External Attacks Against

Privileged Accounts

How Federal Agencies Can Build a

Layered Defense in Preparation for a Layered Attack

Agenda

• How did we get here?

• What is the result?

• By the numbers.

• Moving Forward.

• Summary

How Did We Get Here?

Vanishing Perimeter

Ongoing requirements to expose on-prem

resources to employees, partners, customers,

and vendors.

Complex Requirements

Our infrastructure is extremely complex

Friction Free

Demand for better

collaboration with

business partners

without the complex

security requirements

Cost

Advanced security comes with a

financial cost

User Education

Social engineering

and phishing is

successful due to lack

of good on-going user

education

How Did 2016 Look?

6,435 CVE’s Published in 2016

Top Vendors in 2016:

793 492548698(2 Remote 8 Local

Gain Privilege)

(10 Elevated local

user privilege)

Over

450Vulnerabilities with

exploit code

available

Over

250Vulnerabilities could

be mitigated if user

does not have

admin rights

Over

750local exploits

that do not require

elevated rights

What is the Result?2017 U.S. Federal Government Survey Findings

50%

Have experienced

1-2 breaches in the

last 24 months

61%

Believe it is rare attackers

leverage vulnerabilities to

gain access to privilege

80%

Of people felt aging infrastructure

has an impact on

• Ability to achieve mission

• Achieve compliance

• Reduce cyber security risk

Top 3 Risks

Risks identified by senior

leadership

• Application vulnerabilities

• Nation state attacks

• Malware

26%

Admitted to storing passwords in spreadsheets

By the Numbers

63%

Insider & Privilege Abuse

Confirmed data breaches

leveraging:

• Weak Password

• Default Password

• Stolen Passwords

33%

Insider & Privilege Abuse

Incidents involve end users

who have access to sensitive

data as a requirement to do

their jobs.

40%

Of errors occurred due to user error

because of a capacity shortage

Honorable Mention

Publishing Errors – Publishing a document to the internet

Misconfiguration – ex. Mistake in a firewall rule exposes access

99%

Malware hashes are seen

for only 58 seconds or less.

Most malware was seen

only once.

Malware is smart enough to

modify its own hash

1 min, 40 sec

Median time for the first user of a phishing

campaign to open the malicious email

3 min, 45 sec

Median time to the first

click on the attachment

12%

Users who clicked on the

malicious attachments

allowing an attack to succeed.

10

Number of Vulnerabilities that account

for 85% of breaches

96% of All breaches are from

vulnerabilities over 1 year old. Our

challenge is what 10 vulnerabilities

10 & 100

Half of all exploitations happen

between 10 and 100 days after

the vulnerability is published

90% of Cyberespionage breaches capture

trade secrets or proprietary information

14% of Insider and Privilege Misuse are in

leadership roles

14% of Insider and Privilege Misuse are

system admin and developers

Moving ForwardEstablish Achievable Goals

Implement controls so a

compromise can be contained

Establish security zones so

systems and credentials are not

used outside of those zones

Tie accounts to

humans and avoid

users leveraging

unnamed accounts

like root

When possible avoid

using credentials in

apps leverage

SAML / claims

Have access rules that

adjust based on a systems

increasing risk or users

decreasing trust

Moving ForwardRecommendations

Prioritize Security

Multi-factor Authentication

Ongoing User Education

Prioritization with Patching

Automated Credential

Management

Understand and Limit

Privilege Access

Application Control

Account Reduction

User Behavior Analysis

on All Users

Audit, Audit, Audit and Audit

Common Sense

Network Segmentation

Egress Filtering

Next Steps

1. Prepare today so you are ready to stop

breaches tomorrow.

2. Establish a process to secure identities

and define trust level?

3. Understand the difference between

security asset and identity risk

4. Talk to a solutions provider about how to

identify and address gaps.

Q & A

Trust the solution relied upon by more than 200 federal

departments, agencies and all five branches of the US Military.

Learn more about BeyondTrust solutions for Privilege Access

Management, and Vulnerability Management in government.

www.beyondtrust.com/government

federalsales@beyondtrust.com

800-234-9072