2020 is seared into our collective memories. Challenging? Tumultuous? Pivotal? Words alone fail to adequately describe the experiences of the past year.
Perhaps this is because more than anything else, 2020 has revealed fundamental flaws in our systems of trust.
News about the virus contagion, abuse of power, election results, and domestic terrorism often seemed contradictory and confusing. Authority figures repeatedly undermined their own trustworthiness with conflicting narratives and directives.
For our health and sanity, we need to ask ourselves vital questions about who we trust, and how we trust them:
- How might we best identify which information sources to trust, and to what degree?
- How often should we double-check the meaning of credentials or corroborate information presented to us by supposed authority figures?
- How do we determine an appropriate balance of trusting vs. verifying in light of our very real time constraints?
- How might we leverage cutting-edge technology to help us avoid misplaced trust?
Because 2020 has also been a momentous, watershed year in cybersecurity, we must also ask jugular questions about our modern technology and computing infrastructure.
Several U.S. government agencies and Fortune 500 companies recently encountered a nation-state level cyber-assault involving SolarWinds. Taking some time to reflect on certain aspects of these attacks is worthwhile. Comprehending their sweeping implications is crucial.
In an era of Zero Trust, we must reconsider how we go about the business of trusting.
Abuse of Authentication Mechanisms
Like the magnitude of Covid-19’s impact on the world, the scale and scope of the recent SolarWinds hacking spree are unprecedented. While the damage is still being assessed, it is already believed to be among the largest cyberattacks in history.
Much of the commentary and analysis of the SolarWinds hacks has been about the supply-chain attack, where forged digital signature keys led to the distribution of malware infecting thousands of systems. However, recent investigations show that a more fundamental vulnerability has existed in our systems.
In the wake of revelations about the jaw-dropping sophistication and impact of the SolarWinds hacking spree, the NSA released a fascinating Cybersecurity Advisory that centers on misplaced trust in authentication mechanisms. This report provides some useful context for understanding why our modern computing world is still riddled with mislaid trust.
Since 2002, SAML has formed the basis for single sign-on (SSO). In the last few years, it’s been publicly known that attackers have been signing SAML tokens using stolen credentials to impersonate identities.
The NSA advisory states that the tactics/techniques/procedures of attackers in and of themselves do not constitute vulnerabilities in the design principles of federated identity management, the SAML protocol or identity services. They argue that by abusing the federated authentication, the attackers are not exploiting a vulnerability in any specific component, but rather abusing the trust established across the integrated components.
While we can agree, what’s lacking in this part of the NSA’s analysis is obvious:
For many years, authentication systems have been missing a key piece of the puzzle. Put simply, if your identity system is trusting certificates that it did not create, that system is broken.
To plug this security hole and thwart today’s attacks, those charged with defending systems need to apply the latest defensive advances.
Eternal Vigilance from an eGuardian®
For over 200 years, the phrase ‘eternal vigilance’ has been associated with the price we must pay for our liberty. Similarly, stopping threats requires constant monitoring of our authentication systems.
The NSA advises organizations to leverage “cloud services and log correlation tools that use environmental values and sophisticated AI/ML algorithms to detect unusual patterns in user authentication and authorization.”
At Acceptto, we fully agree with this recommendation. AI/ML has been a core part of our solution and a massive portion of the value that we consistently bring to tens of millions of our end-users. We go even further than this, however; beyond the mere detection of patterns, we automate the monitoring to put an immediate end to the behaviors of nefarious actors.
Acceptto’s latest advances in machine learning and artificial intelligence can terminate the bad actors before they can get into your systems, harm you, and steal your data. Our sophisticated machine learning algorithms constantly reassess and revise probabilities about the trustworthiness of identities, using all available signals from your systems and the surrounding environment. These signals, among other contextual and behavioral controls, are organized into holistic data streams. By using predictive analytics on these data streams, the detection of imposters is suddenly possible at a low latency. We additionally deputize users by offering audit logs of authentication attempts at their fingertips, such that end-users and the predictive model can work collaboratively to usher out threat actors.
Acceptto’s Data Hub can ingest vast amounts of information from your environment, from your log files, and from data produced by dozens of your existing technology providers. In this manner, Acceptto’s intelligent Continuous Behavioral Authentication™ technology puts an end to the gaps in authentication systems that attackers have been exploiting. It’s the missing link in the authentication kill chain.
Reexamining Your Convictions
Thankfully, we live in a time where technology can help change the balance in the fight against intruders. Similar to how mRNA brings a new vaccine technology to battle against an unprecedented infectious disease, potent new technologies are now available to defend against the most adept attackers in cyberspace.
Properly assessing new risks first requires being honest with ourselves and asking some tough questions about the current capabilities of the systems that guard our digital identities. It’s simply too dangerous not to: If someone copies your keys, they can get into your kingdom.
To what degree is your current authentication system struggling to keep up against today’s sophisticated attackers?
Might your current authentication system have already been allowing intruders inside your systems, letting them read your email and steal your secrets?
Now is the perfect time to reconsider your approach to protecting yourself and your organization in the future.
There’s a reason why forward-thinking Fortune 500 corporations such as CVS Health have already chosen to rely on solutions from Acceptto to protect tens of millions of their users.
To learn more about any gaps in the security of your identity systems, and how to inoculate your systems against today’s most sophisticated attacks, contact us.
We’re here to help.
By Alan Krassowski, VP of Technology at Acceptto