How can one protect privileged accounts against hackers? CyberArk DNA will help

Cybercriminals get through to sensitive business information in many different ways. Sometimes they use privileged accounts. Such accounts allow them to grant themselves additional privileges within IT systems. That is how they get even wider access to data and greater possibilities of activity in the corporate internal network.

Is it possible to prevent the interception of privileged accounts by hackers? One can certainly reinforce their safeguards and provide managers with enhanced control over the access to the company’s sensitive information.

One of the tools which can help enterprises in their organisation of privileged accounts is CyberArk Discovery & Audit (DNA). This solution is easy to use and extremely helpful. Let us bear in mind that the majority of breaches into enterprise systems occur by the interception of a privileged account. Moreover, hackers who manage to access an internal network in such a manner may navigate it for several months before they launch an attack. It is easy to imagine the amount of information about business operations, customers and employees they can collect during that time, says Krzysztof Andrian, CEO at Concept Data.

How can one find privileged accounts?

How is it possible that cybercriminals intercept accounts with wide privileges? In many enterprises, the number of privileged accounts is several time higher than the overall headcount. These are often forgotten accounts with old passwords used for different systems, unsecured and unmonitored. Sometimes hackers also manage to breach into active accounts which have weak passwords and are not monitored in real time.

The basis for a company’s safeguards is first of all the identification of all privileged accounts in the corporate systems, the assessment of their security features and the minimization of the group of users with excessive privileges. This is made possible by CyberArk DNA, adds Krzysztof Andrian.

What is CyberArk DNA and how does it work?

CyberArk DNA scans devices equipped with Windows and Unix in order to detect privileged accounts, certificate hashes and SSH keys. It identifies unchanged passwords in some of the most popular application servers and it generates reports. Importantly, the tools does not require any installation or infrastructures and it can be launched on nearly ever client with a Windows operating system. It is sufficient that it has access to the target systems that need scanning via standard ports and protocols. CyberArk supports numerous functions, including:

• find privileged accounts (in the company’s local and cloud-based systems),
  • assess the security of such accounts,
  • identify devices vulnerable to attacks,
  • identify accounts with higher privileges,
  • identify the most privileged users,
  • find accounts that fail to comply with the company’s security policies.

Privileged account risk assessment

By using the DNA audit report, a company can assess the risk and take actions to improve the security of data and systems. Risk consists of multiple elements detected by CyberArk, including:

• Password age. The older the password, the greater the risk that it can be accessed by many users within and outside the organisation. Very old passwords mean that the system contains inactive accounts which have not been deleted.
  • A map of vulnerabilities that facilitate pass-the-hash attacks. On the basis of the DNA audit report and the map, an enterprise can identify devices and accounts which generate the greatest risk. With this knowledge one may determine priorities regarding the security and management of privileged accounts in the most exposed systems.
  • A map of SSH key trust. Single private SSH keys may be used to get access to multiple accounts and target systems, while target systems may contain additional SSH keys used for accessing other systems.
  • System criticality. Enterprises which have performed a comprehensive risk assessment can identify systems which contain the most sensitive data and applications. The more critical a system is, the greater is the risk as well as the need to ensure strict access control.

The DNA audit is a perfect tool for the verification of who has access to corporate systems and applications and on what principles. It is obvious one cannot protect what is not seen. The visibility of what happens within a network is the first step towards security improvement and a better protection of enterprise data.

More on protecting corporate data and infrastructure:

Imperva SONAR. A new dimension of data analysis and security

A secure OT infrastructure. Is that possible?

Secure DevOps environment. Benefits of implementing CyberArk Dynamic Access Provider