In the last 24 hours, the news has been filled with reports about the Capital One data breach that impacts 100m customers. According to the bank, the hacker gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information.
While reports do not provide the technical details of the breach, we do know that the hacker used a misconfigured application firewall. This vulnerability let the attacker inside the organization network and likely enabled her to gain privileged escalation or elevated access / credentials to sensitive data (i.e. customer data).
The Capital One Data theft showcases the importance of implementing a Zero-trust security model and privileged access management tools for hybrid and cloud environments. A zero-trust model is based on access control and not trusting anyone by default, even those already inside your network perimeter. It helps promote security of internal network components even if some of them are breached.
Privileged access management (PAM) tools, such as XTAM, help promote a zero-trust model inside corporate networks by limiting the access to vital resources even from devices inside the firewall. This limits the possibility of cybercriminal moving laterally inside the network.
PAM solutions do this by putting privileged credentials inside a secure vault or repository. System admins and other privileged users must go through the PAM software and be authenticated in order to access their credentials. The PAM software logs, records and monitors each session and can send alerts regarding suspicious activity.
PAM tools can control user access to cloud, hybrid or on-premise environments. Using a zero-trust approach, PAM software forces trusted users to go through the PAM solution to access corporate systems, companies can create a security perimeter across hybrid environment and effectively block malicious outsiders.
In the wake of the Capital One data breach, companies should begin implementing a zero-trust model and modern PAM tools. In fact, Gartner named PAM a top IT security project for 2019 and 2018. This approach will help strengthen a company’s cloud, hybrid or on-premise network – even in the case of a breach. Companies can feel confident that their infrastructure and privileged data will remain secure from threats and meet regulatory requirements.
Download Xton Access Manager
Xton Access Manager is a modern, cloud-ready approach to PAM software. An enterprise-grade solution, XTAM is designed to simplify privileged account management while limiting your risk of security breaches and regulatory issues.