Every week seems to bring the story of a new customer data breach, but regardless of the individual details, the majority of incidents have one trait in common. The chances are high that the breach was made possible through the compromise of privileged accounts and passwords, usually acquired through social engineering via phishing emails.
Once credentials have been stolen, unauthorised access can often go undetected for weeks or even months at a time, enabling the intruder to undertake a huge level of data exfiltration or lay the foundations for an even greater attack. One of the most dangerous outcomes is for the attacker to escalate their activities and gain access to a privileged account.
What makes a privileged account so important?
Commonly also called superusers, privileged accounts are one of the fundamental building blocks of the IT environment, used by humans, applications and services to run tasks requiring elevated permissions. Accordingly, privileged accounts have many advanced powers and permissions, including creating and modifying other user accounts, freely remote access into all machines on the network, and retrieving sensitive data. They can even make significant changes to the network infrastructure itself.
Gaining control of a privileged account is a huge coup for a cybercriminal as these powers can be used to facilitate many different malicious actions. Armed with superuser credentials, attackers can bypass normal security controls to access sensitive data and install malware anywhere on the network with impunity. They can also disguise their activity by erasing audit trails and destroying evidence, greatly increasing their potential dwell time and confounding investigations by the security team.
The ability to protect superuser accounts from being compromised can make the difference between a minor network intrusion and a breach that devastates the organisation. However, despite their importance and the threat they pose in the wrong hands, many IT users are careless with privileged accounts. Even users who have access to these accounts as part of their role may not fully appreciate their power and how dangerous their misuse can be.
Being equipped with a Privileged Access Management (PAM) solution is one of the best ways to keep privileged accounts under control and well-protected. These tools make it much easier to govern access to privileged accounts and can be used to monitor and limit active sessions to prevent misuse. However, some IT teams have come to fear PAM tools, considering them expensive, resource heavy, and overly complicated.
Much of the maligned reputation around PAM stems from experiences with legacy software. In many cases, previous generations of PAM solutions were overly complex and difficult to implement. The installation process could require the use of specialised professionals and could sometimes take several months or even years to fully complete – or perhaps remain unfinished indefinitely. The combination of specialists and lengthy implementation times meant that many IT teams decided the cost of PAM simply wasn’t worth it.
It should be noted that these experiences often come from a very different time in cyber security. For many years, the best way to protect sensitive information and assets was to build a fence around them. With all data flowing in and out through a single access point, the traditional perimeter could keep out the majority of threats. Under this set up, IT teams could more readily assume that their networks would be protected without the use of PAM.
Today however, the perimeter approach is no longer effective and is easily circumvented if attackers can gain access to login credentials. Remote working practices have also greatly increased the surface area for attack and made it even easier to slip through the perimeter. Likewise, traditional security tools don’t flag when someone is using legitimate resources for inappropriate activities, making them ill-suited for this new model.
Starting a fresh PAM journey
Employing PAM capabilities is essential for an organisation to protect its privileged accounts from falling into the wrong hands, so any IT teams still put off by past lessons can now have a positive PAM experience as it is no longer costly, complex or requires specialised skills.
PAM is an important priority for all organisations and any previous challenges can be overcome by beginning with thorough planning and assessment. The main priority is to identify all accounts with elevated powers and ensure there are clear policies about proper usage and responsibilities. The account audit required to get started with PAM can help demonstrate compliance with the GDPR, PCI, ISO and other regulations and can also directly help to turn up evidence of unusual behaviour that indicates a breach or credential misuse.
Establishing a solid foundation will make the process of managing and securing privileged accounts much more scalable and flexible, helping organisations avoid the lengthy and expensive implementation processes of old. The rapidly expanding market now includes many different options for PAM solutions that can be easily installed out-of-the-box without the need for specialised skills and expertise. For example, PAM-as-a-Service can now easily be consumed from the cloud – securing privileged access to critical assets without the need for implementation.
The right PAM solution will leave organisations in a much stronger position to protect their privileged accounts from cyber criminals who have adopted credential theft and escalation as their main modus operandi. With proper planning and a flexible and scalable approach, companies can reap the benefits without the implementation headaches of legacy solutions.