Book Demo!

In the last 24 hours, the news has been filled with reports about the Capital One data breach that impacts 100m customers.  According to the bank, the hacker gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information.

While reports do not provide the technical details of the breach, we do know that the hacker used a misconfigured application firewall. This vulnerability let the attacker inside the organization network and likely enabled her to gain privileged escalation or elevated access / credentials to sensitive data (i.e. customer data).

The Capital One Data theft showcases the importance of implementing a Zero-trust security model and privileged access management tools for hybrid and cloud environments. A zero-trust model is based on access control and not trusting anyone by default, even those already inside your network perimeter. It helps promote security of internal network components even if some of them are breached.

Privileged access management (PAM) tools, such as XTAM, help promote a zero-trust model inside corporate networks by limiting the access to vital resources even from devices inside the firewall. This limits the possibility of cybercriminal moving laterally inside the network.

PAM solutions do this by putting privileged credentials inside a secure vault or repository. System admins and other privileged users must go through the PAM software and be authenticated in order to access their credentials. The PAM software logs, records and monitors each session and can send alerts regarding suspicious activity.

PAM tools can control user access to cloud, hybrid or on-premise environments. Using a zero-trust approach, PAM software forces trusted users to go through the PAM solution to access corporate systems, companies can create a security perimeter across hybrid environment and effectively block malicious outsiders.

In the wake of the Capital One data breach, companies should begin implementing a zero-trust model and modern PAM tools. In fact, Gartner named PAM a top IT security project for 2019 and 2018.  This approach will help strengthen a company’s cloud, hybrid or on-premise network – even in the case of a breach.  Companies can feel confident that their infrastructure and privileged data will remain secure from threats and meet regulatory requirements.

Download Xton Access Manager

Xton Access Manager is a modern, cloud-ready approach to PAM software. An enterprise-grade solution, XTAM is designed to simplify privileged account management while limiting your risk of security breaches and regulatory issues.

 

 

Categories: Industry

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Industry

Improving Database Security with Privileged Access Management

Cybercriminals and hackers want access to your most sensitive information and systems. Customer data, PPI, and company secrets are often kept in databases. With cyber threats on the rise, database security has never been more Read more…

Industry

The Challenge with Jump Servers and Privileged Accounts

A lot of companies rely on jump servers as part of their security strategy.  It’s common for a company to create a jump server for IT administrators to connect to SSH and RDP as part Read more…

Industry

Insider Abuse, Google and Privileged Users

Recent news reports found that Google fired dozens of employees from 2018 -2020 for abusing their access to company data. While insider abuse is not new, it is a growing threat and one that companies Read more…

Copyright © 2020 Xton Technologies, LLC. All rights reserved.