Attackers have proven far too successful at starting with one little end-user account and laterally moving along until they gain privileged credentials and can do whatever they want and access whatever they want.
Preventive control technologies like strong authentication, privileged password management and red-forest (ESAE) are rightly getting a lot of attention but that’s just one important layer consisting of preventive controls. And usually you can’t enforce the technologies 100% across the board.
In this real training for free session we will discuss a different defense layer of detective control you can implement around privileged accounts that reinforces those preventive controls where deployed and compensates where they aren’t.
We’re talking about measuring every dimension of potential lateral movement for privileged accounts including
- Membership of built-in privileged groups
- Members of nested groups
- Users where their adminCount property > 0
- Identifying privileged users via delegated permissions
- Identify who can extend/expand privileged authority by
- group membership
- delegation of privileged permissions
- password reset of privileged accounts
- Endpoints
- Already exposed to privileged credentials
- Potential for exposure because of current logon rights
As you can see there are many dimensions to admin authority and if any one of them is too loose, you are increasing the potential for privileged credential theft by lateral movement.
Understanding all these dimensions is the first step, but the real value comes when you gain the visibility necessary to measure each of these dimensions in your environment. Even collapsing nested groups to get a flat list of all administrators can be time consuming much less analyzing the ACL of each object in AD to find delegated permission. So Matthew Vinton, from our sponsor Quest, will briefly show you how Quest Enterprise Reporter makes this easy.
Please join us for this real training for free session.