Thursday, 29th July 2021
Logo

Privilege securty gap

Vectra research highlights need to continuously monitor account behaviours once access to a network has been granted.

Vectra AI says that there is a major security gap that is obvious, important and urgent: the ability to know if privileged accounts and services are compromised. It is continuing proof that traditional access-based approaches that rely on one-time security gating decisions or predefined lists of privileged identities continue to fail.

Published in the Vectra 2020 RSA Conference Edition of the Attacker Behavior Industry Report and Spotlight Report on Privilege Access Analytics Report, the findings provide a first-hand analysis of active and persistent attacker behaviours from more than five million workloads and devices from customer cloud, data centre and enterprise environments.

Key findings from the 2020 RSA Conference Edition of the Attacker Behavior Industry Report and Spotlight Report on Privilege Access Analytics :

§Potentially malicious privilege access from an unknown host was the most common privileged access anomaly behaviour observed, accounting for 74% of all privilege access anomaly behaviour detections. These are similar to the behaviours found in the Capital One breach.

§Finance and insurance, healthcare and education organizations exhibited the most privilege access anomaly behaviours. These three industries together account for almost half (47%) of all privilege access anomaly behaviour detections.

§Across all industries, 215 attacker behaviour detections per 10,000 hosts were observed. This is lower than the 282 attacker behaviours per 10,000 hosts experienced in the first half of 2019.

§Technology (138 detections per 10,000) and education organizations (102 detections per 10,000) remain the most common sectors to exhibit command & control behaviours, nearly 3 times more than the average across other industries.

§Small companies (0 to 5,000 employees) are more at risk of lateral movement attacks. Small companies observed 112 lateral movement behaviours per 10,000 hosts, nearly twice that of medium and larger sized companies.

Notably, the report highlights the importance of privileged access as a key part of lateral movement in cyber-attacks. Adversaries leverage privileged accounts to gain unauthorized access to the most critical assets that an organization relies on. It underscores the importance of continuous monitoring of user accounts, services and hosts once they gain access to and operate on the network so that security teams have the right information to take quick action against the malicious use of privilege across cloud and hybrid environments.

“The observations from this report reinforce the importance of visibility into privileged access and other attacker behaviours,” said Chris Morales, Head of Security Analytics at Vectra. “Combining data sources in the cloud with network data can stitch together a powerful combination of information that increases the likelihood of detecting and prioritizing post-compromise activities before a catastrophic breach occurs.”

OVHcloud, the European leader in cloud computing, has acquired BuyDRM, an American company specializ...
A new survey of enterprise IT security leaders showed an overwhelming majority--almost 80 percent--b...
Netwrix study dedicated to Sysadmin Day also finds that two thirds (66%) of system administrators ha...
New research from ThycoticCentrify reveals workers’ attitudes to cybersecurity and risks they take t...
Pax8 has formed a global partnership with Isoolate, a transformational provider of zero-trust web th...
Prisma® Cloud, the industry's only comprehensive Cloud Native Security Platform, has been selected b...
The UK’s cornerstone Smart Buildings Show returns for its largest event to-date. The free-to-attend...
83% of respondents believe their organization is at risk, while 64% anticipate the problem escalatin...