NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Talk Talk Data Breach by Third Party Access

October 26, 2015

  • Blog
  • Archive

blog-bullet-holes

Talk Talk (a UK telecoms company) has announced that it has been the victim of a sustained cyber-attack which has resulted in the potential exposure of 4 million customer records (and possibly many more with past customer data as well). Responsibility for this attack has been claimed by a Russian Jihadi group, although not confirmed at this time. This is not the kind of thing that any of us want to wake up to, particularly as a past Talk Talk customer myself.

What is disturbing about this data breach is the reported method used to gain access, via a third-party organization. This has echoes of the Target attack as well as many others. When an organization sees the fallout from an intrusion such as that experienced by Target, which is incidentally still rolling on with $19m paid to MasterCard this year, that they would make sure that there wasn’t a route from necessary third-party links to sensitive data. You’d also hope they were encrypting critical data (and not storing the keys on the same system).

Let’s start by looking at network segregation. It’s not a new idea, many banks and other organizations have been using this kind of approach for years. Highly sensitive data is held in their high security network segment, sensitive data in the medium security segment and everything else in the normal security segment. The actual number of segments may be bigger or smaller but the concept remains the same. The higher the security level the harder it is to gain access, to the point that in many implementations there is no capability to initiate a connection from a lower to a higher security segment. Connections are configured only from the higher to the lower security segment effectively preventing unauthorized access.

This is an effective approach to securing that sensitive data and it doesn’t need to be difficult to implement either, even moving the sensitive data to a network segment that doesn’t have normal user or workstation access would be a good idea.

What is difficult is making sure that the secure segments are and remain secure. The biggest risks in this area are vulnerabilities, excess privilege and the use of that privilege. Effective vulnerability management is the first step in ensuring that the systems and infrastructure that make up your environment aren’t offering well-known, well publicized access points to hackers. Tools like Retina CS can help you in making sure the vulnerabilities you are tackling first are those that are well-known, with publicly available exploits. Taking this kind of approach to vulnerability management will help you avoid being drowned in lists of issues while also getting the biggest bang for your buck so to speak. Fix the things most likely to be used first, in good old Pareto terms, addressing the 20% of vulnerabilities that are 80% of the risk. Leveraging Retina CS’ Configuration Compliance capability enables you to ensure that carefully configured segmentation doesn’t get broken through changes to the environment.

Once the infrastructure is secure, solutions to allow effective privilege management are an essential next step. A wonderfully secure environment with unfettered admin access is a little like digging a moat around your castle then adding bridges everywhere. Managing admin access is a challenge, a significant challenge. Try to restrict users who have been given complete access to the environment is one problem, how that privilege can be misused when such an account is compromised is another concern entirely. Your users may be trustworthy and professional but that doesn’t prevent their accounts being misused by malicious actors. Least Privilege provides a mechanism to keep those users productive without given them unlimited access (which you then seek to restrict). PowerBroker for Windows, PowerBroker for Unix & Linux and PowerBroker for Mac all offer the capability of implementing true Least Privilege. Users are all standard users, no privilege at all. The PowerBroker tools allow you to target the applications that the users need to run, giving those specific applications specific privileges along with the capability to record what happens during those sessions. This enables you to have a situation where the default state is secure, the user is a standard user. The tools enable rather than trying to restrict (where the default state is insecure).

BeyondTrust IT Risk Management Platform (a free tool in nearly every product) monitors the activity in the tools, using advanced machine learning capability, to establish what normal activity looks like in your network rather than some ‘perfect’ lab environment. When you know what normal activity looks like then abnormal activity, even within granted rights, is easier to spot and home in on. Taking action is again focused on the areas that are most likely to improve the security of your systems. Our networks, irrespective of size, are complex and fragile environments and the right tools are essential. Tools that work well together to present a common, comprehensive picture will yield a better ROI than tools that require you to join the dots.

According to the 2015 Verizon Data Breach Investigations Report, data breaches are up 55% from last year. The majority of data breaches are the result of well-known and entirely preventable vulnerabilities. It’s important to understand these publicized data breaches and how the learnings could apply to your environment. Don’t assume that your environment is secure, IT security is shifting sand, ever changing. Take the appropriate actions and avoid your network from being the next headline. Contact us to learn about our Privileged Account Management and Vulnerability Management solutions.

Photograph of Brian Chappell

Brian Chappell, Chief Security Strategist

Brian has more than 30 years of IT and cybersecurity experience in a career that has spanned system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian has led Sales Engineering across EMEA and APAC, Product Management globally for Privileged Password Management, and now focuses on security strategy both internally and externally. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.