Transcript

Dear Attackers, Stop By Anytime & Use My Keys

DEAR ATTACKERS, STOP BY ANYTIME AND USE MY KEYS SSH Keys: The Powerful, Unprotected Privileged Credentials Though they fly under the radar, most companies use SSH keys every day to: LOGIN TO REMOTE SYSTEMS SECURE ALE TRANSFERS SECURE BACKUP AND COPY FACILITATE MACHINE-TO-MACHINE ACCESS TUNNEL APPLICATIONS AND NETWORK TRAFFIC PROTECT PRIVILEGED ACCOUNTS SECURE COMMAND EXECUTIONS ON A REMOTE HOST The Enterprise SSH-ituation • No way to know who has access to what systems • No tools to remove unused or unauthorized keys • No methods to restrict access to private keys • No visibility into user activity during SSH sessions • Manual setups + maintenance = costly errors The average large enterprise can have ONE MILLION SSH keys in their environment. That's one million opportunities to steal your sensitive data 64% 53% have not established security M 51% policies for SSH keys have no centralized control over SSH keys have suffered SSH key-related compromises 46% 60% never change or rotate SSH keys - and they never expire have no way to detect new keys introduced in the organization 74% 10% of all SSH keys provide root accesS allow administrators to independently control and manage SSH keys The Cost of Doing Nothing Trust-based attacks, such as those targeting SSH keys, can cost an enterprise up to $398MM 100 per incident 837979 A FF0883797 FF088 It's time to SSHut the Door on SSH Key Attacks. Start treating SSH keys like the privileged credentials they truly are Learn more at www.cyberark.com/SSH CYBERARK Security for the Heart of the EnterpriseTM Sources: www.aberdeen.com/research/9166/RR-SSH.aspx/content.aspx www.computerworld.com/article/2488012/malware-vulnerabilities/poorly-managed-ssh-keys-pose-serious-risks-for-most-companies.html www.datacenterjournal.com/it/data-centers-secure-primer-secure-shell-key-mismanagement-risks/ www.isaca.org/Education/Conferences/Documents/NAISRM-2013-Presentations/244.pdf www.securityweek.com/trust-based-attacks-against-ssh-ssl-cost-firms-big-money-report

Dear Attackers, Stop By Anytime & Use My Keys

shared by CyberArk on Oct 22
44 views
2 shares
0 comments
When thinking about privileged accounts – and the credentials used to access them – passwords typically come to mind. Yet passwords are only part of the equation. The Secure Shell (SSH) key, a low...

Publisher

CyberArk

Tags

hackers

Category

Computers
Did you work on this visual? Claim credit!

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size