The SNAP principle for mitigating privileged account breaches: How secondary non-admin privileged accounts can reduce breach impact

Abstract

In this paper, we discuss how using Secondary Non-Admin Privileged (SNAP) accounts can mitigate a variety of attacks targeting privileged accounts. We present our methodology for implementing this approach and discuss how this can prevent a variety of attack-types. We note that other studies have shown that over 92 % of critical vulnerabilities require administrative access and present multiple case-studies that demonstrate the effectiveness of this solution. We also propose procedural, technical and educational processes that will increase the effectiveness of this approach.