According to research by FireEye on the SolarWinds breach, "Once the attacker gained access to the network with compromised credentials, they moved laterally using multiple different credentials." This is a good reminder that privileged credentials are highly targeted by threat actors and need to be protected.
If your applications have the same privileged account on multiple systems, the credentials are most likely shared and could be leveraged for lateral movement. Any applications or service accounts present in your Domain Administrators Group are also a potential risk. These passwords should be vaulted, monitored for access, regularly changed, and protected against any unauthorized use.
The BeyondTrust Discovery Tool generates a report that provides key information on your privileged accounts, including administrative accounts with their password ages, local accounts with administrative access, and services running with privileged accounts.
See all the privileged credentials being used to access endpoints and systems on your network
Discover those hard-to-manage service account credentials, in addition to AD and Local accounts
Security is never finished, so run the discovery tool periodically or whenever your network changes
Controlling and effectively managing privileged credentials is the next step. Proactively defend your organization by continuously discovering, auto-onboarding, managing, and monitoring privileged accounts of all types with BeyondTrust Password Safe.
Password Safe helps you reduce the risks associated with privileged credential compromise by safeguarding access to privileged account passwords and SSH Keys. The solution provides full control over system and application access through live session management, allowing administrators to record, lock, and document suspicious behavior with the ability to lock or terminate sessions.