Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya”
This is the final installment of a three-part series on Maersk, me, & notPetya, a blog post by Gavin Ashton about his experiences responding to and recovering from the NotPetya ransomware outbreak at Maersk. If you’ve missed Part 1 or Part 2, give them a quick read!
At the root of this attack, and so many before it lies a tangled mess of lateral movement and privilege escalation vectors. Privileged access assessments conducted for our enterprise clients frequently turn up thousands upon thousands of pathways adversaries could exploit to achieve domain dominance or compromise sensitive data.
These pathways commonly share several traits:
It’s clear from posts like Gavin’s that many organizations still haven’t tackled these problems; they clearly must. But even organizations who have already invested in solving these problems can make improvements.
Privileged Access Management is not a new concept. Solutions that vault and rotate credentials, and securely proxy access to systems, have been around for years. However, these approaches fall short of actually reducing the privilege attack surface. Simply vaulting privileged accounts isn’t sufficient to stop adversaries from abusing them; they must be eliminated.
Organizations that want to adopt strong privileged access management processes should focus on achieving the zero standing privileges (ZSP) objective. Why should you protect privileged access all the time, when privileges are only used some of the time? The simple answer is you shouldn’t. Just-in-time access with identities that are created for a specific purpose with a finite lifetime can help you eliminate the privileges attackers strive to compromise.
Achieving ZSP is one of the most effective ways of denying adversaries opportunities for lateral movement and privilege escalation. If the privileges don’t exist until they’re needed, only exist for a short time window, are scoped to only a specific activity, and subsequently destroyed when the administrator has completed their task, then there’s little chance an adversary will be able to make use of them.
Gerrit Lansing is the Field CTO at Stealthbits – Now part of Netwrix . In his role, Gerrit leads strategic initiatives to improve customer engagement and Stealthbits’ products and positioning. He brings with him over a decade of experience in information security, with a focus on identity and privileged access management. Prior to joining Stealthbits, he started his career as an Information Security Analyst at Liberty Mutual before joining CyberArk Software where he held multiple roles including Director of Consulting Services and Chief Architect.
Gerrit holds a Bachelor of Arts in Administrative Science from Colby College in Waterville, ME.
Reduce the opportunity for lateral movement attacks through privileged account reduction. Start an instant free trial of Stealthbits Privileged Activity Manager today!Start Now
Start a Free Stealthbits Trial!
No risk. No obligation.