What Does a Game of Capture the Flag Have in Common With Privileged Accounts?

As I date myself by admitting that I am a child of the 70’s (I will let you try to guess the year) we used to play an outdoor game called Capture the Flag. For all of you that don’t know the game, I won’t bore you with all the details but the main premise is there are two teams on a field of battle each of which is trying to capture the flag of the other team. It was generally a winning strategy for each team to put some of their best players closest to the flag in order to guard the flag from being captured.

Then in the 90’s at a Defcon conference, one of the world’s largest hacker conventions, the game was modified whereby the flag was replaced with a server. Teams were scored on both their success in defending their assigned server and on their success in attacking the other team's server.

So what you may ask does any of this have to do with privileged accounts? Think of the flag as a metaphor for a privileged account. That is, in the modified Defcon version of the game in order to capture the server you would need access to its administrator or privileged accounts. There are many ways for teams to attack the flag, just like there are many ways for a hacker to attack a server, but in the end to capture the flag or in this case the server the opponent needs to gain access to those privileged accounts.

So the best way to protect your server and win the game is to make sure that your privileged accounts are securely guarded.  That means ensuring that only those that should gain access to the privileged credentials can and when they do, you can show who had access, when they had it and what they had access to. But to be clear there are many others challenges to protecting your privileged accounts and knowing how to tackle these challenges can be just as difficult. Fret not.  You are not on you own. In fact in a recent global survey conducted by dimensional research 83% of organizations stated that they face challenges in managing privileged accounts. Download all the results to the privileged account management survey to see the myriad of other challenges organizations faced.  Or, watch an on-demand webcast with the survey results along with expert insight into how to mitigate the security risks of privileged.