External Attacks Against Privileged Accounts How Federal Agencies Can Build a Layered Defense in Preparation for a Layered Attack
External Attacks Against
Privileged Accounts
How Federal Agencies Can Build a
Layered Defense in Preparation for a Layered Attack
Agenda
• How did we get here?
• What is the result?
• By the numbers.
• Moving Forward.
• Summary
How Did We Get Here?
Vanishing Perimeter
Ongoing requirements to expose on-prem
resources to employees, partners, customers,
and vendors.
Complex Requirements
Our infrastructure is extremely complex
Friction Free
Demand for better
collaboration with
business partners
without the complex
security requirements
Cost
Advanced security comes with a
financial cost
User Education
Social engineering
and phishing is
successful due to lack
of good on-going user
education
How Did 2016 Look?
6,435 CVE’s Published in 2016
Top Vendors in 2016:
793 492548698(2 Remote 8 Local
Gain Privilege)
(10 Elevated local
user privilege)
Over
450Vulnerabilities with
exploit code
available
Over
250Vulnerabilities could
be mitigated if user
does not have
admin rights
Over
750local exploits
that do not require
elevated rights
What is the Result?2017 U.S. Federal Government Survey Findings
50%
Have experienced
1-2 breaches in the
last 24 months
61%
Believe it is rare attackers
leverage vulnerabilities to
gain access to privilege
80%
Of people felt aging infrastructure
has an impact on
• Ability to achieve mission
• Achieve compliance
• Reduce cyber security risk
Top 3 Risks
Risks identified by senior
leadership
• Application vulnerabilities
• Nation state attacks
• Malware
26%
Admitted to storing passwords in spreadsheets
By the Numbers
63%
Insider & Privilege Abuse
Confirmed data breaches
leveraging:
• Weak Password
• Default Password
• Stolen Passwords
33%
Insider & Privilege Abuse
Incidents involve end users
who have access to sensitive
data as a requirement to do
their jobs.
40%
Of errors occurred due to user error
because of a capacity shortage
Honorable Mention
Publishing Errors – Publishing a document to the internet
Misconfiguration – ex. Mistake in a firewall rule exposes access
99%
Malware hashes are seen
for only 58 seconds or less.
Most malware was seen
only once.
Malware is smart enough to
modify its own hash
1 min, 40 sec
Median time for the first user of a phishing
campaign to open the malicious email
3 min, 45 sec
Median time to the first
click on the attachment
12%
Users who clicked on the
malicious attachments
allowing an attack to succeed.
10
Number of Vulnerabilities that account
for 85% of breaches
96% of All breaches are from
vulnerabilities over 1 year old. Our
challenge is what 10 vulnerabilities
10 & 100
Half of all exploitations happen
between 10 and 100 days after
the vulnerability is published
90% of Cyberespionage breaches capture
trade secrets or proprietary information
14% of Insider and Privilege Misuse are in
leadership roles
14% of Insider and Privilege Misuse are
system admin and developers
Moving ForwardEstablish Achievable Goals
Implement controls so a
compromise can be contained
Establish security zones so
systems and credentials are not
used outside of those zones
Tie accounts to
humans and avoid
users leveraging
unnamed accounts
like root
When possible avoid
using credentials in
apps leverage
SAML / claims
Have access rules that
adjust based on a systems
increasing risk or users
decreasing trust
Moving ForwardRecommendations
Prioritize Security
Multi-factor Authentication
Ongoing User Education
Prioritization with Patching
Automated Credential
Management
Understand and Limit
Privilege Access
Application Control
Account Reduction
User Behavior Analysis
on All Users
Audit, Audit, Audit and Audit
Common Sense
Network Segmentation
Egress Filtering
Next Steps
1. Prepare today so you are ready to stop
breaches tomorrow.
2. Establish a process to secure identities
and define trust level?
3. Understand the difference between
security asset and identity risk
4. Talk to a solutions provider about how to
identify and address gaps.
Q & A
Trust the solution relied upon by more than 200 federal
departments, agencies and all five branches of the US Military.
Learn more about BeyondTrust solutions for Privilege Access
Management, and Vulnerability Management in government.
www.beyondtrust.com/government
800-234-9072