The Spooky Privilege Pathways Lurking in your IT Environment... and How to Fight Back

In each of today’s IT environments, there are some spooky, scary secrets that could cause mass destruction if in the wrong hands: your privileged credentials, passwords, keys, sessions, etc. Here are some common examples of dangerously mismanaged credentials that lurk in many of today’s environments:

• Reused credentials across several service accounts, meaning that a single login grants access to all of the accounts at once.

• Secrets that are accessible to an unknown number of accounts, increasing the likelihood that a bad actor compromises one of these accounts and gains unhindered access to lateral movement as a result.

• Credentials, keys, and secrets used by AI agents, bots, and automation scripts that have unintentional excessive privileges or can fall victim to the “confused deputy” problem.

Often, these credentials become a method with which a bad actor gains a foothold or escalates privilege. Last year, IBM X-Force even reported a 71% increase year over year in the volume of attacks using valid credentials.

The Solution: Don’t Blink; Watch Your Credentials Closely

You probably won’t get zapped back in time, Doctor Who Weeping Angels style, if you look away from your credentials. But all the same, it’s crucial to know where all of your credentials are located and how human and non-human identities are using them—at all times. You can start with credential best practices such as:

• Discovering and vaulting all credentials, keys, and secrets

• Controlling access to secrets used within workflows, including agentic AI processes

• Automating password rotation for all applicable resources

• Eliminating hardcoded secrets, regardless of workflow or integration

• Logging and monitoring sessions associated with privileged credentials

You might think you know where the monsters hide in your environment, but what if they’re moving from domain to domain through hidden passages? Here are a few examples of passageways in your environment that could enable a bad actor to sneak around undetected, and then jump scare you when it’s too late to run:

• Hidden escalation pathways within SaaS apps like Active Directory, Entra, AWS, Okta, and GitHub, instrumented using misconfigurations or privileged entitlement oversights, poor separation of duties, and role synchronization. Our Identity Security Risk Assessment unmasked several environments that enabled low-privileged users to escalate to administrative access within these types of applications.

• Cross-platform attack vectors, such as AD service accounts with privileged Entra roles that bridge on-premises and cloud environments inappropriately.

• Trust relationships between development and corporate environments, opening up the possibility that a compromised test account could authenticate and access resources in the corporate production environment.

The Solution: Let Zero [Trust] Light the Way

We’re not talking about the pumpkin king’s loyal ghost dog in this case, but instead, the foundational principles of zero trust. The concept of ‘never trust, always verify’ is of the utmost importance when defending privilege pathways. The bottom line: even if a bad actor gains access to an account and tries to escalate their access or move laterally, zero trust will stop them in their tracks and cut their movement short. Here are a few key controls for establishing zero trust across your identity estate:

• Operationalized just-in-time access to ensure that the right people have the right access at the right time—no more and no less.

• Zero trust access for employees, vendors, contractors, and infrastructure, using granular controls for granting access based on specific use cases and workflows, rather than handing out ‘all-or-nothing’ access.

• Least privilege and application control for all endpoints, especially removing local admin rights / root access for any interactive computer, including workstations, laptops, and servers.