Privileged accounts, credentials and secrets – and the access they provide – represent the largest security vulnerability that enterprises will face today. Nearly all of the most destructive cyber attacks this decade were executed by successfully exploiting privileged access. As such, managing and securing privilege is increasingly an organisational priority and a core component of an effective cyber security strategy. But, knowing where to start can be confusing. The market offers an ‘acronym soup’ of different terms and tools for addressing privileged access security. For example, consider Privilege Access Management, aka ‘PAM’, and its close associate, Privilege Identity Management, aka ‘PIM’.
At the end of the day, privilege by any name is a priority. There is common ground found within the category, with recommendations for best practices and vendor selection provided by trusted industry analysts such as Forrester, Gartner, IDC and KuppingerCole. Vendors who fall into PAM or PIM categories typically offer the following capabilities:
- Vault and rotate passwords and other credentials,
- Isolate, monitor, record and audit privileged sessions,
- Control privileged commands, actions and tasks, including privilege delegation and elevation
- Leverage analytics to monitor for anomalous activities involving privileged access
- Manage and broker credentials and secrets for applications from traditional commercial off-the-shelf applications to new cloud-native applications built using DevOps tools and methodologies
Of course, what ultimately matters across these five areas of privileged access will depend on the priorities of your business and your current security practices within your organisation. As it relates to analytics, some analysts do not consider this to be a separate capability. They instead cover analytics as a feature that enhances vaulting, session isolation and the control of privileged sessions.
The degree of emphasis placed on securing the credentials used by DevOps tools and cloud-native applications vs. traditional commercial off-the-shelf applications depends upon the analyst firm. But at the end of the day, security and audit teams need to have complete visibility of cloud admin and privileged user activities. An ideal solution for them would provide an application-aware architecture that can observe user interactions within both cloud platforms and web applications, detect and alert on potential attacks in the event of high-risk or malicious activity, and create a detailed audit of all session activities. Furthermore, an integration with an analytics tools for privileged threats would provide a risk scoring that allows organisations to pre-define high-risk activity and assign it to privileged activity in real time. By assigning risk-based scoring to privileged sessions, audit teams can prioritise and streamline the audit review process based on risk, versus randomly reviewing privileged sessions in hopes of catching something high-risk or malicious. This type of solution provides a single pane of glass view to prevent and detect attacks involving privileged access across on-premises, hybrid and cloud environments; and also integrates with leading Security Information and Event Management (SIEM) platforms.
Interestingly, managing privilege for end-user endpoints (aka workstations) is not included on the list above since not all analysts consider this part of the PAM or PIM category. That being said, many vendors who fall into the PAM or PIM category offer solutions that limit privilege on end-user endpoints, especially since many attacks involving privileged access start there.
It’s time to put semantics aside and focus on what’s truly important: securing privileged access across your enterprise through solutions that provide a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. This is the most crucial step to ensure you can reduce risk from external attackers or malicious insiders and launch new initiatives – such as investing in modern infrastructure and supporting digital transformation strategies – with confidence.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.