Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security impact of privileged users

CyberArk Software : 22 May, 2009  (Technical Article)
Cyber-Ark is addressing government agencies in the US on the subject of insider breaches and the need for stronger control over privileged user accounts
High profile insider breach incidents, such as the arrest of a former Federal Reserve Bank of New York IT employee accused of identity theft, and the rogue Fannie Mae employee who allegedly implanted a logic bomb on the company's network, highlight increasing security vulnerabilities in the public sector. To better protect highly sensitive information against internal and external threats, Cyber-Ark recommends government agencies more closely examine how powerful privileged accounts, those with carte blanche access to critical networks, systems and applications, are being monitored and controlled.

Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users who accidentally or deliberately damage IT systems or release confidential data assets, according to a Cyber-Ark survey. These accounts are often neglected and session activities are difficult to monitor due to their anonymous nature, while privileged passwords can be hard coded inside applications, scripts and parameter files, leaving them unsecured, rarely changed and visible to the world.

The risk of internal data misuse can be significantly mitigated by implementing policies and technologies that provide special treatment for privileged identities. In accordance with newly-proposed Consensus Audit Guidelines, which suggest automated and continuous control of administrative privileges, Cyber-Ark helps government agencies successfully address the security threat of privileged accounts and related audit challenges.

"Mismanagement of privileged identities poses serious risks to organizations - in both the public and private sectors - leaving them vulnerable to threats that can be nefarious in nature, or simply caused by human error," said Udi Mokady, president and CEO of Cyber-Ark Software. "Additionally, these privileged accounts are increasingly scrutinized by auditors, and are becoming one of the key reasons that many organizations fail compliance audits. Therefore, agencies must demonstrate more effective control over who has access to powerful privileged accounts and what activities occur during those privileged sessions."

Cyber-Ark's products were recently added to the US Government Services Administration (GSA) Schedule. Through its agreement with government distribution partner DLT Solutions, Inc., Cyber-Ark's award-winning Privileged Identity Management Suite v5.0 and Managed File Transfer solutions are now broadly available to federal, state and local agencies. Cyber-Ark's recently released Privileged Identity Management Suite v5.0 is the industry's most comprehensive solution for securing, managing and monitoring all activities associated with powerful privileged accounts, including both administrative and application identities. It features the Privileged Session Managerâ„¢ that provides sensitive session monitoring and recording with DVR-like playback.

As a result, government agencies can improve security controls around privileged accounts via encryption, password protection and auditing of system access. They can ensure that administrative and application identities and passwords are changed regularly, highly guarded from unauthorized use and closely monitored, including full activity capture and recording.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo