Published on June 19th, 2015 📆 | 1907 Views ⚑0
Defending Against an OPM-Style Cyber Attack
Convert Text to Speech
Almost every network is vulnerable to cyber-attack. According to Mandiant, 97% of organizations have already been breached at least once. And perimeter security tools, like next generation firewalls, offer little real protection against advanced, targeted attacks and insider threats from privileged users and contractors. If you have legacy mainframe systems, you potentially have greater risk as well... There are usually seven steps to the advanced/insider threat attack:
- Reconnaissance (identify a vulnerable target and explore the best ways to exploit it)
- Scanning (the next step is to identify a weak point that allows the attackers to gain access)
- Access and Escalation (the next step in the cyber-attack is to gain access and then escalate)
- Exfiltration (attackers can now access systems with an organization’s most sensitive data – and extract it at will)
- Sustainment (with the elevated privileges that were acquired earlier, dependence on a single access point is no longer necessary… the attackers can come and go as they please)
- Assault (potential damage to sensitive data by the attacker)
- Obfuscation Trail obfuscation covers a variety of techniques and tools including log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, Trojan commands, and more)
The key to blocking a cyber-attack is controlling privileged access. Each step beyond number three in the process described above requires privileged credentials to succeed. If you have the ability to control privileged access, a cyber-attack can be significantly mitigated.
If this is the case, how do we manage and control privilege user access?
Defending with AppGate:
AppGate is an integrated security gateway that provides application and service-specific authentication and authorization for controlling access inside and from outside the perimeter. We control privileged access from the beginning, so the potential attacker will never be able to breach using privileged credentials.
AppGate’s context-aware architecture enables access to be granted based on user-specific variables, including location, device and role. Firewall rules aren’t written once and saved forever, but are created and enforced in real time when access is requested. This provides a secure, encrypted, service-specific connection to each individual app or service rather than open access to an entire network segment. And AppGate provides exhaustive documentary evidence of access to systems and documents for compliance auditors.
The deployment of AppGate can be done within a day and fully managing the privileged users in under a week. Powerful rules and roles management provides administrators with precise control over which network resources each user can access and under what circumstances. End points can be measured so for example only corporate owned machines can connect to particular applications. Services that the user is not authorized to use are invisible thus making it impossible for them to see or attack other corporate assets (this includes legacy systems that may not have fully encrypted data). In addition AppGate can automatically configure machines that have never connected to the network before. So if an external trader or supplier uses a different PC, the client is provisioned and configured without having to wait for an administrator’s input. If a potential hacker gets credentials from a privileged user... they are useless to the hacker. If you'd like to know how we do it, follow the link below for more information: