PAM and the Cybersecurity Plan
In Part One of this two-part series on cybersecurity planning, we covered the basics of what you need in your IT security plan. In this second part, we explore the role of Privileged Access Management (PAM) in security planning.
Some of today’s biggest cyber threats are from those who gain administrative (“privileged”) access to your systems through legal means or not. Such privileged users are able to access secure data, install software updates and new programs and even make changes to system configurations. In some cases, they can override security settings and even hide the fact that they did anything at all. As a result, staying on top of privileged access is essential to effective cybersecurity planning.
PAM, a Brief Overview
A PAM solution controls and monitors the privileged accounts that can potentially expose your data, systems, and employees to risk.
PAM consists of tools and policies designed to ensure that only the right people are granted appropriate privileged access and only for authorized purposes and times. A PAM solution is able to define and enforce privileged access policies. This may mean that each user has a different set of privileges. For example, privileged User A might be granted permission to administer the email server, but not the general ledger. Privileged User B might have the rights to add or modify user accounts on the Intrusion Detection System (IDS) but not to reset the actual IDS configurations, and so forth.
Using a PAM solution, PAM administrators can also track what every privileged user does and provide an unalterable audit trail of those activities.
PAM Enables Effective Cybersecurity Planning
PAM aligns with cybersecurity planning by providing the means to assign or revoke privileged access rights to both insiders and outsiders. A privileged user typically has the ability to set up, modify or delete settings and accounts on all your sensitive systems… including the very systems and devices that comprise your security defenses: the firewall, IAM system, intrusion detection system, SIEM, and so forth.
To understand the primacy of PAM in security planning, consider the classic question first posed by the ancient Roman poet Jevenal, who asked, “Who’s watching the watchers?” (He actually asked “Quis custodiet ipsos custodies ?”).
Who is in charge of those who are in charge of security? Or, what systems are in charge of them?
The efficacy of a security plan’s every element depends on proper management and monitoring of privileged users. For instance, a privileged user typically has the ability to set up, modify or delete settings and accounts on the systems that comprise the plan, such as the firewall, SIEM, and so forth. The following table summarizes the role of PAM in cybersecurity planning.
|Planning Area||Impact on Privileged Users||Role of PAM|
|Security Basics, e.g. firewalls, intrusion detection, SIEM
|Privileged users can set up and modify configurations of key systems.
Privileged users implement policies on designated systems, e.g. requiring encryption, two-factor auth, etc.
|Establish control over privileged access to security systems such as SIEM. Grant and revoke access as required for all privileged users, including those from third party firms.|
|Collaborate with Internal Stakeholders
|The collaboration will result in decisions about who can do what, in terms of administration. The process will result in the designation of privileged user roles.||Implement the privileged access roles defined by the collaboration process.|
|Work Within a Framework||The framework should result in specifications about who has privileged access, what they can do and why.||Execute the privileged access aspects outlined through use of the framework.|
|Threat Intelligence and Risk Assessment||Threat intelligence and risk assessment should encompass threats that can attack vulnerabilities on the back end, e.g. stealing data and concealing the attack by grabbing “root” access.||Implement security policies, determined through risk assessment that mandate control and monitoring of privileged users.|
|Understand Regulatory Factors and General Liability
|Many, if not most compliance schemes depend on the entity controlling privileged access to critical systems, e.g. the ability to set up users on financial systems and assign usage rights such as payment approvals.||Define and enforce privileged access policies mandated by compliance schemes; Monitor and provide audit logs of privileged access sessions require by compliance scheme.|
|Undertake Incident Response Planning
|Knowing who did what, and when, is one of the key success factors in an incident response plan. If security managers can’t determine what happened — and who caused it to happen — they will be delayed (or completely fail) in remediating the problem.||Provide accurate, up-to-date audit records of privileged access sessions — enabling security managers to know exactly what has occurred in a security incident.|
How PAM Contributes to Cybersecurity Planning
A PAM solution, properly configured and used, can help security managers implement virtually every aspect of a cybersecurity plan, including factors that are not directly related to privileged access. Keeping with the “Who’s watching the watchers?” theme, PAM offers the following cybersecurity planning capabilities:
- Allow only authorized users to access servers, devices, and applications; Track any third-party software used to manage the cybersecurity planning process and alert admins of any issues.
- Monitor the activity of individual users active in cybersecurity planning and track their sessions. Any alerts to suspicious activity are provided in real-time. Automatic interventions can be set to take effect should any user access policies be breached. This may involve recording privileged sessions, which be reviewed at any time.
- Define privileged access, so anyone involved in cybersecurity planning can log on can get to the resources they need, on any managed site or network. Admins can grant and revoke login permissions as necessary. User definitions streamline access when numerous systems are overseen by PAM.
- Manage passwords, which are secured; these can be generated, hidden, or changed at will. With PAM, passwords are managed automatically so administrators can focus on other tasks and be more productive. Sensitive administrative credentials are protected and in some cases, not even known to the privileged user.
- Create auditable logs of privileged sessions. Administrators can go back and view past activity by specific users, assuring all are held accountable for what they do intentionally or by mistake. One can simply search recordings if an incident occurs.
- Provide reporting tools that are available for analyzing activities and behaviors connected with the cybersecurity plan. Administrators can view statistics to make split-second decisions in the case of an attack. Remote sessions can be quickly shut down in response to certain process sequences, keyboard entries, character strings, or event reports.
WALLIX for Robust Cybersecurity Planning and Response
The WALLIX PAM solution offers simplicity, efficiency, and ease of deployment to help realize robust cybersecurity planning and response. The system is as useful for admins in providing user management tools and workflow as it is for employees who gain one-click privileged access to every authorized system.
WALLIX is easy to deploy and eliminates the need for a dedicated software agent on individual devices or workstations. Compared to traditional agent-based PAM solutions, the WALLIX Bastion’s deployment, management, and use are less demanding in terms of finances and time.
Privileged access management and an actionable cybersecurity plan maximize your defenses against an attack. Virtually every portion of a security plan depends on PAM, either directly or indirectly.