Top 5 security threats from 3rd parties
From Target to Ashley Madison, we’ve witnessed how interconnections with third-party vendors can turn an elastic environment -- where devices, services and apps are routinely engaging and disengaging -- into a precarious space filled with backdoors for a hacker to infiltrate an enterprise’s network. Here are the top five threats related to working with 3rd parties:
Threat #1 - Shared Credentials. This is one of the most dangerous authentication practices we encounter in large organizations. Imagine a unique service, not used very frequently, requiring some form of credential-based authentication. Over time, the users of this service changes, and for convenience considerations, a single credential is often used. The service is now accessed from multiple locations, different devices and for different purposes. It takes just one clumsy user to fall victim to one {fill in the credential harvesting technique of your choice}, to compromise this service and any following user of that service.
Shared organizational services, from data bases to communications protocols, could become a prime target for a malicious actor seeking to expand his reach and gain improved access along a target network. Continuous user behavior monitoring enables system admins to prevent this kind of service misuse by enforcing an individual authentication protocols map and correlating all anomalous user access events. Whether shared credentials are a common sight in your network or not, identifying it in near-to-real-time could become a single sign of potential compromise in your corporate network.
Threat #2 – Irregular Access. Companies granting insider credentials to partnering companies must understand they are committing to a long and serious relationship. Managing and monitoring trusted outsiders could result in ongoing difficulties when trying to resolve whether an account has been compromised. Erratic and frequent changes of account and resource usage combined with unfamiliarity of IT policies and regulations, leads to a spike in alerts and alarms setting off.
Trusting a partner company or an important content or service provider should begin with complete assimilation of the end user’s potential use into the company. This means joint employee training sessions, tightly monitored and fixed user lists, and pre-defined engagement use-cases. All of these will help ensure that if a compromised credential becomes suspect of improper use, your SOC will own all the capabilities to understand and fix the problem.
Threat #3 – The Joint Cloud. Many companies are taking their first steps in deploying cloud-driven security solutions. While cloud-app usage regulation has received most of the attention, we are seeing more complex relations forming between our traditional environments and newly erected clouds, forming another under-addressed space. Looking forward, we suggest adopting cross-environment authentication protocols and measures that will enable more fine-grained monitoring over these evolving attack surfaces.
Understanding the inherent vulnerabilities of allowing trusted outsiders access to the network, these surfaces will require unique attention from SOCs.
Threat #4 – Public Internet Exposure. A device that is both connected to the Internet and enables third party remote access is an external attacker’s prized desire. Using social engineering and other deceptive methods, attackers can gain initial access to your shared workstation and work their way through the network based on this initial foothold.
Using secure remote connection protocols and applying extra layers of monitoring to these workstations will mitigate the possibility of external, unauthorized access, and could provide valuable intel if an outsider is trying to build a stronghold inside your perimeter.
Threat #5 – Proximity to Privileges. Privileged accounts provide both rogue insiders and malicious outsiders the access-level they need to approach sensitive resources securely and/or modify their own access-level. That’s exactly why privileged accounts should be kept hidden and away from shared access workstations like the ones provided to trusted outsiders.
Although this is not always possible due to the fact that most outsider access is given to parties who possess a service or a skill that requires some kind of elevated privilege, we advise forming goal-specific access groups to these devices to ensure both domain-controller regulations and other agents can assist in identifying anomalies in real time.
Fortscale is an award-winning provider of User Behavior Analytics (UBA) security solutions for Fortune 1000 companies. Fortscale enables enterprises to rapidly detect and respond to insider threats; malicious employees and external users that have hijacked and compromised legitimate user credentials to exploit data. It achieves this through superior analytics, unrivaled machine learning, global user profiling, prioritized alerts and easy-to-use investigation tools so that security analysts can quickly identify bad actors and respond to threats.