The list of news headlines continues to grow: Millions of dollars diverted through a financial services communication network. Hundreds of millions of credit card numbers stolen from retailers. Millions of individual health records compromised. The common thread across many of these breaches—and the countless others that continue to go undiscovered—is the compromise of privileged credentials.
Privileged credentials represent “the keys to the IT kingdom.” Intended for use only by authorized administrators, privileged credentials have very little, if any, restrictions on their capabilities. These credentials unlock accounts that can be used to modify system configurations, access sensitive information, and even shut systems down, making them a preferred target of external attackers and malicious insiders alike.
Humans comprise the new perimeter, and even with the best technology and security training, they continue to fall victim to targeted attacks. The use of spear phishing and social engineering has exploded, often granting attackers their first foothold inside an organization’s systems. From an initial entry point, attackers can use the limited, local access to escalate privileges, pivot throughout the environment, and ultimately gain complete administrative control over entire domains. Because these attackers operate using legitimate, yet compromised, privileged accounts, the attacks often go undetected for months, allowing for uninterrupted reconnaissance and the strategic placement of malware that can be used to exfiltrate data, cause system outages, and wreak havoc across the organization. These risks are exponentially increased in organizations that provide vendors and third parties with access to the corporate network.