No one wants to get hacked. Having your workstation owned or your organization breached is costly and demoralizing. Security companies have been developing tools since the first viruses to prevent systems from being compromised and malware performing malicious activities on behalf of a threat actor. The truth is simple, however; no one solution can protect an asset from being hacked and the old defense in depth, layered model truly is the best approach to a successful defense. This includes everything from local endpoint protection solutions, to vulnerability and patch management.
This year, Gartner has stated that the #1 strategic initiative for all organizations should be Privileged Access Management (PAM). The scope includes enterprise password management and session recording as well as the removal and management of privileged accounts on all endpoints from servers to workstations and network devices. On Microsoft Windows servers and desktops, this is commonly in the form of Least Privileged Management. This includes removing all necessary administrative accounts, managing local administrator accounts and services, and removing administrative rights from all users including the suspension of all the secondary "xadmin" accounts. This security strategy, as recommended by Gartner, provides a strategically solid security layer to prevent assets from being hacked.
Utilizing PowerBroker for Windows, environments can add this defense in depth layer, achieve the recommendations by Gartner, and prevent hacks that typically evade endpoint, vulnerability, and patch management solutions. These are commonly referred to as Privileged Attack Vectors.
So how does PowerBroker for Windows prevent you from getting hacked?
- Allows applications to run within administrative rights, not user rights. This patented token swapping technology runs applications with unique security tokens, prompts for optional justification, and keeps the user at lower privileges allowing applications to interact with the operating system and environment without the risk of excessive user administrator privileges.
- Thwarts hacking tools that scrape memory for passwords like Mimikatz. Any hashes scrapped from memory are only valid for that application, specific session, and cannot be copied for authentication attacks used in lateral movement.
- Contains patented technology called Vulnerability-Based Application Management (VBAM) that can measure the risk of an application before deciding on privileges and runtime. Based on CVE score, age, and regulatory compliance requirements, applications can have privileges stripped or even blocked to prevent a hacking attempt against a vulnerable application.
- Can protect the file system from unauthorized changes by the user using a dedicated file integrity module.
- Advanced tamper protection to ensure that the solution itself cannot be disabled, user accounts added, or the solution itself misused by a threat actor to elevate unauthorized applications.
- Integrating PowerBroker for Windows with PowerBroker Password Safe allows for the automatic management of all local privileged accounts, including service accounts, to ensure passwords are unique and do not become stale.
While no single technology can prevent all hacks, having a layered defensive strategy is vital. Modern threats pray on social engineering, weak credentials, password reuse, and vulnerabilities that have just not been patched. Minimizing these risks requires us to understand that most malware needs administrative rights to infect a system, vulnerable applications can be compromised more readily if hacked with administrative rights, and end users do not administrative rights to perform their daily job functions. PowerBroker for Windows can help prevent your resources from being hacked and implement security best practices for PAM. It is time to embrace PAM, prevent hacks, and listen to the recommendations from the security community and leading analysts.
For more information on how PowerBroker for Windows can address your organization’s challenges, download our latest white paper, The CISO’s Guide to Managing Risk for Privileged Access & Credentials in Windows Environments.
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.