The next step is to ensure your IT environment is set up in the best possible way to reduce both the risk and damage of an effective escalation of privilege attack.
It’s common for hackers to target non-privileged, low-security accounts, then take advantage of poorly-architected systems to elevate their own privileges and move laterally through the IT environment towards critical assets and data.
Your goal in this stage should be to make lateral movement as difficult as possible.
If done right, this will ensure a successful attack is incredibly limited in scope. This involves a few key steps:
Segment systems and networks
This involves physically and virtually dividing the network into smaller parts, so each can act as its own self-contained unit. This might mean having self-contained IT networks (such as servers, databases, WiFi networks) for different offices or regions. It could also involve segmenting assets within a single network, such as separating guest from corporate Wi-Fi and splitting up development and production environments.
Today’s cloud-based businesses will also increasingly rely on virtualized, software-defined networking to achieve this kind of segmentation. Done right, this can split up virtual environments in the same way as an on-premises business might separate out physical wires and servers.
Separate and secure infrastructure
You should also apply a robust least privilege policy to your infrastructure. This can involve traditional physical security, particularly regarding on-premises infrastructure.
It also involves tightly controlling the people, accounts, and services that have access to that infrastructure. You might choose to implement privileged access workstations (PAW) here. These are single, dedicated machines that have exclusive access for specific tasks. These machines can have strict segmentation and security controls, making it difficult for hackers to access them.
Implement dynamic, context-based access
Another solution is to implement ‘just in time’ privilege – another feature offered by the most up-to-date privileged access management solutions. This essentially removes any standing or permanent privileges and ensures users can only be granted access for a time-limited period on a case-by-case basis.
In this case, you can take advantage of realtime vulnerability and threat data to identify suspicious behaviors (ie. new location, device, irregular login activity). The right technology can then dynamically assign and prevent access to privileged accounts, based on the perceived realtime risk factor.
