Privileged Accounts, the Anomaly of Cybersecurity

By Eric Noonan • March 26, 2015

Despite the advances in security surrounding user accounts, there is still one type of account that has proven to be an anomaly in the cybersecurity world – privileged accounts. Standard user accounts at one time represented a significant issue for businesses but over the years security technologies and business processes have evolved to become very good at automating the control and access of standard user accounts. From onboarding and termination processes, inactivity lockouts, authoritative source correlations, and role-based access permission models, businesses today are efficiently managing the end-to-end life cycle of standard user accounts.

This is a very common and natural progression and evolution for an area that is weak in cybersecurity. On the other hand, when we look at privileged accounts, which represent the most important and powerful users, we see an anomaly in the natural evolution of cybersecurity and a massive disconnect from the businesses reality to cybersecurity.

Bloomberg Businessweek recently reported that the global cost of cybercrime is more than $400 billion. In our joint-research report with CyberArk, a company dedicated to protecting high-value assets, we found that accounts with elevated privlieges were involved in 100% of cybersecurity attack breaches. This has been a reoccurring theme with similar findings in the Verzion’s 2014 Data Breach Investigations Report. Privileged accounts are significantly undervalued in their criticality and risk to the business. This has driven the advancement of a set of security tools that specialize in privileged accounts with varied acronyms, such as Privileged User Management (PUM), Privileged Identity Management (PIM), and Privileged Account Management (PAM), to name a few. In short, these tools apply a strictly enforced set of processes around the management of privileged account but implementing these tools can be difficult as IT teams have a tendency to exhibit prejudice towards anything that may add an extra step to their daily operations.

Udi Mokady, CEO of CyberArk, stated that for many larger organizations there are three to four times as many privileged accounts as there are standard user accounts. Coupled with an overabundance of data showing that attackers target privileged accounts and regulatory compliance mandates (e.g. PCI) stringent security controls for these accounts, the question must be asked- why aren’t businesses doing more to protect them?

 

As one CIO from a Global Products and Services Company astutely put it,
“I can measure the importance of privilege accounts in gigabytes exfiltrated.”

Unfortunately the solution isn’t as black and white as it may seem. Specifically, there are two types of privileged accounts that businesses find predominantly difficult to secure: service accounts and local administrator accounts. Both are hard to find due to the disparate variables used to reliably identify them. Moreover, local administrators can sometimes be necessary for teams to execute their responsibilities and likewise, service accounts are often essential to system and application integration by facilitating communication and action within a complex distributed computing environment.

What is the way forward? The standard Identity Management (IdM) solution isn’t enough. Extend your IdM solution with a Privileged identity Management (PIM) application that brings forward identity controls to privileged accounts across your environment. Select a PIM application that meets demands of your business. SOX, PCI, HIPAA, to NERC-CIP all contain mandates that require stringent security controls over data, access to that data, and user accounts.

Let the identity management experts at CyberSheath help you manage all accounts with access to critical data and infrastructure. CyberSheath has partnered with CyberArk to deliver CyberArk’s best-of-breed Privileged Account Security suite with a ground-breaking toolset. In addition to knowledge of industry best practices, CyberSheath engineers can use CyberArk’s DNA tool to discover exposed accounts and oversaturation of administrative and Root account access that inevitably exists in organizations. CyberSheath engineers are experienced in reading DNA mappings and applying the findings to real-world solutions.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security