Service accounts are under managed and overprivileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of the directories think the application or security team are giving the service accounts special attention. If security has a Privileged Identity Management (PIM) platform, they likely have service account management on their to-do list. But most haven’t gotten around to doing it. These accounts need the special rights they are granted to be useful. The power that grants them combined with the management twilight zone they live in makes them especially vulnerable to exploit.
Our blog series covers how a bad guy may go about exploiting service accounts. In the podcast, we’ve talked a little more about what that may mean in terms of impact if they are attacked successfully. In the end, though, the core advice you should hear is simply to start paying attention to these. Much like the crazy entitlement structures in the unstructured data world can suddenly become fatal to your plans when you want to be nimble, migrate to the cloud, or consolidate infrastructure, the lack of management around service accounts can become a hot spot from a security standpoint when you least expect it. There are many things you can do, from simply creating these accounts well to start to leveraging a PIM system to manage them, but none of them can start before service accounts get a little bit of mindshare from you and your teams.
Click here to listen to the podcast.
To read the full blog series accompanying the podcast, please click here.
To be notified of Insider Threat Podcast episodes, sign up here.
Jonathan Sander is STEALTHbits’ Chief Technology Officer (CTO). As CTO, he is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets, and he will also lead corporate development efforts. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software.
As part of Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios. He helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previous to that, Mr. Sander was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. He graduated from Fordham University with a degree in Philosophy.