NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Learning Defense from NSA's Elite Offensive Hacking Teams – part 2

February 11, 2016

  • Blog
  • Archive
  1. Home
  2. Blog
  3. Learning Defense from NSA's Elite Offensive Hacking Teams – part 2

NSA DefenseThis is the second in a series of two blogs. Check out yesterday’s blog for the first set of best practice recommendations for keeping the NSA out of your environment!

Rob Joyce, the NSA Chief of the Tailored Access Operations (TAO), gave a talk recently that provided some guidance on things you can do to disrupt nation state intruders from gaining access to your network. Joyce summarized his recommendations into a list of 10 best practices. In yesterday’s blog we discussed the first 5 – all about limiting access to privileged accounts, and enforcing good network, system and password hygiene.

We continue our examination of Joyce’s recommendations today.

6. Remove legacy protocols

This is a simple problem to state but extremely difficult to solve, requiring knowledge that most likely will be outside the expertise of the IT department. Regardless, as Rob Joyce said, you need to know your network and this may involve using companies that perform pen testing in order to identify broken or legacy protocols that could be used to successfully breach.

7. Establish a secure host baseline

Knowing the difference between what is on your system and what should be on your system is a critical part of your security plan. When a system differs from the approved baseline configuration, plus approved changes, they should be isolated so they can be analyzed and replaced and/or destroyed if you cannot account for the differences.

8. Leverage reputation services for applications and URL’s

Looking at external data like application digital signature details and certificate chains is valuable. Looking at reputation databases like the National Software Reference Library provides a higher level of confidence that an app that is attempting to launch is safe.

9. Two Factor Authentication

Two Factor Token-based authentication, also known as one-time password authentication, provides an additional level of identity assurance. By adding a second form of authentication like a token (something the user has) in addition to the something they know (their username and password) you can ensure that the user really is who they claim to be.

10. Review logs

Manually managing the number of logs generated by your network infrastructure is untenable. Some type of third-party log management system which automates the process should be introduced.

This log management system should consolidate logs, and perform threat analytics, anomaly detection, behavior analysis, etc. Your logs contain the details of all attempts to breach your network, thus, staying vigilant will enable you catch intrusion attempts in your logs rather than successful intrusions during an incident review.

Where to start?

So how do we cost-effectively implement these defense techniques outlined by Rob Joyce without bringing business to a standstill? The first part is making the cultural shift to a security first mindset. The second part is determining where you need the most help based on risk tolerance.

BeyondTrust recommends a programmatic approach to implementing privileged access management starting with password and session management, then progressing to higher levels of security maturity.

To help guide you through the process, download our white paper that covers a 7-step strategy to achieving complete privileged access management. The paper uncovers how this process helps you unify control and establish accountability over accounts, users, assets, systems and activity.

Rod Simmons, Director Product Management, BeyondTrust

Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.