IDENTITY RISK
STOP THREAT ACTORS IN THEIR TRACKS - PREVENT PRIVILEGE ESCALATION AND LATERAL MOVEMENT
Senior Director, Product Management, Proofpoint
Your people are firmly in the crosshairs of today's cybercriminals. Their identities are now a key vector in over 90% of attacks – and no organization is immune to this.
We get under the skin of this growing threat to understand the critical, middle part of the attack chain, to figure out how to prevent cybercriminals from moving laterally through your organization, escalating privilege and gaining access to your sensitive data and systems.
Identities have always been vulnerable. This is nothing new. However, threat actors will always go after the lowest-hanging fruit.
Now, we're no longer working from a single office location. We're bringing our own devices. We're consuming cloud applications, cloud services and cloud infrastructure. The days of sitting behind a firewall in a single location are long over. As such, the days of clear and set perimeters are over. The main thing that connects and separates people from access to data wherever they are in the world is identity. This has led many to believe that identity is the new perimeter, but reality teaches us it’s also the new vulnerability.
The objectives of breaches have evolved, too. Over are the days of Cybercriminals primarily going after your accounts payable processes or exposed software vulnerabilities for a quick financial win. Instead, many threat actors are geared towards higher stake gambits such as ransomware, complete domain takeovers, disruption of business or the crown jewel – data extortion.
It’s clear to see why identity has become the number one target and the main means to gain persistence, privilege escalation and to move laterally towards a successful malicious outcome.
To make matters more challenging, over 90% of organizations have their identity infrastructure built on Active Directory (AD). AD is an almost 25-year-old piece of technology that was built with more than security in mind – it has been built up over time by many IT hands.
We couple this critical and challenging to- secure identity infrastructure with cloud counterparts, often connecting them together, creating an increased attack surface that’s highly distributed. That's how we've ended up here. While we have made online identity central to our security controls, the combination of legacy security technology and IT infrastructure complexity, along with extremely limited visibility to the attack surface and attackers’ continued improvement has left major gaps in our defenses.
Since the early 2000s, the security industry and practices have clearly progressed and matured. For example, we’ve become much better at patching common vulnerabilities and exposures (CVEs), as well as deploying and managing basic security controls such as multi-factor authentication (MFA), single sign on (SSO) and other mainstream security systems. However, most of the identity-centric systems revolve around controlling legitimate access, authentication or compliance, while others look to monitor user behavior with the goal of detecting anomalies.
Cybercriminals know this. A compromised identity can remain persistent and undetected for a long time, bypassing security controls and moving laterally towards your crown jewel systems. Given that identity vulnerabilities are quite prevalent in most organizations, this explains the seemingly endless stream of breaches we hear about so often.
There has traditionally been a lot of focus on securing initial access – how we prevent people from being targeted and stop them from interacting with phishing and other targeted threats.
As an industry we’ve also tended to focus on the last part of the attack chain when an attacker is already in the network and has gained access to your key systems and data. Once they've already compromised everything they wanted to, we must then stop them from exfiltrating the data or ransoming those systems.
‘It’s this middle piece of the attack chain that we should now be most concerned with.’
As security practitioners, we must assume that an attack will eventually be successful, and an attacker will at least initially penetrate our environment.
Once they do, we must prevent them from moving laterally and escalating privileges as key steps towards your organization’s crown jewels. By boosting the middle defenses with improved identity protection, you can better defend the lifecycle of the attack chain.
The problem is very simple to state – but it's incredibly difficult to keep up with the different types of access and the associated flux of people, systems, and applications, even with good identity management processes. There are always business reasons for access, so we must have exceptions. But it only takes one exception to make the organization vulnerable.
Identities reside on endpoints, both clients and servers, in databases and scripts, in automated tasks, applications and anywhere else you can think of. These distributed, generally unmanaged identities create several opportunities for an attacker to choose an attack path and to move laterally undetected.
Identity Protection not only discovers, prioritizes and remediates identity vulnerabilities across the entire organization, it also provides a broad set of deception techniques designed to effectively thwart privilege escalation and lateral movement.
Identity Protection employs more than 75 active deception techniques:
Identities Accounts Credentials Files File shares File transfer protocol (FTP)
Database connections Remote desk protocol (RDP) Secure shell (SSH) connections
Browser histories URLs Network sessions EmailsScripts Historical Teams chats
These deceptions serve as hidden tripwires for threat actors, luring them into interactions that immediately set off alerts. They’re indistinguishable from what would otherwise be real identity vulnerabilities that attackers look for but are invisible and non-disruptive for legitimate users.
In addition, these deceptions cause attackers to waste time separating the real from the fake, giving your security team more time to make strategic response decisions, while keeping the threat actor busy in a virtual deception maze.
The combination of eliminating existing identity-based attack paths and replacing them with deceptive ones creates a robust identity protection strategy and an extremely high-fidelity identity threat detection and response (ITDR) mechanism.
real from the fake, giving your security team more time to make strategic response decisions, while keeping the threat actor busy in a virtual deception maze.
Identity vulnerabilities have been a key attack vector in over 90% of cyber threats and 100% of organizations have them. It’s important to know how to prevent privileged identity risks and stop lateral movement in action.
Watch now
Detect and prevent identity risk to stop lateral movement and privilege escalation. Proofpoint solutions provide you with the identity threat detection and response you need to defend against these attacks.
Find out more
There are few shortcuts for most things in life. But for cyber attackers, there’s a big one: privileged identities. With a single compromised identity, threat actors have a key that unlocks unlimited opportunities for all kinds of downstream attacks, including data theft and ransomware.
Download eBook
Request a free assessment of your organization's privileged identities and learn how to secure your organization.
Take assessment
