Source: securityboulevard.com – Author: Nathan Eddy
Identity and credential misconfigurations pose a major security risk to organizations, with companies in energy, manufacturing and financial services particularly vulnerable due to their large digital footprints.
These were among the findings of XM Cyber‘s report on exposure management risks, conducted in partnership with the Cyentia Institute.
The report summarizes insights from analysis conducted using XM Cyber’s Continuous Exposure Management platform in 2023. It includes findings from hundreds of thousands of attack path assessments, revealing over 40 million exposures affecting 11.5 million critical business entities.
Among its findings: More than (56%) of exposures affect critical assets residing in cloud platforms. A substantial portion of these exposures sit within a company’s active directory—a linchpin for connecting users to network resources.
Eighty percent of organizations are vulnerable to credential dumping techniques, and nearly three-quarters (72%) of all exposures are based on Active Directory (AD), identity and misconfiguration exposures.
This critical infrastructure doubles as a prime target for adversaries seeking to exploit misconfigurations and gain elevated privileges.
Meanwhile, poor endpoint hygiene plagues most environments, with cached credentials and a lack of endpoint detection and response (EDR) coverage across a quarter of an organization’s devices offering ample opportunity for attackers to establish initial footholds.
“The problem is that a misconfiguration is just another configuration. The way to declare a configuration as a misconfiguration is to know exactly why the configuration is needed, what its impact is and whether the impact was not intended,” said Shay Siksik, XM Cyber’s vice president of customer experience.
This requires local knowledge: deep knowledge of the network, the people, their roles and responsibilities, and the need to have privilege. “It might be easy to manage for a small organization of 20 people, but when it comes to midsize or large organizations, maintaining a ‘least privilege’ approach is very challenging,” Siksik explained.
In many cases, the security team doesn’t know if a configuration is needed. They need to approach other teams to understand whether a configuration is required, risky or otherwise.
Every change and every configuration might undergo a proper change management process and risk assessment, but it’s highly difficult to see the change in the big picture. “While every configuration by itself is not risky, combining them together may pose a risk,” Siksik said.
Although many organizations think of exposures as those in the set of Common Vulnerabilities and Exposures (CVEs), exposures go beyond just CVEs. “While organizations are focused on patch management and vulnerability management to address CVEs, the maturity to mobilize teams and remediate misconfigurations is low, leaving organizations exposed,” Siksik said.
Exposure Management Requires Holistic Approach
In terms of overall risk to critical assets, exposures associated with CVE-based vulnerabilities are dwarfed by those involving compromised identities and credentials, per the report’s findings.
“That doesn’t mean vulnerabilities shouldn’t be patched, but it absolutely does mean that protecting critical assets requires a much more holistic approach to exposure management,” Siksik said.
This includes misconfigurations, mismanaged credentials, excessive permissions and user behaviors—and each exposure types requires a different approach and different investment.
While fixing CVEs is simple and mature, fixing misconfigurations is different. It involves a process of chasing internal documentation and knowledge to identify whether the configuration is needed, validating that need and either accepting the risk or making a configuration change.
Other aspects, like mismanaged local credentials, may require organizations to invest in technology and then initiate a new project to adapt and improve the way local credentials are kept, stored and rotated. “While this will broaden the scope of exposures, the exposure list will grow as well, and prioritization will become a clear need,” Siksik said.
Photo credit: Jonas Jacobsson on Unsplash
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2024/05/identity-credential-misconfigurations-open-worrying-security-gaps/
Category & Tags: Analytics & Intelligence,Cloud Security,Cybersecurity,Endpoint,Featured,Identity & Access,Identity and Access Management,Insider Threats,News,Securing the Cloud,Security Boulevard (Original),Social – Facebook,Social – X,Threat Intelligence,Active Directory,configuration,CVE,cyentia institute,EDR,endpoints,Energy,Financial Services,manufacturing,security exposure,Vulnerabilities,XM Cyber – Analytics & Intelligence,Cloud Security,Cybersecurity,Endpoint,Featured,Identity & Access,Identity and Access Management,Insider Threats,News,Securing the Cloud,Security Boulevard (Original),Social – Facebook,Social – X,Threat Intelligence,Active Directory,configuration,CVE,cyentia institute,EDR,endpoints,Energy,Financial Services,manufacturing,security exposure,Vulnerabilities,XM Cyber
