Protecting Privileged Accounts in your Network
Computer networks are prone to all sorts of vulnerabilities that create different types of risk for our businesses.
When designing, implementing new services, or simply maintaining our IT environment, one main challenge is managing “identity credentials”. The more the environment grows, the more dependencies there are between different services that require users with credentials to access one another. Such “key users” need to be protected from hackers. Additionally, certain network Admins and other management may also have access to such services. Furthermore, such access may be from mobile device or public cloud.
When analyzing information security risks, the main scenario we usually consider is a hacker will infiltrate our environment by leveraging existing access to our organization’s Privileged Account Security (any user information) or by inserting code that will eventually find its way to leak back out. In both of these cases the hacker’s goal is to find a privileged account and leverage the credentials to access the network’s most sensitive information.
80% of security breaches involve privileged credentials (The Forrester Wave™: Privileged Identity Management, Q4 2018). Understanding this risk, it’s important to reduce the permissions in our domain. Additionally, when considering permissions, we should view privileges in a least privileged approach, meaning that we do not limit the user’s functionality but give them permissions for exactly what they need. By removing local administration privileged accounts, we can reduce the attack surface by 25%. After reducing the permissions, our next step will be to secure and manage the privileged accounts.
So, how do we do that?
Privileged Access Management (PAM) refers to a class of solutions that help secure, control, manage and monitor privileged access to critical assets.
To achieve these goals, PAM solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault) isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the PAM system to access their credentials, at which point they are authenticated, and their access is logged. When a credential is checked back in, it is reset to ensure administrators must go through the PAM system next time they want to use the credential.
Bottom line, PAM solutions should be considered as part of your security strategy for your critical networks. In BluOcean we try to look at security holistically and as a whole, and not narrowly focused on access control and CCTV. Understanding all our risk, including cyber, we are able to achieve greater security for our customers. If you are interested in learning more, please contact us.