Wednesday, December 25, 2024
HomeInfosec- ResourcesImportant Considerations for Security Administrators to Guard Against Compromised Credentials

Important Considerations for Security Administrators to Guard Against Compromised Credentials

Published on

SIEM as a Service

There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information.

Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere.

With 81% of breaches leveraging either stolen or weak passwords, compromised credentials are key for an attacker. They are the means by which a malicious insider or external attack gains access to do harm.

- Advertisement - SIEM as a Service

But for a security administrator, it can be a daunting task trying to identify suspicious or malicious activity when the adversary has valid and authorized credentials.

Are Your Users to blame for Failing Security

Attackers love exploiting the naivety of employees because it’s so easy. All it takes is one successful phishing email to persuade just one employee to hand over their corporate login details.

Then a hacker effectively has a company key to a safe house of valuable information. And once that hacker gains entry to your systems, you’re not going to find out until it’s too late — your anti-virus and perimeter systems aren’t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.

While employees remain the biggest threat to a company’s security, blaming employees who have inadvertently been the victim of a phishing attack, is never the right route to take.

Educating users, whilst useful, is not enough to prevent a breach. We all know sharing passwords is a bad idea. But how many people would ignore this and fold under the pressure of their boss asking?

When it comes to wanting to guard against the threat of compromised credentials, our research into the access security priorities of 500 IT Security Managers highlighted the biggest barriers IT managers face.

It showed multi-factor authentication (MFA) solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.

Whilst it is often end-user security behavior that allows these credentials to be stolen, rather than blaming your users for being human (flawed, careless and often exploited), there is another option for IT managers to consider.

Contextual security with Compromised Credentials

Contextual security can be personalized easily to each employee to protect all users’authenticated logins.

It sets rules as to what constitutes normal login behavior (machine, device, location, time, session type, number of simultaneous connections etc.).

Any attempt that falls outside of these rules can either be denied automatically or alerts sent to administrators who can investigate and respond immediately.

These controls make compromised employee logins useless to attackers. It out-rightly restricts users from certain careless behavior such as password sharing or leaving shared workstations unlocked.

It also ensures access and actions are attributed to a single individual. This accountability discourages many malicious actions.

Contextual security for Windows systems

For Windows systems, UserLock is such as a solution that offers context-aware login rules, real-time monitoring and risk detection tools.

It works alongside Active Directory to guard against compromised logins, extending security, not replacing it.

Transparent to the end user, UserLockensures employees remain productive and are not continually interrupted with additional security steps.

In addition as an alternative for MFA, it also works well alongside MFA. UserLock acts a protection for all users whilst MFA can also be deployed for more privileged or ‘risky’ users.

Latest articles

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability...

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber...

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...

Top 10 Best Proxy Server 2025 & Important Methods to Prevent Yourself From Hackers

Best Proxy Server has been used in enormous cases where some personal data or...

CISA Released Secure Mobile Communication Best Practices – 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to...