Top 5 dangerous threats from third-party vendors

Thanks to the acclaimed scandal between the companies Target and Ashley Madison, there have been frequent cases when we are witnessing how cooperation with third-party service providers can harm the “resilient” environment - where devices, services and applications regularly work in intensive mode, thereby providing hackers opportunity to penetrate the network of enterprises. Here are the top five common threats associated with the work of “foreign” suppliers:

Threat number 1 - General Access. This is one of the most dangerous authentication practices we face in large organizations. Imagine a unique service that is not used very often, but at the same time requiring some form of authentication of the accounting basis. Over time, users of this service change, and for convenience they use one account that is often used in the future. The service is currently available in different places, from different devices, and for different purposes. This allows one illiterate user (filling out an account of his choice) to put at risk this service and any following user of this service.

Common organizational services, from databases to communication protocols, can be a prime target for those seeking to expand their reach and gain improved access along the target network, the malicious user. Continuous monitoring of user behavior allows system administrators to prevent this kind of service abuse by applying an individual card authentication protocol and matching all abnormal user access events. Whether common accounts will be commonplace on your network or not, identifying in near real-time mode can be one sign of compromise on your corporate network.
')
Threat number 2 - Uneven access. Companies that cooperate with partner companies should understand that they have a long and serious relationship. Managing and monitoring trusted outsiders can lead to difficulties in trying to decide whether an account has been compromised or not. Inconsistent and frequent changes to the account and the use of resources, combined with ignorance of IT policies and rules, leads to a sharp jump in the number of warnings and alarms from targeted attacks.

The trust of a partner company or important content in a service center must begin with the full assimilation of the potential use of the end user in the company. This facilitates collaborative training of employees, and tightly monitoring lists of key users and predefined usage examples. All of this will help ensure that when a breach of accounts becomes suspected of misuse, your own SOC will use all the features to understand and correct the problem.

Threat number 3 - Joint Cloud. Many companies are taking their first steps by developing cloud-based security solutions. While regulating the use of cloud applications has received the most attention, we see more complex relationships that form the cloud between our traditional environments and new buildings, forming other spaces. Looking ahead, we recommend the adoption of authentication protocols and measures that take finer-grained control over this evolving attack surface. Understanding this vulnerability allows you to trust unauthorized access to the network; these surfaces require unique attention from SOC.

Threat number 4 - Internet-wide impact. A device that is connected to the Internet and provides remote access to a third party appreciates the desired time of an external attacker. Using social engineering and other fraudulent methods, an attacker can gain access to your shared network computer and develop its way through a network based on this equipment.

The use of secure remote connection protocols and the application of additional parameters for monitoring these workplaces will prevent the possibility of external use, unauthorized access, and can provide valuable information if an outsider is trying to build a fortress inside your territory.

Threat number 5 - Proximity to privileges. A privileged account is provided by both scammers, both internal and external malicious access at the level, they need reliable approaches of individual resources or the names of their own access levels. That is why privileged accounts should be kept secretly and away from common access workstations, such as those provided for trusted outsiders.

Although this is not always possible due to the fact that the majority of access is given to unauthorized persons who acquire a service or skill that requires some elevated privileges, we advise you to form leaders of specific groups of access to these devices in order to ensure that controller rules, other agents can assist in identifying anomalies in real time.