BeyondTrust

It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyberattacks, you need to move faster than the attackers to minimize damage.

Here’s an example. Remember the 2014 attack on Home Depot? It resulted in hackers stealing credit card information from an estimated 50 million customers. But what if it was possible to intervene during that attack and limit those losses to just 500 cards? Or even 50 cards?

Achieving Acceptable Losses in Cyber Warfare

This is the concept of acceptable loss, which means accepting the fact that you can’t stop every threat. Of course, no one wants to suffer losses. But sometimes the optimal outcome is not stopping threats completely, it’s ensuring that the damage is minimal.

The fact is, intruders will get into your environment. But once they’re in, with the right cybersecurity solutions you can stop them in place before they inflict too much damage. So, how is this achieved?

Let’s start by examining today’s cyber security landscape. Research from Ponemon Institute shows that, on average, it takes 206 days before a cyber intrusion is detected. Why is that? Because most regulatory compliance mandates require password changes every 90 days.

But if you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days – and that’s assuming you really do change your credentials after 90 days. If you can’t detect them, and you’re not changing all your credentials, they’ll be in there for 90 days or 206 days … or maybe even longer.

Now suppose instead that password lifetimes were measured in, for example, one day instead of months. Then, imagine that someone breaks in and steals one of your credentials. Or one of your IT administrators with privileged access leaves the organization. Under this scenario, at the end of a 24-hour cycle they can no longer get into your environment with those credentials.

Quote Image

Intruders will get into your environment. But once they’re in, with the right cybersecurity solutions, you can stop them in place before they inflict too much damage.

Mark Contratore / Sr. Manager, Security Solutions / Bomgar

Rapid, Automated Password Rotation is Key

To accomplish this, you must be able to automate the lifecycle of privileged identities for administrative access. Many of today’s most advanced cyberattacks are automated. You need to counter these attacks with automated security. That means throwing out the traditional concept of having people changing privileged passwords and automate the lifecycle of privileged credential management from beginning to end.

Automated, continuous password changes can be the best friend for IT shops, because IT no longer must engage in the time-consuming (and impractical) task of finding, tracking and changing passwords for administrative accounts. Instead, credentials are continuously updated in an automated manner behind the scenes.

This concept stops cyberattacks in their tracks. Think about what usually happens. Someone breaks into an environment, steals a credential, and sets up shop. What if that attacker came back just one day later, all the passwords were updated, and he no longer had access? At that point he isn’t the attacker anymore. Now you’re analyzing his attack and he’s the one being hunted.

So how fast do these automated password updates need to happen? Consider this. Just one node of our privileged remote access management technology can handle about 2,000 machines per minute.

And that speed keeps our customers one step ahead of the attackers.

Up next

From September 27, 2018:

I Spy with My Little Eye – Using Threat Analytics as Your Secret Weapon

From October 1, 2018:

Be All You Can Be (Privileges Not Required)

Recommended Reading