Privileged accounts are those accounts you most definitely never want to lose control over. These accounts include what used to be commonly called “superuser” accounts, those accounts that provide the highest level of access to a system, such as a server, local endpoints, and others. You can consider privileged accounts to be like administrative accounts that provide a higher level of access, typically to configure, manage and otherwise support a system. These types of accounts are often unrestricted, or lightly restricted.
With that in mind, it’s no wonder that attackers seek privileged accounts whenever they target an organization. A few years ago the Verizon Data Breach Investigations Report broke out privileged access as a segment and found that 53 percent of breaches were due to the misuse of privileged accounts.
While some organizations have started to manage these accounts properly, many others have not. With that in mind, the U.S. National Institute of Standards and Technology (NIST) published draft guidance on the Privileged Account Management for the Financial Services Sector.
While the guide targets the financial services sector, the guidance can be used by any organization in any industry to manage privileged accounts more effectively. The guidance is flexible enough to be able to be applied in a way that specific to the organization.
Consider privileged account management as a subject within an organization’s broader identity and access management program that specializes in securing these high-risk accounts. While some companies use a Privileged Account Management product to govern these accounts, other organizations secure, monitor and manage these accounts through sound security practices and processes.
The guidance included a number of scenarios that show examples of how to implement PAM, including a scenario to secure the infrastructure of an organization. This would consist of networking devices, servers, workstations, databases, applications, and related systems and equipment. According to the guidance, these users are typically system administrators. In the example shared by NIST, the workstations for these users should be more tightly monitored, and their drives should be encrypted, along with traffic too and from the workstation.
In a separate scenario shared by NIST, they took a look at protecting the credentials for security information and event management system, or SIEM. Because SIEMs collect information about potential vulnerabilities, and insights on possible attacks, SIEMs — and their administrators — are juicy targets for adversaries. Anyone who administers or operates the SIEM needs to have their privileged credentials protected, as well as all of their associated workstations.
Industry partners developed the guide with the National Cybersecurity Center of Excellence (NCCoE). The NCCoE is a part of NIST and is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address common security challenges.
The Guide provides other examples, and even if the scenarios don’t match up exactly to fit an organization, the principles can be easily applied.
A copy of Privileged Account Management for the Financial Services Sector can be found directly here.