The perimeter disappeared when remote working came along, and all the security mechanisms for protecting information assets behind a firewall, were no longer adequate. The attack surface has broadened to include home networks, and the attack vectors are directed towards home users. There are also devices and applications that are connecting to the enterprise network, from outside. Identity management becomes crucial in this scenario. Enterprises need to invest in Identity Detection and Response (IDR) solutions to secure the broadened attack surface (and remote workers).
By Carolyn Crandall, Chief Security Advocate, Attivo Networks
Enterprises will increase their investment in identity security solutions. The rise in third-party attacks, remote working security risks, and the continuing evolution of ransomware have driven home the fact that traditional security solutions are no longer enough. And while existing solutions like Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) provide basic identity protections, their focus on authorization and authentication leave gaps for attackers to exploit. To close these gaps, enterprises need to be investing in Identity Detection and Response (IDR) solutions capable of providing expanded exposure visibility and detection specific to credential misuse, excess entitlements, privilege escalation, and other common identity-based attack activities.
Misdirection and concealment capabilities rise to the forefront of cyber defense. With the assumption that attackers can and will get inside networks, companies will see a greater need for in-network lateral movement prevention and privilege escalation defense measures. Uncovering and derailing attacks in real-time requires proactive concealment to hide and deny access to assets (credentials, Active Directory objects, and data) and decoys to misdirect attackers away from their targets. With the speed of attacks today, businesses need proactive visibility and measures that detect attacker lateral movement. The focus centers on preventing the attacker from breaking out from its initial infected system regardless of whether it is a managed or an unmanaged device.
Ransomware defenses must get a badly needed refresh. Ransomware 3.0 is here. Characterized by double extortion, where cybercriminals not only encrypt files but also leak information online, it can drastically impact everything – the company’s image, profits, and stock price. There’s no longer a one-size-fits-all approach to defending against these attacks. With over 300 variants, stopping ransomware requires a multi-faceted approach. One that starts with protecting Active Directory and privileged credentials. In 2022, organizations will be unable to understand how each group operates and, instead, will need to improve their visibility to exposures and add detection measures based on technique. Setting up traps, misdirections, and speed bump lures along the way will also serve as strong deterrents to keep an attacker from being successful.
About the Author
Carolyn Crandall is the Chief Security Advocate at Attivo Networks, the leader in preventing identity privilege escalation and detecting lateral movement attacks. She has worked in high-tech for over 30 years and has been recognized as a top 100 women in cybersecurity, a guest on Fox News, and profiled in the Mercury News. She is an active speaker on security innovation at CISO forums, industry events, and technology education webinars. Carolyn also co-authored the book Deception-Based Threat Detection: Shifting Power to the Defenders.