Reply to post: Privilege Sprawl

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

hoola Silver badge

Privilege Sprawl

One of the things that appears to go unnoticed is the number of bits of monitoring, logging, AV, management that are installed, all with a nice little agent that is running as close to the kernel as possible. The actual agent may be perfectly secure but if the system is is sending back to or managed by become compromised you are in trouble. Many of these don't have any sort of reauthentication and are running as some system user. It can only be a matter of time before something like the Solarwinds issue hits a solution with a client. The more oif these tools that are cloud based also gives me concerns. You are entrusting yet more of your security to other people and as we all know, security is only as good as the weakest link. In this way going for the single point that has access to hundreds of systems is well work the effort. Going after some cloud-based AV solution would potentially give you access to millions of end points in one go.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022