Written by Chris Steffen on September 17, 2018
Are Your Network Users Over-Privileged?
Businesses today protect against all sorts of cyber threats – hackers, malicious insiders, inadvertent actors, and even state-sponsored cyber attacks. One category that often goes underrepresented in conversations about prevention is privileged users.
Privileged users are those with administrative privileges to one or more systems within an organization. These users have greater access to the network and are limited by fewer controls. As a result, they can access more of a company’s intellectual property – corporate data or confidential product information. Further, these users can easily avoid controls that restrict other non-privileged users. So while companies need to give users access to sensitive networks, those users can abuse their privileges in a manner that is unauthorized and/or out of policy.
Thefound that of the breaches reported, 12% involved privileged misuse. More specifically, overprivileged users caused 10,637 breaches. The percentage of misuse increases when we zoom in on specific industries. Healthcare, for example, sees privilege abuse (using logical access to assets, often databases, without having a legitimate medical or business need to do so) in 74% of breach cases. In Public Administration, most often the misuse is privilege abuse (78%).
The advice from Verizon:
“Make sure that access privileges are provided on a “need to know” basis and have exit programs in place when employees leave the organization to ensure access to systems is closed upon their exit.”
While that is a good starting point, what’s needed is a way to secure access to an organization’s networks and entirely eliminate over-privileged or super user access.
Enforce the Zero-Trust Model
Developed by Zero Trust model calls for a reversal of the guiding principles behind network security today., the
The idea is that to better protect organizations against both internal and external threats, the mantra “trust, but verify” needs to be flipped upside down to “verify, but never trust”. This means forgoing the assumption that networks can be split into trusted and untrusted segments, or users into trusted and untrusted. Further, it means ensuring that in every instance, access is securely provided based on the identity of a person, and that access is continuously assessed in real time.
Implementing a Zero-Trust model can be done with a Software-Defined Perimeter (SDP). It dynamically creates one-to-one network connections between a user and the resources they access. It’s rooted in zero-trust by applying the principle of least privilege, where access rights are limited for users to the bare minimum permissions they need to perform their work. SDP is designed around user identity, not an IP address, to build a multi-dimensional profile of a user or device in order to review users before granting access.
By enforcing identity-centric policies with a SDP, organizations can limit what over-privileged users can see to completely reduce their attack surface. A SDP ensures privileged users are able to access authorized network resources so they can do their job while simultaneously protecting a business's security.
- Core principles of SDP – identity-centric, Zero-Trust, and built like cloud, for cloud
- Technical architecture – “authenticate-first, connect second”
- Use cases – secure AWS resources and dramatically reduce network attack surfaces
Learn more about AppGate SDP, the in the market that goes beyond the SDP-spec to provide an adaptive, identity-centric, full-network platform built for the hybrid enterprise.