ITC Security Threat of the Week – Week 12: Privileged Accounts

Threat of the Week – Privileged Accounts

With the annual Queen’s Speech fresh in our minds (which actually involved the words “IP addresses”, so I’m told), our blog this week is going to look at Privileged identities.
Privileged identities are probably some of the most powerful accounts that exist on your network. We all know why they get created; a ‘break-glass’ method of access to your router in case the access control system goes down, a service account so your firewall can query Active Directory for account details and the ever present ‘sys’ or ‘sa’ database credentials are just a few examples.
Often, because of their potential ‘emergency’ uses, these accounts will be widely shared within organisations – providing an all too easy way of anonymously bypassing normal access control restrictions. They’re also often stored locally on devices, which means updating them is hugely time consuming and not undertaken with any useful degree of frequency.
The example of networking kit using Active Directory credentials for identity management brings into focus another problem with these accounts – they’re often created to bridge the various IT ‘silos’ that exist within organisations – and as such fall outside of normal joiner/leaver type account maintenance processes. Simply put, which server admin is going to want to run the risk of disabling the firewall’s service account even if it doesn’t look like it’s been used in months?
What can you do to bring these accounts under control? A good start would be to request an evaluation of the Cyber-Ark Discovery & Audit (DNA) tool that ITC are currently offering. It’s a great utility that will quickly and easily discover and list the privileged accounts in your Active Directory infrastructure – you can request a copy here:
Of course, just knowing that these accounts exist won’t, on its own, reduce the risk to your business. To really reduce risk and improve the security of your information, you need to be proactively managing and monitoring these accounts. The ITC NetSure360° service provides you with a comprehensive set of technologies to address these issues. In conjunction with Cyber-Ark we can offer a full privileged identity management suite – securely protecting and automatically updating these important account details, as well as giving you a full audit trail of their usage. We can also offer leverage of our expertise with Security Incident and Event Management (SIEM) to provide real-time altering on anomalous and suspicious account activity, using advanced event correlation to accurately determine who’s really logging on under the ‘sysadmin’ account.

To learn more about Cyber-Ark DNA and all of the other security solutions ITC Secure Networking has to offer, email us: [email protected] or visit