Given the general focus on most organizations on the attackers out there, they may miss the attackers that actually have the credentials and knowledge to do some real damage. These are your so-call privileged users and far too many organizations don’t do much to protect themselves from an attack from that community. By the way, this doesn’t necessarily require a malicious insider. Rather it’s very possible (if not plausible) that a privileged user’s device gets compromised, therefore giving the attacker access to the administrator’s credentials. Right, that’s a bad day. Thus we’ve written a paper called Watching the Watchers: Guarding the Keys to the Kingdom to describe the problem and offer some ideas on solutions.
A compromised P-user can cause all sorts of damage and so needs to be actively managed. Let’s now talk about solutions. Most analysts favor models to describe things, and we call ours the Privileged User Lifecycle. But pretty as the lifecycle diagram is, first let’s scope it to define beginning and ending points. Our lifecycle starts when the privileged user receives escalated privileges, and ends when they are no longer privileged or leave the organization, whichever comes first.
We would like to thank Xceedium for sponsoring the research. Check it out, we think it’s a great overview of an issue facing every organization. At least those with administrators.
The paper is based on the following posts: