Leaving the door open for hackers

Courion asks: how secure are your service accounts? Most don’t realise the number of service accounts that exist within their organisation, frequently with default password settings created during software installation still in place. The problem is, service accounts typically provide privileged access to valuable and confidential data. Because service accounts are not proactively managed, they represent an especially attractive target to a hacker.

  • 10 years ago Posted in

Service accounts characteristically do not correspond to a user; rather, these are accounts that are used by software to access and interact with other software, devices or data. The passwords for service accounts frequently remain unchanged in the interest of avoiding the loss of this interconnectivity. But service accounts left ungoverned, with default password settings in place, make your organisation particularly vulnerable to a data breach. In fact, the now infamous Target breach began when hackers gained network access via a service account created automatically by a software installation. The attack eventually cost the company an estimated $2.2 billion.


Based on evaluations of access risk recently conducted by Courion at dozens of leading corporations, IT security organisations typically underestimate the number of service accounts with elevated access rights that exist and which have not had a password reset in 365 days or more. For example, Courion found 500 or more service accounts with default password settings in place at several organisations.


By the time an annual or semi-annual audit reveals that service accounts represent access risk, a hacker may be long gone with company-critical data. To address this, Courion offers an evaluation of access risk which leverages Access Insight™, an identity and access intelligence solution, to analyse password reset history, login history, privilege patterns, ownership, and more to determine accounts that may be service accounts and which may represent a high risk of compromise. A prioritised view of where remedial action is needed most is also provided.


“Our access risk quick scans are eye-opening for many CISOs, CIOs and Chief Risk Officers. It’s impossible with traditional IAM technologies to see through the complexity of an organisation’s identity and access infrastructure to identify possible access risks, but Access Insight allows you to do exactly that,” said Chris Zannetos, CEO of Courion. “Identity and Access Intelligence is not just a nice to have, it is required to get ahead of hackers, corral out-of-policy access provisioning, and turn certification from a rubber stamping exercise into an effective control.”
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...