Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

PAM Security Blog Series Part 3: How to secure your privileged credentials

Written by Thycotic Team

July 21st, 2015

In this video blog series, IT security experts explain why compromised privileged credentials are at the heart of most large-scale cyber-attacks, and how privileged account management can help IT teams mitigate a host of security and compliance issues.

Part 1 | Part 2 | Part 3 | Part 4

You’ve heard from the experts why privileged credentials are at the heart of most large-scale cyber-attacks, read countless data breach investigation reports, and probably have your own story of an insider or outsider privileged credential attack. According to Dave Shackleford, “The time is now my friends to implement privileged access management.” If you still have your hesitations, watch part three of our video series to hear how you can stop the biggest threat to your enterprise data security. So, what are you waiting for?

The time is now for privileged account management

“The time is now my friends to implement privileged account management. If you’ve been thinking about it, if it’s something on your radar, all security professionals know that this is something that they need to pay more attention to and now is the time to do it. We’ve seen enough examples. In the media we’ve seen breaches that have involved privileged accounts, directly or indirectly. We have enough case studies of advanced malware and threats taking advantage of privileged users and there account credentials to do lots of damage to organizations both publicly and privately.

Then certainly we have enough cases that I’ve talked to in terms of leaving domain admin credentials in place for a year or using really weak administrative credentials at point of sale terminals and systems in retail establishments. Or even using system level accounts that are embedded into scripts to gain access to databases. All of these things can be re-mediated by implementing a sound privileged account management strategy.

For years we’ve know this is one of the most foundational and fundamental controls that we can put in place and also one that is pervasive and extends across many parts of our organization. You will see immediate benefits from putting a privileged account management solution in place. The bigger you are, the more you’re going to see these immediate benefits because you probably have accounts that you don’t even know about. You probably have assets that are being managed in multiple different ways that need to be centralized.”

Take privileged accounts out of the authentication stack, and put them somewhere else

What you’re always going to find is that bad guys are going to go after your authentication stack because it becomes the way of getting privileges on all of the systems in the network. The only way to protect against an authentication stack breach is to strip the privilege part out of your authentication stack and put that someplace else. That’s where privileged account management comes in very nicely. It also becomes a single place where you can implement two factor authentication, which I’m a huge fan of.

Put privileged accounts into a privileged account management system

The other approach is to pull the privileged accounts completely out of your authentication stack and put them into a privileged account management system. This is where you have a pool of unprivileged users that are managed from the outside using a privileged account management system. This works a lot better because a privileged account management system is a central place where you can not only require two-factor authentication, but where you have the auditability of being able to separate out ordinary from privilege then watch the privilege much more carefully.


Like this post?

Get our top blog posts delivered to your inbox once a month.