UPDATED 10:00 EDT / JULY 29 2020

SECURITY

CyberArk launches open-source Shadow Admin identification tool for Azure and AWS

Cybersecurity company CyberArk Software Ltd. today launched a new open-source tool designed to identify Shadow Admin accounts in Microsoft Corp. Azure and Amazon Web Services Inc. cloud environments.

Called CyberArk SkyArk, the tool is designed to help organizations combat Shadow Admins by targeting and securing the most privileged entities in both Azure and AWS environments.

Shadow Admin accounts have sensitive privileges on a network and are typically overlooked because they are not members of a privileged Active Direct group. Instead, Shadow Admin accounts are typically granted their privileges through the direct assignment of permissions.

They’re highly desired by attackers because they provide administrative privileges necessary to advance an attack while having a lower profile than well-known admin group members.

“While organizations may be familiar with their list of straightforward admin accounts, Shadow Admins are much more difficult to discover due to the thousands of permissions that exist in standard cloud environments (i.e. AWS and Azure each have more than 5,000 different permissions),” CyberArk explained. “As a result, there are many cases where Shadow Admins might be created. Despite the appearance of limited permissions, a Shadow Admin with just a single permission has the ability to gain the equivalent power of a full admin.”

SkyArk offers two main scanning modules, AzureStealth and AWStealth, to scan Azure and AWS environments. The tool only requires read-only permissions because it simply queries cloud entities and their assigned permissions before performing an analysis and providing results.

The results can be used by both internal red and blue teams. For red teams, which are used to break into systems to test security, the results can be used to target discovered Shadow Admins through password matching, spear-phishing or a targeted attack on the endpoints of the employee discovered to have admin or shadow rights. For blue teams, which defend against attacks, the results can be used to eliminate unintended admins and remove unnecessary permissions from Shadow Admins.

Image: Thundi/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU