Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Top 5 security threats from 3rd parties

Idan Tender, CEO, Fortscale | Oct. 13, 2015
From Target to Ashley Madison, we’ve witnessed how interconnections with third-party vendors can turn an elastic environment -- where devices, services and apps are routinely engaging and disengaging -- into a precarious space filled with backdoors for a hacker to infiltrate an enterprise’s network.

This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

From Target to Ashley Madison, we’ve witnessed how interconnections with third-party vendors can turn an elastic environment -- where devices, services and apps are routinely engaging and disengaging -- into a precarious space filled with backdoors for a hacker to infiltrate an enterprise’s network. Here are the top five threats related to working with 3rd parties:

Threat #1 - Shared Credentials. This is one of the most dangerous authentication practices we encounter in large organizations. Imagine a unique service, not used very frequently, requiring some form of credential-based authentication. Over time, the users of this service changes, and for convenience considerations, a single credential is often used. The service is now accessed from multiple locations, different devices and for different purposes. It takes just one clumsy user to fall victim to one {fill in the credential harvesting technique of your choice}, to compromise this service and any following user of that service.

Shared organizational services, from data bases to communications protocols, could become a prime target for a malicious actor seeking to expand his reach and gain improved access along a target network. Continuous user behavior monitoring enables system admins to prevent this kind of service misuse by enforcing an individual authentication protocols map and correlating all anomalous user access events. Whether shared credentials are a common sight in your network or not, identifying it in near-to-real-time could become a single sign of potential compromise in your corporate network.

Threat #2 – Irregular Access. Companies granting insider credentials to partnering companies must understand they are committing to a long and serious relationship. Managing and monitoring trusted outsiders could result in ongoing difficulties when trying to resolve whether an account has been compromised. Erratic and frequent changes of account and resource usage combined with unfamiliarity of IT policies and regulations, leads to a spike in alerts and alarms setting off.

Trusting a partner company or an important content or service provider should begin with complete assimilation of the end user’s potential use into the company. This means joint employee training sessions, tightly monitored and fixed user lists, and pre-defined engagement use-cases. All of these will help ensure that if a compromised credential becomes suspect of improper use, your SOC will own all the capabilities to understand and fix the problem.

Threat #3 – The Joint Cloud. Many companies are taking their first steps in deploying cloud-driven security solutions. While cloud-app usage regulation has received most of the attention, we are seeing more complex relations forming between our traditional environments and newly erected clouds, forming another under-addressed space. Looking forward, we suggest adopting cross-environment authentication protocols and measures that will enable more fine-grained monitoring over these evolving attack surfaces.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.