CyberArk Case Studies Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks

Edit This Case Study Record

	Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks CyberArk

Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks

CyberArk

Technology Category	Cybersecurity & Privacy - Identity & Authentication Management Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Professional Service Telecommunications
Applicable Functions	Business Operation
Use Cases	Intrusion Detection Systems
Services	Cybersecurity Services System Integration
Challenge	For this global communications company, Pass-the-Hash attacks posed an immediate and troubling challenge. While the company was able to identify the existence of these types of attacks before a serious breach occurred (evidence of password theft and password cracking was clear and eminent), they struggled with the unique nature of a stolen hash. As a first step, the IT team opted to restrict access to their admin and privileged accounts by issuing Smart Cards. Unfortunately, this did not solve the problem, as vulnerabilities persisted within these Smart Card-enabled accounts. Smart Cards, which are touted to prevent credential theft through multifactor authentication, actually exacerbate the problem. With Smart Cards, the passwords associated with each privileged account, by default, never expire and are never changed again. As a result, once the hash is stolen, the attacker can exploit it in perpetuity. To truly combat Pass-the-Hash attacks against Smart Card-enabled admin accounts, the organization would need to deploy a custom solution that ensures admin and privileged passwords are automatically changed with some frequency to proactively protect against stolen credentials and abuse. Read More
About Customer	CyberArk’s customer, a publicly-traded provider of communication solutions and services to enterprises and governments, is well established as a proactive, security-aware organization. However, as a global business with access to sensitive customer information, the company is also frequently a target of increasingly sophisticated cyber-attacks. The company has an annual revenue of $8.69 billion USD (2012) and employs 22,000 employees in 65 countries, with sales in 100 countries. The company is headquartered in the USA and is known for its robust security measures and proactive approach to cybersecurity. Read More
Solution	Fortunately, the communications company simultaneously initiated a search for a password management solution to proactively manage all of their local, built-in privileged accounts. After reviewing multiple solutions, the company selected the CyberArk Privileged Account Security Solution. The company chose CyberArk due to the robustness of the solution and its ability to restrict and protect privileged domain accounts. Soon after deployment, however, members of the security solutions team were able to identify a more critical use case for the CyberArk solution. Out of the box, the solution also enabled the organization to limit the ability of administrators to inadvertently expose privileged credentials to higher risk computers and Pass-the-Hash cyber attackers. Through role-based access control, the organization can identify and manage Smart Card-enabled privileged accounts, assigning strong and rapidly changing passwords that prevent attackers from stealing credentials and authenticating across the network. Moreover, the organization now controls, manages and logs the use of all privileged user credentials with the CyberArk solution. Looking ahead, the company plans to leverage the CyberArk Privileged Account Security Solution to enforce other highly relevant mitigation steps, including: Unique password changes for every privileged user and service accounts (such as Windows Services, Scheduled Tasks, IIS App Pools and others) – this mitigates the dangers of password reuse. Automation of random and complex passwords. One-time password changes for privileged access – whenever a Windows domain admin uses a privileged credential, it is replaced with a new one. If the privileged credential is changed right after its usage, the window of opportunity for the attacker is very narrow. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Identity & Authentication Management

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Professional Service

Telecommunications

Applicable Functions

Business Operation

Use Cases

Intrusion Detection Systems

Services

Cybersecurity Services

System Integration

Challenge

For this global communications company, Pass-the-Hash attacks posed an immediate and troubling challenge. While the company was able to identify the existence of these types of attacks before a serious breach occurred (evidence of password theft and password cracking was clear and eminent), they struggled with the unique nature of a stolen hash. As a first step, the IT team opted to restrict access to their admin and privileged accounts by issuing Smart Cards. Unfortunately, this did not solve the problem, as vulnerabilities persisted within these Smart Card-enabled accounts. Smart Cards, which are touted to prevent credential theft through multifactor authentication, actually exacerbate the problem. With Smart Cards, the passwords associated with each privileged account, by default, never expire and are never changed again. As a result, once the hash is stolen, the attacker can exploit it in perpetuity. To truly combat Pass-the-Hash attacks against Smart Card-enabled admin accounts, the organization would need to deploy a custom solution that ensures admin and privileged passwords are automatically changed with some frequency to proactively protect against stolen credentials and abuse.

About Customer

CyberArk’s customer, a publicly-traded provider of communication solutions and services to enterprises and governments, is well established as a proactive, security-aware organization. However, as a global business with access to sensitive customer information, the company is also frequently a target of increasingly sophisticated cyber-attacks. The company has an annual revenue of $8.69 billion USD (2012) and employs 22,000 employees in 65 countries, with sales in 100 countries. The company is headquartered in the USA and is known for its robust security measures and proactive approach to cybersecurity.

Solution

Fortunately, the communications company simultaneously initiated a search for a password management solution to proactively manage all of their local, built-in privileged accounts. After reviewing multiple solutions, the company selected the CyberArk Privileged Account Security Solution. The company chose CyberArk due to the robustness of the solution and its ability to restrict and protect privileged domain accounts. Soon after deployment, however, members of the security solutions team were able to identify a more critical use case for the CyberArk solution. Out of the box, the solution also enabled the organization to limit the ability of administrators to inadvertently expose privileged credentials to higher risk computers and Pass-the-Hash cyber attackers. Through role-based access control, the organization can identify and manage Smart Card-enabled privileged accounts, assigning strong and rapidly changing passwords that prevent attackers from stealing credentials and authenticating across the network. Moreover, the organization now controls, manages and logs the use of all privileged user credentials with the CyberArk solution. Looking ahead, the company plans to leverage the CyberArk Privileged Account Security Solution to enforce other highly relevant mitigation steps, including: Unique password changes for every privileged user and service accounts (such as Windows Services, Scheduled Tasks, IIS App Pools and others) – this mitigates the dangers of password reuse. Automation of random and complex passwords. One-time password changes for privileged access – whenever a Windows domain admin uses a privileged credential, it is replaced with a new one. If the privileged credential is changed right after its usage, the window of opportunity for the attacker is very narrow.

Impact #1	The CyberArk solution was easy to deploy. The process involved little coordination with other departments and, within days, the organization was able to begin creating policies, define them and apply them to protect their privileged accounts.
Impact #2	Since implementation, the organization has yet to have one single Pass-the-Hash attack or incident involving highly privileged accounts, and there have been no other indicators of future attacks.
Impact #3	Moreover, the CyberArk solution has eliminated any and all abuses of privileged accounts across the customer’s entire network.

Impact #1

The CyberArk solution was easy to deploy. The process involved little coordination with other departments and, within days, the organization was able to begin creating policies, define them and apply them to protect their privileged accounts.

Impact #2

Since implementation, the organization has yet to have one single Pass-the-Hash attack or incident involving highly privileged accounts, and there have been no other indicators of future attacks.

Impact #3

Moreover, the CyberArk solution has eliminated any and all abuses of privileged accounts across the customer’s entire network.

Benefit #1	Annual revenue: $8.69 billion USD (2012)
Benefit #2	Employees: 22,000 employees in 65 countries
Benefit #3	Sales in 100 countries

Benefit #1

Annual revenue: $8.69 billion USD (2012)

Benefit #2

Employees: 22,000 employees in 65 countries

Benefit #3

Sales in 100 countries

Download PDF Version

Overview

Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks

Operational Impact

Quantitative Benefit