Stopping Legitimate Login Credentials being used for Security Breaches

Many data breaches involve the use of legitimate login credentials. Guarding against these ‘insider threats’ means better protecting all authenticated users access to the network, and the sensitive information within.

stopping legitimate login credentials security breaches

The Threat from Human and Authenticated Users

There is now widespread recognition that the insider threat is very serious but in most sectors there is insufficient follow-through to build the right plans, organization and controls to deal with it.

Whilst a comprehensive approach is needed to best tackle the problem, technology is best positioned to outrightly restrict and stop legitimate logon credentials being used for security breaches.

1. Authenticated Users with Authorized Access and Rights

Organizations are now starting to recognize that the insider threat, whether malicious, negligent or exploited, involve authenticated users who have authorized access and rights to an organization’s network, system and data.

2. Users are Human

Users are human, they are flawed, and they are careless and often exploited. They will always act outside the boundaries of policy and sometimes common sense. Whilst most individuals given the appropriate information, will pursue a course of action that supports the organization’s security initiatives, most is not all. This trust needs to be verified.

By recognizing the insider threat are authenticated users and human, organizations can stop blaming users for security breaches and look to better control all authenticated access to verify the employee is who they say they are.

How to Best Control Authenticated User Access

Stronger preventative controls must be placed on all authenticated users’ access.

However with today’s digital workplace, users are demanding less friction when accessing the network. This prevention is therefore a move away from intrusive controls which impede all users (smartcards, tokens etc…) all of the time, to smarter non-intrusive controls that are transparent to the user.

Context-aware Access Controls

This non-intrusive protection is best achieved through contextual information (location, time, number of simultaneous sessions, session type – interactive sessions, Wi-Fi & VPN sessions and IIS sessions) that are folded into an authorization decision to better ensure an authenticated user’s claimed identity.

These contextual access restrictions help ensure network access is via login that is unique to the user and not shared. They control when, where and how employees access the network and sensitive information within and stop unwanted access.

For example, non-intrusive context-aware controls allow an organization to:

  • Stop malicious users seamlessly using legitimate and valid logon credentials of others.
  • Stop attacks from stolen or compromised credentials (e.g. from social engineering) being used in external attacks to access the network.
  • Out rightly restrict certain careless user behaviour such as sharing credentials which lead to security breaches.
  • Secure network access across all session types to better protect employees’ network access from mobile devices and remote working.

Accountability and Attribution

What’s more by ensuring unique user logins and verifying identity, an organization can now place real accountability on all users’ actions. With real-time monitoring and alerts to suspicious access behaviour, transparency in this regard will encourage good user behaviour and discourage malicious actions.

Build on Native Controls with Specialist Security Technology

Despite more and more employers implementing a wide range of steps to reduce the risk of insider threats, employees still pose a security threat.

To mitigate insider threats its important organizations build on existing native controls with specialist security technology to better control, restrict, monitor and audit internal network access for all authenticated users.

Download a free trial of UserLock for Windows Active Directory Infrastructure

UserLock is a simple, non-disruptive technology that leverages and extends an organization’s existing investment in Active Directory. It works alongside the Active Directory structure – access policies can be defined by user, user group or OU, but it doesn’t change the structure or schema. UserLock works side by side with Active Directory to complement and enhance native security.

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.