I recently collaborated on a hardening project for a security software company’s network. In that project we discovered a fascinating way to raise a strong defensive barrier between privileged accounts and the APTs that inevitably get loose on your network. This method has several elements but the key component is the use of one-time passwords. Not just any kind of strong authentication, mind you, but specifically one-time password tokens.
We can easily make a few assumptions about today’s APT risks:
- When – not if. You can and should pour effort and resources into preventing malicious code of APTs from infecting your network but if you stop there you will fail to protect your network and your organization will be in the headlines. You must assume that some attacks will make it through your initial lines of defense and successfully activate on one or more endpoints.
- That of course means you need a defense-in-depth strategy with multiple fall back positions. You want to lay trip wires throughout your network to detect the bad buys that make it past the perimeter.
- And you want to harass and hinder the bad guys every step of the way – slowing down their progress and restricting how far they can move along a lateral kill chain.
Most of the big data breaches and long-lived penetrations I’ve seen the bad guy getting privileged authority to one or more target systems. So protecting privileged accounts is a key way to harass, hinder and contain APTs.
First we need to prevent privileged accounts from inadvertently executing malicious code by implementing some best practices and jump box controls.
But then we need to prevent APTs from making the leap from an end-user account to a privileged account and this is where one-time passwords come in. In this webinar I’ll show you why one-time password tokens are the key and why – at least for this scenario– I don’t recommend other strong authentication options like smart cards, tokens, bio-metric, hybrid and so on.
And let me assure you it’s not just the use of OTP tokens alone. There are other pieces to make the whole strategy work – including privileged account logon restrictions, a little bit of IP Security Policies and Windows Firewall rules, some security log monitoring, etc. I’ll show you how the whole idea works in this real training for free™ webinar. Dell Software has agreed to make this event possible and they will briefly show you how their OATH compliant Defender strong authentication solution fits right into this topic as well as their privileged account and session management technologies.
Please register now!