Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

6 Tips for Securing Privileged Accounts in the Enterprise

Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credentials are at the heart of most all modern attacks and breaches. Attackers can easily obtain credentials via phishing attacks, brute force, keyloggers, pass-the-hash techniques, or using a database of previously stolen credentials. And once an account is compromised, the attacker can see and do anything that is allowed for that user or account.

The higher the privileges of the account, the more valuable it is to an attacker. Compromise a network administrator, and an attacker would have free rein over the network, its applications, and devices. 

However, privileged users are not just limited to IT and security staff. Executives often have access to highly sensitive data, and are regularly granted exceptions to standard security policy. Employees and contractors can be granted higher privileges out of a short-term necessity and later forgotten. Attackers are highly skilled at finding privilege in the nework and turning it to their advantage. 6tips-Privileged-Users-thumbnail.png

To learn more about best practices for keeping privileged accounts secure, you can download our new paper 6 Tips for Securing Privleged Accounts.

Here is a synopsis of some of the key ways that you keep these all-important accounts secure. 

  1. Identify and Track Privileged Accounts
    Privileged accounts can cause serious damage in the wrong hands. Keeping track of privileged accounts and endpoints is the first step towards keeping them secure.
  2. Downgrade Accounts Where Possible
    Users with unnecessary privileged access present a common problem for many enterprise networks that are heavily exploited by cyber attackers. Privileged access means a higher risk of compromising the enterprise network. 
  3. Not all Service Accounts Need Privileged Access
    Some of the service accounts that are used by applications required to make changes that only privileged account can be, they can be privileged account but not all service accounts need to be privileged accounts. Service accounts should be carefully review and appropriate access should be provided.
  4. Don’t use the Administrator Account as a Shared Account
    In many enterprise networks, the administrator account is used for servicing other accounts or making changes in the network. A shared administrator account should never be used as a service account or otherwise.
  5. Remove Stale Privileged Accounts
    As the IT team grows bigger, security teams should regularly review service accounts and privileged user accounts on a regular basis. If a privileged account is stale, security personnel should review it and disable it if it is not required anymore.
  6. Change Default Passwords and Enforce Strict Password Rules
    Weak passwords are a common culprit that let cyber attackers into enterprise networks or let them gain access to more servers and user accounts by lateral movement. When it comes to passwords, be different and unique – it could make all the difference. 

Download the full paper here:6tips-Privileged-Users-thumbnail.png

 

 

 

 

 

Topics: CISO, Privileged Accounts, Privileged Users,

Posted by Heather Howland on March 2, 2018 6:00 AM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More