INTELLIGENT DISCOVERY: YOU CAN’T PROTECT WHAT YOU DON’T KNOW

April 3, 2024 7:24:46 PM EDT | Blog Intelligent Discovery: You Can't Protect What You Don't Know

Discover the importance of Intelligent Discovery in enhancing your organization's Identity Hygiene program. Learn how to efficiently reduce risk and clean up excessive access with strategic account management.

Learn why Intelligent Discovery is key to every organizations Identity Hygiene program

 
Why is Discovery vital to any organization’s Identity Hygiene program?
Imagine you have a messy room

Boxes, clothes, and dust everywhere. Now suppose you need to clean that room. How would you go about doing it? Would you just go in with your eyes closed and pick things up as you trip or run into them? Probably not. The way you clean a messy room is first to look around, take stock of what you are dealing with, come up with a plan of action, and then execute.  

The same can be said about any security program. Of course, you need to reduce risk, clean up excessive access, or protect privileged accounts, but you shouldn’t go in blindly picking random accounts to clean up. While doing anything is better than nothing, is it really the most efficient use of your time and the most effective way to reduce risk? The better approach is to have a complete inventory of all your accounts and all the entitlements of those accounts.  This is Discovery, and it’s the critical first step in any security program.   

Cleaning your accounts is not as simple as cleaning your room

Discovery, while an important first step, is not enough. Accounts are pervasive and can live in many places.

Accounts can exist on operating systems as:

  • Local accounts
    • AD (Active Directory)
    • LDAP (Lightweight Directory Access Protocol)
    • Azure, etc.In multiple directories such as:
  • As local database accounts
  • Application accounts.

This jumble of entry points into your platforms requires more than just finding them. You need to better understand what the accounts are, how they are used, who is responsible for them, and finally, whether there is anything wrong with the access these accounts have.

To properly deal with the complexities of this mess, you need to apply the principles of Intelligent Discovery.  The tenets of these principles are simple, yet extremely powerful. Intelligent discovery takes you from rudimentary finding to understanding. First, you must figure out who is the responsible identity (or human) for each account discovered. That is ownership. 

Ownership is the single most important activity in any program

As a Security or Infrastructure professional, you cannot take the operational risk of changing these accounts; change the password on the wrong service account and you risk taking down a critical application.  

The next principle is Asset Type. Across all your accounts, you must have a good understanding of which is a service account, a regular user account, an admin account, or any account type defined by you. Categorizing accounts this way allows you to take what will be a huge list of sometimes randomly named accounts and start to make sense of what they are being used for. More importantly, this allows you to discover if they are being used incorrectly.  

The final leg of Intelligent Discovery – Controls and Violations

Controls are the things you desire in your organization, such as non-service accounts should not be running services or privileged accounts must be vaulted. These core controls and the resulting violations tell you exactly what you need to do to effectively reduce risk. Discovery will inherently find mass amounts of data; you need a way to cut through the noise and figure out what the most important things are that you need to focus on first. What will give you the biggest bang for the buck? 

It is not easy and it takes a lot of work and commitment, regardless of whether we are talking about cleaning your room or cleaning your infrastructure. Too many times you look at that big messy room and think, “I have no idea where to even start” and close the door and try not to think about that messy room. Unfortunately, you cannot do that with security in your organization. The mess must be cleaned. So how do you get started? As they say, the best way to start is at the beginning. Take stock of what you have. Get a good understanding of what you find and then fix a little each day until you find the room is not as messy as it used to be.  

Check out our webinar to learn more about Intelligent Discovery

Prefer to listen to a podcast? No Problem! Check it out here

Rosario Mastrogiacomo

Written By: Rosario Mastrogiacomo

Rosario Mastrogiacomo is the Vice President of Engineering for SPHERE, where he focuses on solving complex security and infrastructure problems involving the processing and analysis of large data sets to find creative and out-of-box thinking solutions. Rosario has been working as a technology leader for over 25 years at financial organizations such as Neuberger Berman, Lehman Brothers, and Barclays. He has held various senior leadership positions including Global Head of Core Software Engineering, Head of Mac Platform Engineering, Global Head of Windows Engineering, and Windows Support Manager. Rosario has built and managed several teams within these positions, some with multi-million-dollar budgets. For the last eight years at SPHERE, Rosario has built the team and methodologies for the development of SPHEREboard. Rosario holds a B.S. in Business Administration from Baruch College (CUNY).