Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Key to Withstanding Cyberattacks

August 29, 2018

  • Blog
  • Archive

A destructive data breach can begin with the compromise of just one privileged account. Criminal hackers and malicious insiders can exploit an unsecured privileged account to gain the persistent, administrative access they need to anonymously extract sensitive data over time.

If you can’t find the privileged accounts on your network, you can’t secure them. But just because you may not know where all your privileged accounts exist, doesn’t mean the bad guys can’t locate them. And then leverage these powerful accounts to execute their cyberattacks.

Cyber attackers need privileged account access to carry out their illicit plans. Like installing malware, stealing data or disabling hardware. That’s why privileged credentials are in such high demand by hackers. In fact, according to Verizon’s Data Breach Investigations Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords”.

The Privileged Account Minefield

If it’s that serious of a problem, why not dedicate a few IT resources and lock down those accounts? Simple enough, right? In theory, yes. But as a real-world IT security initiative? Not so much.

Consider this. A single computer can have privileged accounts in local and domain accounts, in services and scheduled tasks, and in applications like COM+ and DCOM, IIS websites and databases. Now, factor in the myriad of servers, workstations, and devices on a large network. You’ll quickly realize how difficult it is to manually document each privileged account and its interdependencies. And then frequently change each account’s password.

And not only that. Updating just one password for a privileged account can create service disruptions and system lockouts if processes and services that are dependent on that credential are not concurrently updated.

That’s because service account passwords can be almost impossible to discover and change manually. To accomplish this task, you need service account management. First, you must identify everywhere the service account is in use (discovery). Then you must change the password everywhere it’s referenced (propagation).

The situation becomes even more complex when you factor in turnover in IT staff, new hardware assets, and corporate mergers.

You’re left to navigate a minefield of privileged account vulnerabilities.

Privileged Account Discovery in Depth

The only way to secure your privileged credentials is to automatically:

  • make each privileged account password unique and cryptographically complex,
  • change privileged credentials after use — to prevent attacks such as pass-the-hash, and
  • update the passwords frequently — even as often as every couple hours.

Then, to prevent IT disruptions when changing privileged passwords, you must propagate password updates to all referenced locations. To do this successfully, you need real-time knowledge of where privileged accounts are in use. Only with automated privileged identity management technology can you keep up with these changes, at scale, and on a continuous basis.

How Secure Are Your Privileged Accounts?

Are your privileged accounts vulnerable to attack? Download the free Bomgar Discovery Tool to get a report about unsecured service accounts, Active Directory domain accounts, and local administrator accounts on your network.

Chris Stoneff

VP Security Solutions, Development

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.