3 Priorities for Preventing Compromise of Administrative Credentials from CyberattacksJanuary 21, 2020
Cyberattackers attempt to rapidly gain administrative access to computing environments. These devastating attacks can result in malicious actors with full remote access to most or all of an organization’s electronic documents, presentations, applications, databases, and other intellectual property. Recovery from these attacks is extremely difficult, slow, and expensive.
Mergers and acquisitions (M&A) are the most vulnerable and at-risk for a cyberattack while consolidating the integrated systems. M&As within a highly regulated industry, typically require a new red forest design (also known as Enhanced Security Administrative Environments (ESAE) from a mix of on-premises and cloud environments) to help thwart a critical element of these credential theft attacks by limiting exposure of administrative credentials.
Protect Most Valuable Accounts
- Provide an enhanced security environment for administrative accounts
- Implement advanced security tools including exploit technique mitigations, attack surface analysis, and application whitelisting
Enforce Credential Hygiene
Credential hygiene is the recommended practice of ensuring privileged accounts only logon to the workstations and servers that are sufficiently trusted and do not perform high risk activities like Internet browsing. This is critical because an administrator accessing a low trust workstation may enable attacker-controlled malware on that workstation to steal the administrator’s credentials.
Enforcing credential hygiene allows you to separate administrative accounts from normal user accounts (for email and web browsing) and compartmentalize logon access for each type of administrative account.
- Separate admin and user accounts
- Enforce two-factor authentication for admins
- Restrict admin accounts to high trust computers
- Restrict internet browsing and other high-risk activities for administrative accounts
Implement Auditing and Monitoring
Although the ideal goal is to completely protect against techniques for credential theft, the more realistic goal is to take the credential theft techniques out of the cyberattacker's toolbox. This will force the attacker to use riskier techniques that increase the likelihood of detection. For attack detection and accountability purposes, implement auditing and monitoring of high-impact administrator activity. This ensures administrators are alerted to events that could indicate a compromise as well as providing a tamper-resistant record of events.
Recently recognized by Microsoft as a M365 Security Deployment Partner of the Year Finalist, Binary Tree is an industry leader in enabling enterprise organizations to plan, modernize, and manage their Microsoft environments while maintaining the highest of security standards. We have supported thousands of enterprise M&As and worked on many complex transactions around the globe. To learn more about our award-winning solutions and discuss your unique business requirements and security design needs, contact us today!