Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Why Discovery is So Important in Endpoint Least Privilege

March 30, 2016

  • Blog
  • Archive

Discover Endpoints

Controlling and managing access is how you win in security – and you can’t control what you don’t know you have.

A key component of controlling access and maintaining least privilege is data discovery. Access is all about managing, controlling, and protecting critical information. However, if you don’t know what your critical information is and where it is located, how can you properly protect the information?

With endpoints, it’s all too easy to copy critical information, and consequently, key pieces of information will often exist in a large number of locations, which is unwieldy to control and manage. If a manager sends a critical customer proposal with sensitive information to their team to review, most people will save a local copy on their system. Now that information exists in many locations and control of the information has been lost.

Fortunately, there are still several ways of managing information sprawl, but it requires a change in mindset.

Limit the Amount of Data Stored on Endpoints

The first approach is to limit the information that is allowed to be stored on endpoints, either by buying systems with small hard drives, or by utilizing thin clients to reduce the amount of information and exposure that exists for a single system.

While this approach does work in some cases, it is not always scalable with regards to mobile laptops and the ability to be able to work and access information without an Internet connection. In those cases, endpoint-based access control software is critical to manage and control what information can be accessed and when it can be accessed. Just because information resides on a laptop does not mean it should be accessible at all times and in all locations.

Frequently, when a system gets compromised, there is a lot of extraneous data that the user has access to that was not required for them to do their job. This means that, for a large percentage of the information stolen, the user did not require it. If it had been properly maintained, the amount of damage from the attack would have been greatly reduced.

While performing data discovery, it is important to: 1) Understand where critical information is located, 2) Determine who needs access to the information, and 3) Control access to minimize potential damage.

The easiest way to think about data access is to consider that the more access a given user has, the more exposure is created when their account and/or credentials are compromised. In any given system, it’s only a matter of time before a certain number of user credentials become compromised. While multi-factor authentication can help, to a point, to prevent this from happening, controlling damage by minimizing exposure provides an optimal level of protection. Controlling and managing access is how you win in security.

Monitoring and Revoking Access

If controlling and managing access is the first step, then monitoring and revoking access is a close second. When an account becomes compromised, there is a distinct difference in behavior patterns that can be observed – assuming this information is being logged and monitored. With careful analysis, data breaches can be detected early, which aids in containing the damage.

Ultimately, the best way to stop access is by revoking access when it is no longer required. For example, if a user has privileged access to a system that has not been used in “n” days, why are they still granted access to that privilege? It is analogous, to setting the archive bit on a file and after a period of time, allowing the backup solution to archive the file since it is stale. This step sounds so simple, yet it is often overlooked. I have seen cases where employees have left the organization and their accounts remain active.

Managing Access for Dormant Accounts

In addition to revoking access of employees who left the organization, managing access for dormant accounts is just as important. Often, when organizations implement systems or new processes, they will set up accounts for everyone in the organization with a default account, requiring users to change the password after the first time they login.

However, in many cases employees never login in and/or never use the system. Yet, those accounts remain active and are sitting targets for hackers. The reason why hackers love dormant accounts is because, all too often, no one will notice if the account is being use for anomalous purposes.

Therefore, all accounts must be carefully monitored, any employees or contractors who left the organization must be removed, and any dormant accounts that have not been logged into for a certain period of time must be disabled. This is true for any local accounts, applications, cloud resources, and even partner systems that are outside of the management policies an organization maintains.

BeyondTrust Can Help

Eliminating excessive rights on user endpoints is a common starting point for many organizations to close avoidable security gaps, but legacy approaches to solving this problem are insufficient. Existing tools lack visibility into the security profile of applications targeted for elevation, and the risk-reducing effects of eliminating over-privileged users are negated if a vulnerable or exploited application is elevated for use. The traditional approach to solving these endpoint least privilege problems requires security and IT teams to cobble together point tools from multiple vendors resulting in unnecessary complexity and cost, and no visibility into user behavior throughout the enterprise.

BeyondTrust solves this problem by:

  • Removing excessive rights on all endpoints, reducing risk, and simplifying least privilege enforcement
  • Providing visibility into target system and asset security, reducing risk from elevated application vulnerabilities
  • Providing application control on the endpoint, block listing hacking tools
  • Analyzing and reporting on privileged user and account behavior, reducing risk from anomalies
  • Delivering a modular, integrated platform, speeding implementations and reducing costs

If you would like to learn more about how BeyondTrust can take these best practice recommendations and translate them into real use cases, download my white paper, It’s All About the Endpoint: Protecting and Enabling End Users with Least Privilege, today.

Dr. Eric Cole

Cyber Security Scientist | Keynote Speaker | Author | Founder and CEO at Secure Anchor Consulting

Dr. Cole is an industry-recognized security expert with over 20 years of hands-on experience. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin.

Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance the state-of-the-art in information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014.

Dr. Cole is a Former SANS Faculty Fellow who was actively involved with the SANS Technology Institute (STI), including the students, teachers, and courseware.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.