Charles Leaver – Four Lessons To Be Learned From Breaches At LastPass And Behavior Analytics

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

LastPass Cyber Attacks Have 4 Lessons Everybody Can Learn From

Data breaches in 2011 and after that once again in 2015 were inflicted on password management company LastPass. Specialists advise use of password managers, given that strong passwords unique to each user account are not feasible to recall without organized help. However, positioning all one’s eggs in a single basket – then for countless users to each put their egg basket into one giant basket – creates a tempting target for cyber criminals of every stripe. Cryptology professionals who have actually studied this recent breach at LastPass appear meticulously positive that significant harm has been prevented, however there are still important lessons we can learn from this event:

1. There Is No Perfect Authentication, There Is No Perfect Security

Any proficient, patient and motivated enemy will ultimately breach any useful cyber defenses – even if yours is a cyber defense business! Regretfully, for many businesses today, it does not typically require much ability or perseverance to breach their patchwork defenses and permeate their sprawling, permeable perimeters. Compromise of user credentials – even those of highly privileged domain administrators – is also quite typical. Again, sadly, lots of businesses count on single-factor password authentication, which merely welcomes widespread user data compromise. But even multi-factor authentication can be breached, as was proven with the 2011 compromise of RSA SecurID’s.

2. Utilize Situational Awareness When Defenses Fail

When the enemies have actually breached your defenses the clock is ticking on your detection, containment, and remediation of the occurrence. Market data recommends this clock has a very long time to tick – numerous days on average – prior to awareness sets in. By that time the hackers have pwned your digital assets and picked your business carcass clean. Crucial situational awareness is vital if this too-frequent tragedy is to be avoided.

3. Network and Endpoint Contexts Are Fused With Comprehensive Situational Awareness

In the current LastPass incident detection was achieved by analysis of network traffic from server logs. The cyber criminal dwell time prior to detection was not divulged. Network anomalies are not constantly the fastest way to recognize an attack in progress. A combination of network and endpoint context provides a much better decision basis than either context separately. For example, being able to merge network flow data with the originating process recognition can shed far more light on a prospective infiltration. A suspect network contact by a brand-new and untrustworthy executable is far more suggestive taken together than when analyzed separately.

4. After An Authentication Failure, Use User Behavior Analytics

Compromised credentials regularly create chaos across breached businesses, allowing assailants to pivot laterally through the network and run largely below the security radar. However this abuse of legitimate credentials varies noticeably from typical user behavior of the genuine credential holder. Even rather simple user habits analytics can spot anomalous discontinuities in learned user behavior. Always employ user behavior analytics, specifically for your administrators and more privileged users.

 

Leave a Reply

Your email address will not be published. Required fields are marked *