Key Takeaways from RSAC 2020
To Sum It Up
- Don’t forget to prepare for the likely – stolen credentials are still the most likely attack vector that hackers are exploiting.
- The human element holds both the greatest risk and the greatest potential for mitigating threats to organizations.
- There is hope – a use-case presented by Microsoft showed how removing legacy authentication reduced compromises by 67%.
- The same principle – removing excess access privileges – can now be applied to the network with the Zero Networks Access Orchestrator.
Prepare for the Likely
The Zero Networks team and I had the great pleasure of attending this year’s RSA conference (before the world was under quarantine). It was a great experience talking to security professionals about the latest cybersecurity challenges and solutions.
I was struck by the realization that as far as the industry has progressed over the past several decades, there are still a number of basic problems that linger because they have not been fully addressed. It seems that, as an industry, we have been so focused on finding solutions to thwart the most sophisticated attack vectors that we have failed to eradicate the simple ones, which actually end up being the root cause of most incidents. As president RSA Rohit said in his keynote, “preparing for the worst, does not prepare you for the likely”.
It is far more likely that an attacker will take advantage of the human element and compromise credentials than it is that they will utilize an exotic attack vector. The most recent 2019 DBIR indicated that 80% of hacking-related breaches still involve compromised and weak credentials; 29% of all breaches, regardless of attack type, involved the use of stolen credentials.
The Human Element
Jokers at the cybersecurity watercooler can be heard saying, “too bad you can’t patch people.” If software is vulnerable, it can be patched. If a person is vulnerable, well, that is much more complicated.
Even with their ‘un-patchy’ nature, people possess the potential to make security better. This was the essence of the theme of RSA 2020 this year – “the human element.” During the course of the show, the conference explored how people, not just technology, will solve the complex problems we are facing today. While humans usually seem like the “weak link” when it comes to security (and let’s face it, they are), they are also the solution to many security challenges that can’t be fixed by artificial intelligence, machine learning, or any other buzzword alone.
Disabling Legacy Authentication Reduced Compromise by 67%
Amongst all the great meetups, lectures and cool new vendors that explored the human element, one specific talk by Alex Weinert and Lee Walker resonated with me. This talk included real-world numbers that demonstrated the potential perils and great opportunities that arise when the human element is taken into account.
The talk discussed Microsoft’s journey to get rid of legacy authentication protocols, which rely on simple passwords that are easy to guess or steal, for their cloud applications, in favor of protocols that support multi-factor authentication (MFA). According to the talk, legacy protocols were used in 99% of password spraying attacks, and 97% of password “replay” attacks. Together, they were responsible for the compromise of over 1.2M accounts in January 2020, alone.
These numbers indeed show the flaw in humans – we are creatures of habit and we like convenience. This is why we have a habit of choosing simple, bad passwords, or use the same password for every single service online. This means when one of these online services is compromised, so is the password, and so is the credential for multiple sites.
While people were the underlying reason that these passwords are compromised, they are also the solution to the problem. MFA is a simple, yet powerful method to harness people in order to improve security. According to the talk, simply moving to more secure authentication, via MFA, reduced tenant compromises by 67%.
Implementation was not easy. It took roughly a year for them to enable MFA for all cloud applications, but the results, I think you would agree, were worth it. To streamline the process, the speakers recommend collecting a history of application access (recommended timeframe is 90 days) and simulating the changes before enforcing them to understand how they will impact user access.
Do the Same for Your Network
Microsoft’s use-case addressed cloud applications, but what about all the rest? Most organizations, especially large ones, have multiple applications, servers and endpoints, hosted on-premises and in the cloud. Some of these use legacy protocols, and some may not be using authentication at all (again, blame the human element). It took Microsoft a year to remove legacy protocols in their cloud alone, it seems an insurmountable task to accomplish for the entire organization. Luckily, I know it doesn’t have to be.
This is exactly why I joined Zero Networks. I wanted to help organizations finally solve these foundational, persistent security issues that have plagued the industry, in a way that is fast and scalable, oh and that doesn’t require ripping out and replacing everything that exists in the IT and network infrastructure. This is what Zero Networks does – utilizing the human element to accomplish in minutes what normally takes years. The Zero Networks Access Orchestrator starts by blocking all network access, then automates the whitelisting process by enabling users to authenticate themselves, using MFA, to gain access to the resources they need. This self-service approach to microsegmentation protects everything, in a simple, scalable way, using zero trust principles to give you airtight network access security.
Want to see how it works? Please contact us.