Here's Why –
- Insiders i.e. typically anyone with an Active Directory domain user account, as Authenticated Users, already have access to vast amounts of data and information within the organization.
- For instance, all insiders already have sufficient read access to be able to analyze an ocean of excessive (unauthorized) privileged access provisioned in the organization's Active Directory.
- With free tools (e.g. 1, 2, 3), they could easily analyze the ocean of excessive privileged access in Active Directory to find 1000s of privilege escalation paths leading to privileged access.
- Once they have found such paths, they could choose to launch an Active Directory Privilege Escalation based attack from a place and at a time of their choosing to gain privileged access.
- Further, a large number of insiders, specifically those who possess limited (delegated) privileged access in Active Directory may already have sufficient privilege to gain unrestricted access.
- A single insider could intentionally breach security, accidentally cause damage, be coerced into breaching security or have their account be compromised & mis-used by an outsider (APT).
The Challenge in Insider Threat Protection
Today organizations worldwide face a huge challenge when dealing with threats posed by insiders, because insiders already have varying levels of access to data and systems within the perimeter.
It is important to note that the cardinal factor that makes insider threats possible is the inability of organizations to know precisely what data and systems an insider may currently have access to.
Due to the inability to be able to precisely assess (audit) effective access, organizations are unable to ensure that access to their data and systems adheres to the principle of least privilege.
If an organization could ensure that access to their data and systems adhered to the principle of least privilege, then they could vastly reduce and manage the magnitude of risk posed by insiders.
For instance, if organizations had the ability to ensure that all privileged access delegated/provisioned in their Active Directory adhered to the principle of least privilege, it would not matter in the least even if insiders could analyze the ocean of privileged access that resides in Active Directory, because there would be no "security holes" in Active Directory that insiders could find and exploit.
The ability to attain least privileged access in an organization's network requires the ability to be able to precisely assess the access effectively provisioned on IT resources at any point in time.
Unfortunately, the ability to be able to precisely assess the access that users effectively have on organizational IT resources is virtually non-existent, making insider threat protection a challenge.
Our Unique Solution For Insider Threat Protection
Our unique, innovative, patented access assessment technology governs the precise assessment of effective access in IT environments. It enables organizations to be able to precisely assess the access effectively provisioned on their IT resources and consequently attain and maintain least privilege access to their IT resources, thus helping substantially address the Insider Threat challenge.
Our patented technology is embodied in our unique, globally deployed, Microsoft-endorsed Gold Finger Privileged Access Audit Solution, which today empowers organizations in six continents worldwide to be able to precisely assess and consequently attain and maintain a least privileged access (LPA) model in their foundational Active Directory deployments –
It was imperative to start with Microsoft Active Directory, because Active Directory is the core and heart of privileged access, and organizations absolutely need to be able to know exactly who effectively has what privileged access in their foundational Active Directory at all times, for security in general as well as to be able to mitigate the risk posed by Active Directory Privilege Escalation.
Our patented technology will also be embodied in additional solutions for assessing effective access across various IT resource types (files, folders, servers etc.) in Microsoft Windows networks.
Our solutions thus uniquely help organizations reduce and manage the threat posed by insiders, particularly in their foundational Active Directory deployments.