Thought leadership

Protect your sensitive data and critical infrastructure with Privileged Access Management

Organisations implement privileged access management (PAM) to protect against the threats posed by credential theft and privilege misuse. PAM refers to a comprehensive cyber security strategy – comprising people, processes and technology to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.

Sometimes referred to as privileged identity management (PIM), or privileged access security (PAS), PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions.

The principle of least privilege is widely considered to be a cyber security best practice, and is a fundamental step in protecting privileged access to high-value data and assets. By enforcing the principle of least privilege, organisations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches.

Privileged access can be associated with human users as well as non-human users such as applications and machine identities.

Examples of privileged access used by humans:

Examples of non-human privileged access:

Privileged accounts, credentials and secrets exist everywhere. It is estimated that they typically outnumber employees by three to four times. In modern business environments, the privilege-related attack surface is growing as fast as systems, applications, machine-to-machine accounts, cloud and hybrid environments, DevOps, robotic process automation and IoT devices become increasingly interconnected.

Attackers know this and target privileged access. Today, nearly 100% of advanced attacks rely on the explanation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure. If abused, privileged access has the power to disrupt business.

Notable Security Breaches Involving Privileged Access

Over the past decade, there have been numerous security breaches linked to privileged access abuse. From Yahoo!, the U.S. Office of Personnel Management, the Ukraine power grid and Uber, business of all sizes from all industries are experiencing severe data breaches. The common denominator in each attack was that privileged credentials were exploited and used to plan, co-ordinate and execute cyber attacks.

Key PAM Challenges

Organisations face several challenges protecting, controlling and monitoring privileged access, including:

Why is PAM Important to Your Organisation?

Humans are your weakest link. From internal privileged users abusing their levels of access, or external cyber attackers target  ing and stealing privileges from users to operate stealthily as ‘privileged insiders’, humans are always the weakest link in the cyber security chain.

PAM helps organisations ensure that people have only the necessary levels of access to do their jobs. PAM also enables security teams to identify malicious activities linked to privilege abuse and take swift action to remediate risk.

In digital business, privileges are everywhere. Systems must be able to access and communicate with each other to work together. As organisations embrace cloud, DevOps, robotic process automation, IoT and more, the number of machines and applications that require PAM has surged and the attack surface has grown.

These non-human entities vastly outnumber the people in a typical organisation and are harder to monitor and manage – or even identify at all. Commercial-off-the-shelf (COTS) apps typically require access to various parts of the network, which attackers can exploit. A strong privileged access management strategy accounts for privileges no matter where they “live” – on-premises, in the cloud and in hybrid environments – and detects anomalous activities as they occur.

Cyber attackers target endpoints and workstations. In an enterprise, every single endpoint (laptop, smartphone, tablet, desktop, server, etc.) contains privilege by default. Built-in administrator accounts enable IT teams to fix issues locally, but they also introduce great risk.

Attackers can exploit admin accounts, then jump from workstation-to-workstation, steal additional credentials, elevate privileges, and move laterally through the network until they reach what they’re looking for. A proactive PAM program should account for the comprehensive removal of local administrative rights on workstations to reduce risk.

PAM is critical for achieving compliance. The ability to monitor and detect suspicious events in an environment is very important, but without a clear focus on what presents the most amount of risk – unmanaged, unmonitored, and unprotected privileged access – the business will remain vulnerable.

Implementing PAM as part of a comprehensive security and risk management strategy enables organisations to record and log of all activities that relate to critical IT infrastructure and sensitive information – helping them simplify audit and compliance requirements.

Organisations that prioritise PAM programs as part of their larger cybersecurity strategy can experience a number of organisational benefits, such as mitigating security risks and reducing the overall cyber-attack surface, reducing operational costs and complexity, enhancing visibility and situational awareness across the enterprise and improving regulatory compliance.

PAM Best Practices

The following steps provide a framework to establish essential PAM controls to strengthen an organisation’s security posture. Implementing a program that leverages these steps can help organisations achieve greater risk reduction in less time, protect their brand reputation and help satisfy security and regulatory objectives with fewer internal resources.

Eliminate irreversible network takeover attacks. Isolate all privileged access to domain controllers and other Tier0 and Tier1 assets and require multi-factor authentication.

Control and secure infrastructure accounts. Place all well-known infrastructure accounts in a centrally managed, digital vault. Regularly and automatically rotate passwords after every use.

Limit lateral movement. Completely remove all end point users from the local admins group on IT Windows workstations to stop credential theft.

Protect credentials for third-party applications. Vault all privileged accounts used by third party applications and eliminate hardcoded credentials for commercial off-the-shelf applications.

Manage *NIX SSH keys. Vault all SSH key-pairs on Linux and Unix production servers and rotate them on a routine basis.

Defend DevOps secrets in the cloud and on premise. Secure all Public Cloud privileged accounts, keys, and API keys. Place all credentials and secrets used by CI/CD tools such as Ansible, Jenkins and Docker in a secure vault, enabling them to be retrieved on the fly, automatically rotated and managed.

Secure SaaS admins and privileged business users. Isolate all access to shared IDs and require multi-factor authentication.

Invest in periodic Red Team exercises to test defences. Validate and improve effectiveness against real world attacks.

How Can SysGroup Help?

SysGroup partner with CyberArk, the leading PAM vendor. We have a range of solutions that can help you manage your privileged accounts. Get in touch to discuss options.