• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      Is it time you switched to Database-as-a-Service?

      In this webinar learn how to leverage the advantages of in-VPC deployment, multi-cluster management, hybrid cloud replication, and more, all while delivering operational transparency and low TCO.

      • Date: 13 Apr 2021
      • Computing UK, London
      event logo
      How to overcome your Active Directory consolidation challenges

      In this web seminar we explore how best to go about assessing and modernising your AD as we reveal our research findings into AD health and readiness, consolidation challenges, and strategies for success.

      • Date: 20 Apr 2021
      event logo
      Desklix: Digital Workplace

      The Coronavirus pandemic has had a huge impact on our lives with most organisations making a sudden switch to mass remote working. As restrictions are progressively eased, the impact continues, with organisations having to decide when to allow staff back into offices, what proportion of remote working should be expected, and how all of this should be supported.Take part in this virtual event to put your questions to the experts, and see what your peers have learnt from the pandemic, and how they plan to apply this understanding to 2021 and beyond.

      • Date: 12 May 2021
      event logo
      AI & Machine Learning Awards 2021

      The Computing AI & Machine Learning Awards recognise the best companies, individuals, and projects in the AI space today. The awards cover every corner of the industry: security, ethics, data analysis, innovation and more, as well as showcasing the movers and shakers: the technology heroes and projects that deserve industry-wide praise. The winners will be announced in London on 1 July 2020. Entries are now open!

      • Date: 09 Jun 2021
      • TBC, London
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
 

Sponsor content:

What's this?

This content has been provided by our sponsors and is a paid advertisement.
  • Threats and Risks

Do you know about the power of privileged access?

Attackers often target superuser accounts with access to data and systems - how do you protect them?

Privileged accounts can represent a danger to business security
Privileged accounts can represent a danger to business security
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

The concept of ‘privilege' is integral to protecting computers and networks, but it wasn't until it was leveraged in several high-profile attacks that the security industry began to pay attention. Gartner recently listed privileged account management as the top security project for businesses, stating, 'CISOs should focus on these ten security projects to reduce risk and make a large impact on the business'. The company has also released its first Magic Quadrant for the Privileged Access Management market. Privilege is now something that all IT leaders - but especially the CISO - must be aware of.

Privileged access originally referred to the shared accounts that IT and systems administrators used to maintain networks and systems, with total visibility and control of data and information systems. "Whoever controlled these accounts controlled the network," said David Higgins, director of customer development at CyberArk.

The introduction of the Sarbanes-Oxley Act (SOX) in 2002 was one of the first times that securing privileged accounts became necessary to achieve compliance with a major regulation, although new laws like the USA's Health Insurance Portability and Accountability Act (HIPPA) have continued the trend.

SOX marked the point at which regulators began to understand just how much power individual users were able to gain over networks and data from privileged accounts.

The danger of that power was first demonstrated in the 2008 attack on San Francisco's FiberWAN network, during which disgruntled sysadmin Terry Childs locked access to the network by resetting administrative passwords to its switches and routers, by creating a password that gave him exclusive access to the system.

This massive denial of service attack was enabled by a single malicious insider with privileged access. What would happen if Childs had been an outside attacker?

"The ensuing years give us an answer," said Higgins. "From Edward Snowden, to Yahoo! and the Office of Personnel Management, to the SWIFT Bank attacks and the breach at Uber - the common denominator was that attackers exploited the access typically granted to a powerful insider and used it to launch and execute their attacks."

Today, privileged credentials exist everywhere, and the threat landscape continues to grow. Attackers know this as well, which is why nearly all of today's advanced attacks rely on exploiting privileged credentials to reach a target's most sensitive data, applications and infrastructure.

Privileged access management (PAM) technology helps companies to track and control who has access to these superuser accounts as part of their compliance programmes. For some time this was its only use; however, compliance doesn't equal security, and modern PAM tools protect companies from a range of attacks, including insiders like Childs.

"It contains attacks that get beyond the perimeter, safeguarding critical infrastructure, data and assets," said Higgins.

"Privileged accounts, secrets and credentials are everywhere, in every major IT project. From business-critical applications to DevOps, to cloud, to robotic process automation to IoT, privilege exists and is necessary for these initiatives to function properly. This is why privileged access management - the practice of managing and securing these privileged accounts, secrets and credentials - is now recognised as the top security project that CISOs should focus on to reduce risk to the business.

"Gartner's new Magic Quadrant has reaffirmed that strong security begins with ensuring good cyber hygiene and securing the known credentials and accounts that attackers seek to accomplish their goals."

CyberArk encourages IT and security leaders to become more aware of the dangers of unsecured privileged access, and are making the Gartner report available for free download. Access yours at https://www.cyberark.com/pr/gartner-mq-pam-leader/.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Threats and Risks
  • identity and access management
  • CyberArk
  • computer security
  • Gartner

More from sponsor

Apres GDPR, le déluge: 40 per cent of consumers plan subject access requests within six months of GDPR coming in
Apres GDPR, le déluge: 40 per cent of consumers plan subject access requests within six months of GDPR coming in

Almost half of consumers plan to make data privacy requests when GDPR comes into force later this month

  • Privacy
  • 03 May 2018
Indian government revokes access to identity database from 5,000 officials
Indian government revokes access to identity database from 5,000 officials

Horse/stable door/bolted

  • Security
  • 10 January 2018
SAP acquires Gigya for customer identity and access management
SAP acquires Gigya for customer identity and access management

SAP Gigya to be combined with SAP Hybris to create all-encompassing cloud-based customer data platform

  • Cloud and Infrastructure
  • 26 September 2017
How enterprises are using cloud access security brokers (CASB) to take back control
How enterprises are using cloud access security brokers (CASB) to take back control

Skyhigh Networks' Nigel Hawthorn explains the type of controls that CASB can facilitate

  • Cloud and Infrastructure
  • 21 September 2017
blog comments powered by Disqus
Back to Top
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Privacy Settings
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading