If you happen to read our blog and industry commentary on a regular basis, then you understand our commitment to highlighting the direct connection between privileged accounts and advanced internal threats and cyber attacks. In almost every cyber attack, there is a link between the pathway used by the hackers and poor security around privileged accounts.
However, while privileged accounts exist everywhere – on servers, databases, network devices, in your telephony system, embedded in applications –in 2011, according to the 2012 Verizon Data Breach Investigations Report, 94% of the data stolen during sophisticated cyber attacks came from servers.
One way to proactively mitigate the impact of these data breaches is to attain separation between sensitive and non-sensitive assets within your network. By creating an isolated zone, organizations can, conceivably, minimize the risk that a potential attacker could access sensitive data.
One traditional approach to creating this separation involves the use of jump servers, also known as jump hosts, golden hosts, jump boxes or bastion hosts. However, much like other conventional security approaches—such as firewalls and other perimeter security initiatives—simply deploying jump servers ignores the impact of the privileged connection. The fact remains that, while isolation of sensitive assets (via a jump server solution) is indeed a mandatory security step to control access to sensitive data, something is missing. The problem, of course, is that if the solution is unable to create the only
control point into the target server (a privileged account), then a malicious insider or external attacker can still hijack the privileged administrator password, bypass the whole jump server solution and cause havoc.
Fortunately, there may be a solution, and it is not simply locking down privileged accounts through proactive management and continuous monitoring. As we outline in a new whitepaper, aptly titled, “Isolation, Control & Monitoring in Next Generation Jump Servers,” unlike homegrown jump servers that still require a privileged credential to access targets system, a new class of Next Generation Jump Servers can effectively be deployed to merge isolation, control and monitoring into a single solution to truly protect an organization’s sensitive business information. Take a look at the whitepaper to learn more and to understand how you can create isolation that blocks the spread of desktop malware and monitors for malicious activity—all while protecting the privileged accounts through pre-defined workflows enforced for every privileged session.
And of course, make sure to check out our integrated solution, Privileged Session Management (PSM) Suite, which acts as a secure proxy that organizations can use to isolate, control and monitor all privileged access to sensitive servers, databases or virtual machines.
Last week, another significant and advanced cyber-attack has caught the security headlines for all of the right—and wrong—reasons. The attack was first uncovered by researchers at Kaspersky Lab who identified what they described as a “high-level cyber-espionage campaign” that has infiltrated networks at diplomatic, governmental and scientific research organizations over the past five years. While the target of the attack, dubbed Red October, may be reminiscent of other noteworthy breaches, including Stuxnet and Flame, the campaign is, in essence, a malware-based external breach and espionage platform that siphons data from mobile devices, PCs, and network hardware. Once inside the enterprise, the attackers could scan across the network and exploit vulnerabilities, including those accessible with administrative credentials and/or default passwords.
While the attack is primarily gaining publicity due to its apparently sophisticated and deliberate cyber espionage initiative against government and diplomatic organizations, the virus is another example of the industry’s fascination with custom malware that can be used to bypass the enterprise perimeter and steal sensitive data. In the case of Red October, the attack penetrates the perimeter and gathers intelligence from both traditional attack targets (workstations), as well as other network-connected devices including smartphones, network equipment configuration software and removable disk drives.
What the media—and the industry—continues to overlook, however, is the common pathway between these external attacks and the stolen data. While cyber espionage, malware attacks and proactive perimeter security measures may gain more intrigue, the real issue is that once inside, attackers immediately target privileged accounts to gain widespread access to the rest of the network.
Examining Red October further, it’s clear that this attack is no different than others—including Stuxnet and Flame—that targeted and leveraged privileged accounts. In this case, once inside the networks of their government targets, the Red October perpetrators were able to move around the network as if they were a privileged employee and uncover additional vulnerabilities to exploit by accessing admin credentials retrieved from malware-infected databases and systems. Once these credentials are stolen, attackers can take things to the next level by reusing them in later attacks by guessing similar passwords and network credentials in other locations. This should come as no surprise—although they serve as the gateway to an organization’s most sensitive data, privileged accounts are often protected by weak passwords, which are seldom replaced.
So while news will continue to detail the ramifications of Red October, it is important to note that we have been here before. Saudi Aramco. Subway Restaurants. Global Payments. US Chamber of Commerce. The list goes on, and will continue to go, if organizations continue to fail to recognize the importance of locking down and securing these privileged access points. Ultimately, it is a new approach to security – starting on the inside and working out, but it is an imperative. Rather than focusing on firewalls or perimeter security, organizations need to prioritize the identification, monitoring and management of privileged accounts.
It may be bad news for headline writers, but this approach will block hackers from gaining the true spoils they desire—sensitive corporate and government data accessible only through privileged accounts.
On behalf of the entire Cyber-Ark team, thank you to all of this year’s participants in our 3rd Annual SysAdmin Appreciation Day Twitter Contest. We are proud to publicly announce this year’s winning entry.
Before we divulge the details, we want to once again let our fantastic judging panel (Matt Simmons, Wesley David and Cole Lavallee) know how much we appreciate their time, consideration and efforts!
As you know, this year we asked participants the following question:
“What skills and experience have you gained in the past year that will most help you in the coming one, and why?”
The judges unanimously felt that this participant crafted a response that expressed a commitment to her SysAdmin career through acquisition of valuable skills and experience. Wesley David remarked that @unpixie deserved the top prize because “the single biggest skill that I learned so far is to network and make friends with people in the industry. There’s a skill to getting to know the right people. Not just anyone, but people who have a positive attitude and also know the sysadmin craft in an unusually brilliant manner.”
So congratulations to @unpixie! We’ll be in touch with information regarding your grand prize.
It’s that time of the year again! For the third year in a row, to help show our appreciation and support for system administrators located across the globe, Cyber-Ark will host a Twitter contest to coincide with the 13th annual System Administrator Appreciation Day – which takes place on Friday, July 27th, 2012. Like last year, we will extend the SysAdmin festivities a bit, and provide participants with extra time to participate and spread the positive vibes related to their achievements.
Here are the details:
This year, we’re asking participants to not only reflect on their greatest IT achievement from the past year, but to also anticipate the IT trends that will continue to drive and shape the SysAdmin position for years to come.
Our System Administrator Appreciation Day Twitter Contest question is:
“What skills and experience have you gained in the past year that will most help you in the coming one, and why?”
While it is not a requirement, we encourage respondents to relate their garnered skills and experience to a specific achievement. Even better, feel free to detail an achievement that you think your fellow SysAdmins can relate to and may soon encounter on their own (think: high-profile IT trends)!
This year’s judges include:
This esteemed panel of SysAdmin judges will review all entries and select one (1) winner and two (2) runner-ups based on the quality of the Tweet (the skills mastered/achievement detailed, and the perspective provided in relation to how these skills will be beneficial in the year ahead).
The contest winner will receive an Amazon Kindle Fire and the two runner ups will each receive $50 Amazon gift cards
The contest will begin at 9:00 a.m. ET on Tuesday, July 24th and will conclude at 1:00 p.m. ET on Friday, July 27th. Responses will be monitored throughout the week. The winner will be announced by 1:00 p.m. ET on Friday, July 27th by @cyberark through a series of Tweets and a post on this blog.
To be eligible to win, users need to Tweet a response alongside the #SysAdminDay hashtag and @Cyberark. This is important as it allows other Twitter users and contest participants to follow along. Proper format is as follows: “#SysAdminDay @cyberark RESPONSE”
Since Twitter has a 140 character limit (of course!), brevity is important. However, participants are also encouraged to elaborate on their Tweet by continuing their response by posting a comment under this blog post. This way, participants can provide a more detailed and/or creative response. However, this is not a requirement for eligibility and is only a suggestion.
More details and elgibility requirements are below. We look forward to seeing you on Twitter!
- The Cyber-Ark Team
Limit one Tweet (entry) per participantâ€”any user that creates and/or uses multiple accounts to participate will be deemed ineligible. Re-Tweets from other users are encouraged, however.
To be eligible to win and receive the kindle, participants must be followers of @Cyberark on Twitter. Prize information will be sent via Direct Message.
Cyber-Ark employees are allowed to participate but are ineligible to win the prize.
After a jam-packed week in San Francisco, the Cyber-Ark team is home – a little tired but also inspired by our experiences at IT security’s biggest conference of the year – RSA 2012. In addition to the great buzz associated with the launch of our brand new product – Privileged Session Manager version 7 –we decided to use this week’s IT Security Rewind to reflect on the week and provide you our take on major RSA show news and events.
Art Coviello Takes the Hot Seat…
Ahead of his keynote presentation that kicked of RSA, Art Coviello sat down with AllThingsDigital reporter Arik Hesseldahl, to answer seven questions about one of the most highly publicized cyber-security attacks that occurred almost one year ago – the RSA security token hack. While he didn’t reveal anything new about the hack, Art did offer his words of advice, “the bottom line is that we do hope, in the final analysis, that people have more of a sense of urgency in protecting themselves, because the truth of the matter is that we weren’t alone.” This quote set the tone for the RSA show as IT professionals looked back on a year of sophisticated APT’s and examined the future of how we will go about protecting ourselves.
Verizon gives a preview…
In time for RSA, Verizon published a snapshot of data from its upcoming 2012 Data Breach Investigations Report, revealing that more than 85 percent of the data breach incident response cases investigated by Verizon Business last year originated from a hack, and more than 90 percent of them came from the outside rather than via a malicious insider or business partner. However, the preview also found that “the most commonly used venue for breaches was exploiting default or easily guessed passwords, with 29 percent of the cases last year.” RSA and the U.S. Chamber of Commerce are just a few organizations that learned the privileged identity management lesson the hard way.
If you forgot to tune in on Sunday…
Keeping with some core themes from the RSA show…if you’re curious to hear what retired Gen. Mike Hayden, former head of the National Security and Central Intelligence agencies had to say about Stuxnet and similar cyber weapons, 60 Minutes aired a segment on Sunday that shows just how real cyber threats are and how serious government agencies are taking the threat of future attacks. FBI Director Robert Mueller stated, “I do believe that the cyber threat will equal or surpass the threat from counterterrorism in the foreseeable future.” If you missed “Stuxnet: Computer worm opens new era of warfare” you can watch the full segment here.
What were your best RSA moments this year? Comment below!