CIO OPINION
use a free tool, or existing product already
in your organisation to find them? Odds
are you are already doing this and you
just need to know where to look to get this
information. It would be foolish not to.
So how do you spend a penny or less to
discover privileged accounts and rate their
risk? Look no further than your existing
operations and security teams. Your existing
teams probably have a vulnerability
assessment solution capable of performing
user enumeration for operating systems,
applications and databases.
Within that data, the results should include
accounts and their creation date, last login
date, password age and which groups they
belong to, including administrator’s group or
root. The results of these scans are generally
ignored by vulnerability assessment teams
but invaluable to security teams attempting
to gauge the exposure of privileged
accounts. If you can discover where
privileged accounts exist, you can measure
52
INTELLIGENTCIO
“
CRITICALITY
CAN COME FROM
VULNERABILITIES
OR UNRESTRICTED,
UNMANAGED AND
UNDELEGATED
ACCESS IN
ADDITION TO
ATTACK VECTORS
THAT HAVE
WORKABLE
EXPLOITS.
their risk and then monitor for their usage.
Any inappropriate access can be highlighted
using log management or a SIEM and
properly escalated for investigation.
Now I know some of my readers may
be going – so what? We already do this.
That is great but do you take this to the
next level and actually assign a risk to the
account? Do you quantify how often it is
used, where it’s used from and how many
people are using it (sharing accounts is a
bad security practice, by the way)? This is
where a penny becomes important, verses
being foolish.
All privileged accounts are not equal.
Some are worth a penny (figuratively) and
others a lot more based on risk. A domain
administrator account is of higher value
than a local administrator account with a
unique password (although that may be
good enough to leverage for future lateral
movement). Treating every privileged
account the same is foolish.
www.intelligentcio.com