Privileged Access Management

Threat Intelligence and Privileged Access Management

Threat intelligence helps a cybersecurity team prioritize its work by focusing on the most serious threats. In tandem, Privileged Access Management (PAM) strengthens the controls devised to counter such serious threats.

One thing that’s striking about so many massive data breaches is how the target tends to be caught off guard. “We had no idea they were even in our network,” is a comment heard way too often in the wake of serious security incidents. Yet, that’s the attacker’s dream: to be invisible… to be undetected until well after the attack has occurred.

Security professionals, of course, have the opposite goal. They want to know what threats are heading their way before they even appear at the perimeter. This is what “Threat Intelligence” is all about. It’s a growing body of processes and practices geared toward giving cybersecurity teams the knowledge to make informed decisions by identifying security threats.

According to Gartner:

“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”

Threat intelligence is intended to give cybersecurity teams the ability to keep up to date on the exploding amount of security information. This includes malicious actors, threat types, vulnerabilities, and so forth. Threat intelligence also involves giving security professionals the awareness they need to get more proactive about future threats.

Threat Intelligence and Privileged Access Management

Privileged Access Management (PAM) is about monitoring and managing which people have privileged or administrative access to critical systems. A privileged user is one who can modify system settings, setup or delete accounts, or access data (or destroy it.) As a result, the impersonation of privileged users is one of the most serious threats an organization can face.

Given the risks of unauthorized privileged access, it’s recommended that PAM be aligned with threat intelligence. PAM can play a big role in making threat intelligence proactive. If a threat involves gaining privileged access, then PAM can form the countermeasure. For example, if threat intelligence identifies a malicious actor, the PAM solution can be set to spot this actor and block him from any privileged sessions.

The WALLIX PAM Solution for Threat Intelligence

WALLIX enables proactive threat intelligence with PAM by providing a single point of privileged access policy definition and enforcement. The WALLIX Bastion proposes real-time analysis of command lines or applications executed by external users or third parties on a target device. Consequently, the Bastion administrator can enforce threat control by sending alert and shutting down any session with identified inappropriate behavior.

The WALLIX Bastion includes a Password Manager and Session Manager which offer a defense against access control risks, including those from external users and remote third parties. Organizations are vulnerable to threats when they grant privileged access rights to third parties, such as IT outsourcing firms. A hacker might penetrate the third party and use a stolen identity to gain privileged access to a customer’s systems, for example.

To defend against this threat, privileged users must clear a portal, Access Manager, before gaining access to the system. Once it sets access policies, Access Manager knows the administrative privileges of every user seeking access. When WALLIX output is correlated with threat intelligence, it can flag suspicious activities and prevent a threat from turning into an incident.

A Password Vault reinforces internal controls by stopping admins from changing settings on a local device. This is useful for threats that involve social engineering, where a malicious actor might gain physical access to a system.

WALLIX Session Manager tracks and records privileged access sessions, creating an audit log. All privileged users and devices communicating internally and externally with the network can be tracked in real time.

The WALLIX Bastion comes with simplified installation, use and control. It can be quickly deployed as a single gateway that admins log into once to access all its features. It’s adaptable due to its agentless architecture. The need to install dedicated PAM software agents on individual systems can inhibit consistent use of PAM — exposing the organization to threats.

Putting it Together

Threat intelligence and PAM should inform each other. Putting them together will mean different things at different organizations. It may be actual integration of systems. It could be a team process, where people share threat intelligence and work to align PAM policies with perceived threats. The main goal, though, is to put the two together in some meaningful way to reduce risks. There are too many serious threats out there that could affect privileged access to ignore the issue.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
trackalyzer	1 year	This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
messagesUtk	1 year 24 days	This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-12183334-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 23 days 12 hours 13 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wp-wpml_current_language	1 day	No description

Threat Intelligence and Privileged Access Management

“Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”

Threat Intelligence and Privileged Access Management

The WALLIX PAM Solution for Threat Intelligence

Putting it Together

WALLIX and Schneider Electric strengthen industrial systems security

Pourquoi construire des ponts (AD Bridges) quand il y a déjà des autoroutes ?

Related Blogs

Related Resources

Products

Solutions

Resources

About