Catch the full recorded webinar here: https://www.beyondtrust.com/resources/webinar/external-attacks-government-privileged-accounts/ Privileged accounts and credentials comprise the keys to the enterprise kingdom, and our coveted by hackers--who are too often successful. This federal privileged access management (PAM) presentation from the webinar of Cyber security expert, and BeyondTrust Director of Product Management, Rod Simmons, will provide: - An overview of the threats to privileged accounts - How external attacks, once successful, can tranform into an insider-type attack -How to defuse risk across three layers of attack -How to effectively implement the principle of least privilege

1. External Attacks Against
Privileged Accounts
How Federal Agencies Can Build a
Layered Defense in Preparation for a Layered Attack

2. Agenda
• How did we get here?
• What is the result?
• By the numbers.
• Moving Forward.
• Summary

3. How Did We Get Here?

4. Vanishing Perimeter
Ongoing requirements to expose on-prem
resources to employees, partners, customers,
and vendors.

5. Complex Requirements
Our infrastructure is extremely complex

6. Friction Free
Demand for better
collaboration with
business partners
without the complex
security requirements

7. Cost
Advanced security comes with a
financial cost

8. User Education
Social engineering
and phishing is
successful due to lack
of good on-going user
education

9. How Did 2016 Look?

10. 6,435 CVE’s Published in 2016
Top Vendors in 2016:
793 492548698
(2 Remote 8 Local
Gain Privilege)
(10 Elevated local
user privilege)

11. Over
450
Vulnerabilities with
exploit code
available
Over
250
Vulnerabilities could
be mitigated if user
does not have
admin rights
Over
750
local exploits
that do not require
elevated rights

12. What is the Result?
2017 U.S. Federal Government Survey Findings

13. 50%

14. Have experienced
1-2 breaches in the
last 24 months

15. 61%

16. Believe it is rare attackers
leverage vulnerabilities to
gain access to privilege

17. 80%

18. Of people felt aging infrastructure
has an impact on
• Ability to achieve mission
• Achieve compliance
• Reduce cyber security risk

19. Top 3 Risks

20. Risks identified by senior
leadership
• Application vulnerabilities
• Nation state attacks
• Malware

21. 26%

22. Admitted to storing passwords in spreadsheets

23. By the Numbers

24. 63%

25. Insider & Privilege Abuse
Confirmed data breaches
leveraging:
• Weak Password
• Default Password
• Stolen Passwords

26. 33%

27. Insider & Privilege Abuse
Incidents involve end users
who have access to sensitive
data as a requirement to do
their jobs.

28. 40%

29. Of errors occurred due to user error
because of a capacity shortage
Honorable Mention
Publishing Errors – Publishing a document to the internet
Misconfiguration – ex. Mistake in a firewall rule exposes access

30. 99%

31. Malware hashes are seen
for only 58 seconds or less.
Most malware was seen
only once.
Malware is smart enough to
modify its own hash

32. 1 min, 40 sec

33. Median time for the first user of a phishing
campaign to open the malicious email

34. 3 min, 45 sec

35. Median time to the first
click on the attachment

36. 12%

37. Users who clicked on the
malicious attachments
allowing an attack to succeed.

38. 10

39. Number of Vulnerabilities that account
for 85% of breaches
96% of All breaches are from
vulnerabilities over 1 year old. Our
challenge is what 10 vulnerabilities

40. 10 & 100

41. Half of all exploitations happen
between 10 and 100 days after
the vulnerability is published

42. 90% of Cyberespionage breaches capture
trade secrets or proprietary information
14% of Insider and Privilege Misuse are in
leadership roles
14% of Insider and Privilege Misuse are
system admin and developers

43. Moving Forward
Establish Achievable Goals

44. Implement controls so a
compromise can be contained

45. Establish security zones so
systems and credentials are not
used outside of those zones

46. Tie accounts to
humans and avoid
users leveraging
unnamed accounts
like root

47. When possible avoid
using credentials in
apps leverage
SAML / claims

48. Have access rules that
adjust based on a systems
increasing risk or users
decreasing trust

49. Moving Forward
Recommendations

50. Prioritize Security

51. Multi-factor Authentication

52. Ongoing User Education

53. Prioritization with Patching

54. Automated Credential
Management

55. Understand and Limit
Privilege Access

56. Application Control

57. Account Reduction

58. User Behavior Analysis
on All Users

59. Audit, Audit, Audit and Audit

60. Common Sense

61. Network Segmentation

62. Egress Filtering

63. Next Steps
1. Prepare today so you are ready to stop
breaches tomorrow.
2. Establish a process to secure identities
and define trust level?
3. Understand the difference between
security asset and identity risk
4. Talk to a solutions provider about how to
identify and address gaps.

64. Q & A

65. Trust the solution relied upon by more than 200 federal
departments, agencies and all five branches of the US Military.
Learn more about BeyondTrust solutions for Privilege Access
Management, and Vulnerability Management in government.
www.beyondtrust.com/government
federalsales@beyondtrust.com
800-234-9072