks are caused by privilege misuse or compromise, and for every cybersecurity team, that administrative access sprawl and high risk of lateral movement pose as serious, everyday threats to their resilience to cyberattacks. Cyber Defense eMagazine – March 2022 Edition 106 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
To prevent lateral movement attacks resulting from stolen and misused privilege access, information security teams are increasingly embracing the Principle of Least Privilege (PoLP), which NIST defines as “the principle that users and programs should only have the necessary privileges to complete their tasks.” It states that for any user or program that needs elevated privileges to complete its task or function, IT teams must enable the least amount of privilege, no more and no less, to get the job done. This directly emphasizes authorization -- meaning that escalated user privileges must only be allowed to match the computing goals of the task at hand. While the benefits of PoLP are obvious, there are several challenges that can often get in the way of achieving them – whether due to the complexity of implementation or the inability to adapt ingrained processes. For example, unlike Linux’s sudoers subsystem, Windows systems do not provide granular controls for the tasks an administrative user can or cannot perform. Group Policies also only go so far, especially since interactions between multiple policies may negate affects to achieve granular control. It’s actually quite common for an enterprise’s Active Directory to have Nested Groups, Domain Admins and Backup Admins, and all other privilege groups containing broad, obfuscated and over-permissioned configurations that either contradict or cancel out any least privileged controls in place. One of the biggest issues with PoLP is that time is not explicitly called out as a privilege, and thus is simply not considered at all when conferring least privileges. Let’s go back to the alwayson, always-available administrative access, but now, the access is constrained to the least computing privileges required for the task at hand. The fact that all systems have standing privileges defeats the goal of granular control, because an administrator on one system labeled trustworthy can, per convenience or with malintent, administer all other systems they have standing privileges on, effectively making the principle of least privilege null and void. The first step in addressing time is through what Gartner calls Zero Standing Privilege (ZSP), or the removal of all standing privileges and the implementation of Just-In-Time administration (JITA). First, ZSP removes the privilege sprawl. Then, JITA, bolstered by multi-factor authentication (MFA), selectively elevates privileges to the specific system that requires attention, exactly when the administration is needed, and for just the right amount of time necessary to complete the task. If cyber thieves (or insiders) were to get a foothold on a system, the window of opportunity to steal admin credentials would be significantly narrowed, and most importantly, they wouldn’t find a plethora of administrative access available to exploit and use to move laterally within the organization. Cyber Defense eMagazine – March 2022 Edition 107 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
level of concern while working remo
Page 21 and 22:
The Fragility of a GPS Centric Worl
Page 23 and 24:
Formerly known as LOng-RAnge Naviga
Page 25 and 26:
The Role of The CFO In Enterprise C
Page 27 and 28:
Help them mitigate potential risks
Page 29 and 30:
The Safest Ways for Bitcoin Trading
Page 31 and 32:
and clear instructions through a "N
Page 33 and 34:
According to Cybereason’s “Rans
Page 35 and 36:
If you implement these three tips,
Page 37 and 38:
• Nearly half of zero-day malware
Page 39 and 40:
Don’t Become a Horrible Headline:
Page 41 and 42:
pandemic era. By empowering profess
Page 43 and 44:
Have We Learned from Our Past Mista
Page 45 and 46:
internet, etc. How much training is
Page 47 and 48:
How to strengthen cyber resilience
Page 49 and 50:
A BCDR solution with automated disa
Page 51 and 52:
1. Cybersecurity Incidents Will Bec
Page 53 and 54:
Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105: Critically, endpoint security only
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 113 and 114: Cyber Defense eMagazine - March 202
Page 135 and 136: CyberDefense.TV now has 200 hotseat
Page 137 and 138: Books by our Publisher: https://www
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?