As cyberattacks speed up and become more complex, defenders need to do the same. One large component of this is privileged access management, or PAM. But PAM itself is always evolving. So how does your security operations center (SOC) keep up? And, what are the best, most modern ways to implement PAM today?

What Is Privileged Access Management?

The current breed of PAM software was at first designed to store passwords for privileged accounts. It’s grown beyond that over time. Now, it can include session monitoring, proxying, multifactor authentication, accounts discovery, approval workflow on checkout, user behavior analysis and software-as-a-service. New strategies for managing privileged accounts center on just-in-time (JIT) with zero standing privileges (ZSP) and identity analytics for managing risks related to granted privileges.

AI-Fueled Attacks 

Many businesses and agencies have added PAM solutions with limited results. This leaves them open to ever more complex and evolving attacks. Attacks are evolving as threat actors experiment with artificial intelligence (AI) tools and the cloud. The speed at which they can attack today overwhelms SOC practices that still rely on manual processes. Attackers will use AI to search for openings and exploit them faster. For example, it can be used in user behavior emulation, tagging to normal activities and striking at AI speed.

PAM is one of the most effective controls for risk management linked to privileged accounts. Linking SOAR tools to the PAM architecture can greatly increase response speed and capabilities.

By the same token, tools such as SOAR, PAM and SIEM are evolving at breathtaking speed. So, the rapid pace of change can overwhelm security teams. The amount of events information that is part of deploying these toolsets makes it even worse. Using AI as an enabler for the SOC should be part of the next PAM architecture just like it’s part of the attackers’ toolsets.

High-Profile Attacks

Despite the advances PAM has seen over the last few years, businesses are still struggling to implement it and manage the risks related to privileged accounts. After all, managing large sets of data related to accounts and privileges while acting on security events in real-time is difficult. Look at the NotPetya ransomware campaign, probably the costliest cyberattack to date. 

This attack would not have been successful in a patched and up-to-date environment. But many groups who use these tools don’t keep everything up to date all the time. There are always systems with some form of flaw. Meanwhile, attacks are fast outpacing the standard approach to defense. Colonial Pipeline paid $5 million in May 2021 due to a ransomware attack. On top of that, DarkSide malware has infected more than 2,200 victims since May 2019.

In the future, attackers will probably leverage AI and machine learning to tailor the attack to the context or to a target. They can use this to still get around the new breed of AI-enhanced tools, such as antivirus or email filtering. It’s just a matter of time for threat actors to leverage AI to get around even the newest PAM tools. There is always the need to have privileged access at some point, even if it’s indirect in nature. 

The next generation of PAM architecture must respond to this. Ways to do this include AI and active response. Active response can leverage SOAR to respond to incidents and suspend accounts, disconnect sessions or block access.

Privileged Access Management and AI-Driven SOAR Architecture

Adding AI to PAM to fight AI involves putting a lot of different tools together. That’s true whether you’re working on-premise, hybrid or in the cloud. The architecture must provide a means for ingesting and analyzing vast amounts of data points. With those, it can go on to do proper automated decision-making and responses. From there, it must produce data in a format humans can read. After all, the end goal is to give your SOC visual information in a dashboard designed for risk management instead of solutions management.

The ultimate end goal is JIT ZSP solutions, as mentioned above. But this can take a long time to implement. Session monitoring without session management will remain a solution to respond to auditors’ risks. Businesses need to implement active, AI-driven user behavior analysis using existing PAM session management tools whenever possible. 

Next-Generation Privileged Access Management for Today 

How do you do this on a technical level? The architecture must include and be able to perform the task laid out in the Gartner document Critical Capabilities for Privileged Access Management. Furthermore, it must conform to the AI-driven active user behavior analysis and the associated dashboard.

To support PAM-SOAR, the user and entity behavior analytics tool must be highly scalable and elastic in terms of computing and storage resources. It must also adapt to the systems landscape for active response capabilities, wherever the assets are located. Using several different toolsets together will provide a base PAM-assisted SOAR system. Complement the base system by using cloud computing elastic resources, such as serverless computing services. AWS Lambda, DynamoDB, Kinesis and other cloud vendors have toolsets that can expand on what PAM-assisted SOAR can do. Take a look at the diagram below for a design thinking approach to AI-driven, active PAM-assisted SOAR architecture.

Businesses and agencies must develop their future PAM architecture now by using these various toolsets in a holistic approach. Just using a single PAM solution from one vendor checks the PAM off the to-do list. However, it still won’t mean you can play on a level field with threat actors who have no qualms about using AI open source tools and large amounts of cloud computing space. For that, you need the holistic approach.

More from Artificial Intelligence

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

AI reduces data breach lifecycles and costs

3 min read - The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to businesses not using AI-based cybersecurity tools. The report found that the more an organization uses the tools, the greater the benefits reaped. Organizations that extensively used AI and security automation saw an average cost of a data breach of $3.60…