Security Market Segment LS
Wednesday, 30 November 2016 15:04

CyberArk finds Microsoft Credential Guard flawed

By

Attackers with local administrator rights can harvest encrypted service credentials to achieve lateral movement and full domain compromise on Windows endpoints.

CyberArk,  a leader in Privileged Account Security, has released new research demonstrating security weaknesses in Microsoft Credential Guard and Windows operating systems that allow attackers with local administrator rights to steal and use encrypted service credentials to achieve lateral movement and full domain compromise.

This research supports a recent FBI flash alert that recommends prioritising credential protection, including implementing least privilege and restricting local accounts, to limit a threat actor’s ability to gain highly privileged account access and move throughout a network.

CyberArk has also announced new behavioural analytics to block and contain advanced threats targeting this style endpoint credential theft. CyberArk Viewfinity has been upgraded and renamed CyberArk Endpoint Privilege Manager.

CyberArk Endpoint Privilege Manager protects against advanced threats that exploit privileged credentials by interlocking three core capabilities: privilege management, application control and new targeted credential theft detection and blocking to stop and contain damaging attacks at the endpoint.

According to testing done by CyberArk Labs on more than 150,000 ransomware samples, the removal of local administrator rights, combined with application control and greylisting, was 100% effective in preventing ransomware from encrypting files. Despite recognition that the removal of local administrator rights on the endpoint is an established best practice, it found that an alarming 62% of organisations have not taken steps to do so.

“Even if malware disappeared tomorrow, attacks and breaches would still occur. Organisations need to be thinking about long-term solutions, not just addressing the latest threat in the headlines,” said Adrian Sanabria, senior security analyst, 451 Research. “With attackers getting better and better at evading short-term prevention methods, organisations must also focus efforts on reducing endpoint attack surface and hardening, including defending admin privileges against malicious abuse.”

Reducing the attack surface with privilege security on the endpoint

CyberArk Endpoint Privilege Manager now helps organisations detect and block credential theft attempts by malicious users and applications including Windows credentials, remote access application credentials and those credentials stored by popular Web browsers and corporate network and cloud applications. CyberArk is also able to block hash harvesting at the endpoint to prevent Pass-the-Hash, an attack leveraging stolen credentials.

New targeted behavioural analytics are based on cyber threat detection technology acquired from Cybertinel last year, combined with continuous research from CyberArk Labs focused on identifying common privileged account-based attack patterns and malware behaviour to further reduce the risk of emerging threats. These new capabilities complement enterprise security best practices for hardening the endpoint, including:

  • Removing local administrator credentials: CyberArk automates the removal of local administrator rights to reduce risk while alleviating pressure on help desk support and minimising the impact on user activity by seamlessly elevating privileges for authorised applications or tasks.
  • Enabling flexible application control: CyberArk application control capabilities, featuring automatic policy creation, allows to prevent malicious applications from executing and utilises grey listing to run unknown applications in a restricted mode.

“Instead of adding layer after layer of preventative endpoint security controls on a weak foundation, CyberArk offers customers a different, proactive approach – one that prioritises securing privilege across the organisation and extends it to the endpoint,” said Roy Adar, senior vice-president, product management, CyberArk. “We know advanced attacks start at the endpoint with attackers going after credentials, so we combined powerful technology, deep research and known best practices to stop them from advancing and doing damage.”


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments