Story image

Privileged credentials: They're like diamonds for criminals

20 Dec 18

Gartner recently released the first-ever Magic Quadrant for Privileged Access Management¹. Gartner also listed privileged access security the number one security project, saying that “CISOs should focus on these ten security projects to reduce risk and make a large impact on the business².

That’s no surprise considering cybercriminals most often target login credentials and passwords. One of the most common ways privileged credentials are stolen is through targeting of an endpoint with easily-exploitable vulnerabilities. 

Threat actors will also use different methods of attack and toolkits to look for vulnerabilities in any internet infrastructure. They are looking to steal any credentials that could allow for privilege escalation.  

That research is backed up by real-life scenarios – just look at any major data breach that has compromised staff usernames and passwords. Back in 2008, San Francisco’s IT department felt the heat. 

An engineer by the name of Terry Childs built and operated a FiberWAN network that was crucial to many online services. He consolidated control of all sys-admin passwords.

A smart move, you might think. But after he got into a dispute, he took total control of the network and would not share details of privileged accounts used to run the network. The result? San Francisco’s IT infrastructure ground to a halt. Insiders can also abuse privileged accounts too. Whatever his reasons, Edward Snowden did the same thing.

Privileged access management is no longer something that can be ignored or done haphazardly just to tick compliance or security boxes.

Privileged access management software enables organisations to secure privileged access to critical assets, meaning only those with the correct credentials can access business-critical information.

Privileged access management technologies should also help organisations meet compliance requirements through a process of securing, managing, and monitoring both privileged accounts, as well as access to those accounts.

Privileged access management is not just limited to one piece of software or infrastructure – it can span operating systems, network devices, hypervisors, databases, middleware, applications, and cloud services such as infrastructure-as-a-service, platform-as-a-service, and software-as-a-service.

IT professionals need to architect the right privileged access controls to prevent against cyber threats, exploitation, and to resist advanced persistent attacks; administrative privileges must be given only to those who absolutely need them to reduce the risk of privileged access attacks.

CyberArk is the pioneer in privileged access management technologies. The CyberArk solution is designed to protect networks, meet requirements and reduce security risk without the additional operational complexity.

Now, we believe that Gartner has reaffirmed that strong security starts with ensuring good cyber hygiene and securing the known credentials and accounts that attackers seek to accomplish their goals.

CyberArk encourages IT and security leaders to become more aware of the dangers of unsecured privileged access, which is why it is making the Gartner report available for download. Access your complimentary version here.

¹ - Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Dale Gardner, Justin Taylor, Abhyuday Data, Michael Kelley, 3 December 2018

² - Gartner, Smarter with Gartner, Gartner Top 10 Security Projects for 2018, June 6, 2018.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.