Modelling Privilege Access Sprawl for Zero Trust Security A privilege sprawl occurs when privileges, or special rights to a system, have been granted to too many people. It’s a best-case scenario for cyber attackers. When privilege sprawl gets out of hand, an organization’s attack surface grows and becomes a pain point for its security teams.
Why Does Privilege Sprawl Occur?
Privileged Access Sprawl often grows in the dark, while we’re working on other priorities. It occurs because we have:
A fear of breaking something if we fix Privilege Access Sprawl.
A need to elevate access to enable quick, timely fixes when issues arise.
Indifference, and we don’t know or understand all the systems where privileged access accounts exist.
Inefficient processes, and it’s easier to leave the access active rather than recreate it later
A dislike for policy and procedure, and this results in the circumvention of access controls.
An organization’s Privilege Access Sprawl can grow quite large. We visited one organization with 250,000 employees, and a SecureONE demo identified over 5 million instances of standing privilege! Another organization, this one with just 3,000 employees, had over 175,000 instances. Privilege Access Sprawl is not just a large-company problem!
How Can We Measure Privilege Sprawl?
Remediant has developed the Privilege Sprawl Index, which measures the effect of persistent privileged access to systems and across systems in your organization and how this access exposes you to lateral movement attacks.
When we calculate the Privilege Sprawl Index to measure privilege sprawl on a network, we consider several factors, including:
Whether the critical system has admin accounts.
Whether these admin accounts are common to other systems on the network that may be compromised first.
The commonality of admin accounts across systems that enable an attacker to discover other admin accounts and move laterally to eventually reach your critical systems.
This technique is prevalent in many attacks we see today
Using these factors and the equations presented in the Privilege Sprawl brief, we can calculate our Privilege Sprawl Index as a value between 0 and 1, the result of which can be explained as follows:
= 1: makes lateral movement techniques a sure thing, and attackers can readily reach systems that house your crown jewels.
>0 and <1: lateral movement is difficult, but still very possible, as seen in most attacks.
= 0: true protection against lateral movement. Introduce the concept of Zero Standing Privilege.