Jeffrey Kok, Vice President, Solution Engineers (Asia Pacific and Japan), CyberArk

    1. Foiling common exploits

    Malicious actors today explicitly target numerous exploits such as software bugs, vulnerabilities, or legitimate functions to manipulate unsuspecting individuals. The caveat is that they would need to convince a potential victim to execute a command/malware or open a file — the first step of unleashing a cascade of malicious activity inside and outside of the network. Therefore, what needs to be stopped is a situation when an application ever gets a chance to spawn another application in an elevated mode, otherwise known as child-and-parent process control. This vigilance will protect against various exploits that target PowerShell, MS Office, Adobe Acrobat and many other phishing/trojan horse schemes.

    2. Securing browsers

    Session hijacking is a weapon of choice for some attackers. This beautifully simplistic method stealthily allows malicious actors to take control of active sessions and can lead to unauthorized access and misuse of accounts. This is done by simply stealing a tiny text file (also known as a browser cookie or session token) from the target’s device to gain entry to the victim’s email, documents, or cloud configuration consoles. Particularly alarming is that session hijacking can circumvent intricate user authentication systems implemented by IT, including robust security measures like multi-factor authentication. The browser is the combat theater here, and the defense would be to restrict access to the browser’s memory and cookies with privilege threat protection to prevent a successful attack. Session hijacking can be thwarted by preventing cookie stealing, regardless of the attacker’s actions.

    3. Managing endpoint privileges

    Threat actors are known to try and gain unauthorized access to establish persistence, move laterally, escalate privileges, and cause damage. Blocking access to different credential stores within the operating system and third-party applications is an effective, low-maintenance measure. This can be achieved using an “endpoint privilege manager” that implements diverse rules to prevent credential and security token theft. Moreover, new rules are consistently added and dynamically delivered to endpoints to keep access controls up to date. For instance, a new rule for workstations and servers may be introduced to safeguard communication platforms like Discord from various data theft methods, thereby helping prevent data breaches.

    4. Stopping abuse of user privileges

    Despite widespread recognition that no user should work under local admin privileges, many organizations continue to allow users to continue doing so. This is why endpoint privilege managers can be useful to secure users that need elevated privileges for specific tasks. In situations where policies are too inflexible to allow automatic elevation, various prompt resolutions, such as just-in-time policies and offline authorization, are available for any conceivable scenario. Organizations can, therefore, react significantly faster than relying on a system administrator to connect remotely to a machine.