FEATURE: THREAT ANALYSIS
that represent a security risk. These accounts
are difficult to find and controlling and
monitoring access to them is challenging.
From the attacker’s side, bypassing these
privileged account credentials to access
sensitive systems is little more than a
percentages game. With so many avenues
to target them – social engineering, phishing
attacks, zero days and collaboration
with malicious insiders – penetrating an
organisation’s network is about patience.
If at first you don’t succeed, keep trying
because it’s a certainty that a new weakness
will emerge.
Once armed with the credentials to
get behind an organisation’s defences,
attackers look to grab what they can, such
as SSH keys, certificates and domain admin
hashes to move laterally on the network.
It’s a despairing thought that among
the thousands of privileged accounts
attackers might aim for, it takes only one
to seed a major data breach that brings an
organisation to its knees.
56
INTELLIGENTCIO
//////////////////////////////////////////////////////////////////////////
Privileged Access
Management (PAM)
This isn’t just about threats from outside
the organisation, but the ones emanating
from inside it too. According to Gurucul’s
Cybersecurity Insiders’ 2020 Insider Threat
Report, security professionals are well
aware of the threat posed by unsecured
privileged accounts, with 63% agreeing
that privileged users pose the biggest risk
from inside an organisation and 68%
saying they felt vulnerable to insider attacks
generally. Almost all of these organisations
will have deployed multiple layers of security
solutions to contain threats from outside the
organisation, but conventional security tools
do not defend against privileged account
misuse. When the same scenarios are
modelled inside the network, there is often
no defence at all.
A major problem hindering organisations
has been the inherent difficulty in
identifying and securing privileged accounts,
including those in the cloud. Consequently,
many invested in Identity and Access
Management (IAM). While IAM is good at
managing user identities tied to a known
person, it struggles to cope with identities
that aren’t defined in this way such as admin
accounts used to manage IT resources.
Finding these privileged identities can be
difficult, let alone stopping a malicious party
from accessing them.
For this reason, organisations have
increasingly turned to Privileged Access
Management (PAM) systems which impose
control and management on accounts using
the principle of least privilege. Unfortunately,
even PAM struggles under real-world
conditions in which many privileged
accounts slip through the net to the extent
that Gurucul estimates from customer data
that up to half remain unknown to IAM or
PAM platforms.
Hidden accounts
Insider abuse is often cast as a general
willingness by one or more employees
www.intelligentcio.com