Conversation

Notices

1. Embed this notice
   Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Tuesday, 08-Oct-2024 08:24:16 JST Jake Hildreth (acorn) :blacker_heart_outline:

   • Merill #microsoft #azuread :verified: :donor:

   @merill Why do shared admin accounts proliferate in CyberArk environments? In my work at Trimarc, it’s almost perfect correlation between shared admins and CA usage.

   • Embed this notice
     Brian Clark (deepthoughts10@infosec.exchange)'s status on Tuesday, 08-Oct-2024 11:11:11 JST Brian Clark

     in reply to

     • Merill #microsoft #azuread :verified: :donor:

     @horse @merill that's the traditional CyberArk model -- have a handful of highly privileged accounts that authorized users can check out and use for a limited period of time (or use them via a privileged session manager connection through a CA RDP proxy). I've never liked that approach because it makes it harder to correlate administrative actions to a person.

   • Embed this notice
     Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Wednesday, 09-Oct-2024 10:15:22 JST Jake Hildreth (acorn) :blacker_heart_outline:

     in reply to

     • Merill #microsoft #azuread :verified: :donor:
     • Brian Clark

     @deepthoughts10 @merill I agree with you. Tracking is more difficult with shared accounts.

     Funny thing: we regularly see CyberArk in use with individual accounts too with no issues.

     Butf if there are shared admin accounts, I bet there's a CA system around somewhere.