NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Connected Cybersecurity

May 8, 2018

  • Blog
  • Archive

Connected Cybersecurity

We live in a state of connected security. Today, many of us are virtually online all the time, with full accessibility to email, data, and work regardless of where we are, or the time of day. Some of us rely on features like mobile device notification suppression (i.e. “Do Not Disturb”) to ensure we can remain disconnected while we sleep. In contrast, technologies like mobile device management (MDM) ensure that our devices stay connected and secure even when we are not actively using the asset. This forms the basis for connected cybersecurity.

Why connected cybersecurity?

Connected cybersecurity provides a context-aware security profile for an identity and assets to determine if the requested access and behavior is legitimate or potentially malicious. It takes into consideration the trusted persistent history of an asset to determine if the user has ever engaged in access with the device versus potentially a new device, or attempted access by a threat actor. For the former, a user may be challenged with multi-factor authentication to secure the asset and user – and even be prompted with a security question to “remember me” and suppress future challenge and responses. This is key for connected cybersecurity. Enough information has been positively provided to trust that a user will access resources using a specific asset even when gaps exist in connectivity.

If we add additional context-aware information from IP range, location, user behavior analysis, etc. we can determine if a trusted device should have access even if prior security models have been satisfied. This helps manages risk from device theft, asset hijacking and more. So, what if I want to go off the grid and consider a “Do Not Disturb” paradigm for a longer period of time? What are the risks?

Risks of “Do Not Disturb” for an extended period of time

Team members go offline and invoke a do not disturb model all the time. Some team members are nine-to-fivers – others are connected 24/7/365. The 24/7/365 user behavior is expected of many professionals – and we all can relate to those who behave this way. However, some team members go off the grid for vacations, marriage, children, health, and a variety of other reasons. The duration they go offline is key to managing a connected state of cybersecurity as well.

For example, if there will be periodic check-ins during their absence – that activity could potentially trip threat models. User behavior will be different per individual and career responsibility. How many executives are truly offline fulltime during a vacation? I think you see my point. They are always connected and there is a state of security for them even when their email out of office reply states they will not be responding to any correspondence until a certain date. The out of office automated email reply in itself changes the state of connected cybersecurity just by raising awareness that all access will potentially be remote versus in the office.

Understanding the risks of connected cybersecurity

The first step in understanding the risks are to distinguish between the user and asset. The number and type of assets accessing secure corporate resources should always be known, quantifiable, and managed. Devices that have not been used (like old phones) should be aged out and the number of potential browsers (computers) used for remote access limited by quantity, location, operating system, etc. The more devices, inconsistent or insecure locations, older operating systems, etc. will increase the risk.

This can be managed by a good asset inventory solution and vulnerability management program. For the user, the more privileges they have remotely, lack of multi-factor authentication, poor entitlement management, and inconsistent access will also impact behavioral risk. This can be managed by a privileged access management (PAM) solution and identity and access management (IAM) process. The trick is managing both of these metrics on a single platform or location to influence future adaptive response. More on that in a moment.

The next piece of the puzzle is procedural. How do you manage requests for extended leaves of absence, but accommodate potentially periodic and intermittent access? The best methodology is first raising awareness that the individual is going offline. That is something missing from the vast majority of organizations today. When an individual is slated for a temporary leave of absence, human resource requests should be tied to information technology and cybersecurity. On-premise devices should be disabled or at least require multi-factor authentication (MFA) for any attempted access (i.e. if the user shows up physically at work).

Mobile devices should be restricted to only allow for pre-existing trusted devices and not accept any new access. The state of “do not disturb” takes on an entirely different level since there should be no (or minimal) access, and the connected state of cybersecurity should be static and not have any variations. This is typically handled by entitlements with IAM solutions for standard users and extended to PAM solutions for privileged access. Any new attempts or access during an employee’s absence could potentially be an indicator of compromise. This is much like access in the middle of the night contrary to my normal user behavior of sleeping – just for an extended period of time.

Putting connected cybersecurity together

So how do you pull all of this connected cybersecurity together? A comprehensive PAM platform and integration with IAM and other cybersecurity solutions from vulnerability management to asset inventory. If your privileged access solution is context-aware for location and vulnerabilities, your asset inventory helps control VPN and trusted devices, and your IAM methodology controls entitlements by role, device, and user – you are pretty close to a complete solution for knowing the state of cybersecurity for any connected device and user. Linking and integrating the process and solutions together, therefore, makes an effectively connected security model. This is true even if the device or user is dormant for any period of time. It allows changes in user behavior, changes in access, and changes in your trusted computing model.

If you are looking for a privileged access management (PAM) or vulnerability management (VM) solution, BeyondTrust can help. We provide a single, unified interface for both that can share data and help you realize the benefits of integrated data and shared communications to define connected cybersecurity.

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.