Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Security Emergency Preparedness: Preparing for the Next Attack

July 5, 2017

  • Blog
  • Archive
Security Emergency Preparedness These days, information security operations can feel like a constant series of scrambles. One week, it’s a huge dump of credentials. The next, it’s an outbreak of targeted ransomware exploiting a common Windows service. Many organizations are feeling the pressure, and don’t have enough staff and time to catch their breath from one major issue to the next. Are we being targeted? Are we already compromised? How susceptible are we to major malware outbreaks or exploit kits or criminal groups or… well, any of it?
To learn more, check out my latest on-demand webinar, Security Emergency Preparedness: Planning for the Next (Inevitable) Cyber Attack.
The landscape of security is changing rapidly (every day there is a new exploit, sensitive data exposure, or story of horrifying things on the Internet), and many security teams are struggling to better understand their security exposure. While it’s true that we will all deal with a variety of “panic” scenarios at some point, most organizations can improve responsiveness by leveraging some foundational vulnerability tools and best practices. Whether this means scanning for missing patches or vulnerabilities, looking for possible avenues of credential misuse, or anything in between, vulnerability management can help us shore up our defenses, and find areas of exposure in our environments, hopefully before they’re compromised. First, start with the most basic premise – inventory management. System and software inventory absolutely has to be the #1 priority, since you simply can't protect what you don’t know you have. Scanning tools can help with this, as can identity and access tools that inventory accounts in the environment. What do you have, what is running and installed, and who is using the assets and applications? Answering these questions will give you a good head start on protection. The second critical area of focus should be on known vulnerabilities in the environment. In the recent WannaCry ransomware outbreak, Microsoft Windows systems were susceptible to a known bug that was released into the wild illicitly… roughly TWO MONTHS after it had been patched by Microsoft, who dubbed the flaw “critical” and urged all affected organizations to update their systems immediately. What happened? In 2017, we really can’t afford to casually wait two months or more to patch known critical vulnerabilities in major operating systems. Vulnerability scanning tools can help us enormously by pointing out the flaws and which systems are susceptible to them. Security and operations teams should then prioritize remediation of the issues reported, something we’ve known for years. We’re talking about the basic blocking and tackling, folks. Scan, patch, and check again. Do it once more. Maybe another time. Today, we are seeing an unprecedented rise in the use of administrative credentials during attacks and data breach scenarios, as well. Tracking down admin privileges and services and applications where admin credentials are needed (or not) is another area that needs our attention, and fast. Start by focusing on local admin credentials in operating systems, and then start looking for core applications that require some admin interaction, and focus on locking down these accounts (or removing them if they’re not needed). Better yet, invest in a centralized set of tools that can help mitigate admin access and provide audit details to boot. This is just the start – we’ve obviously got a lot of work to do, and no one is saying it’s easy. However, let’s not deny that these are all things we should have been focusing on all along, and it’s time to build a better information security preparedness program through proactive monitoring and inventory. To learn more, check out my latest on-demand webinar, Security Emergency Preparedness: Planning for the Next (Inevitable) Cyber Attack.

Dave Shackleford

Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.