Story image

Privileged credentials: They're like diamonds for criminals

20 Dec 18
Sponsored

Gartner recently released the first-ever Magic Quadrant for Privileged Access Management¹. Gartner also listed privileged access security the number one security project, saying that “CISOs should focus on these ten security projects to reduce risk and make a large impact on the business².

That’s no surprise considering cybercriminals most often target login credentials and passwords. One of the most common ways privileged credentials are stolen is through targeting of an endpoint with easily-exploitable vulnerabilities. 

Threat actors will also use different methods of attack and toolkits to look for vulnerabilities in any internet infrastructure. They are looking to steal any credentials that could allow for privilege escalation.  

That research is backed up by real-life scenarios – just look at any major data breach that has compromised staff usernames and passwords. Back in 2008, San Francisco’s IT department felt the heat. 

An engineer by the name of Terry Childs built and operated a FiberWAN network that was crucial to many online services. He consolidated control of all sys-admin passwords.

A smart move, you might think. But after he got into a dispute, he took total control of the network and would not share details of privileged accounts used to run the network. The result? San Francisco’s IT infrastructure ground to a halt. Insiders can also abuse privileged accounts too. Whatever his reasons, Edward Snowden did the same thing.

Privileged access management is no longer something that can be ignored or done haphazardly just to tick compliance or security boxes.

Privileged access management software enables organisations to secure privileged access to critical assets, meaning only those with the correct credentials can access business-critical information.

Privileged access management technologies should also help organisations meet compliance requirements through a process of securing, managing, and monitoring both privileged accounts, as well as access to those accounts.

Privileged access management is not just limited to one piece of software or infrastructure – it can span operating systems, network devices, hypervisors, databases, middleware, applications, and cloud services such as infrastructure-as-a-service, platform-as-a-service, and software-as-a-service.

IT professionals need to architect the right privileged access controls to prevent against cyber threats, exploitation, and to resist advanced persistent attacks; administrative privileges must be given only to those who absolutely need them to reduce the risk of privileged access attacks.

CyberArk is the pioneer in privileged access management technologies. The CyberArk solution is designed to protect networks, meet requirements and reduce security risk without the additional operational complexity.

Now, we believe that Gartner has reaffirmed that strong security starts with ensuring good cyber hygiene and securing the known credentials and accounts that attackers seek to accomplish their goals.

CyberArk encourages IT and security leaders to become more aware of the dangers of unsecured privileged access, which is why it is making the Gartner report available for download. Access your complimentary version here.

¹ - Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Dale Gardner, Justin Taylor, Abhyuday Data, Michael Kelley, 3 December 2018

² - Gartner, Smarter with Gartner, Gartner Top 10 Security Projects for 2018, June 6, 2018. https://www.gartner.com/smarterwithgartner/gartner-top-10-security-projects-for-2018/.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.
InfluxData aims to accelerate growth with new sales executives
As time-based data is generated at exponential rates from increased use of DevOps and IoT sensors, companies are requiring more advanced performance tools to analyze their complex environments. 
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Huawei continues 5G trails despite interational concern
Huawei completed the 5G NR test at 2.6GHz spectrum in the 5G trial organised by the IMT-2020 (5G) Promotion Group. 
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
McAfee Gartner Customers’ Choice for Secure Web Gateway
“We take great pride in being recognised by our customers on Gartner Peer Insights, and their willingness to recommend McAfee Web Gateway technology”
Why flexible working could make good business sense
“You can always give it a go on a trial basis. If it’s not working, be honest."
Top risk facing organisations? Why, it’s an IT talent famine
For some time there has been talk about how the IT industry is crying out for new talent and skills, which a lot of people have glossed over. But now Gartner says it is a harsh reality.