Skip to main content
Core Security Logo Core Security Logo
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Cyber Threat

      Products

      • Core Impact Penetration testing software
      • Cobalt Strike Red team software
      • Event Manager Security information and event management
      • Network Insight Network Traffic Analysis
      • Powertech Antivirus Server-level virus protection
      • Security Auditor Security Policy Management and File Integrity Monitoring Software

      Solutions

      • Penetration Testing
      • Penetration Testing Services
      • Threat Detection
      • Security Information and Event Management
    • Penetration Testing Services Security consulting services
  • Identity

      Products

      • Access Assurance Suite User provisioning and governance
      • Core Password & Secure Reset Self-service password management
      • Core Privileged Access Manager (BoKS) Privileged access management (PAM)

      Solutions

      • Privileged Access Management
      • Identity Governance & Administration
      • Password Management
    • See How to Simplify Access in Your Organization | Request a Demo
  • Industries
    • Healthcare
    • Financial Services
    • Federal Government
    • Retail
    • Utilities & Energy
    • Higher Education
    • Compliance
  • Resources
    • Upcoming Webinars & Events
    • Blogs
    • Case Studies
    • Videos
    • Datasheets
    • Guides
    • Ecourses
    • Compliance
    • All Resources
  • CoreLabs
    • Advisories
    • Exploits
    • Publications
    • Articles
    • Open Source Tools
  • About
    • Partners
    • Careers
    • Press Releases
    • Contact Us
  1. Home
  2. Blog
  3. What Does 'Privileged Account' Really Mean?

What Does 'Privileged Account' Really Mean?

Privileged access has become a hot topic recently. For the first time ever, the Verizon Data Breach Investigations Report actually included privileged access as its own section in the report with some not so surprising results. Below are a couple of interesting takeaways from the report:

  • Weak or common passwords were the cause of 63 percent of all breaches
  • 53 percent of the breaches were due to the misuse of privileged accounts

Now that we know how important these accounts are, how do we know exactly what makes an account 'privileged'? One easy rule of thumb is to count any account with access to monetizable data (protected health information, credit card numbers, social security numbers, etc.) as a privileged account.

However that’s not all. There are other kinds of privileged accounts. What you have to decide for your organization is what privilege data is, where it is, and who has access to it. Control of privileged accounts is a major factor in compliance across all regulations in every industry. If that definition is a bit too broad, here are the most common types of privileged accounts:
 

Local Admin Accounts

These accounts are typically non-personal and provide administrative access to the local host. These accounts are typically used by the IT staff to perform maintenance or to set up new workstations. Often, these accounts will have the same password across the platform or organizations. These shared passwords are used by thousands of hosts and create a soft target for hackers. At a previous organization where I worked, all new email accounts were given the same password, [Company Name] + [Year]. Few, if any, employees changed that password once it was given to them and were never forced to update it during the year. If your organization is following a similar practice, it's time for a new practice.

Privileged User Accounts

These are the most obvious accounts. These give administrative privileges to one or more systems. They are the most common form and usually have unique and complex passwords giving them power across the network. These are the accounts that need to be monitored closely. Sometimes, these accounts don't belong to individual users and are instead shared among admins. Privileged account management should be leveraged here. These accounts should be monitored for who has access, what they have access to, and how often they request access.  

Domain Admin Accounts

Domain admins have privileged access across all workstations and servers on a Windows domain. These are the most extensive and robust accounts across your network because they have complete control over all domain controllers and the ability to modify membership of every administrative account within the domain. Compromise of these accounts are often listed as the 'worst case scenario' and should be monitored very closely.  

Emergency Accounts

Emergency accounts provide unprivileged users with admin access to secure systems in case of an emergency. These are also referred to as 'firecall' or 'breakglass' accounts. While these accounts should require managerial approval, the process is usually manual and lacks the appropriate record keeping needed for compliance audits.  

Service Accounts

These accounts are privileged local or domain accounts that are used by an application or service to interact with the operating system. Typically, they will only have domain access if it is required by the application being used. Local service accounts are more complicated because they typically interact with multiple Windows components. This means that changing passwords for these accounts must be done at the same time in order not to interfere with the dependent systems. Because of this, these passwords are rarely changed and are often a target.  

Application Accounts

Just as the name suggests, these accounts are used by applications to access databases and provide access to other applications. These accounts usually have broad access to the company information because of their need to work across the network. Typically, passwords for these accounts are not held by individual users and are shared across the network. These passwords are usually stored in unencrypted text files somewhere on the network so that everyone can gain access. The issue is that hackers can also gain access using this text file.

Related Products
Core Privileged Access Manager (BoKS)
Related Solutions
Privileged Access Management
Identity Governance & Administration
Identity and Access Management
Related Content
man-at-computer-with-locks
Blog
What’s the Difference Between IAM, IGA, and PAM?
Security lock breaking
Blog
6 Realities for Effectively Managing Privileged Accounts
IT professionals in server room
Blog
How to Leverage a Comprehensive Privileged Access Management Security Approach

Ready to Protect Your Privileged Accounts?

CTA Text

View our on-demand demo of Core Privileged Access Manager (BoKS) to learn how you can increase security for privileged accounts in your organization and control access to critical systems across your multi-platform environment.

WATCH ON-DEMAND DEMO
  • Email Core Security Email Us
  • Twitter Find us on Twitter
  • LinkedIn Find us on LinkedIn
  • Facebook Find us on Facebook

Products

  • Access Assurance Suite
  • Core Impact
  • Cobalt Strike
  • Event Manager
  • Browse All Products

Solutions

  • Identity Governance

  • PAM
  • IGA
  • IAM
  • Password Management
  • Vulnerability Management
  • Compliance
  • Cyber Threat

  • Penetration Testing
  • Red Team
  • Phishing
  • Threat Detection
  • SIEM

Resources

  • Upcoming Webinars & Events
  • Corelabs Research
  • Blog
  • Training

About

  • Our Company
  • Partners
  • Careers
  • Accessibility

Support

Privacy Policy

Contact

Impressum

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.