Computer Identity Management: Protecting Privileged Accounts Organization-wide Has Never Been Easier
Historically, local computer administrator accounts are an easy target for hackers. They will first exploit your lax security practices, then gain a foothold, and use that as a springboard to other areas of your network. Such gaps need to be identified, shut down, and your entire organization continuously monitored. That is what EmpowerID’s Computer Identity Management does.
Local Computer Privileged Identity Management
A prime target for hackers, EmpowerID provides a solid, secure solution to protect and control all devices and accounts.
Privileged Account Discovery and Password Rotation
EmpowerID automatically discovers, connects to, and manages all local privileged accounts and groups on all server systems.
Windows Service and IIS App Pool Identities
These systems are typically undermanaged and challenging to update. EmpowerID connects to and manages these automatically.
- Local Computer Privileged Identity Management – local computer admin accounts are primary targets for hackers. EmpowerID connects to your servers and then, after evaluation, begins to control membership via RBAC and ABAC policies.
- Privileged Account Discovery and Password Rotation – privileged accounts and their passwords require special dispensation and management. Here we take a quick look at how EmpowerID does this.
- Windows Service and IIS App Pool Identities – these systems have their own sets of complexities and challenges but, once connected, EmpowerID handles these automatically.
Local Computer Privileged Identity Management
Because local computer administrator accounts effectively “own the machine”, and have full access to all local resources, including databases, they are a primary target for hackers.
This initial local admin hack then provides the springboard from which additional attacks take place.
Such access not only represents a potential audit risk for regulations (such as SOX, HIPPA, PCI-DSS, FINMA, MAS, FISMA, and NERC) but poses increased risks for your entire network and contents.
To prevent this, first, EmpowerID inventories your servers to discover, monitor, and control local users and groups, including local administrators.
EmpowerID then uses role and attribute-based access control (RBAC and ABAC) policies to:
- Control membership to the local administrators group.
- Allow for access requests through the IT Shop.
One additional function that EmpowerID offers is that all privileged identities can be assigned to policies that automate the rotation of their passwords. In accordance with such policies, and across your entire connected and managed system, EmpowerID resets passwords and updates the vaulted information.
Privileged Account Discovery and Password Rotation
EmpowerID’s Computer Identity Management automatically discovers and manages local privileged accounts and groups on all your server systems, including Windows, Linux and Unix, and VMware ESXi.
Once identified, these privileged identities can be recertified, assigned to owners, and managed throughout their entire lifecycle.
In the same manner as with Local Privileged Account Discovery, passwords can be set to rotate on a schedule thereby reducing the window of opportunity in which hackers can compromise a password.
Windows Service and IIS App Pool Identities
For Windows servers, EmpowerID can drill-down to a deeper level and inventory and manage the identities that are used for Windows Services and IIS Application Pools.
Typically, these identities are undermanaged and use static passwords. Not only does that raise two red flags, but this is further exacerbated by two additional challenges:
- the challenge of knowing which systems these identities are actually on
- the efforts required to update these systems following a password change.
EmpowerID handles these special identities and challenges automatically.
It does so by automating system updates each time the password is rotated. Moreover, admins can also assign vaulted privileged identities to Services and IIS App Pools through web-based workflows and set them on a rotation schedule to close this critical vulnerability.
As mentioned previously, with EmpowerID, all privileged identities can be assigned to policies that automate the rotation of their passwords.
Through its extensive network of connectors, EmpowerID can then automatically reset the passwords in your entire managed system and update vaulted information, as required.
Learn more about other products
Application Gateway
The cost of replacement of legacy apps and systems means that many organizations still have these embedded into, or as part of, core components of their day-to-day operations and business processes. Unfortunately, many are outdated and are, arguably, either unfit-for-purpose or close to it. Consequently, the risk of being attacked, hacked, and compromised (and appearing in the media for all the wrong reasons), increases.
Group Management
The increasing number of apps and systems, across both Cloud and on-premise, makes group management a significant problem for organizations and their administrators. Not only in terms of the security and compliance risks, but also in terms of user access, time wasted, and the associated management and other costs. EmpowerID’s single unified codebase changes that.
Risk Management
Delivering compliant access is key. With distributed networks, both on-premise and in the Cloud, it is proving ever more challenging for organizations. Not only for the initial setup, but also for managing and delivering position appropriate access in accordance with business policies. EmpowerID makes Risk Management so much easier.
Single Sign-On
Making the user experience as easy and enjoyable as possible are key components in the uptake and acceptance of applications and new systems. But this must not ever come at the expense of your organization’s security. With EmpowerID, usability, speed, connectivity, and compliant access are key drivers behind everything we do.