Protect Privileged Credentials to Stop Lateral Movement

According to research by FireEye on the SolarWinds breach, "Once the attacker gained access to the network with compromised credentials, they moved laterally using multiple different credentials." This is a good reminder that privileged credentials are highly targeted by threat actors and need to be protected.

If your applications have the same privileged account on multiple systems, the credentials are most likely shared and could be leveraged for lateral movement. Any applications or service accounts present in your Domain Administrators Group are also a potential risk. These passwords should be vaulted, monitored for access, regularly changed, and protected against any unauthorized use.

The first step is discovering all privileged accounts on your network.

The BeyondTrust Discovery Tool generates a report that provides key information on your privileged accounts, including administrative accounts with their password ages, local accounts with administrative access, and services running with privileged accounts.

Mitigate the Ongoing Risk of Privileged Credentials Theft or Misuse

Smart Rules Management – Onboarding Various Types of Accounts

Controlling and effectively managing privileged credentials is the next step. Proactively defend your organization by continuously discovering, auto-onboarding, managing, and monitoring privileged accounts of all types with BeyondTrust Password Safe.

Password Safe helps you reduce the risks associated with privileged credential compromise by safeguarding access to privileged account passwords and SSH Keys. The solution provides full control over system and application access through live session management, allowing administrators to record, lock, and document suspicious behavior with the ability to lock or terminate sessions.

Least Privilege Application Management - A Lesson Learned from SolarWinds