Xylos brands

The anatomy of a privileged hack – 3 questions and answers

Are you worried about data breaches or credential theft? Do you fear that hackers might misuse this information for financial gain?  As an organisation, you can protect yourself against these types of hacks by deploying solutions that protect your data and your identities. Together with our partner Thycotic, we’ll show you what to do.
 

Why do I need to protect privileged accounts?

Some hackers focus on harming businesses, using techniques such as spreading CryptoLocker ransomware inside your organisation. Typically, privileged accounts are the number one target of such attacks.

Privileged accounts can be found everywhere in your organisation: they are used to manage your server operating systems, run your applications, or connect to your managed hardware. Briefly put, privileged accounts can be described as ‘the keys to the kingdom’.

Despite this, many businesses don’t pay the necessary attention to securing their privileged accounts. How many organisations have a plethora of domain admin service accounts with the option ‘Password Never Expires’ activated? How many companies use a single password to secure all their privileged accounts? These are just two of the many weak spots that hackers looking to attack an organisation might discover and exploit.

To PAM or not to PAM?

Privileged Account Management solutions are an efficient way to tackle these challenges. Are you wondering what Privileged Account Management could do for you?

A Privileged Account Management system eliminates threats that might target your organisation’s Privileged Accounts.

  • Privileged Accounts are stored in an encrypted password vault. This is combined with password rotation or hiding passwords from the system admin, which builds a solid barrier between your Privileged Accounts and external threats.
  • Privileged Account Management also protects your organisation against internal threats with an extensive set of tools, such as auditing, alerts, session monitoring and recording. Role-based access ensures that your IT staff members only have access to the data they need to perform their job.

How do I get an overview of my privileged accounts?

How exactly does one implement Privileged Account Management? Before I did this, I used to store the passwords of privileged accounts in a password-protected Excel file (but who manages the password of the excel file? 😉). Unfortunately, Excel is not a password management tool – it can’t keep track of who uses the privileged account, and it can’t limit people’s access to passwords based on their role in the organisation.

The first step to implementing Privileged Account Management is getting a better understanding of your unmanaged privileged accounts and the purposes for which they are used.

After you’ve mapped out where your business uses unmanaged privileged accounts, you can increase their security step by step. This gradual approach will increase your PAM maturity level and should include the following steps:

  • Define the role-based access model to determine which credentials can be used by which user types
  • Check if the credentials of your privileged accounts are still valid
  • Set up password rotation for privileged accounts
  • Automatically detect service accounts and enable password rotation for them
  • Implement approval workflows for certain privileged accounts
  • Monitor and record sessions

Do you want to know more about our security offer? Be sure to have a look at our Thycotic solutions.

Share this blogpost

Also interesting for you

Leave a reply

Your email address will not be published. Required fields are marked.