Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Learning Defense from NSA's Elite Offensive Hacking Teams – part 2

February 11, 2016

  • Blog
  • Archive
NSA DefenseThis is the second in a series of two blogs. Check out yesterday’s blog for the first set of best practice recommendations for keeping the NSA out of your environment! Rob Joyce, the NSA Chief of the Tailored Access Operations (TAO), gave a talk recently that provided some guidance on things you can do to disrupt nation state intruders from gaining access to your network. Joyce summarized his recommendations into a list of 10 best practices. In yesterday’s blog we discussed the first 5 – all about limiting access to privileged accounts, and enforcing good network, system and password hygiene. We continue our examination of Joyce’s recommendations today. 6. Remove legacy protocols This is a simple problem to state but extremely difficult to solve, requiring knowledge that most likely will be outside the expertise of the IT department. Regardless, as Rob Joyce said, you need to know your network and this may involve using companies that perform pen testing in order to identify broken or legacy protocols that could be used to successfully breach. 7. Establish a secure host baseline Knowing the difference between what is on your system and what should be on your system is a critical part of your security plan. When a system differs from the approved baseline configuration, plus approved changes, they should be isolated so they can be analyzed and replaced and/or destroyed if you cannot account for the differences. 8. Leverage reputation services for applications and URL’s Looking at external data like application digital signature details and certificate chains is valuable. Looking at reputation databases like the National Software Reference Library provides a higher level of confidence that an app that is attempting to launch is safe. 9. Two Factor Authentication Two Factor Token-based authentication, also known as one-time password authentication, provides an additional level of identity assurance. By adding a second form of authentication like a token (something the user has) in addition to the something they know (their username and password) you can ensure that the user really is who they claim to be. 10. Review logs Manually managing the number of logs generated by your network infrastructure is untenable. Some type of third-party log management system which automates the process should be introduced. This log management system should consolidate logs, and perform threat analytics, anomaly detection, behavior analysis, etc. Your logs contain the details of all attempts to breach your network, thus, staying vigilant will enable you catch intrusion attempts in your logs rather than successful intrusions during an incident review. Where to start? So how do we cost-effectively implement these defense techniques outlined by Rob Joyce without bringing business to a standstill? The first part is making the cultural shift to a security first mindset. The second part is determining where you need the most help based on risk tolerance. BeyondTrust recommends a programmatic approach to implementing privileged access management starting with password and session management, then progressing to higher levels of security maturity. To help guide you through the process, download our white paper that covers a 7-step strategy to achieving complete privileged access management. The paper uncovers how this process helps you unify control and establish accountability over accounts, users, assets, systems and activity.

Rod Simmons, Director Product Management, BeyondTrust

Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.