The importance of privileged user management has been highlighted as a key area of data loss prevention (DLP) and network management.
Cyber-Ark VP of products, strategy and sales Adam Bosnian claimed that DLP is able to track where malware comes in from, but the first action should be to close the door. He said that there is a need to firstly understand privilege, then process privileged users and use a rational thought process and a device to implement identity ‘rather than wait for an attacker to put a stick in your eye'.
He said that there is a concern with how to deal with applications logging into systems that use embedded passwords with an application login. He said: “You had your PCI audit but users have built in passwords, so how secure is the web app? This is where you will fail an audit, if you do a simple seek you will find an account that can login to your network and the database does not know it is the application logging in or not.
“The consumer is the biggest risk as you have spent money on securing the network but look at data losses, the biggest thing is the insider threat. We are putting a band-aid over the problem, are your privileged accounts controlled? You think the problem is sorted, but it is not in any way as you have not secured your privileged accounts.”
He claimed that companies are waking up to the reality of privileged user management but the process to get it protected and recognised is taking too much time.
He said: “How many people use the 'admin' account? 150 people? It could be a negligent problem; the ability to track identities is important and preventative. Who is sysadmin? Now whose problem is it, and can I fix the application problem?”
Commenting, Simon Godfrey, director of security solutions at CA, said that he could see the challenge and a problem lies with outsourcing. He said: “You outsource the management of systems, you are giving control to someone you do not know, but there is a big rule of expulsion if you are found to be doing it, but it is not effective to regulatory needs to show examples.”
Andrew Clarke, managing director EMEA at e-DMZ Security, commented that access to systems and applications using privileged passwords are often shared or badly secured. The root of the problem is that data centres have many infrastructure devices such as firewalls, routers, and storage that are built with hard-wired user names such as ‘Administrator', ‘Root', ‘db2admin', or ‘System' to allow management of the device, or troubleshooting in the event of problems.
Also many applications are shipped with administrator passwords, which give access to important underlying functions such as configuration or integration capabilities, as also are operating system products such as root directory access within Unix and Linux.
“Organisations face further problems due to legacy code in which the administrator passwords are hard-coded into operational code, in order to facilitate application-to-application, or application-to-system integration. Whether passwords in an organisation are hard-coded, shared, or otherwise inappropriately secured, the result is increased risk,” said Clarke.