Contact Us
Free Trial
Menu
Contact Us
Free Trial
forsyth

Removing Standing Privilege

To bolster cyber resiliency and better protect citizen data of a US county

 

Executive Summary 

The county sought to improve resilience against citizen service disruption, establish control over administrator access and lateral movement and finally modernize their security tool set. They chose Remediant SecureONE to deliver all three outcomes without adding FTE and impacting taxpayer burden.

Remediant Success Story

Challenges

The county had two key initiatives. The first initiative was to modernize of their security tool set in order to improve the security posture of their citizens’ data. The second initiative was to establish internal control around a shared local administrator account used for workstation support.

Specifically, the security team at the county had proactively identified a local administrator account with no password management that had standing privilege on 1800 endpoints (servers and workstations).

The team identified this a key initiative to reduce the risk of malicious actors compromising the account and “moving laterally” across the network. Both initiatives had to succeed without adding additional FTE.

Before coming across Remediant, the team implemented a process to perform a “administrator security” of each endpoint and came across three key challenges:

  • Password management was challenging to administer at scale: Enforcing rotation of passwords on the local administrator account across all 1800 workstations was a manual, time intensive task.

  • Auditability was difficult to enforce: Since multiple administrators shared the credentials for troubleshooting workstations and servers, there was limited auditability on who was using the administrator account.

  • Not responsive to lateral movement: In the event the account was compromised (during Red Team testing or a breach) on one of the workstations, identifying and revoking access on the right workstation would be a manual and time intensive process.

How Remediant Helped

With Remediant SecureONE, the the county was able to deliver three key outcomes:

Improved local administrator security with offline access management.

With SecureONE, the county can now enforce a strong password policy on local administrator accounts.

Improved audit ability and reduced attack surface with Just-in-Time access (JITA)

With JITA, authorized administrators no longer had to share accounts and could login with their own credentials. This offered the ability to audit & report on privileged access. In addition, administrators only gained privileged access only for the right time to the right endpoint when needed. This reduced the attack surface by removing unnecessary standing privilege.

Rapid response

SecureONE’s Zero Standing Privilege (Protect) mode instantly revoked the administrator account across all 1800 endpoints.

“Serving the citizens of the County is our primary mission. We were looking for tools that reduce our attack surface against disruptions of citizen services."
user-white

Chief Technology Officer
County Government Center

The Result

The county was able to improve two key outcomes:

  • Improved oversight of local administrator accounts without adding FTE: With SecureONE, the county team was able to establish & enforce a local administrator account policy across all endpoints at scale without adding FTE or installing agents. This enabled administrators to continue providing support when needed while enhancing audit ability and reducing risk of standing privilege. In addition, SecureONE’s JITA approach ensured no additional effort was needed to onboard endpoints or retrain administrators.

  • Reduced risk of disruption of citizen services: With SecureONE Zero Standing Privilege (Protect) mode, the county was demonstrably able to stop lateral movement and prove this during internal Red Team testing. This was critical as State and Local Government entities have recently been targets of ransomware attacks that spread through lateral movement.
government

Peaked your interest? Sign up for a 30 day free trial.

See how SecureONE can defend your enterprise with zero standing privilege.

More

Customers →

Read

Use Cases →

Browse

Resources →