POSTED BY: Navneet Singh on Palo Alto Networks Blog.

Employees, customers and partners connect to different repositories of information within your network, as well as to the internet, to perform various aspects of their jobs. These people and their many devices represent your network’s users. It’s important to your organisation’s risk posture that you’re able to identify who they are — beyond IP address — and the inherent risks they bring with them based on the particular device they’re using, especially when security policies have been circumvented or new threats have been introduced to the organisation.

Here are two high-profile, real-world breaches that you can learn from. The key takeaway here is that, to make the most of your next-generation firewall investment, it is critical to implement user-based controls.

Example 1: Data Breach at a Large U.S. Retailer

This data breach started with the attackers stealing a third-party vendor’s login credentials. This allowed them to gain access to the third-party vendor environment and exploit a Windows vulnerability. Since the vendor had the privileges to access the corporate network, the attackers gained access, too. The attackers were then able to install memory-scraping malware on more than 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit card numbers. The malware was also able to capture 53 million email addresses.

The SANS Institute Reading Room for InfoSec has published a report on the breach. The report mentions several ways in which the breach could have been prevented. One of the most important is to have the right access controls in place. Quoting from the report:

  • An identity and access management solution should be used to manage the identities and access of all internal and external employees (third-party vendors).
  • Each external employee should have their own account, so that there is accountability for anything performed on their behalf.
  • Account review procedures should also be in place, specifically for third-party vendor accounts. Auditing of these third-party vendors is critical. This will allow the detection of abnormal behavior.
  • Having all of these controls in place for managing and monitoring the third-party vendor accounts will detect any misuse of third-party vendor credentials.
  • Example 2: Data Breach at a Large U.S. Banking and Financial Services Company

    This data breach started with the attackers infecting the personal computer of an employee. The malware stole the employee’s login credentials. When the employee used VPN to connect to the corporate network, the attackers were able to gain access to more than 90 corporate servers. The attackers stole private information for 76 million households and 7 million small businesses.

    The SANS Institute Reading Room for InfoSec’s report on this breach mentions the need to manage user privileges as one of the key ways to minimize the risk of a breach or minimise damage in case of a breach. Quoting from the report:

  • Least privilege simply means to give someone the least amount of access to perform his or her job. If least privilege control access were applied, these organisations would have reduced the amount of stolen data by 86 percent.
  • Anonymous access must be disabled because many Windows vulnerabilities are caused by null user sessions. A null user session is essentially a Server Message Block (SMB) session with blank username and password.
  • What This Means for You as the Security Practitioner

    Want to make sure your organisation does not end up in the headlines for the wrong reasons, like a massive data breach? You’d do well to implement user-based controls and restrict user access to least privilege, as the SANS Institute reports recommend. Employ the right user access mechanisms not only on the endpoints and on the applications that they access but also on your next-generation firewall.

    Call to Action

    If you own a Palo Alto Networks® Next-Generation Firewall, refer to the following resources to enable User-ID™, and increase your organization’s breach defenses:

  • User-ID documentation
  • Best practice internet gateway security policy
  • User-ID tech tips
  • Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

    We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

    Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

    Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

    Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

    IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

    Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

    We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.

    Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

    Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.