Download PDF
CyberArk > Case Studies > Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks
CyberArk Logo

Global Communication Solutions Provider Deploys CyberArk to Mitigate Pass-the-Hash Attacks

Technology Category
  • Cybersecurity & Privacy - Identity & Authentication Management
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • Telecommunications
  • Professional Service
Applicable Functions
  • Business Operation
Use Cases
  • Intrusion Detection Systems
Services
  • Cybersecurity Services
  • System Integration
The Challenge
For this global communications company, Pass-the-Hash attacks posed an immediate and troubling challenge. While the company was able to identify the existence of these types of attacks before a serious breach occurred (evidence of password theft and password cracking was clear and eminent), they struggled with the unique nature of a stolen hash. As a first step, the IT team opted to restrict access to their admin and privileged accounts by issuing Smart Cards. Unfortunately, this did not solve the problem, as vulnerabilities persisted within these Smart Card-enabled accounts. Smart Cards, which are touted to prevent credential theft through multifactor authentication, actually exacerbate the problem. With Smart Cards, the passwords associated with each privileged account, by default, never expire and are never changed again. As a result, once the hash is stolen, the attacker can exploit it in perpetuity. To truly combat Pass-the-Hash attacks against Smart Card-enabled admin accounts, the organization would need to deploy a custom solution that ensures admin and privileged passwords are automatically changed with some frequency to proactively protect against stolen credentials and abuse.
About The Customer
CyberArk’s customer, a publicly-traded provider of communication solutions and services to enterprises and governments, is well established as a proactive, security-aware organization. However, as a global business with access to sensitive customer information, the company is also frequently a target of increasingly sophisticated cyber-attacks. The company has an annual revenue of $8.69 billion USD (2012) and employs 22,000 employees in 65 countries, with sales in 100 countries. The company is headquartered in the USA and is known for its robust security measures and proactive approach to cybersecurity.
The Solution
Fortunately, the communications company simultaneously initiated a search for a password management solution to proactively manage all of their local, built-in privileged accounts. After reviewing multiple solutions, the company selected the CyberArk Privileged Account Security Solution. The company chose CyberArk due to the robustness of the solution and its ability to restrict and protect privileged domain accounts. Soon after deployment, however, members of the security solutions team were able to identify a more critical use case for the CyberArk solution. Out of the box, the solution also enabled the organization to limit the ability of administrators to inadvertently expose privileged credentials to higher risk computers and Pass-the-Hash cyber attackers. Through role-based access control, the organization can identify and manage Smart Card-enabled privileged accounts, assigning strong and rapidly changing passwords that prevent attackers from stealing credentials and authenticating across the network. Moreover, the organization now controls, manages and logs the use of all privileged user credentials with the CyberArk solution. Looking ahead, the company plans to leverage the CyberArk Privileged Account Security Solution to enforce other highly relevant mitigation steps, including: Unique password changes for every privileged user and service accounts (such as Windows Services, Scheduled Tasks, IIS App Pools and others) – this mitigates the dangers of password reuse. Automation of random and complex passwords. One-time password changes for privileged access – whenever a Windows domain admin uses a privileged credential, it is replaced with a new one. If the privileged credential is changed right after its usage, the window of opportunity for the attacker is very narrow.
Operational Impact
  • The CyberArk solution was easy to deploy. The process involved little coordination with other departments and, within days, the organization was able to begin creating policies, define them and apply them to protect their privileged accounts.
  • Since implementation, the organization has yet to have one single Pass-the-Hash attack or incident involving highly privileged accounts, and there have been no other indicators of future attacks.
  • Moreover, the CyberArk solution has eliminated any and all abuses of privileged accounts across the customer’s entire network.
Quantitative Benefit
  • Annual revenue: $8.69 billion USD (2012)
  • Employees: 22,000 employees in 65 countries
  • Sales in 100 countries

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.