#TEISS16: How good privileged account management can help bolster firms' security -TEISS® : Cracking Cyber Security

IoT / #TEISS16: How good privileged account management can help bolster firms’ security

#TEISS16: How good privileged account management can help bolster firms’ security

Good privileged account management can be critical to cyber breach prevention and detection and can help to minimise the damage done when an incident does occur.

Alex Wilson

Speaking at The European Information Security Summit 2016, CyberArk professional services manager Alex Wilson said: “You can’t ever prevent everything, so what do you do when you have been breached and how can you minimise the effect of that?”

He focused on privileged accounts, saying that everyone from employees who use company social media accounts to system administrators use these.

“If we have a look at the attack chain, there are two ways in,” Wilson said. “We have internal users who already have access to the privileged credentials, and we have external threats.”

External threat actors, he explained, will move laterally, looking for more privileged credentials in an attempt to get as much access as possible and eventually move upwards.

For clarity, firms need to know who is accessing which account, why they are accessing it and what they are actually doing while they are there.

“What if you’ve got an employee within a third party who leaves?” Wilson asked. “Are you told about that, or do they just know?”

There also needs to be a process for investigating new applications, he said, and also one to monitor credentials when it comes to cloud services.

And, of course, it is impossible to have clarity around accounts security do not know about.

“What we end up with is a mixed approach with a lack of consistency across the mix of application types,” Wilson said of the complexity of account management.

This creates security problems because by, for example, using Windows authentication to access other devices, they all become vulnerable to Windows exploits.

And using a single account to access all of these means only one breach could give an attacker access to all of those services.

But by using a central vault of accounts that a user logs into to access the other services, which can track which user is accessing those services and require that they log in using two-factor authentication or biometrics.


Click here to catch up on our coverage of The European Information Security Summit 2016.

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!