Thycotic, a provider of privileged account management (PAM) solutions, is offering organizations a free online comparative assessment tool that demonstrates how companies compare to other, similarly-sized organizations, in meeting privileged password management best practices and security guidelines.
Designed in conjunction with information security professionals, the Privileged Password Vulnerability Benchmark also provides organizations with a blueprint illustrating where and how they can improve IT privileged password management.
"While most companies have implemented perimeter based security solutions, they are just becoming aware of the need to secure their privileged credentials," Steve Kahan, chief marketing officer of Thycotic, told eWEEK. "Thycotic released this benchmark because many of the companies that we’ve worked with have asked us how they should evaluate the risk associated with securing their privileged credentials. Thycotic worked with leading security experts to develop a benchmark that would enable any company to assess their security risk based on a best practices approach."
Participants receive an immediate grade (A thru F) based on how well their privileged password security practices match up against PAM best practices, and can better understand how and where to focus their time, money and resources in order to improve privileged account defenses.
"Most people know they should use a different password for each account, but the difficulty remembering complex passwords often causes them to use a single, standard password for all their accounts," Kahan said. "Hackers rely on password reuse to get all for the price of one account access. With a user's default password, they can potentially access every account or service used by that individual. By making it a common practice to use different passwords for every account, administrators can limit their organization's vulnerability in the event of an exposed password."
Participants will receive a free copy of the upcoming 2016 State of Privileged Password Management Annual Report upon publication, a report that highlights the survey findings and gives recommendations to improve PAM and protection.
"Privilege isn’t just about controlling the credential anymore. It is more than that – it has to be monitoring the use of the credential, finding anomalies, and even limiting what the administrator can do with the credential," Kahan said. "These controls are essential whether it be to protect against a rogue insider or stop an external attacker who has adopted the role of an uncontrolled insider. We are seeing this as a critical control whether it be on Windows, UNIX or even a third- party vendor connecting to the organization to do maintenance on a router."