These are service accounts that appear to be used by employees to bypass privileged access controls or by an attacker.
of on-prem service accounts are “interactive".
THEY'RE UNDER-PROTECTED
The silent risk: How non-human identities open the door to cyber threats
of organizations cannot prevent the misuse of service accounts in real time.
of service accounts regularly authenticate with NTLM, a deprecated protocol.
Traditional identity security controls are almost entirely human-centric. And securing your NHIs is not the same as securing your privileged human users. Even more, New Technology LAN Manager (NTLM) still exists in many Windows domains despite being a very weak authentication protocol that’s susceptible to credential access and lateral movement. In fact, 46% of service accounts regularly authenticate via this deprecated protocol, leaving them more exposed to compromise.
NHIs can’t use MFA like humans can, and the risk of breaking vital processes by protecting them in a PAM vault with password rotation often outweighs the benefits. Similarly, as we’ve already seen, NHIs are not typically subjected to same level of scrutiny as human users, with formalized onboarding and offboarding procedures being a rare occurrence.
This security challenge is reflected in how confident organizations feel in preventing the misuse of their NHIs. Four in five organizations do not trust that they can prevent adversaries from using an NHI for malicious access due to sporadic or absent visibility and security. Coupled with the fact that 80% of organizations have experienced an identity-related breach, this paints an alarming picture.
NHIs cannot be protected like human users
of organizations cannot prevent the misuse of service accounts in real time.
These are service accounts that appear to be used by employees to bypass privileged access controls or by an attacker.
of on-prem service accounts are “interactive".
of service accounts regularly authenticate with NTLM, a deprecated protocol.
The silent risk: How non-human identities open the door to cyber threats
Traditional identity security controls are almost entirely human-centric. And securing your NHIs is not the same as securing your privileged human users. Even more, New Technology LAN Manager (NTLM) still exists in many Windows domains despite being a very weak authentication protocol that’s susceptible to credential access and lateral movement. In fact, 46% of service accounts regularly authenticate via this deprecated protocol, leaving them more exposed to compromise.
NHIs can’t use MFA like humans can, and the risk of breaking vital processes by protecting them in a PAM vault with password rotation often outweighs the benefits. Similarly, as we’ve already seen, NHIs are not typically subjected to same level of scrutiny as human users, with formalized onboarding and offboarding procedures being a rare occurrence.
This security challenge is reflected in how confident organizations feel in preventing the misuse of their NHIs. Four in five organizations do not trust that they can prevent adversaries from using an NHI for malicious access due to sporadic or absent visibility and security. Coupled with the fact that 80% of organizations have experienced an identity-related breach, this paints an alarming picture.
NHIs cannot be protected like human users