How privileged access management fits into a layered security strategy
In its early days, Privileged Access Management (PAM) involved protecting only passwords used for privileged accounts. But it evolved beyond that single goal in the years that followed. Nowadays, it includes other security features such as multi-factor authentication (MFA), session monitoring, proxy, and user behavior analysis (UBA). Take a look at how they connect for better overall protection.
WFP in a Changing Threat Landscape
To understand why, it’s helpful to examine how digital attackers work and the types of data they hope to steal. The 2021 Data Breach Investigation Report (DBIR) provides an overview of both. Verizon Enterprise found that credentials were the most sought-after variety of data in breaches and that more than a quarter of those incidents started with a digital break in. To do this, the attackers attempted to steal an authorized set of credentials.
The reality is that some of these attackers didn’t just try: they succeeded. At the same time, the management of privileged access has evolved alongside them. Credentials are simply a username and password that someone can phish, intercept, or leave exposed in some way. It’s too easy for this information to end up in someone’s hands with malicious intent. It is therefore too easy for a PAM strategy to fail.
Not just password protection
But, at the same time, that’s not the point. Privileged access management is not password management. This is to protect access to privileged accounts. MFA, UBA, and the newer elements of PAM all help to ensure that access remains restricted if someone steals a set of trusted credentials. They can even help security teams detect when someone successfully gains access to a privileged account.
A threatening actor won’t let that access go to waste, after all. They will use these privileges to attempt to reconnect, roam sideways on the network, and remove sensitive information. All they need is enough time.
Time is not something the average attacker has to worry about. The 2020 Cost of a Data Breach Report found that data breaches were accompanied by an average stay time of 280 days. This means that the attackers had almost a year to muster what they could of their victims’ networks.
Learn more about PAM
The need for a multi-level strategy
So how do you prevent this from affecting your organizations? To get the most out of privileged access management in the future, use it as part of a layered defense strategy. This approach goes beyond the simple need to manage privileged access credentials. It also involves protecting critical assets so that defense teams can spot potential instances of compromise and / or lateral movement.
Sometimes this is easier said than done. Years ago, most businesses and agencies did not have virtualized applications or workloads. The data center existed on-site and the corporate network was within the physical boundaries of the office building. They therefore focused on strengthening the security of their endpoints using endpoint detection and response (EDR) solutions.
The problem is, EDR doesn’t take into account newer containers, cloud, apps, and additions. You need Extended Detection and Response (XDR) that leverages EDR using critical data and telemetry to extend visibility across all critical assets.
XDR and beyond
XDR is also not the only way to thwart the misuse of privileged accounts by malicious actors. In the event that someone takes control of an account, organizations need to ensure that the actor cannot access any of their sensitive information in a way that allows them to do without. Network monitoring tools can help security teams gain visibility and block such attempts, for example, while encryption can help protect data by preventing malicious actors from viewing it in clear text.
Obviously, privileged access management includes some vital security features. But it is not meant to replace your entire strategy. Instead, it works best under this strategy.