Outdated authentication practices create an opportunity for threat hunter Infocyte
Network security provider Infocyte has updated its flagship service to hunt threats on Linux environments, the company announced Friday. Passwords are the weak link which requires enterprise threat detection to go beyond identifying external, and address the breach detection gap, their founder says, and biometric solutions may represent the way to patch that link.
The prevalence of malware and threats requires organizations with large networks to take a proactive defensive stance, Infocyte founder and CEO Chris Gerritz, a former US Air Force cybersecurity officer, says.
The US Air Force is an enormous operation, with thousands of networked endpoints and thousands of users. While Gerritz was protecting the Air Force network from hacking, he was involved with setting up a team focussed not on preventing attacks from happening, but on identifying and eliminating threats already inside the network.
“There are so many issues in a really large network that sooner or later, we’re gonna get hacked, so the assumption is we’re hacked already, go out and find it. That’s what HUNT is.”
The HUNT platform performs an agentless scan on an endpoint, and its malware analysis engine identifies active and dormant malware within minutes, according to Infocyte. In any large organization, that scan is likely to find threats, and the primary reason is the set of problems associated with passwords identified in a recent study by Gigya.
“I would love to see passwords dead because that is the source of almost every hack I’ve responded to,” Gerritz says.
If passwords are the problem, what is the solution? When asked what method of authentication Infocyte does not see breaches from, Gerritz says: “To be honest, whether it’s biometrics or any other additional factor of something you have, like a card, those systems are very difficult to hack remotely. I mean, it’s possible, but not at scale.”
So what does Infocyte use? “We’ve tried a lot of different things in our own company.”
Gerritz sees a lot of room for improvement in enterprise authentication methods. “One of the issues we always come up on is how people are doing privileged account management,” he says. “Rarely do we see any of the more advanced solutions, like two-factor or biometrics.”
Given the vulnerability of passwords, and the importance of privileged accounts, and the level of user-knowledge those with them are supposed to have, the common practice is not good enough. “When you’re going to use something that has root level access to an entire network, you’ve got to protect it,” Gerritz says.
The genesis of Infocyte Hunt is based on the inadequacy of password authentication, and the continued reliance on the same legacy method by enterprises fuels the company’s growth. Urging enterprises to give up passwords therefore may seem like a risky strategy for Infocyte; if biometric or multi-factor authentication defend so much more effectively against threats, what is the company’s role in a post-password security environment?
Those who carry out persistent threats will seek out promising vectors, and whatever vulnerability they find, Infocyte HUNT uses supervised machine learning algorithms to identify the traces malicious actors leave behind.
“Having Linux allows us to look at web servers, for instance. If you’re going to bypass the biometrics, you’re going to need to get into that system itself,” Gerritz says. “That’s where we come in, is finding people who have inserted themselves under that authentication layer.”
In other words, in the future of universal modern authentication adoption, Infocyte HUNT will still be needed. It just may not be as busy.