Do You Know Who Your Privileged Users Are?
According to a major industry analyst firm, over 78% of organizations have systems that contain permissions greater than what is needed for employees to do their job. User identities – the accounts and credentials they use to access critical business data –too many privileges and permissions are the gateway to insider threats, and identities that are no longer used but are still active represent a critical foothold that external attackers and malware can use to compromise systems, services and data.
While many organizations use identity and access management solutions to manage the lifecycle of on-boarding and off-boarding users within their organization, one often-overlooked aspect of identity management is periodic review of system access – also known as identity mining – to determine whether users have too many privileges to operating systems and data, and ensure that users who no longer need access to a system have had their privileges removed. Furthermore, too much access or administrative control over say their own desktop or laptop can not only increase security risk through their permission levels being exploited by attackers but their actions on the system they control thru the introduction of unapproved applications (see Shadow IT) as well as turning system functions like Windows Update and firewalls off or disabling perceived annoying third party applications like patch management and antivirus which quickly take you out of compliance (see Compliance Assurance).
Quickly Identify Users
Promisec enables you to quickly identify users that do not adhere to group policy as well as those that have local policies and accounts on endpoints that are unmanaged. Once these accounts and permissions are determined, they can be right sized for the operating environment. This not only reducing risks but keeps you in compliance. Exploits can happen; don’t allow them to happen to endusers with unnecessary elevated permissions.
Promisec Endpoint manager can help with Identity Mining.