NIST Recommendations for Securing Virtual Environments: Don’t Forget about Privileged Accounts
By John Worrall
Business-critical data increasingly is being moved to the cloud, which is why the new NIST recommendations for how enterprises and IT departments can better secure their virtual environments and hypervisor software are incredibly important.
The guidelines highlight two different approaches to securing hypervisors – the first is based on architectural options and the second is based on configuration choices that form the core administrative functions.
NIST recommends accounting for five primary hypervisor functions: 1) execution isolation for virtual machines, 2) device emulation and access control, 3) execution of privileged operations for guest virtual machines (VMs) by the hypervisor, 4) management of VMs, and 5) administration of hypervisor host and hypervisor software.
The report goes on to make 22 security recommendations in correlation to each primary hypervisor function. One of these recommendations addresses direct access, saying “the number of user accounts (including privileged accounts) requiring direct access to hypervisor host should be limited to bare minimum (i.e., two or three).”
Moreover, the report goes on to recommend that user accounts should be managed through a directory infrastructure which enables organizations to monitor account changes in a central location (i.e. delete an account if an employee is no longer with the organization) and set password policies (i.e. complexity and expiration rules) that can be centrally defined and enforced.
While hypervisor security is important regardless of which approach your organization chooses to adopt, here at CyberArk we are firm believers that privileged account security should be at the core of every comprehensive security strategy. According to our recent threat report, privileged accounts are exploited in 80-100% of all advanced attacks. This means that organizations should be most concerned about protecting against the exploitation of privileged accounts that allow perpetrators to move across their entire virtualized environment.
As the first step for any organization that has implemented virtual environments and hypervisor software, there should be a full sweep and inventory of existing privileged accounts to determine how many exist, how many are being used and where flaws in the system might exist. Free tools such as our Discovery & Audit utility can help with this. Next, organizations must continue to diligently control and monitor privileged account activity in order to properly secure the network.
The sooner organizations realize that privileged accounts are at the core of all successful targeted attacks and data breaches – regardless of whether employees work in local or virtualized environments – the sooner they can close the door on would-be attackers, and take control of their network and data. Our white paper is a good resource to find out how CyberArk can help organizations to effectively and efficiently meet the full range of requirements regarding privileged accounts related to NIST.