It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyber attacks, you need to move faster than the attackers to minimize damage.
Here’s an example. Remember the 2014 attack on Home Depot? It resulted in hackers stealing credit card information from an estimated 50 million customers. But what if it was possible to contain the outcome and limit those losses to 500 cards? Or even 50 cards?
Achieving Acceptable Losses in Cyber Warfare
This is the concept of acceptable loss, which means accepting the fact that you can’t stop every threat. Intruders will get into your environment. But once they’re in, with the right cyber security solutions you can stop them in place before they inflict too much damage. So, how is this achieved?
Let’s start by examining today’s cyber security landscape. Research from Mandiant has shown that, on average, it takes 208 days before a cyber intrusion is detected. Why is that? Because most regulatory compliance mandates require password changes every 90 days.
But if you’re changing your passwords every 90 days and somebody breaks in on day one, how long will they have access to your environment with that credential? At least 90 days – and that’s assuming you can detect them. If you can’t detect them, they’ll be in there for 90 days or 208 days … or maybe even years.
Now suppose that password lifetimes were measured in hours instead of weeks or months. Then, imagine that someone breaks in and steals one of your credentials. Or one of your IT administrators with privileged access leaves the organization. Under this scenario, at the end of a 24-hour cycle they can no longer get into your environment with those credentials.
Rapid, Automated Password Rotation is Key
To accomplish this, you must be able to automate the lifecycle of privileged identities for administrative access. That means throwing out the traditional concept of having people changing privileged passwords.
At Lieberman Software, we don’t believe that humans should change passwords ever again. This makes us the best friend of a lot of IT shops, because customers of our privileged identity management platform never have to change a password for an administrative account. Instead, the passwords are continuously updated in an automated manner.
This concept changes the cyber security world and stops zero-day attacks in their tracks. Think about what usually happens. Someone breaks into your environment, steals a credential, and sets up shop. What if that attacker came back just one day later, all your passwords were updated and he no longer had access? At that point he isn’t the attacker anymore, he’s the one being hunted. And that changes the entire ROI of cyber warfare.
So how fast do these automated password updates need to happen? Consider this. At our largest customer, we are deployed on 1.3 million systems. We started by deploying to more than 300,000 machines in one month. And just one node of our privileged identity management technology can handle about 2,000 machines per minute. And that speed keeps our customer one step ahead of the attackers.
If you like this topic, please leave a comment below.
You can also follow us on Twitter.
And you can subscribe to our RSS feed to get future posts delivered directly to you.