Strengthening Agency Cyber Defenses with Privileged Access Management

The compliance landscape for government agencies is constantly evolving to keep pace with emerging threats to public sector systems and the deployment of new technologies.

Cyberattacks are not only increasing in frequency, but also becoming more sophisticated and targeted. Moreover, cloud, mobile, and DevOps environments are driving forces behind a rapidly expanding attack surface and dissolving perimeter that presents ever more opportunities for threat actors to exploit.

Amidst the ever-changing threat environment, government agencies and contractors must comply with a wide-range of federal, state, local and industry compliance initiatives and security controls. And today, non-compliance may not only lead to substantive penalties, but a heightened risk of a security breach that leads to data loss, downtime, and other damages. Consequently, agencies must stay vigilant to combat threats whether internal or external, malicious or unintentional, that expose weaknesses in their defenses and policies.

In our whitepaper, Privileged and Remote Access for Federal Agencies & Contractors, you will learn how your agency can cost-effectively reduce IT security risk, simplify the path to federal compliance mandates, and confidently embrace innovation. The paper also explores how BeyondTrust solutions can help you meet a number of security initiatives and mandates including:

• FISMA SP 800-53, SP 800-171, and SP 800-137
• NIST Cybersecurity Strategy & Implementation Plan (CSIP)
• NIST Cybersecurity Framework
• Continuous Diagnostics & Mitigation (CDM) Program
• Department of Defense (DoD) Cybersecurity Discipline Implementation & Scorecard
• Cybersecurity Strategy & Implementation Plan (CSIP)
• National Industrial Security Program Operating Manual (NISPOM)
• Homeland Security Presidential Directive 12 (HSPD 12)
• NERC Critical Infrastructure Protection (CIP)

In the remainder of this blog, let’s briefly cover why securing privileged and remote access has become a top initiative for the public sector and beyond.

Misused Privileges, Unsecure Remote Access are Commonly Exploited Attack Vectors

Today, misused and abused privileged credentials play a role in over 80% of IT security breaches, according to Forrester Research. BeyondTrust’s own 2019 Privileged Access Threat Study revealed that government and public sector agencies have, on average, 124 third-party vendors logging into their systems and networks, in a typical week. Without full visibility and granular control over that access, including the ability to enforce least privilege, that vendor access represents risky pathways into your environment. The same study found that only 10% of government and public sector agencies believed that third-party vendor access was not a threat to their environment. So, if we can put a positive spin on this, it’s that most agencies are at least aware that they need to better secure remote access.

Given the current threat environment, agencies must have solutions that demonstrably reduce the threat surface and the risk of data breaches. Additionally, agency managers need solutions that can address compliance initiatives with security controls, threat analytics, and reporting.

How IAM Strategies, PAM Solutions Strengthen Security

Government agencies and municipalities are routinely exposed to attacks that could easily be blocked, or at least mitigated, with a mature identity access management (IAM) strategy and privileged access management (PAM) solutions.

Take, for example, some of the ransomware attacks in recent years on Atlanta (2018) and Baltimore (2019), as well as other cities, municipalities, and schools, that shutdown computer systems that supported vital public services, costing millions of dollars in damages. In most cases, the attackers leveraged threat vectors that could have been blocked, or at least mitigated, if the cities had a holistic PAM solution in place. For instance, security experts determined that the RobinHood malware used to attack Baltimore’s computer systems could not have spread from machine to machine across a network on its own. The attackers would have needed to obtain privileged access that would make them appear to be legitimate administrators, and then target individual computers. For more insight on this, I recommend checking out our blog: Ransomware: A Problem of Excesses (Access, Privileges, Vulnerabilities).

A robust PAM solution can prevent attackers from gaining access to legitimate administrators’ credentials. PAM solutions can discover, onboard, and securely manage privilege credentials for human and non-human accounts across diverse IT environments. The aim is at least two-part:

• To prevent threat actors—either internal or external—from gaining an initial foothold within an environment
• To restrict the ability of the threat actors to move laterally throughout an agency’s network once they have gained that initial foothold.

To accomplish this piece, agencies should remove all local administrative privileges from non-IT users and eliminate root and superuser access where possible. Their PAM solutions should also regularly rotate credentials, which reduces the window of time credentials could be used—even if they are stolen. Additionally, a robust PAM solution must have the capability to run a set of policies to determine which applications have the rights to run “elevated” or as an administrator – ideally, the user is not elevated.

Achieve Security and Peak Productivity

Over the years, people have perceived that strong information security equates to decreased productivity. Consequently, many organizations – public and private – have been lax on certain security measures, such as overprovisioning privileges, allowing people broad access to systems for the sake of productivity. If agencies have a robust PAM solution in place, their people, systems, and networks will be more secure—avoiding security incidents and the productivity-sapping help-desk tickets, while their workforce can achieve their mission goals more quickly and efficiently.

For more insights into improving your security and compliance posture, while enhancing productivity, read the BeyondTrust whitepaper, Privileged and Remote Access for Federal Agencies & Contractors.