The management of privileged users and accounts is one of the most important tasks for any security organization. Unfortunately, for many organizations, understanding who their privileged users actually are and what they have access to is a black hole. With the risks posed by cyberattacks and breaches, the need for monitoring and actively managing this important group is critical in order to keep the bad guys from breaking in and preventing abuse. The Anthem security breach taught us just how serious privileged access breaches can be.
There are are 4 Key requirements to help you gain more visibility and control of privileged users and accounts:
Continuous Monitoring for Visibility
You need to know who your privileged users are. Shockingly, we have talked with a couple customers who thought they knew how many privileged users and accounts they had. They were shocked to find out that every employee in the company had privilege. How could that happen? One company had mistakenly configured all users as part of the Print Administrators group, thereby giving everyone privileges. Ooops.
You should look for a solution that will automatically learn who the privileged users are in your network. By watching traffic, the solution should be able to learn who your privileged users are, both human and programmatic accounts, and what they are doing. With that visibility and by monitoring behavior you can learn interesting traits such as:
- Who is using unmanaged endpoints
- Which users have passwords that never expire
- Are there any stale accounts
- Which privileged users are sharing devices
Monitoring behavior of privileged users on a day to day basis affords you the opportunity to see if things are changing -- making it much easier to see if users are accidentally given privilege so you can ensure that only those that need privilege have it.
Different privileged users and accounts will have more risk. Because of the nature of their roles and what they have access to, its very important to be able to understand the level of risk that particular users represent and also to monitor if that risk level spikes which could be indicative of malicious activity such as a possible compromise. Being able to rank your privileged users to see who has the highest risk vs lowest helps you identify where you need to put your attention and if there are areas that you need to take immediate action on.
Management and Control
Visibility and understanding risk gives you what you need to put the third requirement into action: being able to better manage and control privileged users and accounts. When you see that a privileged user has a risk score that suddenly spikes, you need the tools to be able to investigate and take action. Why did it happen? The use of a weak password and/or unusual access to services could be a good reason to take action. Having a range of actions based on risk is important. You don’t want to prevent legitimate business from taking place. So the action could be simply adding them to a watch list or taking a more aggressive action such as disabling the account or even force a password reset. And now that you know exactly what account may have been compromised, you can focus on just that one account and not force every privileged user account to do a reset.
Manually taking action isn’t efficient and could allow a malicious activity to take place before it’s caught. Having a solution that allows you to create policies that manages privileged users automatically helps you to preempt the threat. For example, by default you may want to have a privileged user activity control policy that forces multifactor authentication only when you see certain risky behaviors from the privileged user. Or you could even set authorizers for programmatic accounts going to critical classes of assets.
Being able to have visibility into users, their risk and their behaviors makes it much easier to not only understand who your privilege users and accounts are but also control certain types of actions to certain types of risk.
To see a demonstration on how Preempt can help you better identify and manage your privilege users and accounts watch this video.
Also, to learn more about how Preempt makes it easy to actively monitor, manage, and protect your most privileged users and accounts while simultaneously protecting all users and assets from risk and cyber threats, read our datasheet on Preempt and Privileged Account Management.