Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

January 22, 2015

  • Blog
  • Archive
Larry-Brock-CISOWith football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful. In security, we need to do the same. It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique threats, but we must ensure we cover the basic controls that we have learned are required to be successful against today’s threats. I know of a lot of companies that implement these controls and processes but also know of others that have failed to implement all or even most of them. It is hard to come up with a short list and I have omitted some areas (such as education/awareness, governance, and vulnerability management) that are absolutely essential. Instead, I have focused more on technical issues that I see as being a challenge. Join me live on February 5 where I will cover this in more detail >> The first area that I will discuss is the need to remove admin privileges from user accounts on their end-point systems. This is clearly a challenge for many companies. I do not know if they do not understand or appreciate the level risk they are accepting or if it is just too difficult for the culture of their company. I believe this is one of the top un-addressed risks in many companies because it enables an attacker to obtain privileged credentials for not only the end-point but for other systems in an enterprise. I also believe the solution and the on-going management is not that difficult. You just have to address it with the right solution that enables the business and users to easily use their systems and for IT to easily manage it. We will discuss both the risks and solution for this area. The second area focuses on managing administrative or privileged credentials. Since most attacks seek to obtain privileged credentials to enable their access and mission, there are basic and key controls that companies should implement to make it much, much harder for both cyber attackers and insiders to obtain these credentials. We will discuss the best practices in this area. The third area of discussion is the protection of your crown jewels and other sensitive information. It is extremely hard and expensive to try to protect everything so you need to focus on the top few percent of your information that really matters. Again, during my webinar we will discuss the best practices in identifying and protecting this information. The fourth area that we will discuss is to control what leaves your environment. For years now, we have mostly focused on keeping the bad guys out. Unfortunately, we have lost those battles, not because the defenses we put up did not work but because the attackers approached changed and we have not kept up. Like the people living behind high walls of medieval castles, our walls or firewalls, moats or AV / IPS are not addressing the problem of attackers going directly after our citizens and using them or their systems to steal information. We even know that the attackers will wait until the citizens leave the walls of the castle / enterprise and exfiltrate the information when it is easier. On this topic, we will discuss some of the best practices to help keep a company’s valuables from leaving as well as protecting them when they are carried out on mobile devices. The fifth basic area of discussion will be on improving your ability to detect cyber attacks as early as possible. We know that most companies are doing a poor job at detecting cyber attacks and on average it takes more than 200 days. Unfortunately, by then, attackers could steal everything in a company. One of the many examples is the 12 TB of information stolen from Sony before they discovered it. So, in this area, I will be discussing some the things you should be doing to improve you ability to detect an attack very early in the process so you can stop it before damage is done. The sixth and last area is about “discovering and removing your weaknesses”. This is all about using the right processes and resources to find your weaknesses. You will need to think and act like an attackers. Often, this does require using external resources that have these skills. Your challenge will be to gain alignment in your company to fund and fix the identified areas. Register for my upcoming webinar >>

Larry Brock, Principal at Brock Cyber Security Consulting

Mr. Brock is the principal at Brock Cyber Security Consulting, LLC. His primary focus is to help companies improve their capabilities to protect, detect and respond to attacks on their intellectual property from both insider and advanced cyber threats. Previously and for more than 11 years, he was the Global Chief Information Security Officer at DuPont. Prior to this role, he has work in other Information Technology Positions, Marketing, and Research & Development at DuPont and as a Security Officer within the USAF. Within DuPont IT, he was the CIO of the Nylon Flooring business unit. He has also led the development and implementation of several large systems including; manufacturing product control, materials management, engineering maintenance, quality management, and data warehouse systems. While working in the Corporate IT group, he led the migration to open-based systems for both networking and computing. In DuPont Research & Development, Mr. Brock led the development and deployment of imaging based systems, including a patented system to electronically move radiographs between hospitals and remote physicians. He served as an Information Security Officer within the U.S. Air Force and assigned to the National Security Agency (NSA). He served on active duty at the NSA for 4 years and then in a reserve capacity for 26 years. Mr. Brock has BS and MS degrees in Electrical Engineering and is a Certified Information Security Manager, CISM.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.