A close analysis of the cybersecurity attacks of the pastshows that, in most cases, the head of the cyber kill chain is formed by somekind of privilege abuse. In fact, Forrester estimates that compromised privileged credentials play a role in at least 80 per centof data breaches.
This is the reason privileged access management (PAM) has gained so much attention over the past few years. With securing and managing access to business-critical systems at its core, PAM aims to provide enterprises with a centralised, automated mechanism to regulate access to superuser accounts. PAM solutions ideally do this by facilitating end-to-end management of the privileged identities that grant access to these accounts.
However, the scope of privileged accesssecurityis often misconceived and restricted to securing and managing root account passwords alone. Passwords, beyond a doubt, are noteworthy privileged access credentials.But the constant evolution of technology and expanding cybersecurity perimeter calls for enterprises to take a closerlook at the other avenues ofprivileged access, especially encryption keyswhichdespite serving as access credentials for huge volumes of privileged accounts, are often ignored.
This article lays focus on the importance encryption key managementwhy enforcing SSH key and SSL certificate management is vital, and how by doing so, organisations can effectively bridge the gaps in their enterprise privileged access security strategy.
1. Uncontrolled numbers of SSH keys trigger trust-based attacks
The average organisation houses over 23,000 keys and certificates many of which grant sweeping access to root accounts, says aPonemon survey. Also, a recent report about the impact of insecured digital identitiesstates that 71 per cent of the respondents did not have any idea about the number of keys or the extent of their access within the organisation.Without a centralised key management approach, anybody in the network can create or duplicate any number of keys. These keys are often randomly generated as needed and are soon forgotten once the task they are associated with is done. Malicious insiders can take advantage of this massive ocean of orphaned SSH keys to impersonate admins, hide comfortably using encryption, and take complete control of target systems.
2. Static keys create permanent backdoors
Enterprises should periodically rotate their SSH keys to avoid privilege abuse, but huge volumes of unmanaged SSH keys make key rotation an intimidating task for IT administrators. Moreover, due to a lack of proper visibility on which keys can access what, there is widespread apprehension about rotating keys in fear of accidentally blocking access to critical systems. This leads to a surge of static SSH keys, which have the potential to function as permanent backdoors.
3. Unintentional key duplication increases the chance of privilege abuse
For the sake of efficiency, SSH keys are often duplicated and circulated among various employees in an organisation. Such unintended key duplication creates a many-to-many key-user relationship, which highly increases the possibility of privilege abuse. This also makes remediation a challenge since administrators have to spend a good amount of time revoking keys to untangle the existing relationships before creating and deploying fresh, dedicated key pairs.
4. Failed SSL certificate renewals hurt your brand's credibility
SSL certificates, unlike keys, have a set expiration date. Failing to renew SSL certificates on time can have huge implications on website owners as well as end users. Browsers don't trust websites with expired SSL certificates; they throw security error messages when end users try to access such sites. One expired SSL certificate can drive away potential customers in an instant, or worse, lead to personal data theft for site visitors.
5. Improper SSL implementations put businesses at risk
Many businesses rely completely on SSL for internet security, but they often don't realize that a mere implementation of SSL in their network is not enough to eliminate security threats.SSL certificates need to be thoroughly examined for configuration vulnerabilities after they are installed. When ignored, these vulnerabilities act as security loopholes which cybercriminals exploit to manipulate SSL traffic and launch man-in-the-middle (MITM) attacks.
6. Weak certificate signatures go unheeded
The degree of security provided by any SSL certificate depends on the strength of the hashing algorithm used to sign the certificate. Weak certificate signatures make them vulnerable to collision attacks. Cybercriminals exploit such vulnerabilities to launch MITM attacks and eavesdrop on communication between users and web servers. Organisations need to isolate certificates that bear weak signatures and replace them with fresh certificates containing stronger signatures.
Bridging the gaps in your PAM strategy
All the above scenarios highlight how important it is to widen the scope of your privileged access security strategy beyond password management. Even with an unyielding password manager in place, cybercriminals haveplenty of room to circumvent security controls and gain access to superuser accounts by exploiting various unmanaged authentication identities, including SSH keys and SSL certificates. Discovering and bringing all such identities that are capable of granting privileged access under one roofis one important step enterprises should take to bridge gaps in their privileged access security strategy.For, today's unaccounted authentication identities could become tomorrow's stolen privileged credentials!
Error: Please check your email address.
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020
- What is the quantum internet? Everything you need to know about the weird future of quantum networks - ZDNet - September 6th, 2020
- How automation testing stays crucial to the future of Internet of Things (IoT) - Latest Digital Transformation Trends | Cloud News - Wire19 - September 6th, 2020
- One of the largest internet outages ever recorded occurred this weekend - TechRadar - September 6th, 2020
- A third of companies are exposing unsafe network services to the internet - BetaNews - September 6th, 2020
- Meet The New Anonymous100 Million BTS ARMY And K-Pop Stans, A Cyber Threat To Be Reckoned With - Forbes - September 6th, 2020
- Is Wall Street winning in China? - The Economist - September 6th, 2020
- 60 Seconds In Cybersecurity: Heres What Happens In Just One Malicious Internet Minute - Forbes - August 28th, 2020
- Research Report prospects the Internet Security Software Market - Owned - August 28th, 2020
- Cyber Security Market to Benefit from Increasing Application of AI and IoT Technologies - GlobeNewswire - August 28th, 2020
- Hackers are exploiting the 'Internet of Things' - ITProPortal - August 28th, 2020
- Distributed Denial of Service (DDoS) Protection Market Will Generate New Growth Opportunities in the next upcoming year - The Daily Chronicle - August 28th, 2020
- IT Security Market to Remain Competitive | Major Giants Continuously Expanding Market - The News Brok - August 28th, 2020
- Internet Of Things Iot Security Market : Global Industry Analysis And Opportunity Assessment 2026 Cisco Systems, Inc., Ibm Corporation, Intel... - August 28th, 2020
- Click Fraud Risk as Smartphone Is Discovered with Pre-Installed Malware - Infosecurity Magazine - August 28th, 2020
- The ability to hear, be heard and be understood is vital The importance of audio communication devices in security - IFSEC Global - August 28th, 2020
- Wrap your ears around Episode 451 of the Two Blokes Talking Tech podcast - Tech Guide - August 28th, 2020
- Taking stock of the Chinese factor in American elections - Arab News - August 28th, 2020
- How to choose and set up a business VPN - TechRadar - August 28th, 2020
- Internet Grows to 370.1 Million Domain Name Registrations at the End of the Second Quarter of 2020 - Social News XYZ - August 28th, 2020
- Internet of Things Security Market Analysis by Size, Share, Growth, Latest Innovation, Trends and Forecast 2019 2025 - Scientect - August 28th, 2020
- The TikTok Ban Should Worry Every Company - Harvard Business Review - August 28th, 2020
- TLS and VPN Flaws Offer Most Pen Tester Access - Infosecurity Magazine - August 28th, 2020
- The Center for Internet Security (CIS) Use Cases and Cost Justification - Security Boulevard - August 10th, 2020
- Peering into the Future of Sino-Russian Cyber Security Cooperation - War on the Rocks - August 10th, 2020
- Internet of Things Security Industry Market Sales, Price, Revenue, Gross Margin and Industry Share 2020-2025 - Express Journal - August 10th, 2020
- Insights on the Cyber Security Global Market to 2028 - Featuring Dell Technologies, Fireeye & Fortinet Among Others - GlobeNewswire - August 10th, 2020
- So What Does Trump Have Against TikTok? - The New York Times - August 10th, 2020
- Internet of Things (IoT) Security Market Size, Development, Key Opportunity, Application & Forecast to 2025 - Chelanpress - August 10th, 2020
- Someone just dumped 20GB of internal Intel data on the Internet - TechSpot - August 10th, 2020
- Malaysia Internet of Things (IoT) Security Market Size, Global Future Trend, Segmentation, Business Growth, Top Key Players, Opportunities and... - August 10th, 2020
- Global Internet of Things (IoT) Security Market 2020 Competitive Analysis Cisco Systems, Intel Corporation, IBM Corporation - Owned - August 10th, 2020
- Common Internet of Things security pitfalls Urgent Comms - Urgent Communications - July 29th, 2020
- US starts work on making virtually unhackable internet a reality; All you need to know about Quantum Internet - The Financial Express - July 29th, 2020
- Internet Of Everything (IoE) Market Growth Analysis By Manufacturers, Regions, Types and Application Forecast - Market Research Posts - July 29th, 2020
- What are you giving away on social media? | IT PRO - IT PRO - July 29th, 2020
- Explained: Why is spyware, stalkerware gaining traction during the pandemic? - The Indian Express - July 29th, 2020
- Are we seeing the beginnings of an Indian internet? - Deccan Herald - July 29th, 2020
- What the Tech? Check Your Internet Security When Working from Home - Alabama News Network - July 27th, 2020
- Security of the internet is improving, but there is work to be done - Security Magazine - July 27th, 2020
- Outlook on the Internet Security Software Market to 2025 by Application, End-user and Geography - CueReport - July 27th, 2020
- U.S. Government Says Its Building A Virtually Unhackable Quantum Internet - Forbes - July 27th, 2020
- Amid 'heightened tensions,' US government issues warning to critical infrastructure providers - Utility Dive - July 27th, 2020
- The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound... - July 27th, 2020
- WISeKey to Showcase its Cybersecurity Solutions for Artificial Intelligence Used in Drones and Robots at SIDO 2020 - GlobeNewswire - July 27th, 2020
- Various Politicians, Companies, And Activists Are Targeted By A Secretive Industry - See How India Has Become A Hire-for-hack Place For Other... - July 27th, 2020
- Internet of Things (IoT) Security Product Market Forecasts and Opportunity Assessment Analysis 2019-2025 - Owned - July 27th, 2020
- ESET scores high in the Business Security Test 2020 - My Startup World - July 27th, 2020
- Global Internet of Things (IoT) Security Market 2020 Trends Analysis and Coronavirus (COVID-19) Effect Analysis | KEY PLAYERS MARKET WITH COVID-19... - July 27th, 2020
- The 12 Coolest AWS Tools Of 2020 (So Far) - CRN - July 27th, 2020
- Smart Home Market with COVID-19 Impact Analysis by Product, Software & Services, and Region - Global Forecast to 2025 - GlobeNewswire - July 27th, 2020
- MailVault ties up with BD Soft as the National Distributor, for the Indian Markets - CRN.in - July 27th, 2020
- WISeKey Appoints Ben Stump as Chief Revenue Officer to Drive the Next Phase of its Global Growth - GlobeNewswire - July 27th, 2020
- 4G internet not a security concern, no objection restoring it: JK admin tells Centre - The Kashmir Walla - July 27th, 2020
- This Is a Good Time to Buy Fastly Stock on the Dip - InvestorPlace - July 27th, 2020
- How firms are keeping staff and secrets safe from hackers now everyone is working remotely - CNBC - July 27th, 2020
- Cloudflare goes down, and takes the internet's security blanket with it - Mashable - July 23rd, 2020
- Should You Connect Your Brain to the Internet? - Security Boulevard - July 23rd, 2020
- Global Internet Security Market Growth Rate and Opportunities By 2025 With COVID-19 Outbreak, Top Players: HPE, IBM, Intel, Symantec, AlienVault,... - July 23rd, 2020
- Global Internet Security Market 2020 Growth Rate, Gross Margin, Competitive Situation and Trends, Forecast To 2026 - 3rd Watch News - July 23rd, 2020
- How Coronavirus Pandemic Will Impact Internet Security Software Market Size, Growth Opportunitis, Current trends, Forecast By 2026 - 3rd Watch News - July 23rd, 2020
- IT Security Consulting Services Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the... - July 23rd, 2020
- Scammers prey on Coronavirus fears - The Tomahawk - July 23rd, 2020