BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

APT Vehicle of Choice: The Accidental Insider

Posted March 5, 2012    Peter McCalister

APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromise are the insider — not the malicious insider, but the accidental insider who clicks on the wrong link.Dr. Eric Cole, Cyber Security Expert

One of most talked about topics at the recent RSA Conference in San Francisco was Advanced Persistent Threats (APT). While APT is the latest hot topic involving security, one aspect that has received little visibility is its relationship to privileged identity management.

Any weakness in your infrastructure that allows an attacker to access a system will give him or her opportunity to find another weakness and eventually get the keys to the kingdom – privileged access to a critical server or database with sensitive information.

Look no further than the RSA security breach that occurred early last year. Hackers gained network access through the HR department by sending bogus emails to RSA employees with the subject, “2011 Recruiting Plan.” Because RSA failed to implement a least privilege solution, accidental insiders at the company helped hackers hijack credentials to steal sensitive information.

Accidental insiders are unfortunately commonplace throughout many organizations. Why? Because human nature dictates that we will make mistakes. What’s needed is a comprehensive program to protect privileged access. The tradeoffs everyone has historically made to allow some level of risk no longer apply. Even something as simple as the accidental misconfiguration of a desktop PC can be the weakness a sophisticated attacker uses to gain the access they need to the privileged credentials of a systems or database admin.

Leave a Reply

Additional articles

VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,
dave-shackleford-headshot

Privileged Passwords: The Bane of Security Professionals Everywhere

Posted February 19, 2015    Dave Shackleford

Passwords have been with us since ancient times. Known as “watchwords”, ancient Roman military guards would pass a wooden tablet with a daily secret word engraved from one shift to the next, with each guard position marking the tablet to indicate it had been received. The military has been using passwords, counter-passwords, and even sound…

Tags:
, , ,
Privileged Account Management Process

In Vulnerability Management, Process is King

Posted February 18, 2015    Morey Haber

You have a vulnerability scanner, but where’s your process? Most organizations are rightly concerned about possible vulnerabilities in their systems, applications, networked devices, and other digital assets and infrastructure components. Identifying vulnerabilities is indeed important, and most security professionals have some kind of scanning solution in place. But what is most essential to understand is…

Tags:
, , , , ,