SOURCE: Courion Corporation

Courion Corporation

November 10, 2014 09:05 ET

Ungoverned Service Accounts With Privileged Access Leave Door Open for Hackers

Courion Findings Reveal Many Organizations Underestimate Their Access Risk Due to Service Accounts With Default Password Settings

WESTBOROUGH, MA--(Marketwired - November 10, 2014) - Courion®, a market-leading provider of intelligent identity and access management (IAM) solutions, asks: how secure are your service accounts? Most don't realize the number of service accounts that exist within their organization, frequently with default password settings created during software installation still in place. The problem is, service accounts typically provide privileged access to valuable and confidential data. Because service accounts are not proactively managed, they represent an especially attractive target to a hacker.

Service accounts characteristically do not correspond to a user; rather, these are accounts that are used by software to access and interact with other software, devices or data. The passwords for service accounts frequently remain unchanged in the interest of avoiding the loss of this interconnectivity. But service accounts left ungoverned, with default password settings in place, make your organization particularly vulnerable to a data breach. In fact, the now infamous Target breach began when hackers gained network access via a service account created automatically by a software installation. The attack eventually cost the company an estimated $2.2 billion.[1]

Based on evaluations of access risk recently conducted by Courion at dozens of leading corporations, IT security organizations typically underestimate the number of service accounts with elevated access rights that exist and which have not had a password reset in 365 days or more. For example, Courion found 500 or more service accounts with default password settings in place at several organizations.

By the time an annual or semi-annual audit reveals that service accounts represent access risk, a hacker may be long gone with company-critical data. To address this, Courion offers an evaluation of access risk which leverages Access Insight™, an identity and access intelligence solution, to analyze password reset history, login history, privilege patterns, ownership, and more to determine accounts that may be service accounts and which may represent a high risk of compromise. A prioritized view of where remedial action is needed most is also provided.

"Our access risk quick scans are eye-opening for many CISOs, CIOs and Chief Risk Officers. It's impossible with traditional IAM technologies to see through the complexity of an organization's identity and access infrastructure to identify possible access risks, but Access Insight allows you to do exactly that," said Chris Zannetos, CEO of Courion. "Identity and Access Intelligence is not just a nice to have, it is required to get ahead of hackers, corral out-of-policy access provisioning, and turn certification from a rubber stamping exercise into an effective control."

Access Insight can be used regardless of what IAM suite is installed, and provides the visibility needed to find and fix access-related risk, both at a snapshot point in time and on an ongoing basis through continuous monitoring. To learn more about how you can add intelligent identity and access management solutions to your security controls, contact (1) 866.Courion or


About Courion
Courion is the market leader in Identity and Access Management (IAM), from provisioning to governance to Identity and Access Intelligence (IAI). Many of the world's largest enterprises and organizations rely on Courion's solutions to confidently provide open and compliant access to thousands of employees while protecting critical company data and assets from unauthorized access. Courion has offices and operations in the USA, Europe, Middle East and Asia. To learn more about how you can add intelligent identity and access management solutions to your security controls, contact 866.Courion or

For more information about Courion, please visit:





Courion is a registered trademark of Courion Corporation. All rights reserved. All other company and product names may be trademarks of their respective owners.

Contact Information