3 Priorities for Preventing Compromise of Administrative Credentials from Cyberattacks

Prevent Compromise of Admin Credentials from Cyberattack | Binary Tree

Cyberattackers attempt to rapidly gain administrative access to computing environments. These devastating attacks can result in malicious actors with full remote access to most or all of an organization’s electronic documents, presentations, applications, databases, and other intellectual property. Recovery from these attacks is extremely difficult, slow, and expensive.

Mergers and acquisitions (M&A) are the most vulnerable and at-risk for a cyberattack while consolidating the integrated systems. M&As within a highly regulated industry, typically require a new red forest design (also known as Enhanced Security Administrative Environments (ESAE) from a mix of on-premises and cloud environments) to help thwart a critical element of these credential theft attacks by limiting exposure of administrative credentials.

Protect Most Valuable Accounts

  • Provide an enhanced security environment for administrative accounts
  • Implement advanced security tools including exploit technique mitigations, attack surface analysis, and application whitelisting

Enforce Credential Hygiene

Credential hygiene is the recommended practice of ensuring privileged accounts only logon to the workstations and servers that are sufficiently trusted and do not perform high risk activities like Internet browsing. This is critical because an administrator accessing a low trust workstation may enable attacker-controlled malware on that workstation to steal the administrator’s credentials.

Enforcing credential hygiene allows you to separate administrative accounts from normal user accounts (for email and web browsing) and compartmentalize logon access for each type of administrative account.

  • Separate admin and user accounts
  • Enforce two-factor authentication for admins
  • Restrict admin accounts to high trust computers
  • Restrict internet browsing and other high-risk activities for administrative accounts

Implement Auditing and Monitoring

Although the ideal goal is to completely protect against techniques for credential theft, the more realistic goal is to take the credential theft techniques out of the cyberattacker's toolbox. This will force the attacker to use riskier techniques that increase the likelihood of detection. For attack detection and accountability purposes, implement auditing and monitoring of high-impact administrator activity. This ensures administrators are alerted to events that could indicate a compromise as well as providing a tamper-resistant record of events.

ESAE CASE STUDY: Two Health Systems Unify on Day 1 of Merger to Provide More Convenient, Accessible and Affordable Care to their Communities

Recently recognized by Microsoft as a M365 Security Deployment Partner of the Year Finalist, Binary Tree is an industry leader in enabling enterprise organizations to plan, modernize, and manage their Microsoft environments while maintaining the highest of security standards. We have supported thousands of enterprise M&As and worked on many complex transactions around the globe. To learn more about our award-winning solutions and discuss your unique business requirements and security design needs, contact us today!