Subscribe
  • Home
  • /
  • Security
  • /
  • CyberArk releases framework for rapidly reducing privileged credential risk

CyberArk releases framework for rapidly reducing privileged credential risk

New CISO View research recommends a 30-day sprint to mitigate privileged credential vulnerabilities; features insights from Global 1000 CISOs and post-breach experiences from security experts.


Newton, Mass. and Petach Tikvah, Israel, 17 Feb 2017

CyberArk (NASDAQ: CYBR) today issued a new research report that recommends an accelerated 30-day plan to improve protection of privileged credentials. The report outlines a proven framework for rapid risk reduction based on lessons learned from several large data breaches and best practices from a panel of chief information security officers (CISOs) at Global 1000 enterprises.

The report: "Rapid Risk Reduction: A 30-Day Sprint to Protect Privileged Credentials", is part of The CISO View industry initiative, sponsored by CyberArk. The CISO View conducts research and delivers peer-to-peer guidance from experienced executives to help security teams build effective cyber security programmes.

The report is the latest release in The CISO View series, featuring contributions from The CISO View panel: top executives from ING Bank, CIBC, Rockwell Automation, Lockheed Martin, Starbucks, ANZ Banking Group, CSX Corporation, Monsanto Company, Carlson Wagonlit Travel, SGX, News UK and McKesson.

The report also draws from the experiences of several of the major organisations that have suffered large data breaches. It features input from guest contributors, including the security professionals and experts who were on the front-lines of breach remediation efforts.

Shutting down the privileged pathway

Attackers continue to demonstrate the ability to compromise privileged credentials to reach critical assets and steal sensitive data. In the incidents studied for this report, attackers were able to obtain domain-level Windows administrator credentials by exploiting common vulnerabilities found in most enterprise IT environments. Securing privileged accounts and credentials is one of the first actions organisations take following a breach to rebuild trust in their IT infrastructure.

"The number one thing adversaries do once they get into your network is look for the ability to escalate their privileges. Without good practices, you make it very easy for them to instantaneously traverse your whole network," said Jim Connelly, vice-president and CISO, Lockheed Martin.

The 30-day sprint framework

The research identifies the common attack patterns and best practices that could have helped to prevent a breach in the first place. Based on these real-world experiences, the report recommends a fast-tracked initiative to help shut down the privileged pathway in Windows environments. It prioritises the implementation of controls for protecting privileged credentials to drive tangible results within 30 days based on these goals:

Identify accounts quickly - Locate administrator accounts in Windows using existing Active Directory and local administrator groups.

Give precedence to the riskiest accounts - Implement controls on the most powerful accounts first, such as domain administrator accounts and administrator accounts with access to large numbers of machines, as well as application accounts that use domain administrator privileges.

Be realistic about addressing the volume of accounts - Work quickly to get initial controls in place and make improvements over time. For example, accounts for workstation users should not have administrative privileges, but breach survivors say this is one of the more difficult practices to implement and maintain due to the sheer volume of workstations.

Recommended controls include reconfiguring accounts to segregate duties, putting administrator passwords in a vault and requiring multi-factor authentication to access those passwords, removing workstation administrator privileges from end-users, and implementing detection tools to look for signs of lateral movement or privilege escalation in real-time.

"This CISO View report should be required reading for security teams and their executives who want to proactively protect their organisations from advanced attackers' most favoured - and successful - techniques. Based on what we've seen in the field, combined with the shared experiences of participants, it is absolutely possible to drive results within 30 days," said Gerrit Lansing, chief architect, CyberArk. "Collaboration and transparency are critical in effectively combating cyber threats, and are key drivers behind The CISO View initiative. We value the efforts of the security experts and executives who contributed to this research to improve enterprise security strategies."

For more information about: "Rapid Risk Reduction: A 30-Day Sprint to Protect Privileged Credentials", and the previous report: "The Balancing Act: The CISO View on Improving Privileged Access Controls", visit http://www.cyberark.com/cisoview/. The CISO View report was developed in conjunction with an independent research firm, Robinson Insight.

Report contributors

Guest contributors include John Gelinne, Managing Director, Advisory Cyber Risk Services, Deloitte & Touche; and Gerrit Lansing, Chief Architect, CyberArk, who have worked with major organisations post-breach. We'd also like to acknowledge the security executives from large organisations that have experienced significant breaches. Due to legal constraints, these executives have contributed to this research report without attribution.

Other contributors include The CISO View panel members: Rob Bening, CISO, ING Bank; David Bruyea, Senior Vice-President and CISO, CIBC; Dawn Cappelli, Vice-President and CISO, Rockwell Automation; Jim Connelly, Vice-President and CISO, Lockheed Martin; Dave Estlick, Senior Vice-President and CISO, Starbucks; Steve Glynn, CISO, ANZ Banking Group; Mark Grant, CISO, CSX Corporation; Gary Harbison, CISO, Monsanto Company; Kathy Orner, Vice-President and CISO, Carlson Wagonlit Travel; Chun Meng Tee, Vice-President and Head of Information Security, SGX; Munawar Valiji, Head of Information Security, News UK; and Mike Wilson, Senior Vice-President and CISO, McKesson

Share

CyberArk

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world's leading companies - including more than 45% of the Fortune 100 - to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with US headquarters located in Newton, Mass. The company also has offices throughout EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the company blog, https://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Editorial contacts