In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session monitoring, proxying and user behavior analytics (UBA). Take a look at how these connect for better protection overall. 

PAM in an Evolving Threat Landscape

To understand why, it’s useful to look at how digital attackers work and which data types they’re hoping to steal. The 2021 Data Breach Investigations Report (DBIR) provides a glimpse into both. Verizon Enterprise found that credentials amounted to the most sought-after data variety in breaches and that more than a quarter of those incidents began with a digital break-in. In order do that, the attackers tried to steal an authorized set of credentials.

The reality is that some of those attackers didn’t just try: they succeeded. Meanwhile, privileged access management has evolved alongside them. Credentials consist of just a username and a password that someone can phish, intercept or leave exposed in some way. It’s too easy for that information to end up in the hands of someone with malicious intent. So, it’s too easy for a single-minded PAM strategy to fail.

Not Just Password Protection

But, at the same time, that’s besides the point. Privileged access management is not password management. It’s about protecting access to privileged accounts. MFA, UBA and the newer elements of PAM all help to ensure that access remains restricted if someone steals a trusted set of credentials. They can even help security teams spot when someone succeeds in accessing a privileged account.

A threat actor won’t let that access go to waste, after all. They’ll use those privileges to try to conduct reconnaissance, move laterally across the network and remove sensitive information. All they need is enough time.

Time is not something that the average attacker needs to worry about. The 2020 Cost of a Data Breach report found that data breaches came with an average dwell time of 280 days. That means the attackers had almost a year to gather what they could from their victims’ networks.

Learn more about PAM

The Need for a Layered Strategy

So, how do you prevent that from impacting your organizations? To make the most out of privileged access management going forward, use it as part of a layered defense strategy. This approach goes beyond just the need to manage privileged access credentials. It also involves protecting critical assets so that defense teams can spot potential instances of compromise and/or lateral movement.

That’s sometimes easier said than done. Years ago, most businesses and agencies didn’t have any virtualized applications or workloads. The data center existed on-premise, and the corporate network sat within the physical confines of the office building. So, they focused on hardening the security of their endpoints using endpoint detection and response (EDR) solutions.

The problem is that EDR does not account for containers, the cloud, applications and more recent additions. You need extended detection and response (XDR) that builds upon EDR by using critical data and telemetry to extend visibility across all critical assets.

XDR and Beyond

XDR isn’t the only way to thwart malicious actors’ misuse of privileged accounts, either. In the event that someone does take over an account, organizations need to make sure that the actor can’t access any of their sensitive information in a way that allows them to walk away with it. Network monitoring tools can help security teams to gain visibility over and block these attempts, for instance, while encryption can help protect data by preventing malicious actors from viewing it in plaintext.

Clearly, privileged access management consists of some vital security functions. But it’s not meant to replace your whole strategy. Instead, it functions best as part of that strategy.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today