Privileged Access Management
Protecting your organization starts with securing the inside your own network
Perimeter security, such as firewalls and anti-malware, remain a necessary and important component of every security strategy. However, the perpetrators of advanced, targeted threats are aggressively breaking through the perimeter. Patient, cunning, and armed with the resources to succeed, they will eventually find their way inside your organization. In addition, a “rogue insider” with legitimate access may abuse trusted privileges. In fact, you can just assume that you are breached. Whether the threat originates externally or with a malicious insider, attackers will lay in wait as long as necessary to gain access to valuable assets, resulting in damaged reputations, financial losses, and stolen intellectual property.
The key is Privileged accounts
How do advanced attackers find their way to the heart of your enterprise? The pathway is the privileged account, with a modular and layered security system. A privileged user is someone who has administrative access to critical systems. For instance, the individual who can set up and delete email accounts on a Microsoft Exchange Server is a privileged user. The word is not accidental. Like any privilege, it should only be extended to trusted people. Only those seen as responsible can be trusted with “root” privileges like the ability to change system configurations, install software, change user accounts or access secure data. From a security perspective, it never makes sense to unconditionally trust anyone. That’s why even trusted access needs to be controlled and monitored. And, of course, it should be possible to revoke privileges at any time.
Privileged accounts are targets
Privilege is the one constant in the cyber-attack lifecycle. In fact, 80% of advanced cyber-attacks involve the escalation of privilege. It is the common denominator in nearly every serious attack, and the reason is clear: Attackers need the credentials of an insider to move around and achieve their goals. Without credentials, an attacker’s ability to move across the network is blocked. That’s why attackers prefer to leverage privileged accounts where possible, such as domain administrators, service accounts with domain privilege, local administrator accounts, and privileged user accounts.
Take control of your IT environment
Credentials—and, in particular, privileged credentials—give attackers the permissions necessary to access servers and steal data, severe disruption or go after the domain controllers and take control of the IT environment. If you block privilege escalation, you block the attack.
How do advanced attackers find their way to the heart of your enterprise? The pathway is the privileged account. Attackers prefer to leverage privileged accounts where possible, such as domain administrators, service accounts with domain privilege, local administrator accounts, and privileged user accounts.
Why would I need Privileged Access Management?
PAM keeps your organization safe from accidental and/or deliberate misuse of privileged access. It’s particularly relevant if you have a big organization, or if you are growing. The bigger your organization is, the more privileged users you have. An employee can have more privileged users, which means that many organizations have two or three times as many privileged users as employees.
As explained on this page, privileged users are a big vulnerability if you have no insights and control. Especially if administrators can make unauthorized system changes, access forbidden data, and if they can hide their actions… Well, then you are in trouble.
Insider threats aside, if your system isn’t up to date, can’t be monitored and is hard to control, it is a feast for an outside attacker.
The possibilities of Priviliged Access Management (PAM)
A PAM solution offers a secure, streamlined way to authorize and monitor all privileged users for all relevant systems. The advantages of Privileged Account Management are that it grants privileges to users for systems on which they are authorized. It makes it possible to grant access, but also revoke access when needed. Privileged Account Management avoids the need to have local/direct system passwords and makes managing access quick and central over a disparate set of heterogeneous systems. On top of it all, it creates an unalterable audit trail for any privileged operation, which makes monitoring possible.
To summarize your options with PAM:
- PAM grants privileges to users only for systems on which they are authorized.
- PAM grants access only when it’s needed and revoke access when the need expires.
- PAM avoids the need for privileged users to have or need local/direct system passwords.
- PAM centrally and quickly manages access over a disparate set of heterogeneous systems.
- PAM creates an unalterable audit trail for any privileged operation.
Our chosen PAM solutions with CyberArk and IBM
With CyberArk’s Privileged Access Security Solution, you can meet your compliance requirements and reduce your security risk without introducing additional operational complexity. CyberArk uses Conjur to help you to take control. Conjur is an open source security service that integrates with popular tools to provide data encryption, identity management for humans and machines, and role-based access control for sensitive secrets like passwords, SSH keys, and web services.
Currently SecurIT has employed 15+ certified CyberArk engineers and is certified by CyberArk for developing custom integrations. Our resource investments gives SecurIT an Advanced level at the CyberArk partner-program. The program is comprised of three tiers (Advanced, Certified, and Authorized). SecurIT is one of the few companies in Europe with the CyberArk Advanced level.
IBM Security Secret Server protects privileged accounts from hackers and insider threats, helps ensure compliance with evolving regulations, and allows authorized employees to seamlessly gain access to the tools and information they need to drive productivity. Easily detect, manage and audit privileged accounts, and control which applications are permitted to run on endpoints and servers to prevent malicious applications from penetrating the environment.
GET IN TOUCH
Wilt u uw mogelijkheden bespreken?