Cyber Security Ventures estimates that the damage from cyber crimes will reach $6 trillion annually by 2021. They call this the “hackerpocalypse.” This amount is double the damages experienced in 2015 of $3 trillion. This is the largest global threat to companies and one of humankind’s greatest problems.
The incentives for criminal cyber-attacks are now so huge that they will exceed the amount of money made from illegal global drug trafficking.
Privileged User Accounts
The accounts of privileged users are frequently targeted for attack because they have stronger authorized permissions, can access confidential information, and create new user accounts or change user settings.
The types of accounts that have privileged access may include administrative accounts, domain admin accounts, authentication services accounts, emergency IT security accounts, the Microsoft Active Directory admin accounts, cloud services accounts, and critical-path application programming interface (API) accounts.
If a privileged user account is compromised, the damage that is possible may be extreme. For example. The damages for the Equifax breach of the credit history accounts for virtually all adult Americans were estimated to be $4 billion. Privileged access management is used to reduce this risk.
What is privileged access management?
Access management is used with customer identification to control user access to network services. Privileged access management is used to control the permission levels that are set as the security policy for groups, account types, applications, and individuals. This includes the management of passwords, session monitoring, vendor privileged access, and application data access.
How does privileged access management work?
Privileged access management (PAM) software stores the credentials of privileged accounts in a highly secure and separate repository where the files are encrypted. The separate encrypted storage helps make sure the credentials are not stolen or used by an unauthorized person to gain network access at the system-administrator level.
The more sophisticated PAM systems do not allow users to choose passwords. Instead, a secure-password manager uses multi-factor authentication to verify a legitimate authorized user’s request and then issues a one-time-use password every time an admin user logs in. These passwords automatically expire if a user times out, the session is interrupted, or after a certain period.
Privileged Access Management and Active Directory
Microsoft’s privileged access management works with Microsoft’s Active Directory Domain Services to secure network administrators’ accounts and other accounts with special access permissions. This helps reduce the risks of losing the credentials of authorized users who can manage a company’s domain(s).
In the Microsoft Active Directory system, PAM is a specific instance of Privileged Identity Management (PIM) that is authorized by the Microsoft Identity Manager. Microsoft’s PAM allows an authorized user to re-establish control over a compromised Active Directory system. This is done by keeping the administrators’ account information in a separate environment that is not affected by malicious cyber-attacks.
PAM for Active Directory Improves Security
Microsoft’s PAM for Active Directory makes it more challenging for hackers to gain unauthorized access to a network and to misuse privileged accounts. Under Microsoft’s PAM scheme, privileged groups have access and control over computer servers and software applications that operate across multiple, linked domains.
Network Activity Monitoring
The activities of the privileged group are constantly monitored with increased visibility and finely-tuned access controls. Network administrators are always able to see what privileged users are doing. Network penetration detection happens in real-time. This gives the network administrators more insights into how privileged account access is used in the network’s operating environment.
Other Privileged Access Management Platforms
There are many privileged access management platforms to consider. Saviynt recently announced a new privileged access management platform for cloud services and hybrid applications.
Cloud user access management software provides critical security features needed to manage cloud services. The most innovative PAM platforms work with cloud-based services, on-premises networks, and hybrid combinations of both.
Top PAM Platforms
The top privileged access management platforms chosen by Solution Review are:
- BeyondTrust — This platform works well for networks that have servers with different operating systems. It supports authentication by personal identity verification (PIV) and has automated features that allow it to share files on the network using the server message block (SMB) network protocol.
- CA Technologies — This PAM platform works with hybrid systems that use cloud services and on-premises networks. The company provides global infrastructure support. The system integrates well with Security Analytics, IGA, and other security information and event management (SIEM) solutions.
- Centrify — This PAM platform’s strength is its innovative solution for the secured vault storage of passwords and its forwarding capabilities.
- CyberArk — This platform is recognized as being a leader in privileged account risk mitigation with excellent password vaulting capabilities.
- Ekran — This platform uses a web-based control console for deployments that need to maintain high availability. It has real-time network activity monitoring and can record users’ login sessions. For enhanced security, supervisors can control access even after it is granted. It has full integration with ticketing systems and SIEM solutions.
- ManageEngine — This platform works well with hybrid cloud/on-premises networks. It is easy to install and set up. It is used by many enterprises as they migrate from on-premises networks to cloud-based services.
- One Identity — This company offers PAM solutions that can be used internally by network administrators and a cloud-based privileged access solution offered through a provider called Balabit. One Identity bought Balabit in January 2018 to expand their PAM solutions. One Identity is popular in many countries because it is offered in 13 languages. Its solutions focus on password management for controlling privileged access.
- SecureAuth — This platform has a wide range of access management capabilities that include multi-factor authentication software combined with PAM. The multi-factor authentication software eliminates the need for password authentication that is used to determine privileged identity.
- Simeio Solutions — This system offers Privileged Identity Management (PIM) that can be used to automate report creation for compliance issues. It integrates with multi-factor authentication and other access governance infrastructure. PIM is offered as a service that includes 24/7 monitoring with no capital investment in IT equipment.
- Thycotic — This system offers a password management tool that has strong identity management features and quick deployment times for privileged access management.
- Xton Technologies — This is an affordable enterprise-level PAM system with easy implementation and configuration. The system is low maintenance and works well for enterprises of all sizes.
Managing Privileged Access Security Risks
Much of the focus on cybersecurity is to prevent hostile cyber-attacks that come from network penetration from the outside. However, managing privileged access also includes managing security risks from the inside.
The action or inaction of a disgruntled or a careless employee is often the source of a major cybersecurity breach. Human “engineering” may be used as a tool used to trick a person into revealing secure login information. This may be an inside job as well.
Anyone who has authorized access to privileged access accounts can do a lot of damage to the networked systems. They can change security controls, adjust users’ permissions, misuse organizational resources, and make copies of large amounts of confidential data.
A rogue actor accessing a network with a privileged user account that has a high level of authorization can do just about anything and then erase any evidence of what they have done.
To manage these risks, every organization should follow these best practices:
- Understand the detailed scope of privileged access.
- Only grant the specifically needed access for each user.
- Monitor network privileged access activity in real-time.
- Use automation to manage privilege access controls.
- Strongly and proactively control all access to critical assets.
- Isolate passwords and other important confidential data in secure vaults that cannot be affected by malware.
- Use a system that automatically sends system alerts to network supervisors when any suspicious access activity occurs.
- Give supervisors override the ability to immediately shut down any account access.
- Record login sessions for IT security audits.
Privileged access management is a vital part of the defensive systems to prevent unauthorized access and data breaches. Cybercriminals are continuing to find new ways to exploit vulnerable systems. Network administrators need to focus their IT security strategy to include the best solutions for PAM that they can deploy and be proactive in defending critical assets.