OM-BP-0014: Monitor all privileged account activity to detect suspicious behavior (Best Practice)
- David Doret
ID | OM-BP-0014 |
|---|---|
Name | Monitor all privileged account activity to detect suspicious behavior |
Status | Active |
Version |
|
Best Practice | Collect events related to privileged account activity and implement use cases to detect suspicious behavior. |
Rationale
Service accounts are attractive targets for hackers because of their often high privileges.
Bad Practices
Do not collect events related to privileged account activity.
Do not implement use cases to detect suspicious behavior.
Implementation Details
Quotes
Both hackers and security pros strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information.
(…)
Service accounts can pose a significant risk to organizations because they are so difficult to manage and secure properly, especially across multiple accounts for different services, tasks, and other applications. These accounts are time consuming to control and prone to human error when managed manually. Service account passwords are also a challenge: administrators can’t safely change a service account password if they don’t know where it’s used without risk of bringing down other applications.
(…)
#3: Monitor all privileged account activity to detect suspicious behavior
(Thycotic, 2019, p. 3)
Bibliography
Related Best Practices
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
