Security News > 2022 > March > How to contain a privileged access breach and make sure it doesn’t happen again

This is all too common-74% of breached organizations have admitted the attack involved access to a privileged account-and organizations need a better way to combat privileged access attacks.

Thus, removing the standing privileged access that attackers require to maintain a presence and gain lateral movement is a quick way to contain a breach.

When an attacker gains access to credentials with standing privileged access in place, they weaponize their elevated access to bypass traditional extended detection and response, endpoint detection and response, and next-generation antivirus solutions, all of which focus on files, network and process activity, but have no visibility into privileged identities.

Instead of standing privileged access, a "Just-in-Time" approach allows administrators to protect systems by only permitting access to verified, trusted administrators for a finite period, with continuous enforcement of no privileged access otherwise.

During an incident, organizations should start implementing Just-in-Time access for the riskiest groups and users first to reduce standing privileged access among those most likely to be compromised.

By limiting both the number of accounts that get full access and how that access is granted, organizations can greatly reduce the risk of cyberattacks and the lateral movement that may occur after a breach.

News URL

https://www.helpnetsecurity.com/2022/03/14/privileged-access-breach/