SECURITY
SECURITY
SECURITY
CyberArk launches open-source Shadow Admin identification tool for Azure and AWS
Cybersecurity company CyberArk Software Ltd. today launched a new open-source tool designed to identify Shadow Admin accounts in Microsoft Corp. Azure and Amazon Web Services Inc. cloud environments.
Called CyberArk SkyArk, the tool is designed to help organizations combat Shadow Admins by targeting and securing the most privileged entities in both Azure and AWS environments.
Shadow Admin accounts have sensitive privileges on a network and are typically overlooked because they are not members of a privileged Active Direct group. Instead, Shadow Admin accounts are typically granted their privileges through the direct assignment of permissions.
They’re highly desired by attackers because they provide administrative privileges necessary to advance an attack while having a lower profile than well-known admin group members.
“While organizations may be familiar with their list of straightforward admin accounts, Shadow Admins are much more difficult to discover due to the thousands of permissions that exist in standard cloud environments (i.e. AWS and Azure each have more than 5,000 different permissions),” CyberArk explained. “As a result, there are many cases where Shadow Admins might be created. Despite the appearance of limited permissions, a Shadow Admin with just a single permission has the ability to gain the equivalent power of a full admin.”
SkyArk offers two main scanning modules, AzureStealth and AWStealth, to scan Azure and AWS environments. The tool only requires read-only permissions because it simply queries cloud entities and their assigned permissions before performing an analysis and providing results.
The results can be used by both internal red and blue teams. For red teams, which are used to break into systems to test security, the results can be used to target discovered Shadow Admins through password matching, spear-phishing or a targeted attack on the endpoints of the employee discovered to have admin or shadow rights. For blue teams, which defend against attacks, the results can be used to eliminate unintended admins and remove unnecessary permissions from Shadow Admins.
Image: Thundi/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
