The complexity of today’s cybersecurity challenges requires a zero trust approach. Active Directory is a tool used to achieve zero trust security by enabling the evaluation of users’ rights. It is, therefore, critical that organisations track and alert on asset state changes and continuously detect lateral movement and privilege escalation. Kartik Shahani, Country Manager, Tenable India, in an interaction with CIO Axis, explains the strategy to protect Active Directory which can be exploited by the cybercriminals to cause drastic disruptions to business continuity.
1. Why is zero-trust more important now?
Organisations are undergoing large operational shifts, including the migration to cloud technology to cater to a distributed workforce. That means that users and their endpoints, data and applications have moved outside the physical walls of an organisation. This broadens the attack surface and exposes vulnerabilities across disparate perimeters. With a “Never trust, always verify” approach, zero trust assumes that no user, application or asset should be trusted, regardless of their location or privilege.
2. Why must trust be treated as a vulnerability in today’s way of working in India?
Just as software vulnerabilities are routinely exploited in cyberattacks, trust is no different in perimeter-based defences. Attackers frequently exploit privileges and trust to perform lateral movement as part of the attack path. A zero trust approach allows security teams to identify where trust is built into systems and networks including access points, applications and firewalls and harden those systems. Tools like multi-factor authentication, identity and access management, and encryption software can also be used to add an additional layer of security.
3. How Active Directory is at the centre of enabling trust?
In most organisations, user access and privileges are granted based on the notion that some users are fundamentally more trustworthy than others based on their role or standing in the organization. With a trust no one, validate everything approach, zero trust security relies on the systematic and continuous evaluation of users and their permissions. Active Directory is a tool used to achieve zero trust security by enabling the evaluation of users’ rights. It is, therefore, critical that organisations track and alert on asset state changes and continuously detect lateral movement and privilege escalation.
4. How can cybercriminals exploit Active Directory to cause drastic disruptions to business continuity? What should be the strategy to protect Active Directory?
Unpatched software vulnerabilities and misconfigurations are low hanging fruits for cybercriminals looking to gain a foothold in the organization. Once inside the system, attackers will then go after the Active Directory (AD) infrastructure to gain lateral movement and compromise further systems. If a cybercriminal gains privileged access to AD, they essentially have the “blueprints to the castle” as they can perform a number of actions, including creating new admin-level users, adding new machines to the network, deploying malware (such as ransomware) easily, and stealing data. This is all achieved by compromising just one asset on the domain. The first step to protect AD is to mitigate misconfigurations, reduce privileged AD group membership and privileged AD accounts.
5. How do cyber hygiene fundamentals make Zero Trust security possible?
Organisations need to have visibility into everything and everyone within the entire attack surface. This includes identifying systems and data that compromise the environment, roles and responsibilities of people touching those systems, and areas where cybersecurity vulnerabilities may arise. With visibility comes the comprehension of who needs access to what. This is where AD comes into play. Cleaning up AD misconfigurations, enabling evaluation of user rights and continuously monitoring AD for suspicious activity should be prioritized. Once visibility is achieved and vulnerabilities arising out of trust are addressed, cybersecurity teams must remain vigilant by continuously monitoring the environment.
6. The growth of telemedicine due to increasing cases of COVID-19 infections across the globe has led to the exposure of patient records. How should the healthcare industry approach cybersecurity?
Technology-dependent services such as telehealth, COVID-19 contact tracing apps and a rush to develop and distribute vaccines have greatly expanded the attack surface. In order to reduce the risk of compromise, healthcare organizations should take a two-pronged approach to reduce the increasing number of threats. They need to identify and remediate vulnerabilities and misconfigurations most likely to target and impact your organization. Once the vulnerabilities and misconfigurations most likely to introduce business risk are identified and prioritized, remediate them and continue regular maintenance check-ups.
7. Any tips for accelerating your Zero Trust journey?
Zero trust security is not a product or solution. It is a broader strategy for modern security that adapts to the complexity of today’s business environment. Organisations need to look within and identify what workflows fulfil the core mission and objective and who owns these workflows. Understanding how data flows within the organization helps to identify high-value assets that need to be protected. By limiting access to these assets and performing regular audits on user permissions, organisations can gain full visibility into IT, IoT and OT assets. In a remote working environment, end-points must be free of vulnerabilities and must be configured in a way such that they can defend themselves against attacks. These are fundamentals of cyber hygiene and no zero trust journey can begin without getting the basics right.