In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session monitoring, proxying and user behavior analytics (UBA). Take a look at how these connect for better protection overall. 

PAM in an Evolving Threat Landscape

To understand why, it’s useful to look at how digital attackers work and which data types they’re hoping to steal. The 2021 Data Breach Investigations Report (DBIR) provides a glimpse into both. Verizon Enterprise found that credentials amounted to the most sought-after data variety in breaches and that more than a quarter of those incidents began with a digital break-in. In order do that, the attackers tried to steal an authorized set of credentials.

The reality is that some of those attackers didn’t just try: they succeeded. Meanwhile, privileged access management has evolved alongside them. Credentials consist of just a username and a password that someone can phish, intercept or leave exposed in some way. It’s too easy for that information to end up in the hands of someone with malicious intent. So, it’s too easy for a single-minded PAM strategy to fail.

Not Just Password Protection

But, at the same time, that’s besides the point. Privileged access management is not password management. It’s about protecting access to privileged accounts. MFA, UBA and the newer elements of PAM all help to ensure that access remains restricted if someone steals a trusted set of credentials. They can even help security teams spot when someone succeeds in accessing a privileged account.

A threat actor won’t let that access go to waste, after all. They’ll use those privileges to try to conduct reconnaissance, move laterally across the network and remove sensitive information. All they need is enough time.

Time is not something that the average attacker needs to worry about. The 2020 Cost of a Data Breach report found that data breaches came with an average dwell time of 280 days. That means the attackers had almost a year to gather what they could from their victims’ networks.

Learn more about PAM

The Need for a Layered Strategy

So, how do you prevent that from impacting your organizations? To make the most out of privileged access management going forward, use it as part of a layered defense strategy. This approach goes beyond just the need to manage privileged access credentials. It also involves protecting critical assets so that defense teams can spot potential instances of compromise and/or lateral movement.

That’s sometimes easier said than done. Years ago, most businesses and agencies didn’t have any virtualized applications or workloads. The data center existed on-premise, and the corporate network sat within the physical confines of the office building. So, they focused on hardening the security of their endpoints using endpoint detection and response (EDR) solutions.

The problem is that EDR does not account for containers, the cloud, applications and more recent additions. You need extended detection and response (XDR) that builds upon EDR by using critical data and telemetry to extend visibility across all critical assets.

XDR and Beyond

XDR isn’t the only way to thwart malicious actors’ misuse of privileged accounts, either. In the event that someone does take over an account, organizations need to make sure that the actor can’t access any of their sensitive information in a way that allows them to walk away with it. Network monitoring tools can help security teams to gain visibility over and block these attempts, for instance, while encryption can help protect data by preventing malicious actors from viewing it in plaintext.

Clearly, privileged access management consists of some vital security functions. But it’s not meant to replace your whole strategy. Instead, it functions best as part of that strategy.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today