Managing something you don’t even know exists in your network is always a challenge. This is why the problem of stealthy or shadow admins needs to be acknowledged by security officers. after all, it only takes compromising a single account with elevated privileges to put the security of an entire company in jeopardy.
So, who are these shadow admins and what strategies may help you combat the threats they pose? Keep on reading to find answers to these questions.
Shadow admins: what are they?
When talking about the shadow or stealthy admins, we are referring to the accounts that were delegated admin-level privileges in Active Directory, usually with a direct permission assignment. This is why these shadow admins can also be called delegated admins.
In general, there are four main groups of privileged accounts:
- Domain admins
- Local admins
- Application/services admins
- Business privileged accounts
Any of these categories may have both legitimate and shadow administrative accounts. However, while legitimate privileged accounts are easy to identify, stealthy admins are not members of any of the default administrative groups in Active Directory and, therefore, can’t be found that easily. As a result, many....
