1 Introduction
In the age of digital transformation, the requirements for IT – but also the way IT is done – are changing. Organizations need to reinvent themselves and become agile and more innovative. Smart manufacturing and the Internet of Things expand the attack surface of organizations. Also, they have to meet ever increasing regulatory requirements. On the other hand, with the vast number of attacks that organizations are facing and the evolving regulations, organizations must invent new methods of addressing these needs while still perfectly serving their customers. Thus, they also need to constantly improve security, to have the right counter measures implemented and thus prevent attacks.
Privilege Management can be considered a domain of Cybersecurity since attackers usually go after the high privilege accounts. The users of the privileged accounts have the broadest access to sensitive company data such as HR records, financial information, payroll details or a company’s IP. Therefore, a strong emphasis needs to be placed on protecting these accounts, which eventually results in a reduced risk of breaches.
Furthermore, Privilege Management is an essential element in protecting organizations against attacks that are not yet identified. What are commonly referred to as a zero-day attacks have often, in fact, been running for an even longer period of time, sometimes for years. All attacks go through a phase where they are run but are not yet detected, as depicted in figure 1. Traditional technologies such as signature-based Anti-Malware don’t help in these scenarios. New Cybersecurity tools looking for anomalies and outliers can help in identifying such long-running attacks.
Privilege Management helps in two ways in these scenarios. On the one hand, it increases the protection of digital assets by protecting the most critical accounts and access to these systems. On the other hand, Privileged Behavior Analytics helps in identifying anomalies in privileged user behavior.
Privilege Management also is part of the IAM (Identity and Access Management) domain, because it is about managing accounts and their passwords, as well as their access at runtime, e.g., by monitoring sessions.
Modern tools for Privilege Management must support a variety of requirements, from protecting the passwords of shared accounts and rotating the passwords of service and system accounts, to session monitoring and behavioral analytics.
Mature Privilege Management solutions go much further than simple password generation and access control to individual systems, but also provide a unified, robust, and – importantly - transparent Privilege Management platform which is integrated into an organization’s overall Identity and Access Management (IAM) strategy. While “password vaults” had been at the center of attention in earlier years, capabilities such as advanced analytics of privileged user behavior and advanced capabilities in session monitoring and analysis are becoming the new normal, all integrated into comprehensive suites. However, we also see a growing number of vendors taking different approaches to solve the underlying problem of restricting, monitoring, and analyzing privileged access and the use of shared accounts.
Among security risks associated with privileged users are:
- Leakage of credentials for shared accounts
- Abuse of elevated privileges by fraudulent users
- Hijacking of privileged accounts by cyber-criminals
- Risks through abuse of elevated privileges on client systems
- Risks through mistakes in using elevated privileges by users
Furthermore, there are several areas of security, but also user convenience, with requirements which are associated with privileged accounts:
- Managing the ownership and knowing all privileged accounts, both individual and shared accounts
- Single Sign-On to shared accounts for administrators and operators
- Reducing elevated privileges of administrators and, in particular, operators to mitigate associated risks
- Controls for managing, restricting, and monitoring access of MSPs when accessing internal systems
- Controls for managing, restricting, and monitoring access of internal users to cloud services
Consequently, multiple technologies and solutions have been developed to address these risks as well as provide better activity monitoring and threat detection. However, to efficiently address the various challenges, integrated approaches are required, leading to comprehensive Privilege Management suites such as BeyondTrust PowerBroker PAM.
For a detailed overview of the leading PxM vendors, please refer to the KuppingerCole Leadership Compass on Privilege Management.