Securing IT Infrastructures in past times used to be a much simpler problem . . . businesses managed their own IT infrastructures and secured their own perimeter using point IT security solutions such as firewalls, email gateways, VPNs, proxies, etc. The bad guys were on the outside; simply put the Internet was the “wild-west” and all that organisations needed to do were to circle the wagons to keep out their enemies.
However, in today’s hybrid-cloud era, the privileged insider and outsider have become inter-changeable and the traditional idea of the security perimeter has dissolved, As a result, there has been an alarming increase in the numbers of Privileged Users, some of whom will have privileged powers far exceeding that needed to do their jobs.
These risks have huge potential for cyber-attack and corporate damage because Privileged Accounts provide a “golden” path for any person with unlimited power to compromise data and remain undetected for long periods of time. Organizations can significantly reduce the threat of targeted attacks by proactively securing privileged accounts against Advanced Persistent Threat (APT) attack cycles. According to CyberSheath’s APT Research Report, privileged accounts are increasingly being used in advanced and targeted attacks to compromise organizations and steal data.
Many high-profile breaches, including those at RSA and the US Chamber of Commerce, have involved the exploitation of privileged or administrator accounts. For example, the Mandiant report in February 2013 into Chinese cyber-attacks against 141 organisations around the world showed that 90% involved the takeover of privileged accounts.
These individuals are known as Privileged Users because they need increased configuration powers to install, deploy, maintain IT assets, as well as creating new user profiles and adding to or amending the powers and access rights of other existing users. It’s these privileged powers which are becoming one of the most dangerous cyber-security threats in the corporate world. These risks are known as “Insider Threats” – i.e. Privileged Users with access to Privileged Accounts, having the capacity to unleash huge damage on companies.
Verizon’s Data Breach Investigation revealed that;
To minimize the risk associated with these accounts, organizations need to identify where these accounts exist, control access to them, and monitor exactly what is being done with them. Implementing a privileged account security solution to automate these processes helps organizations enforce these controls, while providing a clear audit trail for accountability and security. There are many types of “Insider” attacks, both malicious and unintentional:
Osirium protects SysAdmin environments from Privileged Cyber-Security threats by automating the password management life-cycle so that Privileged Account credentials cannot be stolen or hijacked, nor the passwords revealed during single sign-on, assigning privileges, provisioning and de-provisioning of devices.
Osirium further strengthens security by eradicating the reliance on shared or group accounts and, as a result, removing the complexity and confusion which can arise from managing shared passwords by creating unique and individual personalised accounts on each end system with the strongest passwords possible.
Osirium also removes any possibility of bypassing Osirium and hacking into the infrastructure with direct connections, since every privileged connection request has to pass via Osirium. In emergencies these accounts can always be accessed and used manually, while log files contain individual account information making it simple to identify exactly who has done what and when on end systems.
Osirium helps its customers drive down overhead costs by automating and delegating Privileged Tasks to alternative teams, such as the Help Desk, which makes better use of available resources and significantly reduces the risks of human-error. Furthermore, Blueprints can be created that set out the required settings for, say, PCI compliance which allows Osirium to schedule audits to identify compliance gaps and subsequently remediate those devices falling short, thereby helping organisations pro-actively meet and, more importantly, maintain compliance.
Session Shadowing and Recording is also available, which acts as general deterrent to malicious practitioners, enables device audit reviews, change management control and assessment, faster fault resolution and, ultimately, irrefutable evidence of privileged activities on devices and applications.
Systems administrators, power users and generic accounts have their passwords compromised by illegal users & intruders, because they are weak or have become commonly known across multiple systems. Osirium provides a single protective layer in-between the estate and all users. The only way to access the estate is by signing into Osirium. It’s unlikely that even a brute force attack on an Osirium managed device would succeed due to the rolling & randomly generated passwords we put into place. Osirium therefore eliminates this aspect of the attack surface, namely direct access into privileged accounts.
“48% of data breaches are caused by insiders” and 22% of these insider breaches were enabled by inappropriate or outdated privileged user access rights. Being more specific, these ‘incorrect rights’ breaches were categorised by CERT (the Computer Emergency Response Team at Carnegie Mellon University) into 1) over-privileged users; able to make changes outside their role & authority, and 2) unrevoked permissions; users no longer in the same role or still with the company. Osirium maps each user to specific role based accounts in the application or device. Users can now only perform activities for which they have express authorisation. If their role changes or they leave the organisation, no matter how many accounts they had access to, only one place needs to be updated, and that’s in Osirium.
Osirium therefore eliminates this aspect of the attack surface – over-privileged and legacy accounts.
The balance of breaches caused by insiders is down to users with valid rights. Of these attacks, those with motives of financial gain, revenge & business advantage probably do not want to be caught, and those with motives of recognition, curiosity or ideology probably don’t care.
Osirium audits everything the user does, down to a video record of mouse movement and key-strokes. A bright red banner across the screen provides a permanent reminder that ‘for reasons of compliance’ session recording is active. Osirium eliminates this aspect of the attack surface, ie. getting away with an act of vandalism, sabotage or theft. Those with more fundamentalist motives are harder to stop, but Osirium can minimise the damage.
With the best protection now in place, breaches should still be viewed as a possibility, although very unlikely, so when they do occur the priority has to shift from prevention, to investigation and remediation. Osirium is able to notify on any device or application access and all activity recorded during that session in near-real-time, providing information for review and enabling intelligent decision making for remediation and recovery. As a result, Osirium is able to help organisations minimise the damage of a breach by quickly closing the attack window, reducing data loss, while providing the visibility and intelligence to successfully mitigate the potential damage. The quicker an attack window is closed, the less data can be stolen and the fewer customers affected.
Whether the organisation’s infrastructure is on-premise, in the cloud or a hybridised mix of both, Osirium’s Privileged Management solution provides quick, secure access to all network and security devices with an automated single sign-on process through the Osirium Server, which proxy’s connections to the target system.
Osirium is an agent-less solution requiring no additional software to be installed, configured and maintained on target devices and applications. This represents one of the critical design principles first defined at its inception; i.e. that of minimising disruption to working practices and simplicity of deployment.
Osirium has been architected to support devices and applications from many different vendors and already supports a large number of diverse vendor equipment and applications. Extending support to additional devices, servers or applications is a simple matter of creating new XML knowledge templates, and clients are already creating their own templates, with full support and backing from the Osirium support team.
Each SysAdmin uses an Osirium Desktop Client which allows him to access all the systems he is required to manage, wherever they may reside in the infrastructure. The Desktop Client provides a list of devices the SysAdmin is allowed to access and a list of tasks he has been delegated to perform. There is also a “Google-like” search tool which provides rapid identification of the devices requiring privilege access. Osirium automatically creates unique local role-based accounts for each administrator on each device or application requiring access. These accounts are personalised with their logon details and the permission levels they own. Personalised Access on each device also means that the users cannot side-step or piggy back to other devices because that particular account is not valid.
When connecting to devices, Osirium proxies connections directly and automatically injects the user’s credentials to perform a Single Sign-On. As a result, nobody ever sees or knows the passwords on any end devices, so the possibility of hacking credentials has been completely removed.
Conversely, whenever an administrator needs to be removed, Osirium automatically connects to all the administrator’s relevant devices and removes the account; thus automatically removing any possibility of dormant or legacy accounts from all the devices to which the administrator had access.
SuperAdmins can quickly and easily manage real-time SysAdmin accounts, username/passwords and privilege levels across multiple network devices, enabling management to enforce policy-based access controls. This eliminates the risk of unauthorised users accessing shared and un-secured passwords by removing the need for SysAdmins to remember static passwords for each and every device. Password renewal can be automated at specific time intervals for specific types of end systems or after specific events have taken place. Similarly, Osirium’s approach to Session Recording and Compliance Audits is granular and based on Osirium profiles. It can also be configured to align with our ‘Least Privileged’ deployment model, as opposed to having to operate a ‘catch all’ across all devices and users.