Addressing Top Security Threats with Vault

Addressing Top Security Threats with Vault

Jan 24 2017 Andy Manoske

Cybersecurity remains a critical area of concern for the public and private sector. According to IBM and the Ponemon Institute, last year saw 383 publicized malicious data breaches targeting the public and private sector globally, dealing north of $1.5B in direct damage and potentially trillions of dollars in lost intellectual property.

HashiCorp Vault has a unique role in responding to these security trends. Vault secures, stores, and tightly controls access to secrets across distributed application infrastructure. The unique portfolio of features allows users of various security expertise to craft strong defenses against real-world cybercriminal adversaries. In this post we'll talk through real-world attack vectors and how Vault can be used to protect against them:

  • Preventing large scale data breaches with secrets management

  • Limiting privilege escalation with privileged access management

  • Protecting customer data with encryption as a service

Preventing large scale data breaches with secrets management

Large scale data breaches remain one of the biggest areas of concern for companies and organizations across verticals. Whether it was the theft of employee data from the FBI and Department of Homeland Security, the theft of every current and former employee’s W-2 at Seagate, or the theft of 117 million e-mails and passwords from LinkedIn, attacks focused on stealing sensitive data in bulk have become a staple of cyberattacks in the last year.

In many of these attacks, adversaries were able to successfully exfiltrate data by compromising an outer layer of their target’s infrastructure and dump a large trove of sensitive data in bulk. By exploiting 0-day vulnerabilities in large, frequently-used databases such as MySQL, adversaries can force those databases to disgorge large troves of sensitive data such as e-mails, hashed passwords, and personally identifiable information (PII) such as home addresses.

Vault provides a common workflow to securely manage and control access to secrets. The ability to manage secrets helps organizations eliminate secret sprawl and secrets stored in plaintext. Addressing both of these challenges reduces the surface area for attacks that focus on obtaining secrets.

Limiting privilege escalation with privileged access management

As a best practice, no one user should have uniform access to every secret within an infrastructure. Vault manages this by allowing different users and applications privileged, time-locked access to secrets via fine-grained access policies.

These user and application-specific policies force adversaries to compromise multiple privileged accounts at precisely the right time in order to gain system access. A compromise of this many accounts would be very challenging to go undetected.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now