Principales beneficios de la Gestión de cuentas Privilegiadas (PAM)

por Rebeca | Abr 7, 2021 | Sin Categoria

No one wants a security breach to happen, but the media will be sure to pick it up when it does. By then, it is too late. Millions of dollars in fines or ransom notes later, and with a tarnished marketplace reputation, the company or government agency wishes they had paid more attention to their security protocols.

One way to achieve higher security is to instill a proper Privileged Access Management (PAM) initiative into the cybersecurity workflow. PAM is the process of determining who has access to what types of information as it creates an integrated view of risk, threats, and controls. PAM incorporates all-encompassing methodologies for how to use identities securely, how to enable logging and auditing for privileged identities for the quickest cyberattack response, and how to define what is privilege and what is not for an organization. In other words, PAM refers to a multi-dimensional cybersecurity strategy involving processes, technology, and people that aims to secure and monitor both human and non-human (machine)-privileged activities and identities throughout an organization’s IT landscape. For it to be successful, any such system has to be a part of the entity’s culture.

Privileged Access Management (PAM) helps organisations provide secure access to critical applications and data by addressing the very first security layer – the passwords.
Why is this important?
For hackers getting access to Admin or super user passwords is like hitting the goldmine – instant access to an organisations most critical assets and potentially right across the network

Key benefits

There are many benefits of a robust PAM system. Its effectiveness is enhanced with the knowledge of how to determine risk tiers, how guidelines are established, and best practices for implementing procedures, including how to overcome team-level resistance. Not having a protective system is imprudent. PAM providers offer various methods that achieve comparable results and benefits.

It sets up the equivalent of a barrier wall to guard against attacks.
It helps mitigate risk by ensuring compliance and confirmation with integrity.
It improves IT efficiency for application teams by increasing efficiency and enabling seamless user workflows.
It integrates with other tools to further enhance the organization’s cyber maturity as it creates more layers of security.
It acts as a centralized system with clean dashboards, reports on systems in place, and an AI-assisted subsystem to provide safety based on user profile and risk factors.

Tools

Key features include a layering of sound, proven security protocols atop hardware, software, technology assists, and culture shifts.

One key protocol is granting the least privilege possible while still getting the job done.
Storing multiple-use passwords is dangerous.
Leveraging AI decreases team member “slips” through automated monitoring, reporting to dashboards and real time alerts that are also used in many industries’ audits.
Training must include accountability and responsibility, even using screen-recording capabilities to train entry-level resources and monitor third party vendor access to protect the organization.

Sometimes losing a customer or a breach itself will be the catalyst for establishing new and better guidelines. Ideally, a report showing minor violations ahead of a problem would trigger a new guideline. Sometimes the Chief Information Security Officer (CISO) needs an inventory in the form of a “gap” analysis of where the company is versus where it would like to be protection-wise. From there, guidelines and levels of access can be created, tightened and enforced.

Determining appropriate levels of access across the enterprise might seem numbingly painful and time consuming. However, access identifiers must travel the full length and breadth of the organization and are a critical preemptive measure against cyberattacks. Sometimes the step is rushed in the attempt to do something — anything, to stop attackers. Industry PAM suppliers such as CyberArk, Centrify, and Thycotic offer company-specific combinations of determining appropriate privileged access levels that start at the tippy top of the IT system (the CISO or CIO for example) and rain down across and through workstations within or among network domains. The contradiction of job title against access point challenges all systems. Cyber attackers have infiltrated structures as large as Yahoo and the U.S. Office of Personnel Management by finding and exploiting privileged credentials. The exact level of access comes down to adhering to a few generally accepted best practices.

Start by answering the questions below to build a tight, impenetrable system:

Who has access to critical infrastructure, systems, and data? Build access levels from the ground up and top down. Study automatically updated reports daily. A reputable PAM cloud or on-premise solution can inform this step.
Does the company use the tools/solutions they have efficiently? Are they making time to have meetings, train the troops, and enforce the protocols in place? How mature are users’ knowledge base and how recent are the tools? Is everyone on board to secure the company’s digital assets?
Is there an adequate budget for purchasing recognized Privileged Access Management software and the support that comes with it?
How do external audit findings reflect compliance? Examples are General Data Protection Regulation (GDPR) for the EU and Network Information Service (NIS) in the U.S. Are failures quickly fixed?
Is management at all levels supporting or thwarting safety measures? Getting the job done is not as important as getting the job done safely.

There are many challenges to maintaining a safe yet productive and efficient IT environment. Surprisingly, one of the most challenging roadblocks with Privileged Access Management systems is not making the financial investment to purchase them. The greater challenge is often overcoming employees’ general resistance to change and “adding one more thing” to complete their day-to-day activities. Whether for budgetary, personnel, or other reasons, this resistance puts the company at risk. Meanwhile, as user-friendly and feature-rich as the best PAM systems are, the ultimate test is micro-managing all the way down to the customer-facing employees. These are the bastions of protection against internal (unfortunately) and external marauder/cyber attackers chipping against the walls of the IT fortress. Stretched team managers do their best to hold their team members accountable, but they cannot afford to fire their noncompliant employees. The work must be done, so the task often becomes one of negotiating with an employee. “Here are ten things we need you to do. Do two now, and we’ll work on the next ones in coming weeks.”

But coming weeks may bring newer protocols. The task is ongoing, because next week may require more and different responses and procedures depending on the attackers’ targets, be it Big Data, the Cloud, DevOps, Databases, the Infrastructure, or Network Devices. Last month’s Multi-Factor Authentication (MFA) might need strengthening. As quickly as the Bad Guys change their strategies, the technologies to keep them out must change apace.

Sources:

(1) Security Magazine
(2) Security Intelligence

Seguimiento y Grabación de Sesiones

por Rebeca | Feb 10, 2021 | Soffid

As businesses reflect on the disruption caused by the COVID-19 crisis, ensuring agility and resilience have risen to the top of C-suite agendas everywhere.
Administrative users require privileged account access in their day-to-day roles to maintain systems, perform upgrades and troubleshoot issues. However, these users can also misuse their privileges to gain unauthorized access to sensitive information or cause damage to the IT environment. To deter the misuse of privileges by authorized users, as well as detect malicious activity that could indicate a compromised account, organizations should proactively record and monitor all privileged session activity.

It’s great to have a session recording tool that recorded everything users do on the command line, it might prevent some oversights from happening in the first place if users are aware that what they were doing will being recorded. After all, people are usually on their best behavior when they know they are being recorded.

Key Benefits:

Cost and time savings– both admins and developers need to use less time for non-productive routines and can concentrate on real value-adding tasks.
Improved security– not having to generate, rotate, and dispose of passwords or keys improves your security posture and reduces your attack surface. Ditto for the automatic revocation of access rights upon someone leaving the organisation and not having to worry about lost credentials.
Improved compliance– with detailed audit logs and the available session recording and playback and integration with SIEM systems, you get full visibility into who has done what, where, and when. This not only gives you peace of mind, but it also helps you stay on the right side of GDPR and other regulations.
Better user experience– while a great customer experience is something we often think about, improving the user experience easier is often equally valuable.

Report and audit privileged sessions that leverage shared accounts and individual accounts with full video and metadata capture. The Soffid Audit and Monitoring Service allows customers to conduct analysis and leverage high-fidelity recordings for audit and compliance purposes.

Profundizando en la Gestión de Cuentas Privilegiadas (PAM)

por Rebeca | Ene 27, 2021 | Soffid

Privileged account management (PAM) is emerging as one of the hottest topics in cybersecurity — and it’s easy to understand why. Cybercriminals are relentless when it comes to finding and compromising their targets’ privileged credentials to gain unfettered access to critical assets. PAM also protect against administrative mistakes and if they do happen, it allows for the traceability of the person involved and to know the reason.

Chief information security officers (CISOs) have plenty of incentive to manage access to privileged accounts robustly and comprehensively. However, market drivers for PAM solutions go beyond the risk of financial consequences due to a breach.

Shockingly, 54 percent of companies today still use paper or Excel to manage privileged credentials. With no shortage of commercially available solutions on the market, why are so many businesses continuing to use manual processes?

Many vendors offer point solutions, such as password managers and session recorders, that only accomplish a portion of what is needed in (yet another) technology silo. Plus, more robust PAM solutions are often hard to deploy, unintuitive and not integrated with related critical technologies that enable security teams to manage privileged accounts holistically. Businesses looking to move beyond spreadsheets should consider new solutions to mitigate risks and gain a rapid return on investment.

Take Privileged Account Management to the Next Level with Soffid

PAM solutions help security teams to:

Discover all instances of privileged user and application accounts across the enterprise.
Establish custom workflows for obtaining privileged access.
Securely store privileged credentials in a vault with check-in and check-out functionality.
Automatically rotate passwords when needed — either after every use, at regular intervals or when employees leave the company.
Record and monitor privileged session activity for audit and forensics.
Receive out-of-the-box and custom reports on privileged activity.
Enforce least privilege policies on endpoints.

By integrating a PAM solution with identity governance and administration (IGA) tools, security teams can unify processes for privileged and non privileged users. They can also ensure privileged users are granted appropriate access permissions based on similar users’ attributes (e.g., job role, department, etc.) and in accordance with the organization’s access policy. Events related to privileged access are sent to a security incident and event management (SIEM) platform to correlate alerts with other real-time threats, which helps analysts prioritize the riskiest incidents. Integration with user behavioral analytics (UBA) solutions, meanwhile, helps security teams identify behavioral anomalies, such as the issuance of a rarely used privilege.

By investing in PAM tools that integrate seamlessly into the existing environment, organizations can put the full power of the security immune system behind the ongoing effort to protect sensitive access credentials from increasingly sophisticated threat actors. This enables security teams to move beyond inefficient, manual processes and embrace a holistic approach to privileged account management.

Resources:
(1) Security Intelligence

Principales beneficios de la Gestión de cuentas Privilegiadas (PAM)

Key benefits

Tools

Seguimiento y Grabación de Sesiones

Profundizando en la Gestión de Cuentas Privilegiadas (PAM)

Entradas recientes

Categorías

Principales beneficios de la Gestión de cuentas Privilegiadas (PAM)

Key benefits

Tools

Seguimiento y Grabación de Sesiones

Profundizando en la Gestión de Cuentas Privilegiadas (PAM)

Entradas recientes

Categorías

Etiquetas