Privileged and shared accounts present a significant audit and security challenge to any large enterprise. Often, there are more privileged and shared accounts than users in any typical organization. In fact, according to 2017 Verizon’s Data Breach Investigation Report, privilege misuse is named one of the most common attack vectors used to inflict reputational damage on a company.
These privileged and shared accounts can exist everywhere; from desktops, laptops, servers, virtual machines to console and web-based applications. Uncovering these accounts across the network can be extremely challenging due to little documentation and imperfect information spread across multiple locations. The merger and acquisitions of companies also brings a new horizon of privileged accounts, including dormant accounts, that are part of the organization network- and most often are not managed. Therefore, it is imperative to know and secure every single privileged account in your environment.
Discovery is an essential part of keeping your environment secure. With the BeyondTrust's Discovery Tool, you can identity vulnerable unmanaged privileged accounts. Discovery can automatically find accounts, identity platform, privilege and where that account resides. Once the accounts have been uncovered, you can import them into Bomgar Vault, where they can be properly validated, rotated and managed. Using Bomgar Vault Discovery, you also gain key insights into the most vulnerable areas of your network and helps to prevent security breaches within your organization.
Discovery is an easy-to-use tool that exposes the magnitude of the privileged account problem through 3 simple steps: Discover, Scan and Manage. This allows organizations to get an insight into the status of privileged accounts, including information like scheduled tasks and services within the network without having to install clients on targeted systems. Here’s a quick view of the dashboard:
Bomgar Discovery Tool answers questions such as:
On which target servers do privileged accounts exist?
Are there any privileged accounts that do not adhere to the company’s password policy i.e. password age is greater than 90 days?
Did one of my vendors add a privileged user to one of the servers?
Are there any ‘backdoor’ local credentials that exist on any of the servers that have been decommissioned?
Are there any expiring and non-expiring AD and local privileged credentials?
As the saying goes, ‘you cannot manage what you cannot measure’. In terms of Privileged Access, ‘you cannot secure what you cannot find’ and consequently: what you do not know about your privileged accounts can hurt you.