How to Securely Automate Privileged Credentials Usage

Malicious use of privileged credentials remains one of the biggest threats to enterprise security. That’s a real dilemma for IT operations who need access to privileged accounts on servers, routers, and other devices in order to carry out routine tasks like regularly-scheduled maintenance jobs.

The question then is how can privileged information be best protected without obstructing IT operations from performing its vital function to keep the information infrastructure running smoothly?

Every year, different organizations issue their annual list of Top 10 cybersecurity threats or security issues for the year ahead. Here’s Gartner’s Top 10 list from 2019.

Although the cybersecurity landscape is constantly changing, you’ll note that privileged access management always seems to feature prominently on most top 10 security lists, and this one’s no exception.

Securing privileged access is a bit of a specialty in the cybersecurity field, but it applies to every server, operating system, file system, application, database, and IoT device in your environment. Today’s threat landscape demands that not only do all these elements of your infrastructure need strong passwords, but they need to be changed frequently. In the case of highly sensitive infrastructure or data, the best practice is to change the password after every use!

Now if you have a smaller environment with just a few servers, applications, databases, etc., then perhaps you’re not too worried about dealing with privileged access management because it’s just another manual task you do that might be inconvenient, but doesn’t hold you up too much.

Then again, if you are in an enterprise environment, you’re probably dealing with hundreds if not thousands of servers, applications, databases, etc. Now you’ve got a very serious issue to contend with. How do you maintain proper security for every single component AND continue performing IT operations tasks as efficiently as possible?

Well, that really is the CIO’s dilemma in all of this. He or she must perform a precarious balancing act that maximizes security without compromising productivity.

On the one hand, the CIO must do everything necessary to comply with an alphabet soup of regulatory regimes and standards, such as HIPAA, PCI-DSS, GDPR, CCPA, Sarbanes Oxley, and so many more that if they were all listed here, would require a lot more scrolling on this blog post.

On the other hand, the CIO can’t compromise on preserving uptime, and dealing with shifting infrastructure priorities such as the recent and sudden switchover to working from home. They’ve also got to continue advancing the enterprise’s digital transformation, all while dealing with reduced budget and/or headcount due to the economic conditions brought on by the pandemic. And of course, there’s the growing concern about the widening skills gap.

According to Gartner, there is a solution (and we endorse it wholeheartedly).

In a paper published June 18, 2020 (ID G00376315), Gartner recommended that organizations “Create and expand automation for privileged access activities and integration with other enterprise platforms, such as identity governance and administration and IT service management.” This recommendation actually constitutes one of the 4 pillars of Gartner’s Privileged Access Management strategy.

In the same publication, Gartner points out that “Automation includes increasing reliability and security by removing the ‘human’ element. This increases efficiency by enabling privileged tasks to be run by more junior administrators with less experience or by software agents”. In other words, by taking privileged access management out of people’s hands and letting it be automated, you’re actually making your infrastructure more secure.

And just for good measure, there was one more worthwhile tidbit from this same Gartner paper, which BTW is entitled “Best Practices for Privileged Access Management Through the Four Pillars of PAM”.

Gartner offers suggestions on what privileged access management tasks to consider automating. They write “Good targets for automation are predictable and repeatable tasks, such as simple configuration changes, software installations, service restarts, log management, startup and shutdown.”

To that, we would also add routine health checkups, which is a great use case Ayehu has available for demonstration with popular privileged access management solutions such as CyberArk’s.

In summary, there are 3 main value propositions derived from automating privileged access management.

First and foremost, it’s simply more secure using a vault. That’s a bit obvious, but we shouldn’t lose sight of that.

Secondly, if you’re following best practices on frequency of password changes, then automating privileged access management means you never have to worry about password changes disrupting operations. In other words, if you’ve got a scheduled task to run on a server whose password just changed, it won’t be an issue, because both the changing of the password and its retrieval from the privileged access management solution are automated.

Finally, and this is the one every CIO loves, automating privileged access management lets you run a streamlined IT operation while simultaneously maintaining security, adherence to industry regulatory regimes, and your own enterprise best practices.

If you’re interested in test driving Ayehu NG to securely automate your privileged credentials usage, click here to download your very own free 30-day trial version today.

How to Run Automated Workflows While Protecting Privileged Accounts

In today’s highly complex security climate, organizations must protect and manage their applications’ privileged identities if they want to protect their assets. Successful Privileged Identity Management (PIM) implementation can be measured by specific factors, such as:

  • Controlling who has access to which credentials
  • Document credential requests for compliance
  • Eliminating hard-coded passwords in applications
  • Eliminating hard-coded passwords in 3rd party tools

Knowing this is critical and actually accomplishing it, however, are two entirely different things. There are many in-house applications and 3rd party tools such as Cyber Security Incident Response Team (CSIRT) automation, IT process automation, and others that run and need access to many servers, PCs, and other devices. The ability of 3rd party tools to access the vault and retrieve the relevant credential information of the specific device is crucial to successful PIM implementation.

Why You Need a Secure Vault

Unmanaged privileged credentials, such as passwords, used by 3rd party tools like CSIRT, are typically stored locally in configuration files, or in a database with little to no control over encryption levels. These credentials can be easily captured and exploited by malicious users or external attackers.

Additionally, any manual changes made to these credentials generally require an update of credentials across all environments, which in turn requires downtime or a maintenance window.

Just one tiny oversight during a manual password change could lock a Windows account, causing all other applications and/or application instances to cease operating. Furthermore, as these credentials are not centrally managed, it is difficult to track who or what has access to them, which makes it nearly impossible to identify whether there may be a potential misuse of credentials by a malicious user or external attacker.

And if you think this type of scenario will never happen to you, think again. One need only peruse the headlines to see that even the most prominent enterprises are vulnerable to potential exploitation.

Take, for instance, web-hosting giant GoDaddy. In May of 2020, the largest domain registrar in the world with over 19 million customers, announced that it had experienced a security breach, which occurred after an employee had their account compromised which allowed hackers access. The number of customers impacted has still not be determined, but the reputational and financial damages to the company cannot be understated. For a smaller firm, such a breach could be irreparable.

Why a Secure Vault Is Not Enough

As GoDaddy and countless other organizations have learned the hard way over the years, cybercriminals are relentless. Their tactics are also becoming more sophisticated by the day. In order to shore up against would-be attacks, business leaders must find a way to fight fire with fire. That is, they must leverage all of the advanced technology available to them. And one of the most effective of these is automation.

Ayehu’s integration with CyberArk Privileged Account Security Solution enables organizations to automatically retrieve and rotate credentials securely stored in the CyberArk Secure Digital Vault. Passwords can be rotated based on the organization’s security policy for all privileged identities.

In addition, the integrated solution combines individual accountability with detailed tracking and reporting on all privileged identity activity, enabling organizations to meet diverse sets of compliance requirements.

Your Chance to See It In Action

In a world awash in cybersecurity threats, malicious use of privileged credentials stands out for its potential to inflict cataclysmic harm upon an enterprise.  Yet in order to carry out tasks such as regularly-scheduled maintenance jobs, IT operations must have access to the privileged accounts on servers, routers, and other devices that require these credentials. 

What’s the best way to protect privileged information without obstructing ITOps from performing the vital work that keeps the lights on, all while adhering to organizational and industry infosecurity compliance requirements?

Please join us on Wednesday July 15th as we demonstrate the integration of Ayehu NG and CyberArk Secure Digital Vault – the industry leading automation and privileged access management platforms.

Click the graphic below or follow this link to register and reserve your spot today: https://info.ayehu.com/how-to-securely-automate-privileged-credentials-usage

Bridging the NOC and SOC for an Integrated IT Powerhouse

The similarities between the role of the Network Operation Center (NOC) and Security Operation Center (SOC) often lead to the mistaken idea that one can easily handle the other’s duties. Furthermore, once a company’s security information and event management system is in place, it can seem pointless to spend money on a SOC. So why can’t the NOC just handle both functions? Why should each work separately but in conjunction with one another? Let’s take a look a few reasons below.

First, their roles are subtly but fundamentally different. While it’s certainly true that both groups are responsible for identifying, investigating, prioritizing and escalating/resolving issues, the types of issues and the impact they have are considerably different. Specifically, the NOC is responsible for handling incidents that affect performance or availability while the SOC handles those incidents that affect the security of information assets. The goal of each is to manage risk, however, the way they accomplish this goal is markedly different.

The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime – in other words, a focus on availability and performance. The SOC is measured on their ability to protect intellectual property and sensitive customer data – a focus on security. While both of these things are critically important to the success of an organization, having one handle the other’s duties can spell disaster, mainly because their approaches are so different.

Another reason the NOC and SOC should not be combined is because the skillset required for members of each group is vastly different. A NOC analyst must be proficient in network, application and systems engineering, while SOC analysts require security engineering skills. Furthermore, the very nature of the adversaries that each group battles differs, with the SOC focusing on “intelligent adversaries” and the NOC dealing with naturally occurring system events. These completely different directions result in contrasting solutions which can be extremely difficult for each group to adapt to.

A new set of problems arise, however, when the two teams become siloed, with each group focused on only half of the equation. The resulting gap, particularly in terms of data that is not being shared, perpetuates an even broader gap in the necessary knowledge to maximize the effectiveness of each team. Efforts by the SOC that fail to take into account operational requirements or efficiencies cause bottlenecks that can result in a disruption in network performance. Likewise, fingers can be pointed at the NOC for implementing network designs that leave critical resources exposed and vulnerable.

The best solution is to respect the subtle yet fundamental differences between these two groups and leverage a quality automation product to link the two, allowing them to collaborate for optimum results. The ideal system is one where the NOC has access to the SIEM, so they can work in close collaboration with the SOC and each can complement – rather than impede – the other’s duties. The SOC identifies and analyzes issues, then recommends fixes to the NOC, who analyzes the impact those fixes will have on the organization and then modifies and implements accordingly.

So, what’s the best way to achieve this cross-functional collaboration and optimization? The most important goal is to eliminate operational and/or technical silos. By leveraging a cross-silo intelligent automation platform, security incidents can be detected and resolved while events simultaneously trigger automatic changes both to security as well as network device configurations. This essentially closes the loop on cyberattack mitigation while effectively bridging the distance between security and ops teams.

As the IT environment introduces increasingly complex applications and workflows across a spectrum of systems and devices, and oftentimes in a variety of different locations, the demand for a more streamlined, holistic approach also continues to grow. The time has come to rethink the way the NOC and SOC work together. With an orchestrated approach, powered by intelligent automation, organizations will be able to close the gap between the two departments to more effectively address today’s multifaceted threats, regardless of where they happen to occur within the network.

Ayehu NG is an intelligent IT Automation and Orchestration platform built for the digital era. As an agentless platform, Ayehu is easily deployed, allowing organizations to rapidly automate tasks and processes, including interoperability across disparate solutions and systems, all in one, unified platform.

If you’re ready to bridge the gap between your NOC and SOC to create an integrated IT powerhouse, click here to start your free trial.

Pursuing Digital Transformation in 2019? Here’s how to do so securely.

There’s a lot of talk about the topic of change management, and with so many of today’s forward-thinking companies going through digital transformation, mergers and acquisitions and any number of other updates, upgrades and changes, it’s for good reason. Keeping everything running as smoothly as possible is essential to a business’ ability to emerge on the other side stronger and even more successful. One such area of significant importance is IT security. If your organization is currently or will soon be navigating major changes, here are some specific tips to ensure that your critical data remains safe during the process.

Make it a top priority.

Regardless of what type of reorg you’re going through, the subject of cyber security incident response should be at the top of the list, and remain there throughout the entire process. Designate at least one individual (or preferably an entire team) whose sole purpose is maintaining maximum security at all times. If it’s placed on the back burner, your company will become vulnerable to impending risk and very likely to become a victim of a breach.

Plan ahead.

For situations, such as mergers and acquisition, determining whether there are any concerns with the other company’s cyber security incident response ahead of time is crucial, yet often overlooked even by top management and key decision makers. According to a 2014 survey from Freshfields Bruckhaus Deringer, an incredible 78% of respondents said cyber security was not carefully analyzed prior to an acquisition. Don’t make this same mistake.

Take advantage of technology.

Don’t leave the heavy burden of manually managing IT security on the shoulders of your technicians. Even under the best of circumstances, this task is monumental and impossible for humans to handle alone. Add in organizational change and you’ve got an entirely new and incredibly more challenging cyber security landscape to navigate. Use technology, such as automated incident response, to ease this burden and improve the chances of an uneventful transition.

Be aware of new targets.

A company going through major reorganization can be an attractive target for cyber criminals. In fact, even the very information surrounding the internal changes – such merger data and documents – may become a point of increased risk. The person or team charged with IT security should remain acutely aware of this information at all times and carefully monitor who has access and whether that access is legitimate. Otherwise, trade secrets and other confidential info could end up in the wrong hands.

Train and communicate.

It’s been said plenty of times, but it’s worth iterating again: cyber security incident response is everyone’s job – not just IT. Every employee should be trained on how to protect sensitive data and spot potential security concerns so they can be addressed immediately. Senior executives must also be involved in the cyber security discussion. When everyone takes some level of ownership, the risk to the organization as a whole can drop significantly.

Account for more exposure.

Organizational change often requires the addition of a number of external parties, such as lawyers, consultants, bankers and contractors. These additional people will ultimately mean greater exposure of sensitive data. This must be expected and adequately accounted for well in advance to ensure that all information remains as secure as possible throughout the entire transition. Again, the person or persons in charge of IT security should make managing access to information a top priority.

Is your company planning on rolling out some big changes in the near future? Is there a merger or acquisition on the horizon? Whether it’s adopting a new company-wide software product, making changes to corporate culture or partnering with another firm, the changes that will take place within can potentially leave you exposed to greater risk of a security breach. By taking the above steps and solidifying your cyber security incident response plan in advance, your company will be in a much better position to navigate the upcoming challenges and come out on the other side as a success story.

If you could use some upgrades, particularly in the technology you use for IT security and incident management, you can get started today by downloading a free 30 day trial of Ayehu.

Free eBook! Get Your Own Copy Today

4 Cybersecurity Trends to Plan for in 2019

It’s that time of year again – a time to reflect on the past while also looking toward, and planning for, the future. As it has been in years past, the topic of cybersecurity will remain at the forefront for business and IT leaders in 2019 and beyond. As attackers continue to become savvier and their assaults more sophisticated, the methods used to defend against them must also continue to evolve. Let’s take a look at four trends that are likely to become the focus of the security industry over the new year.

AI will play a bigger role on both sides of the fence.

As the volume and range of security threats continue to increase, it’s become abundantly clear that the best and only suitable defense will be artificial intelligence. This is especially true since, historically, cyber criminals have access to the same or sometimes even better tools as the security folks. The only truly effective way to combat cyber-attacks in 2019 will be to leverage AI-based security solutions. In other words, organizations must be prepared to fight fire with fire if they are to keep sensitive data safe.

Biometrics will become more widely adopted.

The Face ID feature of Apple’s iPhone X has made facial recognition relatively mainstream. Given the fact that passwords continue to be one of the most vulnerable areas of a business, we can expect to see biometrics become more widely adopted as a safer, more secure alternative. One brand leading the pack is MasterCard who will begin requiring biometric identification of all of its users beginning in April 2019.

Spear phishing will become even more targeted.

Cyber criminals understand that the more information they have about a potential victim, the more effectively they can design spear phishing campaigns. Some attackers are already developing newer and more disturbing ways to enact their plans, including hacking into a victim’s email system, lurking and learning. They will then use what they learn to create incredibly realistic messages that appear to be from a trusted source. Security personnel must remain especially vigilant to protect against these sophisticated and costly attacks over the coming months.

Advanced cybersecurity training may become a requirement for the C-suite.

The training surrounding cybersecurity will continue to advance and mature. As such, certifications may no longer be sufficient for a security professional to progress in his or her career – at least not at the upper management or C-suite level. This is supported by the growing number of degree programs that are devoted to cybersecurity. The companies of tomorrow looking to hire CSOs and CISOs will likely require some type of higher education as it relates to infosec.

What about you? Do you have any bold predictions about what the future has in store for cybersecurity? Tell us your thoughts in the comments section below!

Watch the full recorded panel discussion

Alert fatigue dragging your IT security team down? Here’s how to get things back on track.

Alert fatigue killing your IT security team The number of IT security incidents making their way into the enterprise each day is staggering – somewhere in the hundreds of thousands. Today’s security professionals often find themselves running in circles, constantly putting out fires and treading water. The term “alert fatigue” has become commonplace and those in IT leadership are struggling to find a way to ease the burden and reduce the risk of costly turnover in an already short-staffed field. If you are among those leaders, here are five things you can start focusing on today that will improve the work environment tomorrow.

Arm them with the right technology.

First things first, you cannot expect your IT security team to be successful against ever-increasing threats if they aren’t armed with strong and intuitive technology. By incorporating intelligent automation in the incident response process, the same tech that the hackers are using can then be used to protect against them, 24/7/365.

Empower front-line employees.

Lower tier level employees may not be capable of handling extremely sensitive or complex tasks, but by leveraging tools like automation, you can effectively empower them to handle a good portion of the basic security function on their own, without the need for escalation. This will also alleviate the pressure on high level IT security personnel and allow them to focus their time, efforts and skills on more critical projects.

Develop best practices.

Use detailed analytics to evaluate your network, systems and applications with the goal of identifying and addressing vulnerabilities before the hackers have a chance to exploit them. Additionally, with the assistance of artificial intelligence, existing processes and policies can be routinely tested to pinpoint bottlenecks and develop best practices for improved operations going forward.

Improve the communication process.

Much of the frustration experienced by IT security personnel can be traced back to a lack of quality communication within the department. Without the right plan and technology in place, a breakdown in the notification and escalation process can result in costly delays, which can dramatically impact the bottom line. Adopting a bi-directional and remote communication strategy ensures a smoother, more efficient and timely execution of required actions.

Eliminate coding and scripting.

When the IT security team is wasting valuable time writing scripts and coding, they’re not focusing on what’s most important: timely and effectively incident response. The longer it takes to remediate a successful breach, the more damage it can cause the enterprise. The right IR tool should eliminate the need for manual scripting, which will streamline operations and also relieve unnecessary pressure from your IT department.

Is your IT security team struggling to keep their heads above water? Are advanced persistent threats (APTs) draining your skilled personnel and increasing your risk of losing top talent due to fatigue and burnout? If so, the time to take action is now. Take Ayehu for a test drive today and experience for yourself how intelligent automation can give your IT security personnel the tools they need to do their jobs successfully.

How to Get Critical Systems Back Online in Minutes