Charles Leaver – LastPass Breaches Provide 4 Valuable Lessons And The Need For Behavior Analytics

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

LastPass infiltrations Have 4 Lessons Everybody Can Learn From

Data breaches in 2011 and after that once again in 2015 were inflicted on password management firm LastPass. Experts advise use of password managers, because strong passwords unique to each user account are not feasible to remember without arranged assistance. However, placing all one’s eggs in a single basket – then for millions of users to each put their egg basket into one mega basket – produces an irresistible target for cyber criminals of every type. Cryptology professionals who have studied this recent breach at LastPass appear very carefully optimistic that major damage has actually been prevented, but there are still essential lessons we can learn from this episode:

1. There Is No Ideal Authentication, There Is No Ideal Security

Any knowledgeable, patient and determined foe will ultimately breach any practical cyber defenses – even if yours is a cyber defense business! Regretfully, for numerous businesses today, it doesn’t often require much skill or patience to breach their patchwork defenses and penetrate their vast, permeable boundaries. Compromise of user credentials – even those of highly privileged domain administrators – is likewise rather typical. Once again, regretfully, numerous businesses count on single-factor password authentication, which simply welcomes widespread sensitive data compromise. But even multi-factor authentication can be breached, as was evidenced with the 2011 compromise of RSA SecurID’s.

2. Utilize Situational Awareness When Defenses Are Breached

As soon as the enemies have breached your defenses the clock is ticking on your detection, containment, and remedying of the occurrence. Market data suggests this clock has a long time to tick – numerous days typically – prior to awareness sets in. By that time the cyber criminals have pwned your digital properties and picked your business carcass clean. Important situational awareness is vital if this too-frequent disaster is to be prevented.

3. Network and Endpoint Contexts Are Fused With Comprehensive Situational Awareness

In the recent LastPass incident detection was accomplished by analysis of network traffic from server logs. The assailant dwell time before detection was not disclosed. Network anomalies are not constantly the fastest method to recognize an attack in progress. A fusion of network and endpoint context offers a much better choice basis than either context separately. For example, having the ability to combine network flow data with the originating procedure recognition can shed much more light on a potential intrusion. A suspect network contact by a new and disreputable executable is a lot more suggestive taken together than when analyzed independently.

4. After An Authentication Failure, Use User Habits Analytics

Compromised user data frequently create chaos throughout breached enterprises, permitting enemies to pivot laterally through the network and run mainly underneath the security radar. But this misuse of legitimate credentials differs markedly from regular user behavior of the genuine credential holder. Even rather basic user behavior analytics can spot anomalous discontinuities in learned user habits. Constantly utilize user behavior analytics, specifically for your administrators and more privileged users.