In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session monitoring, proxying and user behavior analytics (UBA). Take a look at how these connect for better protection overall. 

PAM in an Evolving Threat Landscape

To understand why, it’s useful to look at how digital attackers work and which data types they’re hoping to steal. The 2021 Data Breach Investigations Report (DBIR) provides a glimpse into both. Verizon Enterprise found that credentials amounted to the most sought-after data variety in breaches and that more than a quarter of those incidents began with a digital break-in. In order do that, the attackers tried to steal an authorized set of credentials.

The reality is that some of those attackers didn’t just try: they succeeded. Meanwhile, privileged access management has evolved alongside them. Credentials consist of just a username and a password that someone can phish, intercept or leave exposed in some way. It’s too easy for that information to end up in the hands of someone with malicious intent. So, it’s too easy for a single-minded PAM strategy to fail.

Not Just Password Protection

But, at the same time, that’s besides the point. Privileged access management is not password management. It’s about protecting access to privileged accounts. MFA, UBA and the newer elements of PAM all help to ensure that access remains restricted if someone steals a trusted set of credentials. They can even help security teams spot when someone succeeds in accessing a privileged account.

A threat actor won’t let that access go to waste, after all. They’ll use those privileges to try to conduct reconnaissance, move laterally across the network and remove sensitive information. All they need is enough time.

Time is not something that the average attacker needs to worry about. The 2020 Cost of a Data Breach report found that data breaches came with an average dwell time of 280 days. That means the attackers had almost a year to gather what they could from their victims’ networks.

Learn more about PAM

The Need for a Layered Strategy

So, how do you prevent that from impacting your organizations? To make the most out of privileged access management going forward, use it as part of a layered defense strategy. This approach goes beyond just the need to manage privileged access credentials. It also involves protecting critical assets so that defense teams can spot potential instances of compromise and/or lateral movement.

That’s sometimes easier said than done. Years ago, most businesses and agencies didn’t have any virtualized applications or workloads. The data center existed on-premise, and the corporate network sat within the physical confines of the office building. So, they focused on hardening the security of their endpoints using endpoint detection and response (EDR) solutions.

The problem is that EDR does not account for containers, the cloud, applications and more recent additions. You need extended detection and response (XDR) that builds upon EDR by using critical data and telemetry to extend visibility across all critical assets.

XDR and Beyond

XDR isn’t the only way to thwart malicious actors’ misuse of privileged accounts, either. In the event that someone does take over an account, organizations need to make sure that the actor can’t access any of their sensitive information in a way that allows them to walk away with it. Network monitoring tools can help security teams to gain visibility over and block these attempts, for instance, while encryption can help protect data by preventing malicious actors from viewing it in plaintext.

Clearly, privileged access management consists of some vital security functions. But it’s not meant to replace your whole strategy. Instead, it functions best as part of that strategy.

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…