Why it’s critical to secure digital identities across your organisation
By Jim Cook, ANZ Regional Director at Attivo Networks, a SentinelOne Company
GUEST OPINION: When senior managers consider the best ways to protect their IT assets, it can be tempting for them to focus on tactics that will ward off brute-force attacks.
As a result, they make significant investments in firewalls and other technologies designed to create a solid perimeter. They want it to be capable of keeping digital resources safe and cybercriminals out.
However, having a strong perimeter is not sufficient for cybersecurity because an increasing proportion of successful breaches involve stolen identity credentials.
Whether they’ve been stolen from endpoints, obtained through social engineering, or purchased on the dark web, these credentials allow attackers to log in as though they were authorised users, thus making the protection of user identities a vital task.
One should also remember that identities are not just associated with humans but also with networked devices. A report from networking company Cisco estimates that by 2023 there will be almost 30 billion networked devices in use around the world, up from 18 billion just a few years ago.
The reality is that nonhuman identities now outnumber human users significantly, and most of today’s communication over the Internet isn’t between humans but between machines.
Unfortunately, a compromised machine identity can have consequences just as serious as a compromised human identity, which is a problem organisations should acknowledge and overcome.
Securing machine identities
Ensuring the security of machine identities can be challenging because of their sheer number and diversity. These identities belong to anything that can operate or communicate over the Internet and is not a human.
Examples include smartphones, laptops, web applications, servers, databases, and industrial control systems. Such devices talk to each other all the time, which means they need to be able to verify that the entity they are communicating with is what it claims to be.
If a machine identity becomes compromised, it creates the opportunity for a range of different attack options. A cybercriminal could use the device they’ve accessed to conduct man-in-the-middle attacks or listen to data going back and forth over the network. Some might perform acts of sabotage, while others could use the compromised identity to move laterally throughout the network in search of digital assets.
Many organisations have turned to Microsoft’s Active Directory (AD) to manage digital identities properly and ensure that only authorised parties use them. In fact, more than 90% of enterprises today use AD as their identity service, and attackers will often target AD to escalate their privileges even further.
Today’s growing number of machine identities also makes it more challenging to keep them secure. It is not easy for a security team to ensure that they patch and update every device regularly.
Organisations also secure identities using digital certificates and must also manage them. Today, some enterprises have millions of these certificates, and keeping track of expiration and renewal dates can be a daunting job.
The benefits of automation
To overcome these challenges, organisations turn to automated tools to help them maintain effective security measures, including managing certificates and identities.
Although AD is notoriously difficult to secure, automated tools can continuously monitor an AD server and identify potential attack paths. Gaining visibility to these issues and remediating them before an attacker can exploit them remains one of the most effective ways to keep identities secure.
Unfortunately, the lure of machine identities will ensure they remain a primary target for cybercriminals. As the number of devices in an organisation’s environment continues to grow, ensuring effective security at all times becomes even more challenging.
By prioritising Active Directory security hygiene and deploying automated management tools, IT security teams can protect both human and non-human identities from attackers and continue to add value to their organisation’s infrastructure.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise