- Mitigating mistakes
- Limiting what attackers can do in the case of a breach
- Keeping honest people honest
- Pushing somewhat questionable people to be more honest
- Protecting users
- Protecting the data of your customers
- Keeping your customers' trust
"Trust but Verify" Provides an Audit TrailInstead of “trust no one,” most organizations have instead implemented a “trust but verify” model. This more practical approach provides an audit trail of everything a user does. Auditing, more often than not, proves that a user didn’t do something that, initially, looked as though he/she did. In the 2018 Verizon Data Breach Investigation Report, we learned a lot about attackers and their methods, in part, because many organizations that were breached had sufficiently detailed data to answer the “how” and “when” questions. Can you imagine if, after a breach, your CSO stated that he/she couldn't determine how a breach happened, what systems were accessed, what data was taken, or even if the intruder is still active inside of your network? That experience would be gut-wrenching (and likely the CSO’s last day on the job). The point is, you need audit data – so, if one day you need to answer these types of questions – you are prepared. Just the presence of cybersecurity alters user behavior. If we see a police car or photo radar at a stop light, we naturally ensure we are doing the speed limit and following the rules. In an airport security line, almost all people are well-behaved, and no one is making questionable jokes. Even though it might sound like security theater, the presence of real security will alter behavior and slow down or stop attackers. It keeps good people good, and bad people out.
How Can BeyondTrust Help in a “Trust but Verify” Model?There are basic steps every organization can take in a “Trust but Verify” model using BeyondTrust solutions.
- Removing admin rights for users on their desktops greatly reduces the risk of systems being compromised by malware. The challenge with users not being admins is that some tasks you want them to perform will require those rights. PowerBroker for Windows and PowerBroker for Mac enables you to remove admin rights, but leverage policy to enforce which tasks you would like them to be permitted to perform.
- Stop sharing the root account. It sounds simple, and it actually is. PowerBroker for Unix and & Linux enables you to delegate which users can perform which tasks on systems with a wide variety of criteria. More importantly, it provides a detailed audit trail that is not limited to what command a user ran, but also what actions the system performed.
- Finally, for the times when a user needs to be root or administrator, you can protect your privileged accounts by retrieving a session or credential from PowerBroker Password Safe so you can enforce clear visibility and accountability over who was using the credentials and when.