In listening to Brad Bussie’s recent webinar, I learned that securing privileged access is a complex and serious problem for organizations of any size. In a recent cybersecurity study by Praetorian, they ranked privileged system access among the top five most prevalent threats to corporate data. Why? Because system-level access has sprawled significantly over the years and most organizations have no way to govern or clean up privileged access that is no longer needed, making these systems a prime target for attackers. PIM solutions help with this problem but are often implemented using a “line in the sand” approach, neglecting much of the privileged access that already exists across thousands of endpoints.
Stealthbits has over a decade of experience helping customers understand how administrative access has been granted to their desktop and server infrastructure, and who effectively has these highly privileged access rights. This blog outlines a 5-step process you can follow to bring your systems back under centralized control. It also highlights key reports that provide even deeper insight into critical system-level configurations and conditions that attackers exploit in almost every breach scenario.
Step 1: Survey and Analyze
The first step is to scan your systems to get an inventory of what’s out there and who has access to it, e.g., local admin groups, applications, etc. This information will serve as your baseline for prioritizing focus areas.
Step 2: Focus on What Matters Most
The second step is to review your scan findings and define the areas you want to tackle first. These areas can include systems housing critical applications or systems with an excessive number of users that have privileged access rights.
Step 3: Get the Right Stakeholders Involved
The third step is to figure out which stakeholders need to be involved in your auditing efforts by determining who technically “owns” each system. Key stakeholders usually are business owners, data custodians, and local (and other) administrators.
Step 4: Review and Remediate
With stakeholder support and feedback, you can begin securing your systems by removing access privileges that are no longer needed and instantiating ongoing entitlement reviews to ensure only the right people have access at all times.
Step 5: What’s Next?
After you complete steps one through four of your top priorities, begin again at step one with your next set of priorities. Keep repeating the cycle until you have addressed all your systems. Periodic entitlement reviews are the best way to keep systems clean so they do not get out of control again.
StealthAUDIT not only provides deep visibility into administrative access rights but virtually anything else you’d want to know about your Windows desktop and server infrastructure. Our Security Best Practice reports provide key insights based on published attack paths and best practices from Microsoft and other industry experts to help you protect your systems and the data stored on them. You can use the reports below, or customize your own, to find exactly where you’re vulnerable:
Tuula Fai is the Senior Marketing Director of StealthAUDIT at STEALTHbits. For the past 20 years, she has worked in a variety of roles within the software industry, starting as a developer and implementation engineer before moving into product marketing and digital campaigns. Having worked in both customer service and human resources, she is passionate about safeguarding customer and employee data as part of overall security initiatives. She graduated Summa cum Laude from Georgetown with an MBA in marketing and IT, and has won two technology marketing awards. You can find her running and writing in the Rocky Mountains of Colorado.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.