No one wants to get hacked. Having your workstation owned or your organization breached is costly and demoralizing. Security companies have been developing tools since the first viruses to prevent systems from being compromised and malware performing malicious activities on behalf of a threat actor. The truth is simple, however; no one solution can protect an asset from being hacked and the old defense in depth, layered model truly is the best approach to a successful defense. This includes everything from local endpoint protection solutions, to vulnerability and patch management.
This year, Gartner has stated that the #1 strategic initiative for all organizations should be Privileged Access Management (PAM). The scope includes enterprise password management and session recording as well as the removal and management of privileged accounts on all endpoints from servers to workstations and network devices. On Microsoft Windows servers and desktops, this is commonly in the form of Least Privileged Management. This includes removing all necessary administrative accounts, managing local administrator accounts and services, and removing administrative rights from all users including the suspension of all the secondary "xadmin" accounts. This security strategy, as recommended by Gartner, provides a strategically solid security layer to prevent assets from being hacked.
Utilizing PowerBroker for Windows, environments can add this defense in depth layer, achieve the recommendations by Gartner, and prevent hacks that typically evade endpoint, vulnerability, and patch management solutions. These are commonly referred to as Privileged Attack Vectors.
So how does PowerBroker for Windows prevent you from getting hacked?
- Allows applications to run within administrative rights, not user rights. This patented token swapping technology runs applications with unique security tokens, prompts for optional justification, and keeps the user at lower privileges allowing applications to interact with the operating system and environment without the risk of excessive user administrator privileges.
- Thwarts hacking tools that scrape memory for passwords like Mimikatz. Any hashes scrapped from memory are only valid for that application, specific session, and cannot be copied for authentication attacks used in lateral movement.
- Contains patented technology called Vulnerability-Based Application Management (VBAM) that can measure the risk of an application before deciding on privileges and runtime. Based on CVE score, age, and regulatory compliance requirements, applications can have privileges stripped or even blocked to prevent a hacking attempt against a vulnerable application.
- Can protect the file system from unauthorized changes by the user using a dedicated file integrity module.
- Advanced tamper protection to ensure that the solution itself cannot be disabled, user accounts added, or the solution itself misused by a threat actor to elevate unauthorized applications.
- Integrating PowerBroker for Windows with PowerBroker Password Safe allows for the automatic management of all local privileged accounts, including service accounts, to ensure passwords are unique and do not become stale.
While no single technology can prevent all hacks, having a layered defensive strategy is vital. Modern threats pray on social engineering, weak credentials, password reuse, and vulnerabilities that have just not been patched. Minimizing these risks requires us to understand that most malware needs administrative rights to infect a system, vulnerable applications can be compromised more readily if hacked with administrative rights, and end users do not administrative rights to perform their daily job functions. PowerBroker for Windows can help prevent your resources from being hacked and implement security best practices for PAM. It is time to embrace PAM, prevent hacks, and listen to the recommendations from the security community and leading analysts.
For more information on how PowerBroker for Windows can address your organization’s challenges, download our latest white paper, The CISO’s Guide to Managing Risk for Privileged Access & Credentials in Windows Environments.
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.