[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Trust no one: A better way to close the security gap?
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-08-21 12:06:24
Message-ID: alpine.DEB.2.02.1508211206130.4800 () infosecnews ! org
[Download RAW message or body]
http://gcn.com/articles/2015/08/19/zero-trust-security.aspx
By Paul McCloskey
GCN.com
Aug 19, 2015
Agencies are increasingly turning to predictive analytics to root out
fraud, but those aren't the only tools being used to spot and control
anomalous behavior. New identity security tools are emerging to help
enterprises that might be victimized in fraud schemes enabled by insiders
or attackers using insider credentials. Those users have been at the
center of several recent high-profile attacks. Their privileges were
exploited as the result of sophisticated spear-phishing attacks, including
the one on health insurer Anthem earlier this year in which 80 million
records were stolen.
"These are privileged users with access to everything in the database —
not just their records; they have the ability to go from system to system
inside a corporate or government infrastructure," said Ken Ammon, chief
strategy officer at Xceedium.
"What happens is criminals target those individuals because they know
their roles or their accounts are extremely powerful in the organization,"
Ammon said. "If they can send them an email that they might click on, it
installs as a super user who now can download the entire corporate
database from network to network."
To help defend against that vulnerability, Xceedium has embraced a policy
of "zero trust," whereby access is extended only for a specific reason and
for a specific amount of time.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic