As a result, most organizations end up going the “people” route simply because the technology is simply not fit for purpose. 2013 is the year of APTs, 2012 was BYOD, and who knows what acronym 2014 will bring, but one thing that the buyer can be sure of; whatever the latest hype will be in January, we can be sure that there will be hundreds of vendors claiming a cure.
Don't trust people, especially those you don't know
Maybe I’m a paranoid cynic – I’ve been called worse- but I’ve never felt entirely comfortable with valet parking. Maybe too many movies where the car experienced severe trauma on it’s way to the garage; and I certainly would not hand a stranger the keys to my house when I’m on vacation. And yet senior management at organizations such as the NSA and many other government and commercial enterprises, seem to have no difficulty in handing strangers access to their livelihoods, and national security.
What the NSA has woken up to is that you cannot trust people, regardless of whether like Manning they’re one of your own, or Snowden who happily sold his heritage for a “mess of pottage” which in today’s world means one of the many global news stations and sites.
The fascinating thing with both these characters is not that they’re hacking geniuses, which I’m certain Edward’s new employers in Moscow are discovering, but that a lack of effective automated controls, allowed them to abuse their privileges. A five year can access sensitive data if they have the key.
The first clear step that the NSA has identified is the need to regain control, and rightly so. Today, like never before infrastructure and businesses are under attack. And they first point of attack is to attempt to gain privileged access to any part of an infrastructure. Once this is obtained, then the attacker will target any and all assets, regardless of their value.
To combat this threat, organizations need to automate the management of their privileged access, and this goes far beyond simply controlling an administrative account. Even in a relatively small infrastructure, there will be an inordinate amount of service accounts that have to be continually discovered, managed, propagated, and delegated access to. Service accounts cover services, tasks, COM/DCOM, SharePoint, scripts, embedded, etc..
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.