Why PAM is so essential?

Why PAM is so essential?

Remote working is here to stay, and the channel is pivotal in supporting organisations in their efforts to maintain the best protection against cyber attacks whether they’re adopting a hybrid, or fully remote working model. Channel partners with a rich portfolio of security solutions are in the ideal position to facilitate these flexible models and provide organisations with the seamless IT support they need to connect workers securely, irrespective of their location.
At the heart of remote cyber security is privileged access management (PAM), the protection around privileged and sensitive user accounts, which are the crown jewels for cyber criminals. For the channel, PAM creates a new revenue stream and further business opportunities with their customers. However, while having unrestricted access to clients’ IT estates is part and parcel for a service provider, it does pin a huge target on their backs. Offering comprehensive PAM solutions will enable channel partners to secure, manage and monitor access to their own privileged accounts as well as those of their clients, keeping the most valuable keys to their network safe.

Privileged Access Management can provide partners with greater security not only for their clients but for their own accounts too

In today’s cyber environment, stolen and misused privileged accounts—and the access they afford to sensitive and critical data and hosts—can be used to inflict tremendous damage.

Implementing a PAM tool reduces the likelihood of privileged credentials being compromised or misused in both external breaches and insider attacks. Such tools also help reduce the impact of an attack when it occurs by radically shortening the time during which the organization is unaware that it is under attack or being subverted. Cloud security, anomaly detection, and securing the software development life-cycle also can be addressed with a PAM tool, as can regulatory compliance and operational efficiency.

PAM solutions need to be aware of not only who a user is, but also to which resources they should be granted privileged access. To enhance security even further, strong PAM solutions tend to have their own layers of security capabilities. That is, they will have the ability to limit user access not only by role, but also by other factors such as time and location, ensuring that even a user who has been authenticated only sees the specific resource to be accessed, and only when appropriate. As a quick example, a given user may be granted privileged access to a server to do an update because they have the role of server admin; but the PAM administrators might also limit that privileged access, for business reasons or simply as a security practice, to a two-hour window starting at midnight, for example. Outside of that time frame, even with the login credentials, the user won’t be able to access the server for good or malicious reasons.

Multifactor Atuthentication (MFA) & Privileged Account Management (PAM)

If a user has successfully authenticated to the system, the PAM system will provide the user the privileged access they have been granted. Of course, that’s entirely appropriate, when the user is who they say they are – but potentially disastrous when a privileged user within the system is not who they claim to be.

Strong PAM solutions have safeguards to protect against this very situation. Session management tools, for example, will alert the security team (or automatically kill the session) when the activity undertaken by a privileged user is outside of defined parameters, such as a purported database administrator who suddenly begins to rapidly execute a large number of queries against multiple databases.

But what of the case where a hacker has stolen a DBA’s credentials, gained entrance to the system, and then undertakes activity which does not raise alarms, such as running an occasional query as the legitimate DBA might do?

This is the kind of situation prevented by MFA and PAM solutions working together to truly provide a layered defense in depth. Where strong PAM solutions excel at providing only the appropriate access to privileged users, a strong MFA capability in front of PAM helps to ensure that users are who they say are before they ever reach the point at which privileges must be determined and granted.

It’s a layered strategy that truly helps security teams and administrators create a defense-in-depth – and in today’s networked environments that are subjected to constant probing and hacking attempts, it’s a solid way to increase a firm’s cybersecurity.

 

References:
(1)  Newsweek.com
(2) secureworld.com
(3) Dark Reading

Picture: <a href=’https://www.freepik.es/fotos/negocios’>Foto de Negocios creado por jannoon028 – www.freepik.es</a>

Multifactor Authentication

Multifactor Authentication

Have a look to our new snack at Soffid Youtube Channel. Sion Vives,

Snacks by Soffid: Privileged Account Management (PAM)

Snacks by Soffid: Privileged Account Management (PAM)

Privileged account management can be defined as managing and auditing account and data access by privileged users. A privileged user is someone who has administrative access to critical systems.

Implementing a policy of least privilege minimizes unnecessary privilege allocation to ensure access to sensitive data is available only to those users who really need it.

Today, our CTO, Gabriel Buades, talk about how Soffid helps companies to secure their priviledge users.

Hoy does Priviledge Account Management benefit your company?

Hoy does Priviledge Account Management benefit your company?

Privileged Account Management is considered by many analysts and technologists as one of the most important security projects for reducing cyber risk and achieving high security ROI.

Based on recent threat activity, privileged accounts, not corporate data, might be the most valuable items within enterprise networks.

The domain of priviledge management is generally accepted as falling within the broader scope of identity and access management (IAM). Together, PAM and IAM help to provide fined-grained control, visibility, and auditability over all credentials and privileges.

While IAM controls provide authentication of identities to ensure that the right user has the right access as the right time, PAM layers on more granular visibility, control, and auditing over privileged identities and activities.

In a Tuesday session, titled “Security Leader’s Guide to Privileged Access Management,” Gartner research director Felix Gaehtgens said privileged access management is a crucial component of any security program because of the increasingly large scope of IT environments, privileged users, administrative tools, and IAM data such as passwords, encryption keys and certificates. Gaehtgens recommended organizations implement strict controls on privileged access such as limiting the total number of personal privileged accounts, creating more shared accounts and reducing the times and durations during which privileged access is granted.

It is a pleasure to invite you to our new webinar we are celebrating today, 23rd June.

During the webinar we will discuss about how PAM is emerging as one of the hottest topics in cybersecurity and why it must be a part of your overall IAM strategy.

 

Join now our webinar!

Least Privilege

Least Privilege

The 2020 Global State of Least Privilege Report shows that two-thirds of organizations now consider the implementation of least privilege a top priority in achieving a zero-trust security model.

Below, we take a look at some of the critical drivers for the adoption of least privilege. We also explore the failure of traditional systems and how modern solutions such as Software-Defined Perimeter, Secure Web Gateway and Risk-Based Authentication, among others, engender greater enterprise network security.

Access is Responsibility

According to an Identity Defined Security Alliance (IDSA) study published last year, 79% of enterprises experienced an identity-related security breach in the previous two years. Last year, just as the COVID-19 pandemic gathered momentum, another report revealed a rise in attacker access to privileged accounts, which puts businesses at a greater risk.

It is important to note that in this age where data is everything, access is equal to responsibility. Therefore, the greater access a person has at a given moment, the greater responsibility they have to protect the data that they have access to. According to the State of Security blog, author Anastasios Arampatzis states that the central goal of privilege access management, which he admits covers many strategies, is the enforcement of least privilege.

Privileged accounts are a liability precisely because the data they have access to makes them attractive targets to cyber attackers. The greater the level of access an account has, the more significant the impact of an attack would be. More so, the greater the number of privileged accounts on a network, the more catastrophic an account compromise could be. Basically, every additional privileged account multiplies the risks on a network. Therefore, it is crucial to keep the circle of privilege small in order to limit unnecessary data exposure.

Legacy Systems: The Failure of VPNs to Adequately Secure

Amidst the current challenges in privileged access management, organizations are beginning to explore alternative solutions to traditional VPN technology and other legacy security solutions which have failed in actively securing privileged accounts. One notable problem is the lack of remote user security on many VPN products, and they neither integrate well with identity providers nor properly implement user policies on identity access and authorization. The weakness of VPNs are made more apparent in this age of remote work.

At the turn of the pandemic, companies had to allow their employees to work from home. This led to a surge in VPN adoption. According to the Global VPN Adoption Index report, VPN downloads reached 277 million in 2020 based on data collected from 85 selected countries.

The cybersecurity landscape can be described as a kind of cat-and-mouse race. In response to this trend, cyber attackers shifted their focus to exploiting VPNs, amongst other techniques such as phishing. However, being a legacy technology that has somehow due to its ubiquity made its way to more modern times, VPNs have become quite weak. Based on the assertion that “VPNs are designed to secure data in transit, not necessarily to secure the endpoints,” it is easy to see why the ‘new normal’ in cybersecurity is the protection of endpoints in an age where data is gold.

Least Privilege Solutions and Technologies

The current overhauling of our approaches to access management and authentication has given birth to the rising adoption of the cybersecurity of least privilege. This principle is connected to another swelling trend in cybersecurity: the zero-trust model.

Zero trust cybersecurity entails the withholding of access to a protected network until legitimate authorization is established. Access control and identity management are part of the components of a zero trust security architecture.

True zero trust technologies adopt the principle of least privilege by default.

The need for privileged accounts is common to most information systems. These accounts are necessary to perform scheduled configuration and maintenance tasks, as well as supervening tasks such as the recovery of a hardware or software failure or the restoration of a backup. Due precisely to the need to use these accounts in an unplanned manner, their management must combine security, procedures and flexibility.

In order to effectively manage these accounts, the Soffid product has the necessary logic to Identify accounts, classify them according to the level of risk and its scheme of use, distribution and assignment to responsible users, automatic and planned password change process, passwords delivery process to authorized users and automatic injection of passwords, when this injection applies and makes sense.

Conclusion

The principle of least privilege in cybersecurity is not just an exciting fad that would go away soon. Rather, it is becoming a standard model and best practice for network protection in the new normal of cybersecurity.

Implementing least privilege works like buying insurance; the strength and impact of an attack can be measured by the level of privilege a compromised account has. This can put things into perspective in fighting data breaches.

Sources:
(1) Tripwire
(2) Security Tech