Enter PAM and VPAM providers
While there isn’t one silver bullet that will keep your company from suffering a data breach due to privileged credential abuse or misuse, sophisticated and granular audit controls can go a long way towards building a defense-in-depth “castle” around your key systems.
There are several features to look for when evaluating solutions that include privileged access auditing.
A single source of truth for privileged identities and credentials
When third parties are logging into your network and systems with privileged access, a lot is at stake. These credentials hold the keys to the kingdom and should be treated differently than rank-and-file authentication.
It’s essential to have a single place to house these logins. This way, credentials are never sent to a vendor so logins and passwords cannot be shared, used to leapfrog, and won’t end up on a sticky note or digital keychain. A privileged access management solution, such as Thycotic’s Secret Server, provides this centralized and secure repository.
Having a password vault combined with complementary technology and/or process controls, such as multi-factor authentication (MFA), for privileged administrative access is a must. Policies around sharing root or privileged access to systems should also be standard practice.
Contextually audit metadata
Context is critical when monitoring privileged access. Before system access is granted, particularly if requested from a third party, you must determine:
- The reason for the access
- The specific applications that will be accessed
- The protocols that will be used
- Who approves the access
This information will give you the details required to know whether a connection is normal or troubling, and help you catch mistakes and malicious activity before it impacts your systems.
This information also allows you to assess the request following an incident as part of your incident response plan. Privileged access management and vendor privileged access management solutions can provide additional details, which can be customized to internal help desk systems and other management tools or systems. Compliance data fields can be used as well for special regulatory reporting requirements, such as those required by gaming commissions and new privacy laws.
Granular audit data
When you must dig deep, it is useful to have a detailed view. PAM and VPAM solutions offer playback of all activity in graphical environments like Windows, or keystroke records for command line activity. This “security camera” for your network and systems is crucial when trying to figure out what went wrong in the case of an accidental error or for forensic analysis in the case of a breach or other security incident. Of course, monitoring capabilities need to be in place before a potential breach occurs.
Finally, if using a PAM and VPAM solution, there are exponential benefits from integrating the two solutions that creates operational efficiencies, in addition to tighter data and infrastructure security, such as audit features. This will ensure you are prepared when auditors come calling or malicious hackers breach your network.
Thinking through threats that exist from inside the security perimeter is an essential part of a robust cybersecurity defense. Be proactive with a practical defensive strategy. It will pay a huge dividend, but you must do it now before a breach occurs.