The growing need to secure the “keys to the kingdom” and the steps organizations need to take to protect their critical credentials
The constantly evolving threat landscape continues to bring organizations — even of enterprise size — to their knees by means of massive data theft. Billions of records are stolen each year, identity theft is rising and the financial fraud market is expanding.
These consequential concerns turn executives’ stomachs, resulting in increasing involvement from business leaders in cybersecurity. The fear of breaches, climbing costs and restrictive requirements to meet compliance standards and maintain security are major hindrances to these organizations. They need a solution to address these problems.
It is broke, and it’s time to fix it
Traditional cybersecurity strategies are no longer sustainable. Old products and methods are too complex, challenging to integrate, usually difficult to manage and cost organizations too much time and money. These organizations have little choice but to progress to simpler solutions that alleviate complicated protocols for IT teams and offer seamless integration while constructing a more secure defense system.
Privileged access security has become one of the top IT concerns — many Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) are prioritizing it to greatly reduce the risks of cyberattacks by protecting their organizations from unauthorized access. Recently Gartner released a report that Privileged Access Management is the No. 1 security project to implement in 2018.
One of the most common and yet daunting challenges for CSOs and CISOs is figuring out where to begin — where to first focus resources, how much funding to allocate, etc. The initial action should be to secure critical credentials, shutting down a go-to attack vector for hackers.
Organizations should start by evaluating their privileged accounts, determining what privileged access means to them. Since each company is different, it is important to map out which important business functions rely on data, systems and access. A recommended approach would be to reuse your disaster recovery plan which typically classifies the important systems that need to be recovered or addressed first and identify the privilege accounts for those systems.
Generally, privileged access includes permissions for critical infrastructure, sensitive data, configuring systems, patch deployment, vulnerability scans, and more. In order to create a comprehensive and specific definition, each organization should perform a data impact assessment which would illustrate exactly what the most privileged accounts are protecting in order to access or enable access to sensitive data.
Privileged accounts are everywhere in the IT environment. They are they glue that connects vast information networks. Yet for most people they are invisible.
These accounts can be accessed and operated by humans or non-humans. Some privileged accounts are associated with individuals such as business users or network administrators. Some are application accounts used to run services and are not associated with a person’s unique identity.
Once a data impact assessment is complete, the next step toward a mature security strategy is to follow the Privileged Access Management Lifecycle to get you moving quickly on the path to protecting and securing privileged access.
Privileged Access Management Lifecycle
Just as with any security project that is designed and implemented to help protect critical information assets, managing and protecting privileged account access requires a continuous approach. Organizations need to employ an ongoing program to pair with an advanced deployed strategy. The following briefly details the Privileged Access Management Lifecycle model which provides a high-level roadmap for establishing a premium PAM program.
Define and classify privileged accounts. Once your organization has established its qualifications for privileged accounts, it needs to develop IT security policies that explicitly cover them. Many organizations still lack acceptable use guidelines for privileged access. Treat privileged accounts individually by clearly defining a privileged account and detailing acceptable use policies. Gain a working understanding of who has privileged account access, and when those accounts are used.
Discover your privileged accounts. Organizations should use an automated PAM software to identify their privileged accounts and implement continuous discovery to prevent privileged account sprawl, identify potential insider abuse, and reveal outside threats. This helps ensure complete and continuous visibility of the privileged account landscape which is crucial in combating cybersecurity threats.
Manage and protect privileged account passwords. Proactively supervise and control privileged account access with password protection software. Your solution should automatically discover and store privileged accounts; scan individual privileged session activity; schedule password rotation; and examine password accounts in order to quickly detect and respond to malicious activity.
Limit IT admin access to these critical systems. Develop a least-privilege strategy so that privileges are only granted when required and approved. Enforce least privilege on endpoints by restricting end-users configured to a standard user profile and automatically elevating their privileges to only to run approved and trusted applications. For IT administrator privileged account users, you should control access and implement super user privilege management for Windows and UNIX systems to prevent attackers from running malicious applications, remote access tools, and commands. Proper PAM solutions offer least-privilege and application control to enable seamless elevation of approved, trusted and whitelisted applications while minimizing the risk of running unauthorized applications.
Monitor and record sessions for privileged account activity. Your PAM solution should be able to do this for your organization. This enforces proper behavior and helps avoid end-user errors because the activities are being supervised. If a breach does occur, monitored privileged account use also provides information to forensics teams to assist in identifying breach causes as well as provides intelligence toward reducing future risk exposure.
Detect usage and analyze behavior to comb for abnormalities. Gaining insights into privileged account access and user behavior is a top priority as 80 percent of breaches involve a compromised user or privileged account. Real-time visibility into the access and activity of these users will allow you to detect suspected account compromise and potential insider threats. Behavioral analytics use data to establish individual user baselines, such as user activity, password access, and time of access. This information is used to identify unusual or abnormal activity in order to predict threats and alert IT teams when they occur.
Respond to incidents effectively by preparing an incident response plan in the case of a privileged account compromise. When an account is breached, changing the password or disabling the account is dangerously ineffective. If penetrated and compromised by an outside attacker, the assailant(s) can install malware and even create their own privileged accounts. If a domain administrator account is taken over, you should assume that your entire Active Directory is vulnerable.
Review and audit privilege account activity. Repeatedly analyze privileged accounts use through audits and reports to identify unusual behavior that may indicate a breach or misuse. A proper solution’s automated reporting will help track the cause of any security incidents and comply with industry and government regulations. Auditing of privileged accounts will also provide cybersecurity metrics to show other executives quantified information to make better informed business decisions.
Protection Begins Now…
The formula for establishing PAM security requires an understanding of privileged accounts, adoption of a comprehensive approach (such as the Privileged Access Management Lifecycle model), adherence to compliance standards and a multifaceted solution that offers true protection for the “keys to the kingdom.”
About the author: Joseph Carson is a cyber security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic.
Source: infosec island