sb-as logo
Story image

Securing beyond the perimeter is more important than you think

As cyber threats become more sophisticated and prolific, it’s no longer enough for organisations to solely secure the perimeter. More frequently, and with a high level of success, hackers are making their way into enterprise systems via the network and gaining access to sensitive information.

“Securing the perimeter is important, but it’s important to secure far beyond this,” says Sam Ghebranious, CyberArk ANZ regional director.

He says it’s inevitable that enterprises will experience some form of security breach in their lifetime, and as such it’s important for businesses to take a proactive approach. It’s important for them to first know what they’re working with – ‘education is key’, he says.

According to Ghebranious, once businesses have taken note of their systems and understand the basics of their current infrastructure, they can implement comprehensive security solutions.

“Do you actually know who’s on your network? If you can’t answer this question, you should do something about it - find out about your network and put tools in place that will let you know when you’re getting breached and then do something about it,” he says.

Kerberos attacks are a good example of potentially destructive and damaging cyber threats that go beyond the perimeter.

Privileged account exploitation is at the centre of these targeted cyber attacks, and post-mortems of today’s most high-profile breaches – from Sony Pictures to Office of Personnel Management (OPM) – reveal an increasingly predictable pattern, according to CyberArk.

Attackers crash through the network perimeter, hijack credentials and use them to move laterally throughout the network, taking additional credentials and escalating privileges along the way to accomplish their goals, the company says.

Combining privileged accounts with attacks on the Kerberos authentication in Windows domains raises the stakes of the cyber threat. During such attacks, threat actors target domain administrator privileges, which provide unrestricted access and control of the IT landscape. Armed with these privileges, attackers can stealthily manipulate Domain Controllers (and Active Directory) and generate Kerberos tickets to obtain unauthorised access, according to CyberArk.

Kerberos attacks are troublesome for three primary reasons, CyberArk says:

Access: Once an attacker has Local Admin privileges, it is possible to dump additional credentials, which if left behind in the compromised machines, enable the attacker to move laterally in the network, elevate privileges and gain unauthorised access to valuable assets.

Obscurity: To bypass security controls and evade detection, an attacker can reuse Kerberos tickets to impersonate authorised users and sidestep authentication processes – disguising activity and avoiding authentication log traces.

Persistence: The days of stolen data being dumped all at once are largely over – attackers often prefer to remain on the network undiscovered for extended periods of time, funneling information out little by little. Kerberos attacks give attackers what they need most to do this: time. It is possible to maintain persistence with Kerberos tickets, even when credentials have been changed, CyberArk says.

Privileged accounts represent the largest security vulnerability an organisation faces today, according to the company. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organisation’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations, according to CyberArk.

Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organisations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data, CyberArk says.

Proactively protecting administrative credentials and preventing attackers from ever reaching these credentials in the first place is essential to every enterprise security strategy, according to CyberArk.

Privileged account security solutions, that combine protection and threat detection, can thwart attackers before network takeover is accomplished and trust in the IT infrastructure is broken, the company says. 

Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More