Most organizations have exponentially more privileged accounts as employees. Privileged accounts include domain administrator accounts, local accounts, and non-human service accounts that run applications, databases, and other communications and data exchanges between systems. In a mature PAM strategy, the term âprivileged userâ no longer equals âIT user.â It also includes business users who access financial, personal or other sensitive information from web apps and developers who build products on platforms using AWS, Azure, GCP, or their own cloud. The meaning of âprivileged accessâ includes not only who can access what, but also what they can do with that access and when they can do it.
Security Activities Within the Maturity Model
The security activities associated within each phase of the maturity model parallel the process recommended for organizations as they roll out their PAM strategy. This step-by-step method helps companies build a strong foundation that supports them as they grow in maturity.
Define
Start by defining what âprivileged accessâ means and identify what a privileged account is for your organization. Itâs different for every company so itâs crucial you map out what important business functions rely on data, systems and access. Gain a working understanding of who has privileged account access, and when those accounts are used.
Discover
Identify human and non-human privileged accounts and implement continuous discovery to curb privileged account sprawl, identify potential insider abuse, and reveal external threats. This helps ensure full, ongoing visibility of your privileged account landscape crucial to combating cyber security threats.
Manage and Protect
Proactively manage and control privileged account access, schedule password rotation, audit, analyze, and manage privileged session activity. For IT administrator privileged account users, you should control access and implement superuser privilege management to prevent attackers from running malicious applications, remote access tools, and commands. To prevent service account sprawl, implement proactive service account governance. Least privilege and application control solutions enable seamless elevation of approved, trusted, and whitelisted applications while minimizing the risk of running unauthorized applications.
Monitor
Monitor and record privileged account activity. This will help enforce proper behavior and avoid mistakes. If a breach does occur, monitoring privileged account use also helps digital forensics identify the root cause and identify critical controls that can be improved to reduce your risk of future cyber security threats.
Detect
Ensuring visibility into the access and activity of your privileged accounts in real time will help spot suspected account compromise and potential user abuse. Behavioral analytics focuses on key data points to establish individual user baselines, including user activity, password access, similar user behavior, and time of access to identify and alert you of unusual or abnormal activity.
Respond
When a privileged account is breached, simply changing the password or disabling the account isnât sufficient. While inside, hackers could have installed malware and even created their own privileged accounts. If a domain administrator account gets compromised, for example, you should assume that your entire Active Directory is impacted and investigate and make changes so the attacker canât easily return.
Review and Audit
Continuously observing how privileged accounts are being used through audits and reports will help identify unusual behaviors that may indicate a breach or misuse. Automated reports help track the cause of security incidents as well as demonstrate compliance with policies and regulations. Auditing of privileged accounts will also give you metrics that provide executives with vital information to make more informed business decisions.
PAM is an Ongoing Process
Even the most mature organizations are on a journey of continuous improvement. Organizations assess the information they find during the Review stage and begin again to Define their goals.
How Can ITM Help You?
iTM covers all aspects of Cyber Security including but limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.