A recent whitepaper from the SANS Institute and RSA Security reports that the corporate Help Desk is now a prime target for hackers. The report details social engineering exploits that succeeded in stealing passwords, employees’ personal information, and other private data from Help Desk staff.
Attacks on corporate help desks have proven to be successful because, unlike other methodologies, they involve interactions between humans and humans make mistakes. To defeat this social engineering threat it’s necessary to introduce automated controls that safeguard corporate data against human error.
As veterans in the Privileged Identity Management marketplace, we’ve long regarded the securing and auditing of Help Desk access as a significant priority. That’s why our flagship product, Enterprise Random Password Manager (ERPM™), provides out-of-the box integration with BMC Remedy, HP Service Manager, Microsoft System Center Service Manager and other Help Desk solutions.
ERPM works in concert with Help Desk software to verify that access to privileged information is always documented by your trouble ticketing system, that access is provided only to relevant systems and applications and only to the extent warranted by open tickets, and that each IT staff member who opens a ticket is authorized to access the relevant system or application. ERPM also provides an audit trail to show exactly who had privileged access, to what system, when and for what purpose.
This gives Help Desk staff faster access to the information they require, relieves them of the need to manually document what they’ve accessed, and helps protect against social exploits that attempt to trick them into disclosing information that they should not relieve.