BeyondTrust

A destructive data breach can begin with the compromise of just one privileged account. Criminal hackers and malicious insiders can exploit an unsecured privileged account to gain the persistent, administrative access they need to anonymously extract sensitive data over time.

If you can’t find the privileged accounts on your network, you can’t secure them. But just because you may not know where all your privileged accounts exist, doesn’t mean the bad guys can’t locate them. And then leverage these powerful accounts to execute their cyberattacks.

Cyber attackers need privileged account access to carry out their illicit plans. Like installing malware, stealing data or disabling hardware. That’s why privileged credentials are in such high demand by hackers. In fact, according to Verizon’s Data Breach Investigations Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords”.

The Privileged Account Minefield

If it’s that serious of a problem, why not dedicate a few IT resources and lock down those accounts? Simple enough, right? In theory, yes. But as a real-world IT security initiative? Not so much.

Consider this. A single computer can have privileged accounts in local and domain accounts, in services and scheduled tasks, and in applications like COM+ and DCOM, IIS websites and databases. Now, factor in the myriad of servers, workstations, and devices on a large network. You’ll quickly realize how difficult it is to manually document each privileged account and its interdependencies. And then frequently change each account’s password.

And not only that. Updating just one password for a privileged account can create service disruptions and system lockouts if processes and services that are dependent on that credential are not concurrently updated.

That’s because service account passwords can be almost impossible to discover and change manually. To accomplish this task, you need service account management. First, you must identify everywhere the service account is in use (discovery). Then you must change the password everywhere it’s referenced (propagation).

The situation becomes even more complex when you factor in turnover in IT staff, new hardware assets, and corporate mergers.

You’re left to navigate a minefield of privileged account vulnerabilities.

Privileged Account Discovery in Depth

The only way to secure your privileged credentials is to automatically:

  • make each privileged account password unique and cryptographically complex,
  • change privileged credentials after use — to prevent attacks such as pass-the-hash, and
  • update the passwords frequently — even as often as every couple hours.

Then, to prevent IT disruptions when changing privileged passwords, you must propagate password updates to all referenced locations. To do this successfully, you need real-time knowledge of where privileged accounts are in use. Only with automated privileged identity management technology can you keep up with these changes, at scale, and on a continuous basis.

How Secure Are Your Privileged Accounts?

Are your privileged accounts vulnerable to attack? Download the free Bomgar Discovery Tool to get a report about unsecured service accounts, Active Directory domain accounts, and local administrator accounts on your network.

Previous post:

Next post:

Profile photo of Chris Stoneff

Chris Stoneff

VP Security Solutions, Development

Recommended Reading