Any advice on how to best secure/monitor domain admin and higher-level access service accounts? It would be nice to have more detailed alerts regarding activity with these accounts than just if the account is locked. We are an Azure/AD shop. We have Arctic Wolf as our SOC.

2k views2 Comments

Sort by:

VP Cybersecurity in Banking2 years ago

import your logs into Splunk and then create alerts going to your SOC to validate appropriate usage.

Chief Evangelist in IT Services2 years ago

Getting understanding of the ability for these accounts to read, update and delete data is essential and monitoring their actual activity is essential and can be provided through new DSPM tools

Content you might like

Has your organization enabled employees to access Office 365 from mobile endpoints?

Yes81%

No17%

Other1%

View Results

We're mandated to allocate IT costs to the service level, but this creates friction with Identity & Access Management (IAM). The issue: non-negotiable security costs (MFA, SSO, governance) often exceed the cost of low-value services they protect (e.g., internal portals), leading to business owner pushback. How have you addressed this "Low-Value Service Paradox"? Do you keep foundational SSO/basic provisioning as corporate overhead or allocate everything? Do you use risk- or value-weighted allocation to subsidize essential, low-cost services? Who owns the final decision on allocation formulas—Finance, CIO Council, or Security? Please share specific solutions and governance models that have made IAM cost allocation fair and sustainable.

Would a security breach of your SSO vendor make you switch providers?

Yes30%

It depends on the vendor’s incident response59%

No6%

Not sure3%

View Results

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Anyone using Hashicorp to drive privileged Access management PW compliance by any chance? if yes, any challenges pulling data from the solution and matching secrets to privileged IDs?