Recap from the past
Nowadays, just about everyone is an online user, connected to a network, through a smartphone, laptop or other device that may be for personal or business use or both while using Cloud applications and services. Typically, the credentials required to access the network or device are a username and password. In most cases, additional information is required such as providing a texted one-time code, (called multi-factor authentication). The purpose is to validate that youare who you say you are, and to block unauthorized and malicious cyber-attackers. This is an “implicittrust” model, which provides a low-level of security.
However, today’s enterprise networks have becomeincreasingly complex and dispersed – especially with the more recent trend ofso many people working from home and needing to access their organization’s networks. The emerge of Cloud initiatives cause the enterprise network to become more and more fragmented. The weakness in most of today’s identity validation is that once authenticated, you typically have access to everything in the network you have just entered. For example, in your company network, once your device connects and provides correct login credentials, you are then “trusted” to access anything on that network, e.g., the internet or another computer, or any other device, such as your printer. In the example of your printer, it responds to your print requests because it trusts traffic from you, not because it knows who you are, but because it assumes anyone on its network is to be trusted. But what if an attacker finds a way onto that network? Malicious traffic would be trusted just as much as your print requests. Once in, there are rarely any more checks for specific access permissions to each device, application or data residing in that network. At that point, there’s not much preventing the attacker from accessing whatever is within that network. Can you imaging the potential impact?
Rethink your Cybersecurity approach
While cyberattacks will not stop any time soon, nor has there a magic bullet been found to resolve all the issues in cybersecurity, there are clear and concrete steps that organizations can take to best prepare themselves and their organizations for an attack. Cybersecurity is not a separate technology, but rather a journey and an important step towards a more cyber resilient future. Significant digitalization and Cloud initiatives have provided a pathway for engagement and connectivity at a time when the world was supposed to stay apart. Its benefits are clear, but so are the threats. When engaging with IT directors, CISO’s and security teams we hear the same challenges, over and over again: The scale and complexity of hybrid environments (having a foot in the Cloud combined with on-premise IT) make strong defense a near-impossibility, and a lack of visibility across all environments has become frighteningly common.
What’s going on?
Many organizations are swimming in point products and technologies, many of which lack the context of what they are trying to defend. They do not mesh well and all too often are not properly configured so their value is never fully realized. IT Teams, meanwhile, are working in silos, making consistent and centralized approach and communication difficult. In practice, it often clearly shows that not everyone is in the same game (yet). A project-based mindset lends itself to a box-ticking approach to security. However, being guided by to-do lists while doing security projects is often the fastest way to fail. The attacker is simply looking for that one single item you just missed on the list…Will the list in fact ever by complete?
Below picture illustrates how the current security debt will increase in a security gap further on the road, using the box-ticking approach.
Why are these problems occuring?
For an attacker, complexity and disorganization is a greatstarting point. Cybersecurity is already often an asymmetrical battle. A hackerwith enough skill, time and motivation can keep digging his way for weeks or even months. The hacker only needs you to make a single mistake. You have to be perfect and able to outsmart them. This means that the idea of perfect security is a fantasy,as long as humans remain fallible. Attackers, however, like to save time andeffort as much as anyone else, so they will often seek weak targets. Your view on security has to change in order to keep up with the attacker, by defending yourself with the assumption that the attackers is already inside your organization.
Why Choose Route443?
Our Identity-focused solutions gives organizations access toan element that is key to a strong security posture yet is also frequentlymissing or ignored. Our expertise also includes the key, attack-centric risk context that is crucial for prioritizing remediation and reducing the attack surface by implementing Identity Driven Security through Zero Trust Architecture.
Our Security assessments offer a true risk-based view ofwhere you need to focus on protecting critical assets within your IT environment,the steps that you need to immediately take and a roadmap to become more cybersecurity resilient by rebooting your security posture. We call this “Security 2.0”. It’s time to change. Our journey. Our Route443. Join us!
How can we help?
Our approach begins with the assumption of a breach position within an organization. This is not an judgment of the existing securityposture, but an acknowledgment that determined hackers will eventually find a way in. Something we’d be happy to demonstrate for you upon request, during our various penetration tests that we offer. To be prepared for this reality and develop a full remediation roadmap on how to address visibility gaps, we will simulate post-compromise activities during our initial assessment that could occur during a specific threat event.
Lateral movement is the ability of accessing additional resources or elements in an organization’s infrastructure after initial entry. Lateral movement involves gathering elevated credentials and permissions to access more critical and sensitive (and valuable) data. It’s one of the most common ways attackers maximize damage during an attack. Lateral movement can quickly change a breachfrom bad to catastrophic. Lateral movement is an advanced persistent threat that can be difficult to detect (due to the implicit trust model in the past) and combat as the attacker is using legitimate accounts and credentials which make it very hard to detect.
It’s a journey to change your security posture by IdentityDriven Security through Zero Trust Architecture and we’re happy to take you onboard!
Take away
Unfortunately, preventative security isn’t quite enough anymore to prevent lateral movement attacks which potentially cause catastrophicimpact. In today’s cybersecurity climate, we think of attacks as inevitable: plan for when they occur rather than if. It’s critical that organizations develop measures to both prevent lateral movement attacks and mitigate them when they occur to minimize damage. Change your security approach from “implicit trust” to “explicit trust” by implementing Identity Driven Security through Zero Trust Architecture.