It’s all about the credentials
Ralph Pisani is President at Exabeam and has 20 years of sales, channel and business development experience with organizations such as Imperva and SecureComputing (acquired by McAfee).
If the definition Madness does the same thing over and over again and expects a different result. Then you could say the cybersecurity industry is insane.
Criminals continue to innovate with sophisticated attack methods, but many security organizations are still using the same technological approaches as they were 10 years ago. The world has changed, but cybersecurity has not kept pace.
Distributed systems with people and data everywhere mean the perimeter is gone. And the hackers couldn’t be more excited. The same technological approaches such as correlation rules, manual processes, and checking alerts in isolation fix little more than symptoms while hardly addressing the underlying problem.
Credentials are supposed to be the entrance gates of the castle, but since the SOC doesn’t change, it can’t recognize it. The cybersecurity industry needs to rethink its strategy to analyze how credentials are used and stop violations before they become bigger problems.
It’s all about the credentials
Compromised credentials have long been a primary vector of attack, but the problem has only gotten worse in the mid-pandemic world. The acceleration of remote work has increased the attack footprint as companies struggle to secure their network while employees are working over unsecured connections. In April 2020, the FBI announced that cybersecurity attacks reported to the organization had increased by 400% compared to pre-pandemic levels. Imagine where that number is now in early 2021.
An attacker only needs a compromised account to get into Active Directory and create their own credentials. In such an environment, all user accounts should be viewed as potentially compromised.
Almost all of the hundreds of violation reports I’ve read had compromised credentials. According to the 2020 data breach investigation report, more than 80% of hacking violations are now made possible by brute force or the use of lost or stolen credentials. The most effective and widely used strategy is credential stuffing attacks, where digital adversaries break in, take advantage of the environment, and then move sideways to gain higher-level access.