Categories: Infosec- Resources

Important Considerations for Security Administrators to Guard Against Compromised Credentials

There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information.

Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere.

With 81% of breaches leveraging either stolen or weak passwords, compromised credentials are key for an attacker. They are the means by which a malicious insider or external attack gains access to do harm.

But for a security administrator, it can be a daunting task trying to identify suspicious or malicious activity when the adversary has valid and authorized credentials.

Are Your Users to blame for Failing Security

Attackers love exploiting the naivety of employees because it’s so easy. All it takes is one successful phishing email to persuade just one employee to hand over their corporate login details.

Then a hacker effectively has a company key to a safe house of valuable information. And once that hacker gains entry to your systems, you’re not going to find out until it’s too late — your anti-virus and perimeter systems aren’t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.

While employees remain the biggest threat to a company’s security, blaming employees who have inadvertently been the victim of a phishing attack, is never the right route to take.

Educating users, whilst useful, is not enough to prevent a breach. We all know sharing passwords is a bad idea. But how many people would ignore this and fold under the pressure of their boss asking?

When it comes to wanting to guard against the threat of compromised credentials, our research into the access security priorities of 500 IT Security Managers highlighted the biggest barriers IT managers face.

It showed multi-factor authentication (MFA) solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.

Whilst it is often end-user security behavior that allows these credentials to be stolen, rather than blaming your users for being human (flawed, careless and often exploited), there is another option for IT managers to consider.

Contextual security with Compromised Credentials

Contextual security can be personalized easily to each employee to protect all users’authenticated logins.

It sets rules as to what constitutes normal login behavior (machine, device, location, time, session type, number of simultaneous connections etc.).

Any attempt that falls outside of these rules can either be denied automatically or alerts sent to administrators who can investigate and respond immediately.

These controls make compromised employee logins useless to attackers. It out-rightly restricts users from certain careless behavior such as password sharing or leaving shared workstations unlocked.

It also ensures access and actions are attributed to a single individual. This accountability discourages many malicious actions.

Contextual security for Windows systems

For Windows systems, UserLock is such as a solution that offers context-aware login rules, real-time monitoring and risk detection tools.

It works alongside Active Directory to guard against compromised logins, extending security, not replacing it.

Transparent to the end user, UserLockensures employees remain productive and are not continually interrupted with additional security steps.

In addition as an alternative for MFA, it also works well alongside MFA. UserLock acts a protection for all users whilst MFA can also be deployed for more privileged or ‘risky’ users.

Sattwik Vaidya

Recent Posts

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…

11 hours ago

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

13 hours ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

13 hours ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

13 hours ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

2 days ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

3 days ago