NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

"You Are The Weakest Link - Goodbye!" Reduce External Attacks

April 21, 2016

  • Blog
  • Archive
  1. Home
  2. Blog
  3. "You Are The Weakest Link - Goodbye!" Reduce External Attacks

Weakest Link

A recent quote from Rob Joyce, Head of the NSA's Tailored Access Operations: “Don’t assume a crack is too small to be noticed, or too small to be exploited” he said when talking about his role in testing security for the nations networks. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”

It’s not just about compliance.

We tend to think that satisfying compliance makes us secure, when it is really just the minimal amount of due diligence that should be performed.

Time and time again, we see headlines proclaiming extensive attacks on the very organizations that we regularly interact with as part of our personal lives. Shopping, movies, games. It’s very hard not to interact with companies that store even the smallest amount of our personal data these days.

Yet, in most breaches the data we hold so near and dear to our hearts is not always extracted through gaping holes. It’s fair to say that all large organizations have security problems in place, whether through compliance, due diligence, or a mixture of both. It’s the cracks we have to worry about.

It could be an unpatched system, an application susceptible to malware; stolen credentials that allow external access to a single system inside the firewall boundary. Just one system. Just one application. “That first crack, that first seam.”

So hackers have got to that single system. What do they do now?

  1. Look for, and try to attack privileged accounts that are vulnerable.
  2. Establish an attack vector to gain access to the accounts.
  3. Identify privileges that extend beyond the boundary of the system they are on
  4. Rinse and repeat.

Hackers will slowly move through the organization system by system, crack by crack. They may take years to execute, but these low and slow attacks fly under the radar, and with more and more organizations capping log retention to as little as 12 months, I am sure there are many ‘accidents’ just waiting to happen out there.

Privileged Access Management Security Strategies That Can Help

The good news is that you can mitigate the risk of external attack through solid privileged access security management. PowerBroker Password Safe allows you to:

  • Scan your network - Ensure that forgotten privileged accounts on endpoints are discovered, and brought under management.
  • No account gets left behind – Create a common policy framework that makes sure that accounts that get brought under management stay under management.
  • Make sure access is authorized – Leverage Adaptive Workflow Control to restrict network connections to ensure that the people logging onto your systems originate from the correct location.
  • Audit what users are doing – Video record all user interaction to systems potentially exposed to the outside. Log all keystrokes, and allow rapid forensics to pinpoint what was typed and what was seen.

PowerBroker Password Safe allows the dynamic assignment of just-in-time privileges via Adaptive Workflow Control, allowing organizations to lock down access to resources based upon the day, date, time, and location. By limiting the scope to specific runtime parameters, it narrows down the window of opportunity where someone might be exploiting misappropriated credentials. For example, if you normally expect the HVAC contractor to be logging on from particular systems, you can ensure that access is only permitted from predefined allowable address ranges. Similarly you can set up policies to control when the accounts are accessible, and alert when specific access policies are invoked.

On top of granular access controls, PowerBroker Password Safe ensures managed accounts have their passwords regularly rotated, even upon release – every password issued can be a one-time password for security.

The product also has an integrated session manager (at no extra charge) that can automatically log users onto resources without ever revealing the password, record all video and keystrokes for later playback, and allow real-time session monitoring, with options to remotely manage/disconnect active sessions.

To help you identify and address the weak links in your organization, we’ve partnered with Nick Cavalancia at Techvangelism to develop an eBook “External Attacks and Privileged Accounts: 5 Steps to Control the Threat Potential.” Download chapter one, titled "Understanding The Threat Potential: External Attacks and Privileged Accounts” today.

Photograph of Martin Cannard

Martin Cannard,

Martin has been helping organizations solve challenges in the privileged account management and identity and access management space for over 24 years. At Dell Software, Martin managed a team of Solution Architects, focused on designing and implementing solutions in the Privileged Account Management (PAM) space. Prior to joining Dell, Martin was Sr. Product Manager for Novell Privileged User Manager, a privilege management application acquired from Fortefi, an organization where he served as Vice President, Corporate Development. Prior to this, he was Program Manager of Client Technologies at Symantec where he was responsible for many ground-breaking field and channel enablement applications. Additionally, Martin managed the European QA group at Axent Technologies and has held various management positions in consulting, systems development, and operations. Martin is a regular speaker for security events, and webinars.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Mapping BeyondTrust Capabilities to NIST Zero Trust (SP 800-207)

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.