In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session monitoring, proxying and user behavior analytics (UBA). Take a look at how these connect for better protection overall.
PAM in an Evolving Threat Landscape
To understand why, it’s useful to look at how digital attackers work and which data types they’re hoping to steal. The 2021 Data Breach Investigations Report (DBIR) provides a glimpse into both. Verizon Enterprise found that credentials amounted to the most sought-after data variety in breaches and that more than a quarter of those incidents began with a digital break-in. In order do that, the attackers tried to steal an authorized set of credentials.
The reality is that some of those attackers didn’t just try: they succeeded. Meanwhile, privileged access management has evolved alongside them. Credentials consist of just a username and a password that someone can phish, intercept or leave exposed in some way. It’s too easy for that information to end up in the hands of someone with malicious intent. So, it’s too easy for a single-minded PAM strategy to fail.
Not Just Password Protection
But, at the same time, that’s besides the point. Privileged access management is not password management. It’s about protecting access to privileged accounts. MFA, UBA and the newer elements of PAM all help to ensure that access remains restricted if someone steals a trusted set of credentials. They can even help security teams spot when someone succeeds in accessing a privileged account.
A threat actor won’t let that access go to waste, after all. They’ll use those privileges to try to conduct reconnaissance, move laterally across the network and remove sensitive information. All they need is enough time.
Time is not something that the average attacker needs to worry about. The 2020 Cost of a Data Breach report found that data breaches came with an average dwell time of 280 days. That means the attackers had almost a year to gather what they could from their victims’ networks.
Learn more about PAM
The Need for a Layered Strategy
So, how do you prevent that from impacting your organizations? To make the most out of privileged access management going forward, use it as part of a layered defense strategy. This approach goes beyond just the need to manage privileged access credentials. It also involves protecting critical assets so that defense teams can spot potential instances of compromise and/or lateral movement.
That’s sometimes easier said than done. Years ago, most businesses and agencies didn’t have any virtualized applications or workloads. The data center existed on-premise, and the corporate network sat within the physical confines of the office building. So, they focused on hardening the security of their endpoints using endpoint detection and response (EDR) solutions.
The problem is that EDR does not account for containers, the cloud, applications and more recent additions. You need extended detection and response (XDR) that builds upon EDR by using critical data and telemetry to extend visibility across all critical assets.
XDR and Beyond
XDR isn’t the only way to thwart malicious actors’ misuse of privileged accounts, either. In the event that someone does take over an account, organizations need to make sure that the actor can’t access any of their sensitive information in a way that allows them to walk away with it. Network monitoring tools can help security teams to gain visibility over and block these attempts, for instance, while encryption can help protect data by preventing malicious actors from viewing it in plaintext.
Clearly, privileged access management consists of some vital security functions. But it’s not meant to replace your whole strategy. Instead, it functions best as part of that strategy.
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...