Friday, March 29, 2024

Important Considerations for Security Administrators to Guard Against Compromised Credentials

There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information.

Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere.

With 81% of breaches leveraging either stolen or weak passwords, compromised credentials are key for an attacker. They are the means by which a malicious insider or external attack gains access to do harm.

But for a security administrator, it can be a daunting task trying to identify suspicious or malicious activity when the adversary has valid and authorized credentials.

Are Your Users to blame for Failing Security

Attackers love exploiting the naivety of employees because it’s so easy. All it takes is one successful phishing email to persuade just one employee to hand over their corporate login details.

Then a hacker effectively has a company key to a safe house of valuable information. And once that hacker gains entry to your systems, you’re not going to find out until it’s too late — your anti-virus and perimeter systems aren’t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.

While employees remain the biggest threat to a company’s security, blaming employees who have inadvertently been the victim of a phishing attack, is never the right route to take.

Educating users, whilst useful, is not enough to prevent a breach. We all know sharing passwords is a bad idea. But how many people would ignore this and fold under the pressure of their boss asking?

When it comes to wanting to guard against the threat of compromised credentials, our research into the access security priorities of 500 IT Security Managers highlighted the biggest barriers IT managers face.

It showed multi-factor authentication (MFA) solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.

Whilst it is often end-user security behavior that allows these credentials to be stolen, rather than blaming your users for being human (flawed, careless and often exploited), there is another option for IT managers to consider.

Contextual security with Compromised Credentials

Contextual security can be personalized easily to each employee to protect all users’authenticated logins.

It sets rules as to what constitutes normal login behavior (machine, device, location, time, session type, number of simultaneous connections etc.).

Any attempt that falls outside of these rules can either be denied automatically or alerts sent to administrators who can investigate and respond immediately.

These controls make compromised employee logins useless to attackers. It out-rightly restricts users from certain careless behavior such as password sharing or leaving shared workstations unlocked.

It also ensures access and actions are attributed to a single individual. This accountability discourages many malicious actions.

Contextual security for Windows systems

For Windows systems, UserLock is such as a solution that offers context-aware login rules, real-time monitoring and risk detection tools.

It works alongside Active Directory to guard against compromised logins, extending security, not replacing it.

Transparent to the end user, UserLockensures employees remain productive and are not continually interrupted with additional security steps.

In addition as an alternative for MFA, it also works well alongside MFA. UserLock acts a protection for all users whilst MFA can also be deployed for more privileged or ‘risky’ users.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles