attend
close
Identity for Security

Service Accounts & App Identities - A Double-Edged Sword

Tuesday, June 22
3:35pm - 4:00pm MDT

Service accounts and app identities are popular targets for attackers due to the ease of maintaining persistence, lack of activity monitoring and general lack of authorization management, especially around chained access. The group behind the SolarWinds hack, an attack that is estimated to have hit over 18,000 large businesses and government offices, used service accounts and app identities as part of their modus operandi.

In this talk we will share real world stats and examples on service accounts and app identities (which are usually the same at the technical level) that we have witnessed in our customers' systems. We will discuss how attackers leverage service accounts to maintain persistence and achieve access to their targets and finalize with what we as identity and security practitioners can do to protect from such situations - from right sizing service account permissions through constant activity monitoring to managing accounts lifecycles.