Privileged Access Management, Why?

Privilege Access Management is one of the most crucial aspects of Enterprise Information Technology today. With the evolution of malware and attack capabilities, Administrative accounts and credentials are the most sought after objects in most compromises. Administrators have the keys to the kingdom and therefor attackers put them on the top of the "People of Interest" when attacking a specific organization. 

Administrator/root have the ability to make any and most changes to IT systems, Applications, Databases, network and Security controls. When used in ways not intended, the impact to the business could be catastrophic.  It would open up the organization to a wide range of security threats and non-compliance issues.

For the above reasons, privileged access management has been recommended – and often required:

  • To comply with regulations
  • To comply with international standards
  • To implement organizational policies and requirements
  • To improve incident handling visibility and post exploitation attack limitation  

Privilege Management Benefits 
A robust privileged management system is crucial to meet the above requirements. As such, most Privileged Access Management (PAM) solutions in the market provide the following features

1. Access Policies and Rules: Enforce a policy of least privilege by giving users

  • A specific level of access needed for their roles
  • Define which assets users can access
  • Define a clear time and date when they can access assets
  • Whitelist or blacklist applications f
  • Control and monitor sessions by fully recording console and desktop access
  • Enable secure access to standard protocols for VNC, Web, SSH, telnet and remote desktop.
  • Set notification when a user is accessing an asset

2. Credentials Vault

As attackers are seeking to compromise passwords and authentication objects. A primary function of Privileged Access Management (PAM) is password vaults. Passwords are securely stored in an encrypted and locked storage. This ensures limited access to all critical passwords and makes it difficult for attackers to compromise critical administrative credentials.  The PAM also acts as a failsafe, if a specific system within the organization is compromised, other users will maintain access to their passwords, so the work required is not interrupted.

3. Managing Access for Non-Employees

With outsourcing and external support increasing for most organizations.  Vendor's personnel need continues access to your infrastructure.  Privilege access management solutions allows IT Administrator to provide third parties a controlled and fully monitored role-based access to assets. The most crucial benefit of this approach is that administrator do not need to provide privileged account credentials to third parties.

4. Multifactor Authentication Protocols

Relying on a single factor authentication is highly risky and provides attackers with a very simple target to achieve their access objective. Most security regulations, standards and best practices outlines the important of multi-factor authentication.  Most privileged management solutions today provide the integrated features of multi-factor authentication.

5. Control Access Pathways

Enterprise Information Technology teams are able to limit the access pathways within the infrastructure.  This will enable IT to track, approve, and audit various accounts in one place. Require all connections to be brokered through a few access pathways, reducing the attack surface while providing a single list of authorized assets available for each user within the organization based on their job roles and access needs.

6. Integration and access workflow Management

PAM solutions are able to integrate with existing technology and solutions in place today.  Solutions for password management, user authentication, SIEM, IT service management, change management. PAM lets you integrate privileged session management into your existing environment and increase your return on those investments Once a user has accessed the system, PAM assists in workflow management through automation of each approval step throughout the session duration.

7. Multifaceted Access

Mobile devices and tablets have provided IT Administrators a move convenient and efficient way to access IT Infrastructure for remote incident handling, administration and troubleshooting. With PAM solutions you can use mobile apps or a web-based console for privileged access anytime, anywhere. In addition to desktop consoles for Windows, Mac, and Linux.

8. Auditing and Reporting

With the increased security provided by PAM; Access Policies, Password Vaults, Multi-Factor authentication and Controlled access pathways, still having complete visibility and monitoring on access sessions is crucial to pinpoint unauthorized attempts and breaches. PMA has to provide access logs and other audit trails for detailed analysis. PAM solutions provides recordings and reporting for different activities including:

  • PAM Portal Access request
  • Authentication requests
  • Session and activities recordings

9. Cloud and Virtualization control

With the extension of most enterprises into the cloud, privileged access management can leverage web-based management consoles, including IaaS servers, hypervisor environments, and web-based configuration interfaces for core network infrastructure. Advanced Web Access can be configured to work across any solution that leverages a web interface for management, including Amazon Web Services, Google Cloud, VM Ware vSphere, Citrix XenServer, Microsoft Hyper-V, Azure and others.

Attack techniques and vectors are continuously evolving; compromise of privileged accounts could lead to catastrophic impact on most organizations.  Developing a clear strategy and approach to privileged access management could make the biggest difference in protecting your key assets and data.

Post a Comment