Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

New IT Security Best Practices for Maintaining “Business as Usual” Despite Evolving Threats

August 13, 2014

  • Blog
  • Archive
normal-blog-imgIt’s time to get back to business. Here in the U.S., summer vacations are wrapping up and businesses are looking forward to closing out 2014. Over the past year, we’ve seen several incidents that warrant changes in the ways consumers make purchases and businesses conduct transactions. Consider last week’s theft of a whopping 1.2 billion usernames and passwords by the Russian underground. When it comes to IT security, it’s impossible to see the upcoming holiday season as business as usual. Proper security due diligence requires your organization to evolve or be the next victim. The question that plagues everyone is where to start. Here’s a quick primer: Rotate Shared Passwords to Keep Attackers Guessing If you aren’t changing administrative passwords for users and service accounts on a regular basis, you’re holding a ticking time bomb. Consider how many people know shared passwords, where they are documented, and if any systems have been infected by malware in contact with those accounts. All of these scenarios, and many others, could lead to password leaks and allow unauthorized privileged access to sensitive systems and data. The best solution: reset passwords frequently with a privileged password management solution. Remove Administrative Rights to Limit Malicious Access How many users have administrative access to desktops, servers, or other systems? Why do they have this access? Common malware techniques like Pass-the-Hash on Windows can easily steal administrative passwords and use them to navigate a network virtually undetected. A server administrator can leverage excessive privileges to add backdoor accounts or dump databases with sensitive data. So why risk it? The best practice is for all users to operate only as standard users and be granted administrative privileges only when needed. Adopting a least-privilege model is like wearing a seat belt. It restricts your movement in case of an accident (intentional or purely accidental) but allows you to operate the vehicle normally without restrictions. Obviously with a seat belt on you can’t reach into the backseat, but that’s the whole point of least privilege; you shouldn’t. If you need to reach the backseat, the seat belt (i.e., your privileges) can be loosened via rules that dictate when this access is merited. Automated least-privilege solutions are available for both UNIX/Linux and Windows. Intelligently Manage Vulnerabilities to Lock Criminals Out If you’re not patching assets on a regular basis, you’re clearly leaving doors and windows unlocked for criminals (yes, another analogy). Consider that a clean install of Windows 7 has over 230 cumulative vulnerabilities, and many organizations still limit vulnerability assessment to servers – often without accounting for credentialed access. What does that say about the host of unlocked and unprotected doors and windows out there? Malicious activity can come from a wide variety of attack vectors and can start on a workstation, an HVAC system (e.g., Target), or even a mobile device. The solution starts with getting a zero-gap vulnerability assessment of the entire environment. It should be authenticated and cover all the devices (or a statistical sample if other imaging and change control parameters exist and can be proven). Of course, the output of vulnerability assessments should not be “phone books” with thousands of pages of faults. Reports should graduate results in logical sequences; present the largest risks first; indicate what to remediate first; and reveal the impact of remediation activities. Having a clear, repeatable assessment process can prove that assets are being remediated and that vulnerabilities are being eliminated. Patching vulnerabilities is not always possible, but it’s the primary method for fixing these flaws. Configuration changes and other techniques can mitigate the risks when patching is not an option, equating to iron bars placed in front of that unlocked window. Performing vulnerability assessment and patch management are best practices and not just required by regulatory compliance initiatives. Get Smart with Centralized Management Each one of these disciplines can be implemented as a technology silo, deployed in phases, or managed under a single platform. Business as usual should not mean cobbling together multiple vendors, tools and procedures to harmonize security across all teams in an organization. An IT risk management platform can take the guesswork out of security decisions by centralizing privileged password management, least privilege, and vulnerability assessment. A platform can make it easy to leverage best practices in managing security threats, streamlining operations, and improving communication – all through a single pane of glass. Adapting to the threats around us is a never-ending battle. Just look at the raft of business security changes that are now commonplace: Security tags on merchandise to prevent shoplifting, mirrors and finger guards on ATMs to prevent pin number theft, and two-factor authentication to combat identity theft. Similar widespread adoption of the above best practices will help you mitigate today’s most pressing IT security threats – and keep your business out of the breach headlines.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.