COGNIZANT CONSULTING
Helping organizations engage people and uncover insight from data to shape the products, services and experiences they offer
Learn More

Contact Us

THANKS FOR YOUR INTEREST IN COGNIZANT.

We'll be in touch soon!

x CLOSE

Refer back to this favorites tab during today's session for access to your selections.
Refer back to this favorites tab during today's session for access to your selections.x CLOSE

Perspectives

Building Cyber Resilience with Privileged Access Management (PAM) (Part One of a Two-Part Series)

2018-07-24


By controlling the use of administrative privileges and patching application whitelisting, organizations can more effectively secure access to their IT assets.

Every year we are told that the cyber threat landscape is rapidly evolving and that attackers are adapting faster than we can deploy security solutions. Organizations must defend against an ever-expanding attack surface made even more complex with digital business transformation, bring-your-own-everything, and the Internet of Things (IoT) revolution.

Compartmentalized approaches to security in which a different set of controls are applied to the data center — desktops, mobile and public cloud — are proving less effective as critical work occurs and data resides across all media. As such, many enterprise security programs focus on not just deploying more security, but also building cyber resilience.

Cyber resilience is the ability to withstand or quickly recover from a cyber attack. Even if an attacker obtained unauthorized access, the activity would be detected, responded to, and business disruption would be minimized. The challenge is that achieving cyber resilience can be a long journey. There is, however, one key control that can be implemented quickly and is a vital component of withstanding an attack: privileged access management (PAM).

PAM is an Essential Cyber Control

Privileged credentials hold various keys to the enterprise kingdom and are primary targets for attackers. The 2018 Verizon Data Breach Investigations Report (DBIR) found that stolen credentials was the most prevalent method of attack across all successful breaches. A Forrester survey of network security decision-makers whose firms have had a security breach in the last 12 months found that the resulting top two changes in those organizations were to increase spending on prevention and network detection technologies.

Adding security controls on prevention and detection can always help raise security posture. Consider, however, that controlled use of administrative privileges as a single control can drastically reduce risks of a significant breach. It is one of the basic CIS Critical Security Controls. Along with patching and application whitelisting, restricting administrative privileges can mitigate at least 85% of intrusions, according to the Australian Signals Directorate.

Even organizations that have already implemented an identity and access management (IAM) solution need to control privileged access. With automated passwords and key rotation, PAM is more than just identity management for admin users; it also lets them control, monitor, audit and record privileged sessions. Indeed, isolating secure privileged user sessions is an important layer of a defense-in-depth strategy as it significantly narrows the attack surface.

Figure 1

Resilience Addresses All Manner of Attacks

Narrowing the attack surface against privileged access starts by implementing least privilege access control. One key attack path is local admin rights on endpoints. PAM allows an organization not only the ability to protect against admin credential theft with secrets management, but also the visibility to know which of the thousands of endpoints are under PAM-control. Endpoints not under PAM-control can be prioritized and updated as appropriate.

Another PAM benefit for endpoint security is to enforce least privilege and application control. By not doing so and allowing an authenticated admin user to run any command opens the door for malware to obtain a foothold (assuming a successful attack), and allows for insider malfeasance or inadvertent, unauthorized activity (i.e., accidental execution). 

While other endpoint security layers such as endpoint detection and response (EDR), and next-generation anti-virus (NGAV) may detect malware, normal but unauthorized privileged access often slips through malware detection. To build resilience against all manner of attacks, privileged access should be authorized through workflow, isolated to a specific user/system/time/location, and controlled with the principle of least privilege.

Lastly, PAM should cover not just human users but also nonhuman service and application accounts. This is even more important for non-interactive systems such as IoT devices and IT infrastructure where an intrusion is more likely to go unnoticed. As we have seen with the Mirai botnet and the recent VPNFilter malware, which exposed admin interfaces on devices with infrequent patch cycles as prime targets, organizations that were proactive with privileged credential management were unaffected by these attacks.

Figure 2

Creating cyber resilience is a cross-functional journey across the organization. Withstanding an attack and recovering quickly requires visibility, control, accountability, and auditability throughout the IT enterprise. Privileged access management provides all these benefits while protecting your most critical users and assets.

Coming next: Learn what experts are saying your #1 security priority should be for the rest of 2018.

This article was written by Tom Le, CTO of Cognizant’s Security Practice. 

To learn more, please visit the Cognizant Security section of our website or contact us.

Related Thinking

Save this article to your folders


Save

PERSPECTIVES

Simplify, Modernize and Secure Your...

What does it take to provide digital products and services? Everything...

Save View

Save this article to your folders


Save

PERSPECTIVES

How to Avoid Walking on the Dark Side of...

The big-stakes issues stirred up by data privacy risks and pitfalls are...

Save View

Save this article to your folders


Save

PERSPECTIVES

Securing the Digital Future

In their pursuit of a digital approach to business, organizations are...

Save View
Building Cyber Resilience with Privileged Access Management (PAM) (Part One of a Two-Part Series)