Ghost (Account) Busters

Be Afraid of These Ghosts

A whisper in an empty office; files moving without anyone there; the eyes of a portrait following you as you pass. Your office has ghosts. Not spectral hauntings that spew ectoplasm, but ghost accounts which haunt your organization’s cybersecurity. Ghost accounts are accounts which have credentials even though there are no longer any active users associated with them. To those attempting to exploit, ghost accounts are like extra doors on the outside of a building: each one is potential way into your network. Once inside, there’s no telling what things heinous exploiters will exfiltrate. Bad is a ghost account only giving an evil third-party entry into your organization; catastrophic is a ghost account which still has access to various file shares, data, and other protected parts of your network.

data leak with ghost accounts

‘But where do these ghost accounts come from?’ you wonder. Well, large organizations have a large number of users. That seems silly to mention, but it is important to spell out. By having a large number of users, quite often adding and removing user credentials take time. Well, to be honest, an organization needs to get the new user up and running as fast as possible, so those credentials and the access they entail are normally set up quite quickly. But when a user leaves an organization (either honorably or dishonorably), often the removal of those credentials is pushed to some later date or merely forgotten. And then your organization becomes a haunted house.

Ghost (Account) Busters

We’ve already written a bunch about Identity & Access Management (IAM) — the process of defining an employee’s role in the company as detailed as possible and then giving them exactly the access they need to do their job (no more, no less). IAM is extremely important for an organization’s internal security when new users are added, but it is equally as important when they leave. IAM strategies need to include the deletion of users and not just the creation. It’s second nature to make sure a departing employee gives back the keys to the office, so should it be to terminate their keys to connecting to your organization’s network.

employee cyber access

But as said before, there always seems time to help a new employee settle in, but never any time once they leave, normally because you’re preoccupied with on-boarding their replacement. And this problem compounds itself if more than one worker is leaving at the same time. All is not lost, however. Fognigma is here to not only protect your network, not only bolster your cybersecurity with leading-edge technology, but also to let you automate a little more than you thought you could.

Fognigma & Active Directory Make It Easy

Many companies use Active Directory to manage all their employees. Fognigma integrates with Active Directory to make IAM even easier. Just as Fognigma’s invisible and encrypted networks and communications help protect an organization, so can teaming it up with Active Directory.  Since Active Directory administrators already have their employees entered in, it would be silly to have them redo all that work when they add the leading-edge tech of Fognigma to their cybersecurity arsenal. That’s why Fognigma can import Active Directory users right into its console!

Active Directory is engaged to activate and deactivate the user. Fognigma, on the other hand, is where admins put users into all the groups they need to do their job. (A Fognigma network has its construction and components microsegmented, with access to each part given only to a specified group. Being in a group, then determines the amount of access a user has to Fognigma capabilities, such as file share, telephony, VDI, etc.) This means the setup of a user when on-boarding is just as easy as it always has been: create user and add permissions.

The brilliance comes when it’s time to say goodbye to a user. When that day arrives, all an admin has to do is deactivate the user in Active Directory. Active Directory then tells Fognigma about the deactivation, Fognigma deactivates the user in every group they were a part of, and the user instantly has all their access revoked at once. Fognigma and Active Directory easily eliminate the risk of ghost accounts haunting your network.

To learn more about how Fognigma, contact us today.

Tags: No tags

Comments are closed.