Illusive Blog January 6, 2021

Illusive Joins CyberArk Marketplace

By Nicole Bucala

We’ve got some exciting news to share with you: we’ve just joined CyberArk Marketplace! As you may know, CyberArk offers the leading Privileged Access Management solution and is the only security software company focused on eliminating cyber threats that use insider privileges to attack an organization’s most critical assets and infrastructure. The CyberArk Marketplace delivers unprecedented simplicity and speed for security and IT operations teams to extend the benefits of securing privileged access across the enterprise – on-premises, in hybrid cloud environments, and throughout the DevOps pipeline.

The new Illusive Networks Discovery integration addresses significant client risks through the discovery of unmanaged applications/devices. You can find us on the CyberArk Marketplace here: https://tinyurl.com/y458sdzc.

Credential risk a major concern

About 70% of attacks leverage stolen credentials, according to the Verizon Business 2020 Data Breach Investigations Report. On average, 20% of an organization’s endpoints contain accessible, risky privileged credentials that can be exploited by attackers. These could include cached credentials from a leftover session, for example. Illusive automatically discovers these credentials, removes them from the endpoint and identifies accounts that need to be monitored. Once the privileged credentials are onboarded into the CyberArk solution, our customers can preemptively cut off malicious access to an organization’s most critical assets.

Joint customers gain these benefits:

  • Enhanced coverage: Discover domain and local admin accounts that need enhanced CyberArk coverage
  • Violations found: Identify password management violations that could enable an attacker’s lateral movement
  • Greater insight: Gain visibility into local admin accounts inadvertently deployed on multiple machines

 

Five privileged identity vulnerabilities that attackers can exploit – until now

In addition, Illusive Networks surfaces key privileged identity compliance vulnerabilities that attackers can exploit. Five types of such vulnerabilities are:

Domain user misconfigurations
  • We show if a credential or user is overprivileged. For example, why does the help desk have the right to add users to domain admin?
  • We show if a credential is stored in the wrong location, creating a storage or configuration issue.
  • We show if there’s a session problem: Why does this service account need a desktop? Or, why is this RDP session with a privileged credential that’s six days old, and the RDP connection shouldn’t still exist? Or the RDP session created a privileged credential on a sensitive system, waiting to be harvested. The Active Directory (AD) control should have said that at the end of two days of activity, the user should be logged off, but that compliance configuration clearly wasn’t set properly.
  • We find credentials that should be managed by PAM solutions, but aren’t.
Azure Active Directory misconfigurations
  • We look at overprivileged Azure AD credentials: Someone has too many privileges that are being stored.
  • We identify a lack of two-factor authentication (2FA) for Azure AD: Someone has 2FA but isn’t enforcing it against a user when they should.
  • We surface Azure misconfigurations: Showing policy gaps between the level of access a user has to on-premises AD versus in Azure AD – for example, if a user has a high level of access to the latter but low levels of access to the former.
Local administrator issues
  • We can show if the way the local administrator credential is being managed is inappropriate. For instance, perhaps it should be managed by LAPS and it isn’t. This represents a vulnerability.
Administrative application level 
  • We look at credentials for data stored in admin applications. If admins store credentials in these applications (which does happen,) it creates a vulnerability, and we will surface those credentials.
High-value asset vulnerabilities
  • We show the accessibility of application-level credentials to crown jewel systems. For example, if a user stores the credentials in a browser, someone can access the credentials to start a session in a high-value system.

Illusive routinely and automatically discovers unmonitored, privileged accounts as the daily access footprint changes inside an organization. Ingesting this information, CyberArk can then protect the organization against privileged credential theft and exploitation. This partnership unites two cybersecurity powerhouses to shrink the potential attack surface for our customers.

Learn more about the Illusive integration with CyberArk

Want to know more about this new development?