- 13 december 2018
- Gepost door: Pieter Van der Hulst
- Categorie: computer forensics, incident response
With Privileged Access Management
The importance of implementing privileged access management (PAM) is undeniable. A user with privileged access holds the keys to the kingdom, access to the highly valuable and confidential information that is often targeted by cybercriminals and malicious insiders. In fact, Gartner listed PAM as the No. 1 project for security teams to explore in 2018.
“This project is intended to make it harder for attackers to access privileged accounts and should allow security teams to monitor behaviors for unusual access,” Gartner advises.
PAM tools are critically important and must work together with identity governance, authentication, and application, network and cloud security. But how are organizations doing with actually implementing PAM solutions?
Thycotic, a PAM provider, released its “2018 Global State of Privileged Access Management Risk and Compliance” report earlier this year. The report revealed that privileged credentials are at great risk due to inadequate policies, poorly executed process and insufficient controls. There are major risk and compliance gaps in how organizations manage and secure their privileged accounts and access to sensitive systems, infrastructure and data. While most organizations acknowledge the important role PAM plays in their cybersecurity posture, a shocking 70 percent of organizations would fail an access controls audit, putting their privileged credentials at high risk.
Establish Consistent Access Control Processes
Organizations must develop consistent processes when granting access for employees to handle privileged accounts and passwords securely. This ensures that access is gained properly for privileged users. Without implementing consistent, repeatable access control processes, such as rotating passwords, enabling and revoking access, and making it easier to create risk and compliance reports, the organization is at risk.
As stated in the Thycotic report, 70 percent of organizations fail to fully discover privileged accounts, and 40 percent do nothing at all to discover these accounts. You cannot secure and manage what you do not know you have. Privileged accounts are often unknown, unmanaged and unprotected due to manual processes or error. There must be an established privileged account discovery process in place.
Audit and Track User Behavior
As Gartner noted, security teams should be able to monitor user behavior for unusual access. This is crucial, especially when it comes to privileged access. According to the Thycotic report, 63 percent of organizations do not track and alert on failed login attempts for privileged accounts.
All critical systems should have full audit logs to track logins and activities. Access to audit logs should be restricted, and they should be checked regularly and monitored for changes. Without auditing and tracking, there is no accountability for who is using these accounts and no way to properly analyze an incident and mitigate its damage.
Take Control of Your Privileged Access Management
Don’t get left in the dust. Build a proactive PAM program that doesn’t fall short on policies, processes and controls. A leading privileged access management solution should protect privileged accounts from cybercriminals and insider threats, help ensure compliance with evolving regulations, and give authorized employees access to the tools and information they need to drive productivity. Lastly, it should protect privileged accounts from misuse and enable organizations to enforce least privilege policies and control applications to reduce their attack surface.
Six Key Differences Between Password Management Tools and PAM
In the past, Privilege Access Management (PAM) was accessible only to large enterprises with skilled IT teams. Feature-heavy PAM tools became more and more complex and expensive to manage. Meanwhile, security-conscious small and medium businesses were relegated to using password tools designed primarily for consumers.
While consumer password tools provide a “password vault” to store user credentials, they don’t offer the same privilege protection as PAM. Consumer-grade password management tools are not sufficient to keep your organization safe.
These days, modern PAM tools are built with intuitive interfaces and simple deployment templates that give SMBs access to the same PAM capabilities as larger organizations. With 61% of cyber attacks aimed at small businesses, every organization needs to understand the differences between password management and Privileged Access Management so you can make an educated decision when choosing the right mix of cyber security tools.
Password managers are just that. They allow a user to save a potpourri of user accounts, IDs and associated passwords. It is similar to a single-sign-on “lite” solution.”
In contrast, Privileged Access Management solutions offer much greater visibility and control that organizations require to protect sensitive data, meet regulatory requirements and manage at scale.
So what are exactly the key differences ?
1.Protecting all privileges, not just user passwords
If you are only concerned about protecting passwords tied to individual users, a consumer-grade password management tool might be for you. But if you’re a growing, evolving organization with diverse technology and a dispersed workforce, a password management system won’t be able to keep pace with your requirements.
Unlike password management tools—or password managers—Privileged Access Management protects all types of enterprise passwords and credentials that control access to IT infrastructure. Privileged Access Management provides fine-grained authorization for user accounts not assigned to a normal user—superusers, shared accounts, service accounts, and so forth.
A simple password doesn’t ensure users are who they say they are. Security frameworks and compliance mandates call for a second level of identification before users should be allowed to access sensitive information. If you are only using a password management tool to secure your passwords, you would need to add on two-factor authorization in order to meet security requirements.
With a basic password “vault” an IT team has no way to know if the passwords users choose to store inside represent all of the passwords they use to access sensitive data, or only a subset. Only a PAM tool can discover and manage all privileged accounts and associated passwords in your organization.
Password management tools place the burden on individual users to change passwords regularly, and make sure all associated systems and users are kept up to date.
PAM solutions, on the other hand, allow for centralized, simultaneous password changing, or rotation. They ensure that when passwords are changed all dependencies—systems that are connected to those passwords—can still authenticate and connect. Hooks within PAM systems allow you to define what you would like to happen after a password has changed. For example, do you want to lock down systems? Additionally, session launchers within PAM tools allow you to give people access to your IT systems, perhaps only temporarily, without providing them access to a password. This is particularly helpful for organizations that use numerous contractors and third-parties.
5.Monitoring and Reporting for Compliance
Securing passwords that provide access is not enough to satisfy auditors that you are keeping privileged accounts safe. You need to know what users did while accessing those privileged accounts. And, you need to report on that activity without spending hours combing through logs. While consumer-grade password management tools may allow for some basic reports, they typically do not include an immutable audit log, customizable reports, and session monitoring or recording.
Session recording capability to enable forensics and compliance reports is a key capability which advanced PAM tools provide. With a PAM tool, you can quickly create and share a report of all privileged account use that puts auditors at ease.
6.Integration with IT and Security Software
One of the challenges security and IT teams face is system sprawl; multiple, disconnected technologies that don’t connect. If you have to go to a password tool to manage credentials and reports, and then a SIEM tool to view other security tools, you’ll waste valuable time and there’s a good chance you’ll miss something important. PAM tools integrate with other key IT tools, such as SIEM tools for software management and reporting.