Huawei rules tech world…wins the "Best Integrated ... » Barcelona, Spain: Vigilance can Huawei, a leading global information and communications technology (... Leader’s boy’s volcanic tendency gives Ki-moon sle... » Impetuous and attention-seeking leader’s boy gazing at the enemies' location? Ban concerned ab... Bojo and MPS launch competition to design new Met ... » Vigilance can report that the Mayor of London Boris Johnson and the Metropolitan Police Service ... Fleet operators urged to buckle up as cash-for-cra... » crash-cam-print-van With cash-for-crash scheme convictions taking place all over the country, fl... Imtradex raises unobtrusive communication to a ne... » Dreieich: Covert investigations, observations and many other applications of police, security firms... Prolexic tracks more than 47 million DDoS attack B... » HOLLYWOOD, FL: Prolexic, the global leader in Distributed Denial of Service (DDoS) protection ser... LG bullet proves a popular choice with the UK ins... » Pro-Vision, the UK distributor of branded CCTV and access control equipment has recently published t... Opengear named "Cool Vendor" in the Gartner IT/OT ... » Las Vegas: Opengear, a leading provider of next-generation cellular out-of-band management solutions... Palo Alto Networks achieves rigorous common criter... » London: Palo Alto Networks firewalls have achieved Common Criteria certification at Evaluation Assur... Copy cat, copy cat sitting on the doormat - Barrac... » Last week Google announced that it is unifying storage across its products and influenced by this ne...

Sub Menu

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

As social engineering scams spread, Avecto says a least privilege solution is the best option for most organisations

Print PDF

Written by REGINE HARTMANN | 16 August 2012

“It’s important to understand that, if you reduce the privilege on high-end accounts, you do not impair operational efficiency. You do, however, reduce the level of risk in an organisation – and that’s a great situation to be in,”

-- Paul Kenyon, Avecto COO

Manchester UK and Boston, USA: Commenting on recent reports - which assert that cybercriminal social engineering attacks are now targeting IT admins and even call centre staff - Avecto says that a least privilege approach to security is the key to solving this issue.

 

Paul Kenyon, chief operating officer with the Windows privilege management specialist, says the real reason why cybercriminals are targeting the IT support function is the immense power that staff in these areas have - thanks to the admin accounts they have access to.

“Many of these staff are using what security professionals call privileged accounts - that is, admin accounts that can carry out a number of high-end tasks, which the more mundane user accounts do not normally have access to. If unnecessary privileges are removed from these accounts, this lowers the security risk involved,” he said.

“It’s important to understand that, where IT admins and least privilege are concerned, it’s not about taking rights and privileges away – it is about protecting their privileged identity, empowering them to make conscious decisions on when those privileges are used, and monitoring all privileged activity for signs of misuse or exploitation,” he added.

The Avecto COO went on to say that the advantage of adopting a least privilege/least risk security posture with admin account privileges is that the security advantages also transfer over to the servers these IT admins control.

The process of removing unnecessary privileges from the admin account arena, he explained, comes down to adopting an effective audit and governance strategy, which in turn reduces risk and increases efficiency.

“It’s important to understand that, if you reduce the privilege on high-end accounts, you do not impair operational efficiency. You do, however, reduce the level of risk in an organisation – and that’s a great situation to be in,” he said

< Prev   Next >

Add comment


Security code
Refresh