Administrator or super-user accounts hold the key to powerful business information, so leaving them exposed to hackers can cause legal and financial problems
Over the past year, the security landscape has altered dramatically. While opportunistic and ad hoc data breach incidents have continued to take place, there has been a notable increase in the number of targeted attacks hitting the headlines.
Be it the Stuxnet virus or SCADA (supervisory control and data acquisition) attacks, crafted malware or other sophisticated cyber-attacks, there has been one central theme at the heart of each incident – privilege.
Privileged accounts
Privileged accounts have proven to be a sweet spot for attackers because of the broad, often anonymous access they provide to high value targets. These privileged accounts are the most powerful in an organisation, allowing a privileged ‘super user’ to log on anonymously and have complete access to all of the information on the target system.
As we’ve witnessed in the major security incidents occurring over the past year, many organisations are still in the early stages of identifying and solving privileged account weaknesses, including those caused by hardcoded passwords found in applications or configuration files, which provide attackers with an extended window of opportunity.
Lessons learnt
If access to these privileged accounts is not controlled appropriately and policies are not put in place to manage these accounts and monitor privileged sessions, organisations run the risk of leaving themselves exposed to even greater IT security risks such as internal and external hacker attacks, lost business, legal liability and/or audit deficiencies.
With repeated attacks on the horizon, and increasing awareness, it is likely that over the course of the year there will be a notable increase in research dedicated to examining how hardware can be attacked by software, and the use of code to execute attacks.
Managing this threat
In the meantime, for those organisations looking to avoid the implications of a targeted attack on their systems, this best-practice guide should provide a helpful starting point:
Discover – identify key systems, applications and databases and their underlying privileged accounts
Secure – manage who should have access to privileged accounts, leveraging existing settings from corporate directories, based on the underlying assumption of ‘least privilege’
Define – define policies and workflows for privileged access to key systems
Validate – secure the passwords in a vault, such as Cyber-Ark’s, and simulate privileged account management
Enforce – implement processes to automatically apply the enterprise privileged account policies and automate IT processes
Isolate – when connecting to these sensitive devices there is a need to create a proxy so that no interception can occur to hijack the privileged account or risk endpoint malware spreading to the target device
Monitor – receive alerts on inconsistent policy behaviour, retrieve audit reports and view privileged session recordings in realtime or search for privileged commands for forensic analysis.
The evolution of the threat landscape today has served to heighten the importance of effectively managing privileged accounts and identities in organisations. At Cyber-Ark, we strongly believe that there will be a rise in more preventative approaches to protecting privileged accounts, including better isolation, access control and activity monitoring.
This is due in part to greater awareness, increasing regulations and adoption of best practices, which are all driving significant growth for the privileged identity management market as a whole, and ultimately will help drive down the popularity of privileged accounts as an attack mechanism.
Mark Fullbrook is the UK and Ireland director at Cyber-Ark Software.
Cyber-Ark will be at stand K65 at InfoSecurity Europe 2012 (24-26 April, Earls Court, London).
