Privileged access is a critical pathway to all attacks: Jeffrey Kok, CyberArk

By securing privileged access and secrets like API keys, SSL keys and encryption keys, organizations can their make journey to the cloud with a reduced risk posture, says Jeffrey Kok – Vice President, Pre-sales, Asia Pacific & Japan, CyberArk, in an interaction with IDG Media.

Edited Excerpts:

How is CyberArk adapting to the changing threat landscape? 
One of the major things we've seen is the migration to cloud environments and the move to DevOps. We are enforcing security in the DevOps environment. We see that as a trigger in many companies that move into cloud infrastructure. It was something that they assessed in the past and now it’s a trigger to start implementing private security in the cloud.   

What technologies have you deployed to ensure cloud security? 
Our focus is protecting the privilege access. Whether you are using Infrastructure as a service (IaaS), Platform as a Service (PaaS) or Software as a service (SaaS), you require secrets such as your API keys, passwords, SSL key, encryption key and so on. So, we help customers to secure the secrets that they use in the application, whether it’s in a container, whether it’s in the form of Robotic Process Automation or orchestration tools. We secure the secrets and this allows organizations in their journey to the cloud with a reduced risk posture.

What are the security issues that CyberArk is looking at and how is it planning to address such issues? 
We've seen a rise of crypto-mining attacks over the last year, surpassing ransomware.

As we have realized that cyber security is a team play, what we are bringing to the table is a collaboration with the other security and automation vendors that we can work with.

The path of attack though is really the same which is the execution, wherein a hacker still uses credentials to propagate the attack. The difference is that the malicious code now performs crypto-mining instead of encrypting the drives. So, we still focus on protecting from that distribution of malware so even if one work station gets infected, it does not spread. We apply the least privilege on the end point to ensure any malware, whether it is cryptominer, ransomware or something else, cannot move laterally within the organization.

What do you think are the challenges within organizations which lead to security events?
The weakest link hasn’t changed; it is still the humans. Attackers are finding ways to get in using tactics like social engineering. Now, with the adoption of cloud, we see the attack surface further expanding from on-premise. For example, now a crypto-mining attacker just need to steal one API key off the cloud and he can mine an unlimited amount of coins using a organization’s vast resources. 

How do you look at  the rise of crypto-mining attacks and how do you plan on preventing such attacks for organizations? 
We see crypto-mining as no different from any malware. Although, the execution of such attacks have changed compared to ransomware but the distribution is the same. You're still going to need to use some sort of privileged access and this is where CyberArk comes in to manage and isolate those privilege access to prevent such attacks. 

How can CyberArk help enterprises strengthen privileged access?
Privileged access comes in many shapes and forms. It can be an SSL key or API key. What CyberArk does is, we first identify where all privileged credentials are and we help organizations store them in a vault. So, you can have a bird's eye view of everything you do and besides this, it also has the ability to stop a user if he/she is doing something high risk. We use analytics to look at the users' activities and if they deviate too far or overstep the security threshold, we have to either suspend or terminate the user’s access. We validate the users, and help them sign into the vault so they don’t see what the credentials actually are and we do a full session of monitoring and recording of the user’s access. This way organizations don’t have to wait for something bad to actually happen and mitigation can happen in real time. We believe that privileged access is a critical pathway to all attacks, in spite of it being internal or external.

What is your outlook for the Indian cybersecurtiy market?
The Indian market is maturing quite fast now from where we started off. It was a lot of awareness we spoke about from a privileged access perspective. I would say there are multiple layers within the customer and how they perceive privileged access. Privileged access especially in the finance sector is something mandated by the federal government today. Indian organizations are now looking at it as a perimeter security and has started moving into a more advanced part of it. Also if you look at the IT/ITES companies in India, they've really started looking at privileged access as one of the critical parts of it. 

Finally, what is your strategy for expansion in the Indian security market? 
For a long term strategy, the awareness of the customer is where we're investing. The other part is that we have invested a fair amount on the education, from training perspective. As we have realized that cyber security is a team play, what we are bringing to the table is a collaboration with the other security and automation vendors that we can work with.