What’s Your Privileged Account Attack Surface?

August 15, 2016 Jessica Stanford

Discovery is the first step to establish effective privileged account security. In our experience and research, organizations typically have at least 3 to 4 times more privileged accounts than employees. This data point gives organizations an idea of what to expect in terms of scope of the project, but each environment is different and the actual numbers vary and can be significantly more.  To help organizations discover how many privileged accounts they have and where they exist, CyberArk offers a free Discovery & Audit tool. With this risk assessment tool, organizations gain visibility into privileged account vulnerabilities across the IT network.

CyberArk Discovery & Audit is a powerful risk assessment tool that discovers:

  • Passwords – Old and static passwords introduce significant risk of compromised credentials. CyberArk Discovery & Audit identifies all privileged account credentials including hard-coded credentials, for example, in IIS, Websphere, and Weblogic.
  • Password hashes – Passwords are frequently hashed and stored on local machines for user convenience by the operating system, but attacks such as Pass-the-Hash leverage these vulnerable password hashes in order to execute a credential theft attack, impersonate employees, and access valuable assets and data. CyberArk Discovery & Audit illustrates which machines store privileged passwords and how an attacker can execute a Pass-the-Hash and Golden Ticket attack.
  • SSH keys – Stored throughout a network, SSH keys pose a major challenge to security teams because these privileged credentials can be easily created without a record, and they are difficult to track, manage or control. CyberArk Discovery & Audit identifies SSH keys (including orphan SSH keys) and illustrates trust relationships that enable access to privileged accounts.
  • Unix security risks – Organizations frequently use sudo (superuser do) to enforce least privilege policies, yet they don’t realize that many sudoer files unknowingly contain misconfigurations that enable privileged users to work around sudo in order to escalate their privileges. It’s particularly critical to protect Unix environments because they often host an organization’s most sensitive data. CyberArk Discovery & Audit discovers potential misconfigurations that could allow users to elevate privileges in Unix without authorization.

An organization’s privileged account attack surface is typically massive as it includes every piece of hardware and software in the enterprise including routers, firewalls, databases, servers, applications, endpoints, etc. With potential vulnerabilities hiding in every corner of the IT infrastructure, it’s vital to gain visibility of the attack surface. A good start is to find and identify privileged accounts across the organization – which is exactly what CyberArk Discovery and Audit is designed to do.

With knowledge of how many privileged accounts exist, and the status of each privileged credential, organizations can begin a privileged account security program by securing the highest risk accounts with a centralized solution. As organizations implement security controls, they can measure progress with metrics on privileged account security health. These milestones help to justify privileged account security programs by proving tangible ROI measures, which are also an effective way to engage with stakeholders.  We encourage you to learn more about this valuable tool.




Previous Article
Passwords Don’t Have to Be the “Enemy of Security”
Passwords Don’t Have to Be the “Enemy of Security”

The headline of an Ars Technica article on password rotation recently caught my attention, “Frequent Passwo...

Next Article
Building Privileged Account Security into the Cloud
Building Privileged Account Security into the Cloud

In our regular conversations with customers and others, many tell us their organization is on a “journey to...