Three best practices to reduce insider cyberthreats

Federal agencies seeking to ramp up their cybersecurity defenses should adopt a strategy that puts greater focus on privileged users and their behavior, a new white paper advises.

By prioritizing privileged and administrative accounts that hackers often aim for most, IT teams can manage their agency’s IT risks more efficiently, the paper suggests.

The white paper, “Insider Threat Detection for Federal Agencies,” produced by CyberArk, lays out three key focus areas for IT executives to consider as they build threat detection capabilities:

• Centralize access to critical infrastructure.
• Effectively manage authentication.
• Monitor all privileged access activity.

Privileged or administrative user accounts, the paper states, “are designed to … manage or troubleshoot network systems, run services, or allow applications to communicate with one another.”

Putting additional safeguards in place to protect how these accounts are used will help IT teams reduce their risk against attackers who continually look for ways to access and exploit their systems.

Agencies can start by utilizing a modern password management system and digital vaults, for example, that centrally manage access to privileged accounts. That also enables administrators managing multiple accounts to store sensitive account passwords and private secure shell (SSH) keys.

“Instead of needing dozens or hundreds of sets of separate credentials to access necessary accounts, administrators need only one highly secure credential,” the paper explained.

Password vaults also give an organization the ability to rotate passwords and SSH keys, keeping in line with government best practices and reducing the risk of compromised credentials.

Using a central console login, administrators have the ability to seamlessly access all their authorized privileged accounts, even during emergencies. Additionally, “automated workflows enable users to easily request and receive approval to access needed privileged accounts,” the paper says.

That can also help expose malicious insiders whose behavior will look differently than legitimate users and who tend to “log in at different times, from different locations and access systems in different patterns.”

Because privileged user accounts have permission to manage network systems, those accounts present unique risks of being unintentionally or maliciously misused. Using a centralized system to collect analytics on behavioral patterns of legitimate users will make it more difficult for malicious insiders to hide.

“Centralizing, securing and managing credentials used to access privileged accounts both on-premises and in cloud-based environments is fundamental in securing your infrastructure,” the paper asserts.

Read the white paper “A Risk-Based Approach to Insider Threat Detection for Federal Government Agencies” for best practices on insider threat detection and how to reduce the attack surface on internal networks.

This article was produced by FedScoop for, and sponsored by, CyberArk.