NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

How BeyondTrust’s Orchestrated Defense Minimizes Risk

December 6, 2016

  • Blog
  • Archive
Minimize Risk

Use Case: State Actors Targeting Critical Infrastructure

Editors note: This is the first of three use case blogs that describe how a BeyondTrust-orchestrated cyber defense can prevent or minimize an attack. To illustrate, we’ll use specific use cases available in the Verizon Data Breach Digest (full report).

From The Data Breach Summary:

After an unexplained pattern of valve and duct movements affected both the chemical levels and flow of a regional drinking water supply, Verizon’s RISK team was called in by (who they refer to as) Kemuri Water Company (KWC), to investigate suspicious cyber activity. The initial investigation revealed several concerns; among them, that some of KWC’s internet facing applications contained high-risk vulnerabilities, as well as that several critical IT and operational technology (OT) functions were all run on the same AS/400 server. This single point of failure had direct connections to various networks, ran the water control application, and housed customer PII and billing information. Upon further review, it was determined that threat actors exploited vulnerabilities within KWC’s online customer payment application to steal 2.5 million unique customer records. Worse yet, since the payment application had a direct connection to the AS/400 server, and clear text credentials for that server were discovered on the payment application web server, threat actors now had access to the valve and flow control application.

How An Orchestrated Cyber Defense Can Minimize Risks Like This

To help prevent or minimize risks associated with similar attacks, BeyondTrust recommends an integrated security approach that includes BeyondTrust and 3rd party solutions. Retina CTVI Technologies Integrated:
  • Vulnerability Management
  • Exploit Mapping
  • Next Generation Firewall
  • SIEM
  • Password Management
Since this attack originated with exploiting known vulnerabilities within an externally facing application, KWC should have performed a vulnerability assessment of its perimeter and network assets, with solutions like BeyondTrust BeyondSaaS and Retina. And because BeyondTrust scanners are integrated with leading exploit tools, such as Metasploit, Core, CANVAS and Exploit-db, KWC would have been able to focus on which vulnerabilities were being actively exploited in the wild, eliminate them, and force the threat actors to look for a trickier way in. Once inside, these bad actors would have had a much more difficult time moving laterally across the network if the systems in question did not share accounts. Instead, continuously rotating credentials with BeyondTrust PowerBroker Password Safe would have forced the adversary to request locked down passwords for each critical system they wanted to intrude. Perimeter scanning from BeyondSaaS would have identified all of KWC’s systems directly reachable from the internet – including its single point of failure AS/400 SCADA platform – alerting KWC to properly configure it to be externally facing. Additionally, because this attack originated at a web server, KWC could have shared suspicious attack traffic from a next generation firewall, like Palo Alto, with BeyondTrust Clarity. These events would then be correlated with data from Retina and PowerBroker to weed out high risk assets and spot anomalous behavior. Top 10 AssetsBeyondInsight Clarity: Top 10 Assets by Threat Level Finally, Clarity’s normalized event data could have been shared via certified connectors with a KWC SIEM. This actionable intelligence would have raised the level of awareness of this emerging and ongoing threat.

It’s Time To Change The Game!

By mobilizing our “security villages” (yes you have one), and automating their interactions, we can collect data from a variety of trusted sources, correlate it into a clear picture of risk, and take swift and decisive actions to mitigate vulnerabilities and threats. Connect threat and vulnerability intelligence. That’s how we flip the game on our adversaries and take control of vulnerabilities that have been plaguing us for more than a decade. Want to take your vulnerability management game to the next level? Download our latest white paper, Change the Game in Vulnerability Management, for more attack scenarios and to discover how orchestrating your cyber defenses can keep you steps ahead of the bad guys. For more, contact us today!
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.