How Privileged Account Management Solutions Can Reduce the Fall out of a Zero Day Attack

The damage from zero day attacks doesn’t have to be like a zombie apocalypse.

Zero day attacks are hard to stop because part of their strategy is to exploit a previously-unknown security hole in some third-party software that you are using within your organization. Even with the best perimeter defenses deployed a zero day attack can breach your network and as soon as it gets in it starts infecting everything and causing zombie-like chaos. But don’t worry, a zero day attack doesn’t have to be like a zombie apocalypse. That’s because with a defense-in-depth strategy you can mitigate the damage of one of these attacks. Using a zero day vulnerability is usually just the tip of the iceberg in a highly-customized zero day attack that focuses on gaining lateral movement in the environment until the bad guys can obtain credentials that give them unlimited access to systems, data, and applications.  These credentials are more commonly known as privileged accounts. This is where the mitigation comes in. Using a privilege management solution can minimize the lateral movement of attackers inside your network by limiting the length of time that a privileged credential is valid.

Privileged Access Management solutions secure these highly sought-after accounts that are frequently shared by several people within the organization. Here’s how they work:

  • When an administrator needs to gain access to a privileged credential, they make a request of the privileged management solution.
  • Access to the credential is granted according to an established policy usually involving workflows and required management approvals
  • When the administrator completes the task, the password is checked back in and the password is automatically changed after each use. Privileged Management solutions can also allow for granular delegation and log and/or monitor all activities.

However, an often-under-utilized feature of privileged management solutions is the ability to change the password on a regular cadence.  That is, many of these solutions can update the password daily or even hourly regardless as to whether it was requested by an admin.  By doing this, an organization can substantially limit the amount of time that any given administrative credential is valid; reducing the risk of a zero-day attack.

Want to learn more about privileged account management market as well as the key vendors and differentiators in the market? Read Gartner’s 2015 Market Guide for Privileged Access Management.