In many organisations, privilege delegation can be an all-or-nothing decision. Users typically are given either full administrator rights or have no administrative rights at all. As a result, business users and IT administrators often end up with far more privileges than they need.
This creates a range of challenges for organisations keen to make their IT infrastructures as secure as possible. The top seven challenges are:
1. Powerful accounts represent a large attack surface
Accounts with local administrator privileges represent a large attack surface as they exist on every endpoint and server within the IT environment. Individual user accounts on these same machines that have administrator privileges only expand the attack surface.
Users with administrative rights can intentionally or accidentally change systems configurations. They can disable or uninstall anti-virus tools and stop existing services such as a firewall. They could even install malware and reset passwords locking others out.
From a security perspective, accounts with local administrator privileges are frequently targeted by advanced attackers due to the elevated privileges they provide.
2. Balancing security with productivity
While it’s a security best practice to revoke administrator privileges from business users, many organisations are hesitant to do so. They will be forced to call the help desk every time they need privileges to simply do their day-to-day jobs, resulting in a rise in frustration and an overwhelmed IT team.
3. Too few privileges can lead to privilege creep and increased risks
If all administrative rights are revoked from business users, the IT team will occasionally need to re-grant privileges so those users can perform certain tasks. However, once privileges are re-granted, they are rarely revoked. So, over time, organisations end up with many of their users holding local administrator rights all over again. This ‘privilege creep’ reopens the security loophole associated with excessive administrative rights.
4. Too many privileges can increase the risk of insider and advanced threats
Many organisations are also hesitant to limit IT administrator privileges. In an ideal setting, system administrators, application owners and database administrators would each have their own set of permissions. In practice, however, this segregation of duties can be difficult to implement, leaving IT administrators with far more privileges than truly needed to do their jobs.
Without role-based privilege policies in place, sensitive systems can easily be damaged by inexperienced users, exploited by malicious insiders or compromised by advanced attackers.
5. There will always be an 'administrator' account on each machine
By design, all endpoints and servers contain an administrator, root or similar level account that provides any user in possession with full administrative control. Even if you’ve removed administrator rights from individual user accounts, these powerful administrator accounts will still exist. Poor password management policies for these can result in password reuse across multiple systems, making it easy for an attacker on a compromised machine to laterally move throughout the environment.
6. Despite limited privileges, malware can still get in
By limiting privileges to only those that are absolutely necessary, organisations can reduce their attack surface. The challenge is, however, that not all malicious applications need privileges to execute, and as attackers become more adept in circumventing defences, organisations are increasingly vulnerable to these types of malware.
Research shows most advanced attacks start with phishing emails sent to non-privileged business users and can include highly sophisticated malware. Once inside the network, the malware can compromise machines, steal data, capture credentials or damage systems.
7. Accurately tracking applications
Studies show it is not uncommon to find more than 20,000 different applications across an enterprise. This means malicious applications can easily hide in plain sight because IT teams simply don’t have the time to manually check everything.
With that kind of scale, identifying which applications are good, bad or unknown is daunting and can be cost prohibitive.
Implementing layered security controls
To address these seven challenges, organisations need to find flexible tools that automate the management of local administrator privileges and control of applications on endpoints and servers. This unique combination of least privilege and application control should be part of a balanced and layered security approach that helps organisations reduce their attack surface and protect against threats.
To achieve a balance of security and usability, organisations should consider adopting an integrated privilege management and application control solution that allows IT teams to:
- Automatically determine what applications are trusted by the organisation, identify what privileges are required by each of these applications, and create policies based on these trusts to save valuable IT time and effort.
- Remove local administrator rights from business users, but enable seamless privilege elevation, based on policy, to keep users productive without increasing the attack surface.
- Granularly control which commands and tasks each IT administrator is permitted to execute based on role, to effectively segregate duties and reduce the risk of insider and advanced threats.
- Enable trusted applications to seamlessly run in the environment while automatically blocking malicious applications and restricting privileges for unknown applications.
- Control access to Local Administrator and Domain Administrator accounts that can be used to gain administrative access to Windows endpoints and servers. Store the credentials in a secure, centralised repository that supports strong access controls.
- Immediately rotate all administrator passwords after each use to invalidate any credentials that may have been captured by key logging software and to mitigate the risk of a Pass-the-Hash attack.
- Monitor all activity related to Administrator accounts to enable rapid detection and alerting on anomalous activity that may signal an in-progress attack, as well as allow the security team to gain a more comprehensive audit trail.
Today’s business environment isn’t black and white, and security tools should not be either. Organisations must learn to strike a balance between security and usability to effectively reduce their attack surface while keeping users productive and reducing the burden on IT teams.