Intelligent CISO Issue 13 | Page 33

 PREDI C TI VE I NTEL L I GE NC E Don’t underestimate the power of privilege With traditional perimeter security tools unable to cope with advanced cyberattacks, John Hathaway, Regional Vice President – Middle East and India at BeyondTrust, tells Intelligent CISO about the benefits of Privileged Access Management (PAM). He says: “Modern PAM technology can ensure that only authorised individuals have access to your powerful privileged accounts and only in a fully audited manner.” I n today’s world cyberattacks have become ubiquitous. Consider the famous words of former Cisco CEO John Chambers: “There are two types of companies: Those that have been hacked and those who don't know they have been hacked.” So, if it’s inevitable that intruders will get in, the question you should ask is: How will I protect my organisation after hackers breach our network perimeter? The privileged account attack vector First, consider what usually happens during a cyberattack. Obviously, hackers | Issue 13 get inside your network. And they do it with social engineering, phishing emails, malicious insiders, zero-days, or a host of other tactics. Most of these attacks can quite easily defeat traditional perimeter security tools like antivirus or firewalls that are defending against yesterday’s threats. Once they’re inside, the intruders look for ways to expand their access. To do that, they install remote access kits, routers and key loggers. During this phase of an attack, hackers seek SSH keys, passwords, certificates, Kerberos tickets and hashes of domain administrators. Their goal is to extract the credentials that will let them escalate their access, gain lateral movement throughout the network and anonymously steal data at will. In our automated world, this entire ‘land and expand’ process can be conducted surprisingly quickly. But usually the attackers will take their time. They’ll quietly monitor and record activity on your systems and then use the information they gather to expand their control of your environment. According to research from Ponemon, hackers lurk on the network for an average of 206 days before being discovered. That’s a lot of time for a malicious entity to anonymously prowl your network. The key factor in this process is privileged access. With access to an unsecured privileged account, an attacker can view and extract sensitive data, change system configuration settings and run programs on almost 33