Keys to the Kingdom: Monitoring Privileged User Actions for Security and Compliance

by Dave Shackleford
Sept. 1, 2017 0 comments SANS Institute system administration

For years, the information security community has debated whether the threat of internal attack or external attack is of the greatest concern for organizations. Security practitioners have generally come to the conclusion that the volume of external attacks is far greater than internally-based attacks, simply due to the number of probes and attacks pounding their networks every day. On the other hand, despite their smaller volume, inside attacks generally cause significantly more damage because the attackers already have access. Nowhere is this more applicable than with privileged users. A privileged user, by definition, is a “[u]ser who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users.