Page 15 - Cyber Defense eMagazine - July 2018
P. 15
only granted to administrative accounts, but misconfigurations and drift will result with
regular users receiving these rights. Another common case is insecure software requiring
SeDebugPrivilege to be turned on. When this is partnered with an inability to properly set
permissions, organizations are put in danger as Ransomware often uses debug rights
assignments to run hash tools against files and collect passwords.
(The User Privileges Report in AristotleInsight lists all user privileges across all domains or only specified domains. The report may be filtered by a specific user
and/or computer. The image above shows an example of viewing which user accounts have permission to debug programs.)
To overcome configuration drift, organizations need a solution to continuously monitor
current configurations along with a history of changes. Security teams need to be able to
immediately determine what changed, when the change occurred, and who made the
change. The importance of knowing these details was learned over twenty years ago during
Operation Eligible Receiver 97, yet most organizations still struggle with them today.
ACCESSING THE DETAILS WITH ARISTOTLEINSIGHT
AristotleInsight was developed to meet the needs identified by Operation Eligible Receiver
97. The system continuously identifies risk, directs remediation, and documents results from
security functions such as Configurations, Vulnerabilities, Privileged User Management,
Asset Inventory, and Threat Analytics.
15 Cyber Defense eMagazine – July 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.