The most logical starting point for gaining greater control over privileges is by improving accountability over privileged passwords. Not effectively managing shared accounts is a problem that has significant scale and risks. You don’t have to look much further than recent breaches to understand the implications – or the challenges. Certain systems have embedded or hard-coded passwords, leaving opportunities for misuse. In addition to supporting human interaction, passwords are needed for application-to-application and application-to-database access. Passwords are generally static, so there must be protections against passwords leaving the organization. Manual password rotation is unreliable and time consuming. Auditing and reporting on access are complex and error prone. Therefore, how do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity?

The answer is automation  – automating password and session management; providing secure access control; auditing, alerting, and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, API keys, database (A2DB) and application (A2A) accounts – even SSH keys. By improving the accountability and control over privileged access, IT organizations can reduce security risks and achieve compliance objectives. With this goal in mind, consider these 10 recommendations for every privileged access management solution:

With these requirements , organizations can discover all the accounts in their environment, place those accounts under management, and satisfy auditor requests that accounts are now managed.

Once accounts and assets have been discovered and are being consistently managed, the next step to complete privileged access management is implementing least privilege on end-user machines. As a security best practice, organizations should reduce the risk on desktops before servers (such as Windows, Unix or Linux as indicated in step 4) as the endpoint is typically the last mile of security. Secure the last mile first. Some organizations may choose to reverse this order, so depending on the specific business environment and risk, the priorities for these steps could be refined to match the risk level and appetite for the business. In other words, the order of these seven steps can vary but almost always step 1 is the most important and represents the highest privileged attack vector risk.

The process for IT to restrict or enable end-user privileges potentially can be complex and time consuming, but it must be done to support audit or compliance mandates. When environments have standardized desktop images and applications, the process is relatively trivial. If every machine is different, then other desktop priority management techniques might be best first. And although users should not be granted local administrator or power user privileges in the first place, sometimes certain applications require elevated privileges to run. How do IT organizations reduce the risk of users having excessive privileges and subjecting the organization to potential exploitation or compliance violations without obstructing their productivity or overburdening the help desk?

The answer is only through least privilege access for applications - rules-based technology to elevate application privileges without elevating user privileges . By eliminating end-user desktop administrator privileges, simplifying the enforcement of least privilege policies, maintaining application access control, and logging privileged activities, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster.

Therefore, the top 10 desktop least privilege capabilities should include the following:

Now that shared credentials are under management and end users have the privileges they need to perform their jobs – and nothing more - organizations can move to a better understanding of risks to help make better-informed privilege elevation decisions. The challenge, though, is that most risk assessment solutions do little to help security leaders put vulnerability, attack, malware, and risk information in the context of business. Saddled with volumes of rigid data and static reports, the security team is left to manually discern real threats and determine how to act upon them.

Therefore, consider expanding your vulnerability management and risk assessment programs to include privileged access and application control. If teams deem an application too dangerous to execute based on a real-world threat, ransomware, or missing security patch, they should adopt privilege access management policies to compensate for the risk. This is the same as reputation-based application control. This not only stops exploits from becoming a privileged attack vector but also drive-by social threats that can leverage vulnerabilities within the environment until mitigation or remediation steps are available.

In current information technology environments, business critical, tier-1 applications are attractive targets for threat actors. They contain the sensitive data and applications they want. Accessing privileged user credentials for these resources can provide access to e-commerce data, ERP systems managing employee data, customer information, and sensitive financial data. Having root passwords, superuser status, or other elevated privileges is important for users to do their jobs. But unfortunately, this practice presents significant security risks stemming from intentional, accidental, or indirect misuse of those shared privileges – especially when those shared privileges have access to tier-1 systems that impact the business such as those running on Unix or Linux servers. Traditional responses to this problem include the following:

Therefore, how do IT organizations limit who has assess to root accounts to reduce the risk of compromises without hindering productivity?

Organizations must be able to efficiently delegate server privileges and authorization without disclosing passwords for root, local, or domain administrators , or other accounts. Recording all privileged sessions for audits, including keystroke information, helps to achieve privileged access control requirements without relying on native tools.

Top 10 server privilege management capabilities include the following:

With this capability, you gain complete control over root and administrator access on any type of server operating system.

The most common username and passwords for network devices are not necessarily the defaults that come with the device even though we are now very much aware of the risk. Most administrators change them. Unfortunately, in some environments, they can be guessed or compromised using brute force password attacks. In addition, the second most common privilege flaw is to use the same ones across the entire infrastructure (password reuse) and rarely, if ever, are they changed in mass, even if you have outsourced the management. This problem can lead to a variety of malicious activities, including recent vulnerabilities that can replace the device’s bootstrap loader with a piece of custom malware.

The risks can stem from a simple lack of privileged account management on network devices include these:

Anyone of these could lead to excessive risk for your infrastructure. As such, organizations should look beyond desktops and servers when planning their Privilege Account Management security program by including these devices. Additionally with newer privilege solutions organizations can move beyond the boolean “access” or “no access” authorization models commonly used in many network devices. Organization now have access to proxy gateways that can enforce command whitelistinglacklisting, session monitoring, active alerting and more.

Growing use of virtualized data centers and cloud environments for processing, storage, or application hosting and development have opened up new avenues for would-be hackers or malicious insiders to access sensitive data and disrupt organizations inappropriately. Despite these risks, cloud adoption continues to accelerate. As such, organizations must secure access to these environments to mitigate security risks while meeting the cost and efficiency demands of hosting more applications and services in the cloud.

Like traditional desktops and servers, unknown or undermanaged virtualized and cloud environments can create a significant security gap that opens networks to security breaches, data loss, intellectual property theft, and regulatory compliance issues. The first step in getting control over these assets is discovery. There are several techniques used to discover assets in virtualized and cloud environments including the following:

Once cloud instances are found, they must be managed to limit exposure. From a privileged management perspective, the options to secure these assets are like that of traditional desktops and servers:

Now that the virtualized machines are under control, what about the hypervisor and cloud management platform itself? Here again, inappropriate or malicious activates at this management level could have a devastating impact on the business. This includes administrators of your VMWare, Microsoft Hyper-V, Amazon AWS, and Microsoft Azure environments. To counteract this threat, organizations again have several options:

With a growing number and sophistication of software attacks, it has become significantly more challenging for organizations to protect their environments. Recently a new generation of distributed denial of service attacks has emerged that represents a significant risk to organizations and governments alike. Like a lot of IT terms, the definition of IoT is open for interpretation. Typically, we think of IoT devices as being DVR’s, CCTV, microphones, webcams, home automation, etc. But in reality, it can mean anything connected to the Internet, including video conferencing equipment, network printers, and more.

The number one vulnerability with IoT devices is the use of hard-coded, default, and/or weak passwords. Even when administrators change default passwords, most credentials can be still guessed via brute force attacks, especially when weak or shared passwords are used across the IoT infrastructure.

DevOps is a compound acronym for Software DEVelopment and Information Technology OPerationS . It is a designation for the communication and synergy between software developers and information technology departments. The goal of DevOps is not typical software application development but focuses on the programmatic automation of infrastructure management, whether it is software delivery, instance management, or automation for rapid deployment of resources and their corresponding operations management.

For commercial application developers, or programmers that create custom DevOps applications for your business, consider how beneficial it would be for your end users, or other applications, to never require entering a username and password for connectivity. If the tools stored credentials automatically or queried a management solution to prove authorization, end users like database administrators would never need administrator rights to access a database. Management tools for services, remote access, and infrastructure would automatically recognize the logged-on user, the asset they are on, be fully context aware, and seamlessly request and pass credentials. Privileged Access Management solutions for password management make this capability a potential reality using an Application Program Interface (API) to set, retrieve, and process credential and password requests. Some of the benefits of this approach for DevOps are the following:

It is no secret that information technology and security professionals are overloaded with privilege, vulnerability, and attack information. Unfortunately, advanced persistent threats (APTs) often go undetected because traditional security analytics solutions are unable to correlate diverse data to discern hidden risks. Seemingly isolated events are written off as exceptions, filtered out, or lost in a sea of data. The threat actor continues to traverse the network, and the damage continues to multiply. How do security and IT operations teams gain an understanding of where threats are coming from, prioritize them, and quickly mitigate the risks?

Data analytics enables teams to identify the data breach threats typically missed by other security analytics solutions. Solutions pinpoint specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of third-party solutions.

Therefore, any data analytics and unified management solution should contain the following top 10 capabilities:

By unifying privileged access management and other threat management solutions, IT and security teams have a single, contextual lens through which to view and address user and asset risk by activity, asset, user, and privilege.

Please consider step 4 for a moment. Once you have greater control over privileged access in server environments, the next logical step is to bring those systems under consistent management, policy, and single sign-on. Unix, Linux, and Mac have traditionally been managed as stand-alone systems – each a silo with its own set of users, groups, access control policies, configuration files, and passwords to remember. Managing a heterogeneous environment that contains these silos – plus a Microsoft or cloud environment – leads to inconsistent administration for IT, unnecessary complexity for end users, and a vast sprawling of alias accounts. These are known threats and areas of interest for a threat actor.

Therefore, how do IT organizations achieve consistent policy configuration to achieve compliance requirements, a simpler experience for users and administrators, and less risk from an improperly managed system?

The ideal solution is to centralize authentication for Unix, Linux, and Mac environments by extending Microsoft Active Directory’s Kerberos authentication and single sign-on capabilities to these platforms. By extending Group Policy to these non-Windows platforms you gain centralized configuration management, reducing the risk and complexity of managing a heterogeneous environment and stop the sprawl of alias accounts.

The Top 5 Active Directory bridge capabilities should include these:

These concepts will enable simplified configuration management and policy for non-Windows systems and will help improve security and the user experience . This approach will help your organization be more efficient by reducing the number of logins (and the accordant help desk calls when they are forgotten), and the number of different systems, configurations, and policies to manage. Thus, the lower number of accounts, the less to audit and lower the risk surface for a threat actor.

Once you have your non-Windows systems integrated into Active Directory, the next step is to audit user activity to gain additional insight into AD changes that could impact the business. But trying to keep up with all the changes made manually in Active Directory is an extremely time-consuming and complex process, with delays in discovering and addressing changes possibly leading to business disruption, not to mention the security and compliance implications of such changes.

When you include other Microsoft technology in the mix, understanding the “Who, What, When, and Where” of changes across the Windows infrastructure is even more complex.

Therefore, how do IT organizations better understand changes, have the capability to roll them back if necessary, and establish the right entitlements in the first place across a complex Windows infrastructure so they can more effectively protect the business?

Organizations need centralized real-time change auditing for Active Directory, File Servers, Exchange, and SQL, as well as the ability to restore Active Directory objects or attributes and to establish and enforce entitlements across the Windows infrastructure. Through simpler administration, organizations can mitigate the risks of unwanted changes performed by threat actors, insiders, and better understand user activity to meet compliance requirements.

To perform these necessary forensics tasks, consider these top 3 auditing and protection capabilities:

With this capability , you gain detailed, real-time auditing of AD environments, and the ability to restore unwanted changes when threats or even mistakes arise. If you know that a threat actor has granted themselves privileges, would you want to know too? Auditing and recovery of privileges in AD is a simple step to identify and mitigate this risk also.

Identity and access management (IAM) plays a critical role in an organization’s IT security strategy. As organizations grow, so do the number of applications, servers, and databases used. Access to the organization’s resources is typically managed through IAM solutions, which offer capabilities like single sign-on, provisioning, user management, access control, and governance. But securing an organization’s sensitive data and applications requires more. Provisioned users, regardless of privileges, can leave an organization exposed if activity of their usage is not monitored and documented properly. Identity and access management solutions help IT teams answer ‘Who has access to what?’ But, to achieve complete user visibility, privileged access management solutions address the remaining questions: ‘Is that access appropriate?’ and ‘Is that access being used appropriately? That is, PAM solutions should be providing more visibility and deeper auditing of the access and use of privileged accounts. Many times, IAM solutions will add users to a system or applications group, but will not provide the details as to what access that group membership provides, or access to the detailed session log or keystrokes collected during the privileged session. As such, PAM extends the visibility of the IAM solution to tighten security and audit controls further.