, ,

Thinking Like an Attacker to Protect Privileged Access

This blog post is an excerpt from GovLoop’s recent guide “Your Guide to Identity and Access Management.” Download the full guide here.

Federal agencies, departments and critical infrastructure today are frequent targets of targeted cyberattacks from the world over. These attackers hope to compromise complex government data, steal personally identifiable information (PII) or disrupt day-to-day operations, making it difficult to safeguard the government’s critical infrastructure.

To ensure protection of vital information, data and systems, leadership in the White House, Congress and the Homeland Security Department have worked to develop security mandates and regulations designed to secure agencies from both internal and external threats.

Privileged account protection and threat detection are at the center of many of these requirements due to their powerful role in providing access to critical cyber infrastructure and sensitive information.

To learn more, GovLoop sat down with Kevin Jermyn, Regional Manager, Federal Customer Success at CyberArk. CyberArk is a privileged access security market leader, focused on protecting data, infrastructure and assets in on-premises, cloud, hybrid and ICS environments, and throughout the DevOps pipeline.

“Privileged access can be exploited and used to gain access to sensitive data,” said Jermyn. “We’ve seen time and time again, attackers will get into the network. It’s not about keeping them out; it’s about limiting what they can do once they are in the network. How do we stop them from escalating privileges and moving laterally?”

Securing privileged access is critical; industry data suggests that nearly all targeted attacks involve the compromise of privileged credentials. Simple, automated privileged access security focused on risk reduction can increase information security and improve operational efficiency.

Designed from the ground up for security, the comprehensive CyberArk Privileged Access Security Solution helps government agencies efficiently manage privileged credentials and access rights, proactively monitor and control privileged activity, intelligently identify suspicious activity and quickly respond to threats. It helps IT security teams automate routine privilege functions and reduce risks of human error – and integrates with more than 100 vendors to help agencies proactively reduce risk.

Privileged access security, done well, complements identity access management and takes security and compliance a step further by helping IT teams get control over privileged accounts and credentials and provide granular visibility on how identities are actually being used. With built-in reporting and auditing features, the CyberArk solution helps agencies meet stringent compliance mandates.

“Privileged access is everywhere within an environment,” Jermyn concluded. “Government needs to be thinking about it more broadly than just a user accessing a server. There’s a lot more privilege that exists out there. Especially as agencies invest in cloud and DevOps, the privilege-related attack surface expands dramatically.”

Leave a Comment

One Comment

Leave a Reply