How to Spot and Stop Zombie Accounts in Your Network

Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons. There are also hackers who are stealing user credentials from all over the world and trying to use them to get into your system. If your employees have the same password at their bank that was just breached and your hospital EHR system, then the hackers are already in. 

The solution sounds simple, almost as if you can’t believe people don’t terminate access immediately after someone leaves, but it happens all the time. For example, let’s think about a hospital with 200 doctors, 400 nurses, and 300 members of the support staff. Each nurse needs access to the email, EHR system, file share system, and the patient portal. Except for the nurses that also work with insurance, they need to get into that system. Oh and the nurse that worked on the floor for a month before transferring to the ER; she is gone now but did we ever shut off her floor access?

Have you had a layoff or have a seasonal business where employees are leaving at once? What about interns or contractors? The rise of zombie accounts isn’t like something out of the movies, it is as simple as any of the examples above. With so many users in your system, without an automated process, you can’t see who is signing into these accounts or monitor their usage in real time. Leaving these accounts open increases your threat surface and the likelihood that you will be breached.

So how do you stop zombie accounts from happening? On T.V. it’s as easy as a single shot to the head. In the real world, that silver bullet is called intelligence. With a manual system full of spreadsheets, you have to be able to comb through each of them, hoping that their manager didn’t miss anything. In an organization with only ten people, this method might be feasible. However, in an organization with hundreds or thousands of employees, a manual system doesn’t give you the insight that you need when you need it.

With an intelligent IAM system, you will be able to de-provision accounts automatically. No spreadsheets to look through, just the click of a button once an employee leaves and all of their access rights are shut down immediately. Intelligence in IAM also allows you to see into your system at any time with real-time monitoring tools. What your system looks like now versus five minutes from now will be completely different, and you have to be able to see into your system to ensure that no one is abusing their access.

You can’t fix what you can’t see. If you can’t see zombie accounts staggering through your network then how will you know they are there? Or if they are being controlled by a hacker who is quietly siphoning off data to use against you. You need an intelligent IAM solution to help stop zombie attacks and any other insider threat your system may face.

Have you had success in ridding your network of zombies?