Why is least privilege the place to start for endpoint security?

Because it will save you time and money.  

Your end user’s computers are increasingly exploited as an attack vector used to attain accounts with local administrator rights on Windows or root access on Mac OS. There are a lot of solutions that promise malware detection and prevention. And you can buy more and more software to try to prevent these things from happening on the front lines. But implementing least privileged security is a best practice because of the inevitability of these threats.  

Managing privileged accounts is necessary to a successful overall security strategy 

Don’t get me wrong, you absolutely do need layers of security. There’s no one right answer. But managing privileged accounts, which includes local admin and root accounts, is necessary to a successful overall security strategy. 

The reason is simple. When logged in as an admin, every application that runs has unlimited access to that computer. If malicious code gets executed from a program or browsing to a site automatically downloads something malicious, that application also gains unlimited access. And imagine if that local admin account is a privileged domain account. What if that account can be used to gain access to network resources or be used to login to other endpoints where sensitive data is stored?

Even if you keep up to date on patches and virus signatures, attackers and rogue employees can breach your perimeter

You have to assume users still browse insecure sites, receive email and IMs, maybe even play an online game or two during work that exposes them to opening or clicking on something malicious. Even if you keep up to date on patches and virus signatures, attackers and rogue employees can breach your perimeter. That means, IT departments have to think about what power they’re giving an exploit when it runs with admin privileges. Its ability to compromise your system becomes much greater. If running as admin, an exploit can do anything with that access, like install keyloggers, brick your machine, plant trojan horses, really anything! And then the attacker can cover their tracks in the event log.  

But the same kind access would not be attained with only user privileges. If running as a user, a malicious application can’t be executed with admin rights or simply can’t be executed at all, and the attack is stopped and contained. That’s why these local admin accounts are heavily targeted by hackers, malicious software and increasingly by rogue employees.  

I’ve heard all of the reasons for just giving users local admin rights on their workstations or for giving IT admins superuser rights on servers they manage. Usually it’s not prioritized because of the risk of compatibility issues, lack of IT resources for troubleshooting issues, politics and bureaucracy. But none of those reasons outweigh the security benefits you gain. No matter how the threat breaches your system, least privilege enforcement can ensure the attacker is contained and cannot escalate across your systems.  

There’s a reason least privileged is a best practice  

How advanced you become may also depend on what compliance standards you have to meet. Regulations like PCI DSS, HIPAA, SOX, NIST require that organizations apply least privilege access policies. It’s the government, right, so it’s important that information on your systems is accessed on a need to know basis. But it’s not only about getting your enterprise compliant. There’s a reason least privileged is a best practice. We have many clients who implement least privilege to create less complex and thus more audit-friendly environments. In the end, less complex environments are easier to prove compliance. 

When organizations are ready to make their move towards least privilege, especially on end-user workstations, a product is usually required to ensure success. Not only do our customers use Privilege Manager to remove, provision, and rotate local admin credentials but the same product is used to ensure applications that require admin rights can still be safely used. That’s one product to actually enforce an ultra-secure least privilege security posture and to implement application control so end users can remain productive. 

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to’s









This is a Security Bloggers Network syndicated blog post authored by Steve Goldberg. Read the original post at: Thycotic