sb-as logo
Story image

Privileged credentials: They're like diamonds for criminals

20 Dec 2018

Gartner recently released the first-ever Magic Quadrant for Privileged Access Management¹. Gartner also listed privileged access security the number one security project, saying that “CISOs should focus on these ten security projects to reduce risk and make a large impact on the business².

That’s no surprise considering cybercriminals most often target login credentials and passwords. One of the most common ways privileged credentials are stolen is through targeting of an endpoint with easily-exploitable vulnerabilities. 

Threat actors will also use different methods of attack and toolkits to look for vulnerabilities in any internet infrastructure. They are looking to steal any credentials that could allow for privilege escalation.  

That research is backed up by real-life scenarios – just look at any major data breach that has compromised staff usernames and passwords. Back in 2008, San Francisco’s IT department felt the heat. 

An engineer by the name of Terry Childs built and operated a FiberWAN network that was crucial to many online services. He consolidated control of all sys-admin passwords.

A smart move, you might think. But after he got into a dispute, he took total control of the network and would not share details of privileged accounts used to run the network. The result? San Francisco’s IT infrastructure ground to a halt. Insiders can also abuse privileged accounts too. Whatever his reasons, Edward Snowden did the same thing.

Privileged access management is no longer something that can be ignored or done haphazardly just to tick compliance or security boxes.

Privileged access management software enables organisations to secure privileged access to critical assets, meaning only those with the correct credentials can access business-critical information.

Privileged access management technologies should also help organisations meet compliance requirements through a process of securing, managing, and monitoring both privileged accounts, as well as access to those accounts.

Privileged access management is not just limited to one piece of software or infrastructure – it can span operating systems, network devices, hypervisors, databases, middleware, applications, and cloud services such as infrastructure-as-a-service, platform-as-a-service, and software-as-a-service.

IT professionals need to architect the right privileged access controls to prevent against cyber threats, exploitation, and to resist advanced persistent attacks; administrative privileges must be given only to those who absolutely need them to reduce the risk of privileged access attacks.

CyberArk is the pioneer in privileged access management technologies. The CyberArk solution is designed to protect networks, meet requirements and reduce security risk without the additional operational complexity.

Now, we believe that Gartner has reaffirmed that strong security starts with ensuring good cyber hygiene and securing the known credentials and accounts that attackers seek to accomplish their goals.

CyberArk encourages IT and security leaders to become more aware of the dangers of unsecured privileged access, which is why it is making the Gartner report available for download. Access your complimentary version here.

¹ - Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Dale Gardner, Justin Taylor, Abhyuday Data, Michael Kelley, 3 December 2018

² - Gartner, Smarter with Gartner, Gartner Top 10 Security Projects for 2018, June 6, 2018. https://www.gartner.com/smarterwithgartner/gartner-top-10-security-projects-for-2018/.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More