The number of Microsoft consumer and enterprise user accounts attacked over the last year have soared by 300 percent, according to a recent report by Microsoft. The company’s Security Intelligence Report for January through March 2017 has reported that the vast majority of the compromises came from weak passwords that could be easily guessed and inadequate password management, “followed by targeted phishing attacks and breaches of third-party services.”
The Redmond-based software and services company also noted that malicious attempts at sign-ins to Microsoft accounts from suspicious IP addresses have increased 44 percent from the first quarter of 2016 to the first quarter of the next year. It recommends, for example, the comparison of the IP address of the device with a list of trusted IP addresses as a way to block out attacks from malicious addresses.
Creating lists of trusted IP addresses not practical:
While such a measure would appear to be an ideal situation in that only access attempts from a limited set of known and trusted IP addresses would be allowed, the strategy is not the most practical. In the current usage scenarios, a variety of devices used by mobile workers and partners access networks from multiple locations and from a variety of IP addresses including from public hotspots, not all of which can be immediately checked for being malicious or not.
The focus in such a situation therefore shifts to authenticating and authorizing the devices and the users rather than automatically disabling access if the device comes from an IP address that is not on a trusted list approved by the organization. Microsoft seems to recognize that when it suggests that organizations could also use comparison to a list of “trusted devices” to reduce the risk of “credential abuse and misuse.”
The Software-Defined Perimeter:
The Software-Defined Perimeter, backed by the Cloud Security Alliance, offers the safeguard that the authentication and authorization of the person and the device is completed before allowing even a packet to reach the target server.
“SDP helps by reducing the attack surface of publically exposed hosts, by adding a layer of pre-authentication and pre-authorization. This ensures a ‘least privileged access’ model of security for servers and network and thereby helps in reducing many attack vectors of data breaches,” according to the CSA.
This means that cloud resources are kept hidden to unauthorized users. Even if access is given to a user with a device, it is not given for access to the entire network. Using SDP, access is given to networks selectively and with granularity, so that users are able to access only a corporate application or part if it.
SDP is superior to VPN:
SDP also allows users to get around the challenges thrown up by the traditional VPN (virtual private network), which offers all-or-nothing access to the network. SDP offers in a contrast a system of least privilege and zero trust rather than access by default. The system provides access only after full authentication and trust is established.
VPNs also slow down traffic, adding latency and consequently higher bandwidth cost, as the traffic has to be backhauled into and out of a corporate network. Using a VPN, a user has to access the corporate network to get to the cloud network. Using SDP, the device is authenticated to a controller and then has access to the cloud network and resources behind the gateway in the cloud. All this configuration can be done from a single and simple centralized console.
Passwords and MFA:
Like many other recent security advisories, the Microsoft security report underscores the importance of carefully crafted policies on passwords by organizations.
Confirming the well-known observation that hackers tend to use phished information on multiple services, the report recommends that users use a unique password for every website they access and should not reuse passwords across multiple websites and services.
Microsoft also recommends using complex passwords, combined with multi-factor authentication, which many top security companies including InstaSafe have been recommending and offer in their products.
How to enable “trusted devices” to defeat credential theft attacks:
Secure Access by InstaSafe binds the device and the user ensuring that the user credentials only work on the authorised devices of that user. Further, additional granular security controls allow the security team to ensure that all users (employees or partners) get access only to those resources that their role demands (the need-to-know access model). Learn more about activating military grade network security at www.instasafe.com