While MFA is a necessary first step, Gartner vice president and analyst Ant Allan. believes that investing in advanced analytics, including machine learning, will provide greater flexibility and resilience.
He also believes that data centers should invest more in identity threat detection and response capabilities.
This does not always imply purchasing new tools, he added.
Data center security managers could make better use of their existing identity access management and infrastructure security tools.
"The White House memo M-22-09 requiring phishing-resistant MFA is probably a bellwether for other regulatory requirements," he added.
"However, it's unclear whether that necessitates entirely new methods or whether compensating controls will suffice."
According to Jason Rader, chief information security officer at consulting firm Insight, "existing MFA infrastructure will continue to serve a purpose." threat actors will typically begin by attempting to break into accounts with the weakest security. Rader adds, "If they're going through a list of accounts, they'll try until they find one without an MFA requirement." This is why it should be enabled on all accounts."
According to him, a check to confirm that the login is coming from the same geographical location as the user's phone, for example, will reduce phishing risks. "Reducing the number of failed mobile push authentications can also help to reduce prompt bombing," he added.
Prompt bombing is an attacker strategy in which they repeatedly attempt to log in, and users become irritated and accept the requests out of frustration.
AI-based security measures can also be used by security teams to detect suspicious user behaviors that may indicate account compromise.
RELATED NEWS
Attackers tricked a Cisco employee into accepting an MFA request in August, allowing them to gain access to critical internal systems.
According to Uber, in September, attackers purchased an Uber contractor's password on the dark web and repeatedly attempted to log in using the stolen credentials. MFA initially blocked the login attempts, but the contractor eventually accepted the request and the attackers gained access. They had access to a variety of company tools, including G-Suite and Slack.
Worryingly, attackers were able to compromise Twilio's widely used MFA service in August. They accomplished this by duping several Twilio employees into sharing their credentials and MFA authorizations. More than a hundred Twilio customers, including Okta and Signal, were compromised.
Comentarios