<div dir="ltr"><a href="http://www.scmagazineuk.com/the-threat-of-privileged-user-access--monitoring-and-controlling-privilege-users/article/568490/">http://www.scmagazineuk.com/the-threat-of-privileged-user-access--monitoring-and-controlling-privilege-users/article/568490/</a><br><br><p>The days when cyber-security was an afterthought in the business
world are largley long past us. In our current connected age, it is
arguably one of the most important business issues. New malware and
inventive ways to hack into systems emerge constantly, prompting
companies to invest heavily into keeping their security up to date.
However, it also means that while zero-day exploits and other new tools
in the arsenal of cyber-criminals can be very dangerous, for the most
part, security is advanced enough to provide a reliable protection
against most external threats, provided that you invest sufficiently and
follow all the best practices.</p>
<p>However, while denial of service, botnets, malware, ransomware and
other types of external attacks are occupying our headlines, another
dangerous cyber-security threat often goes largely ignored. It is a
threat that comes from within the organisation itself – malicious and
inadvertent insiders. Sensitive financial and personal information
regarding your business and clients can sell for a very large amount of
money, and your very own employees are in the best position to steal it.
Insider threats can be hard to remediate, and even harder to detect in
the first place. It is important to keep an eye on your employees,
especially the ones directly working with valuable data and critical
system configuration files on an everyday basis. </p>
<p>However, the most dangerous insiders are usually the most trusted
ones – employees with privileged accounts. Such accounts not only give
them legitimate access to restricted information, but also full control
over their systems, putting them in the best position to commit
malicious actions. And despite investing heavily into cyber-security,
not many organisations put forth the necessary money and specialists
needed to deal with them. Monitoring and controlling privileged user
access is a necessary part of any reliable security system, but to do it
right, many companies will need to change their approach to the problem
– from treating it as an afterthought to taking a more proactive stance
in employing best practices and security <a href="https://www.ekransystem.com/en" target="_blank">solutions</a> to protect your organisation.</p>
<h2 style="margin:0in 0in 8pt"><span style="color:rgb(0,0,0)"><a name="_xl7oby7axhia"></a>What is a privileged user account? </span></h2>
<p>To understand how to monitor and control privileged users, we first
need to understand what a privileged user account is and how we can
identify it. The term “privileged user account” can be used to describe
any account that gives non-restrictive access to the system. Such
accounts provide users with the ability to access and modify critical
system settings, view restricted data, etc.</p>
<p>There is a variety of different privileged accounts, designed to
fulfil different purposes. Despite the fact that the term is
self-explanatory, some companies have trouble identifying every <a href="http://www.scmagazineuk.com/global-survey-releases-greatest-security-concerns-and-risks/article/441839/">privileged</a> account they use. Therefore, it is important to know what privileged accounts are and for what purpose they can be used.</p>
<p>The easiest way to classify privileged accounts is by the scope that they allow to control:</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Domain accounts</b>
– these types of privileged accounts give administrative access to all
workstations and servers within a particular domain. Accounts of this
type give the highest level of control over the system, such as the
ability to control each system and manage administrative accounts for
each system within the domain.</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Local accounts</b>
– these types of privileged accounts give administrative access to a
single server or workstation. They give full control over the system and
are often used by IT specialists to conduct maintenance of the system.</p>
<p style="margin:0in 0in 0pt 0.5in"><span style="">● </span><b style="">Application accounts</b><span style="">
– these types of privileged accounts give administrative access to
applications. They can be used to access and manage databases, perform
setup and maintenance. These accounts give control over all the data
inside the application and can be easily used to steal sensitive
information.</span></p>
<p>Privileged accounts can be created to fulfil the following purposes:</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Personal privileged accounts</b>
– accounts that give administrative privileges to a single specific
employee. These accounts are often created for managers or database
operators, who work with sensitive information, such as financial or HR
data.</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Administrative accounts</b>
– these are standard administrative accounts created automatically for
every system. They are usually handled by IT or security staff.</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Service accounts</b> – these accounts are created to allow applications to interact over the network in a more secure fashion.</p>
<p style="margin:0in 0in 0pt 0.5in"><span style="">● </span><b style="">Emergency accounts</b><span style="">
– these accounts are used in case of immediate problems that require
elevated level of privileges to be fixed. Such problems can constitute
disaster recovery and business continuity failures. </span></p>
<p>Typical users of privileged accounts are system administrators,
network engineers, database administrators, data centre operators, upper
management, security personnel, etc. All of these positions are
directly working with critical data and infrastructure and usually enjoy
high levels of trust from the company. However, this level of access
and trust is precisely what makes them such a dangerous threat to your
company.</p>
<h2 style="margin:0in 0in 8pt"><span style="color:rgb(0,0,0)"><a name="_g9mg6438m1w6"></a>Danger of privileged user accounts</span></h2>
<p>Elevated level of privileges allows users to perform a wide variety
of malicious actions, from data misuse to completely compromising the
system. Users may use their administrative access to steal sensitive
client data and financial information in order to sell it or even simply
leak it online. Privileged accounts can also be used to modify or
delete sensitive data, opening possibilities for fraud. Tech-savvy users
can use such accounts to install backdoors or exploits allowing them
full access to the system. Disgruntled employees can even bring the
whole system down, by altering critical settings.</p>
<p>However, what makes privileged accounts dangerous is not the extent
of their access, but rather how easy it is for them to perform malicious
action and how hard it can be to detect those. </p>
<p>With legitimate access to sensitive data and system settings,
malicious actions of privileged users are often indistinguishable from
their everyday activity. Such users can easily cover their tracks, and
even if they get caught, they can simply claim that they made a mistake.
Therefore, malicious actions by privileged users can go completely
undetected for a very long time, which will only serve to ramp up
damages and remediation costs when it is finally discovered. </p>
<p>It is also worth noting that malicious attacks are not the only
danger when it comes to privileged accounts. With an extended level of
privileges, mistakes and inadvertent actions can often be just as costly
for a company as a deliberate attack. Simply emailing sensitive data to
the wrong person can cause millions in damages and remediation costs. </p>
<p>Another big concern is the security of such credentials. If
perpetrators can manage to use social engineering or hacking in order to
obtain a privileged account, it will give them access to the whole
system.</p>
<p>Therefore, among all of your employees, privileged users pose the
biggest threat. According to the 2015 Insider Threat Report, 59 percent
of cyber-security specialists consider privileged users to pose the
biggest security risk for their organisations. It is paramount for a
modern company to protect itself from insider threats associated with
privileged accounts. </p>
<h2 style="margin:0in 0in 8pt"><span style="color:rgb(0,0,0)"><a name="_jvhforx9fqux"></a>What we can do about it?</span></h2>
<p>Privileged users present a unique security challenge, because of how
much control over the system they have. This makes it very hard to get a
good grasp on what they are actually doing and many security tools are
not designed to deal with such users and will prove ineffective in
practice.</p>
<p>Ultimately, effective security in this situation comes down to
effective privileged-user management, control and monitoring. You need
to employ right people and right tools for the job and follow the
established industry practices to succeed.</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Privileged-user account management</b>
– you need to make sure that all privileged-users in your organisation
are accounted for and that there are no users with unnecessarily high
level of privileges. Make sure to develop proper creation and
termination procedures for privileged accounts.</p>
<p style="margin:0in 0in 0pt 0.5in">● <b>Privileged-user access control</b>
– you need to know who had access to privileged account, when and for
what purpose. Smart password management, various forms of multi-factor
authentication and access monitoring are great ways to do privileged
access management that will allow you to thoroughly protect privileged
accounts from unauthorised access and precisely identify anyone who uses
such accounts.</p>
<p style="margin:0in 0in 0pt 0.5in"><span style="">● </span><b style="">Privileged-user monitoring</b><span style="">
– recording user actions is the best way to prevent insider threats and
an effective detection tool in case insider attack has happened.
Professional </span><a style="" target="_blank">privileged-user monitoring</a><span style="">
solutions will provide you with necessary visibility to control every
privileged session and immediately respond to any incidents if they
happen.</span></p>
<p>Insider threats in general and the ones associated with privileged
users in particular require a complex layered approach to deal with them
effectively. By making them an integral part of your security strategy
you will be able to better protect your sensitive data from all sides
and strengthen your overall security posture.</p><br></div>