The US CISA (CyberSecurity & Infrastructure Security) agency has posted a series of warning of hacks and threats emanating from Russia based on the recent chaos emanating from there. It just just been exposed of the US State breaches inflicted by Chinese-based hackers. All these attacks spell out the need for better security hygiene – and a YouAttest Identity Pen Test.
What is the Problem:
Enterprises attempt to manage their identities through some sort of identity system of record. In this repository internal employees, contractors, system accounts and other entities are managed. In theory – this repository is the identity system for all the devices, apps and enterprise resources – cloud and on premise.
Of course – this is not the case in most enterprises.
Resources such as cloud, on-premise and mobile applications are added that are not synched with identity system of record (ISoR). These resources thus quickly become out of synch of the identity changes that the IT admins and security personnel are conducting. These changes include group/role changes, employment status changes, termination and privilege changes.
But because these resources, the siloed applications are not connected to the ISoR, these permission and role changes are not reflected in these siloed apps.
This is a security problem.
This often leads to “ghost accounts” or “orphaned accounts”. Accounts that live in the “siloed account” but are missing, terminated or removed from the ISoR.
Hackers love these accounts – because no one is watching the conduct of their actions on these siloed apps. By taking ownership of these ghost accounts they have an unmonitored “hallway pass” to search for relevant data in the siloed resource and often use these accounts to attempt to pivot to other resources.
The Prevalence of “Ghost Accounts”
One survey cited that 26% of the accounts where dedicated to “stale enable users” – users who where either terminated, suspended or inactive for over 90 days.
This is a lot of play room for the attackers. The attackers simply follow the cyber kill chain – find the resource, identify a ghost account (social media like Linkedin helps them), search for an identity vulnerability on the resource and then compromise an existing credential. The attack is frequent on ISoR and siloed accounts.
Time for YouAttest Identity Pen Test
YouAttest gives the knowledge of these ghost accounts in the ISoR and siloed accounts back to the IT group, the security professionals and the risk manager.
YouAttest has an advanced app SSO capabilities to ingest information from they identity store of records, including Azure AD and Okta. It also can input all key roles, privileges, groups, nested groups and service accounts from on premise AD.
This ability delivers to the risk manager a single pane of glass to conduct a world-class identity access review of all the entitlements in the system of record. Advanced features like auto-delegation, auto-scheduling and multiple reviewers are supported. Custom nag emails and reporting save hundreds of hours on the process for YouAttest customers.
But the real feature that helps identify these ghost accounts is YouAttest’s ability to import identity list for siloed resources – be they on-premise, cloud or mobile resources. These identities are then contrasted to the identity system of record (ISOR) to identify ghost accounts, mis-aligned privilege and stale enabled users.
A YouAttest Identity Pen Test enables these professionals with a rapidly deployed identity tool that:
- Identify Orphaned Identities
- Revocation Report for Deletion of Orphaned Identities
- Clean Out Stale Identities
- Report Groups, Managers and Apps by user
- Review Key Roles within Apps
- Review Service Accounts
- Review Access to Additional Siloed Apps
- Any Resource
- Review changes in key roles
- Check Date of Password
- Check Last Logon
- Report Privileged Accounts
—
YouAttest is an automated identity audit tool for your identity and access control resources and Identity Pen Testing. Cloud based and simple to use – YouAttest provides a quantified platform for your identity audits with quick time to value and no overhead cost. Contact us and we will start your identity auditing journey.