Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Qualys Security Conference Reveals Tension Between Security and IT Operations

Written by Thycotic Team

November 11th, 2014

In my previous post, ‘Vulnerability Scanning: Is Unauthenticated Scanning Enough?’ I discussed the differences between authenticated and unauthenticated scans, and how Qualys and Thycotic work together to find vulnerabilities for better security. When performing authenticated scans, Qualys uses credentials to find sensitive issues such as malware, patches, incorrect configuration, and other vulnerabilities. It then scans the internal network to simulate what a user of the system could potentially do, thus requiring powerful credentials with high levels of access.

These powerful credentials and vulnerability scans mainly affect two parties: IT Security and IT Operations. IT Security is focused on finding vulnerabilities, receiving fewer false positives, and gaining a better understanding of their internal network. However, Operations uses these credentials daily and is wary of sharing them with employees who don’t need a high level of access. This leads to a common dilemma: Security needs access to privileged credentials, yet Operations doesn’t have a way of securely sharing them.

At Qualys Security Conference we were able to speak with IT professionals on both sides of the dilemma to understand the true tension between both teams. The Head of IT Security at a large retail organization stated, “When performing scans with Qualys, I don’t want to know what credentials are being used and I don’t even want to see them.” Sharing credentials and putting them in the hands of employees who don’t need access is a vulnerability in itself. One system administrator noted, “We have concern with credentials leaving our team, and we don’t want to use a single domain account for the entire scan.” These IT organizations are then left without a place to store these credentials, and no way of securely sharing them.

The solution: Secret Server. Secret Server acts as a secure repository and allows employees to share credentials in a secure way. John Bullough, a Network Security Administrator at America First Credit Union, says, “Using the Secret Server / Qualys integration lets us perform authenticated scans while keeping passwords secure on-premise.” With the implementation of Secret Server and Qualys, IT teams are able to securely share network access with the Qualys tool and gain a more realistic understanding of the network’s security.

Besides easing the tension between Security and IT Operations teams, there are other key benefits of using a privileged access management solution and performing authenticated scanning:

• Reduce your workload by eliminating hundreds or thousands of false positives.
• Gain deeper insight into your devices by checking registry keys, open file shares, and running services.
• Improve security and reduce risk.
• Be able to use the Qualys more fully to achieve greater business value.


Like this post?

Get our top blog posts delivered to your inbox once a month.