How it came into the limelight: FireEye, a cybersecurity company, brought this to attention when one of its users was called for Multi-factor Authentication (MFA) registration during a hacker attempt of lateral movement.
How can such an attack be mitigated with an IAM toolset
- MFA and password-less solutions: In this case, by bringing this attack to the limelight, MFA has played the vital role of preventive control. Hence, enterprises should enforce MFA for all types of users (both internal and external) while accessing any critical servers/services. The service should be rendered without affecting user experience.
- PAM Transformation (PAM 3.0): Extend PAM protection to all critical assets which include active directories, ADFS, network devices, storage devices, and thick client applications. In addition, solutions like Microsoft Defender for Antivirus in combination with a PAM solution like CyberArk suite of products (Core PAS+ EPM solution) can restrict the execution of malicious code on endpoints / critical servers.
- Predictive identity governance (IAG 3.0): Access / authentication requests and events have to be monitored by leveraging machine learning and deep learning algorithms, and access has to be provisioned or de-provisioned according to the risk of those access events. Security teams must also ensure that just-in-time and just enough privileges provisioning is enforced.
- Adaptive (Risk) based authentication in enterprise and consumer IAM: Generate risk on the basis of users' behavior (Geo-location, geo velocity, IP range) while they access resources (which includes an application, data and infrastructure) and search for any logins to service providers using SAML SSO, which do not have corresponding 4769, 1200 and 1202 events in the domain, so that corresponding risk can be increased, while access can be restricted/denied/validated with MFA.
Since identity is the new perimeter, proper implementation of IAM tool set plays a vital role in preventing / eliminating cyber-attacks of an enterprise. Enterprise must focus on implementing the solution by following the security standards, frameworks offered by industry bodies such as NIST (National Institute of Standards and Technology), CSA (Cloud Security Alliance), NCSA (National Cyber Security Alliance), ISACA (Information Systems Audit and Control Association), Information Systems Security Certification Consortium, Inc., (ISC) etc. We (Wipro) as recognized by leading research and analyst firms such as Gartner, Forrester, IDC, Everest Group, HFS Research, ISG, NelsonHall, are here to partner with you in establishing preventive and Detective cyber security controls by following the security standards, Zero Trust Strategy, Security by Design principles and Defense in Depth Practices.