Last week, I discussed the first three reactions I had to the "Cisco 2017 Midyear Cybersecurity Report." I discussed how vendor consolidation is increasing, how spyware is being branded as malware and how detection of threats is continuously improving.
DevOps as a Target
In the Vulnerabilities section of the document, Rapid7 describes how DevOps is a target and vulnerability for many companies that may use things like AWS, Azure, or Docker frameworks for development. When these resources are built, they are not always deployed in a secure state and often are left behind to run indefinitely. Identity management tools that protect your AWS environment provides the ability to spin up these resources rapidly, and with proper access control applied from the beginning. Some identity management companies will start by securing your AWS console, build from systems already in deployment and provide privileged access for EC2 instances out of the box. The key element here is to lock down the resource as it is deployed, enforce a common security model on the services, enforce least privileged access, use MFA to secure access, and audit everything. You also can eliminate your EC2 key pairs, reducing attack points.
Least Privilege Needed to Stop the Breach
Cloud identity is another key topic in the Vulnerabilities section, which explains why using least privilege is a preferred method for securing vulnerabilities. This is difficult to manage because admin privileges are often the only way to get things done. However, there are other ways to do it. A least-privilege access policy enhances the protection of critical data, improves system and network security, and reduces the risk associated with user error, malicious attacks, security breaches, APTs and accidental security incidents.
What the Cisco report indicates in its analysis of this topic is, "organizations could remove ‘super admin’ privileges from 75 percent of their admin accounts with little or no business impact.” Enterprises can do this with an IAM solution by eliminating excess or unnecessary admin accounts and by simply prompting a user with MFA. Then they can also elevate their privileges to the admin level and lock away the privileged account so it can't be abused. Unlike some solutions which force you to multiply the number of admin accounts (they hid away the password, so that is the mitigating factor for security), Centrify lets you use common Active Directory accounts for everything. App access on the web single sign-on front, access to privileged credentials that you DO need to lock away, and elevate privileges for access to systems like Windows, Linux, Mac and Apps.
A Platform Approach
The section "Security Challenges and Opportunities for Defenders" identifies many areas where companies are struggling with staffing, knowledge and capabilities. They clearly outline how using tools that have a wider breadth -- a platform approach -- can benefit both smaller and larger organizations by reducing the manpower needed to manage security operations. Protecting customer data is noted as one of the key industry challenges across all verticals. Any data protection program will begin with the understanding of the asset, identifying if it is critical or not, and then applying the right security measures to protect it. But the number one layer of protection is who can access it to begin with, and this is where Centrify can be the front end to this issue. Centrify’s platform redefines security from a legacy static perimeter based approach, to protecting millions of scattered connections in a hybrid enterprise. Look at the platform as a way to reduce the need for individual product training on so many products. Look at the platform as a way to reduce the need for multiple point solutions. Finally, look at the platform as a way to reduce the number of external integrations you have to manage to bring all of these capabilities into your organization.
Try a free 30 day trial of Centrify's integrated security platform here.
David's blog was first published here.