Protecting the keys to the kingdom with privileged access management as a service
When it comes to security, humans are generally regarded as the weakest link. Each year, thousands of organisations are negatively impacted by data breaches, with studies indicating that they are increasing in frequency and cost burden. According to the 2023 Cost of a Data Breach Report, published by IBM Security, the average cost of a data breach for a South African organisation is around R49m, with the financial, industrial, services and healthcare sectors at the most risk. Most cyber threats result from stolen or compromised credentials and phishing scams, followed by attacks through compromised business emails.
Lodewyk de Beer, head of managed security services at Altron Security
Privileged Access Management (PAM) is an identity security solution that helps protect organisations from cyber threats by controlling and monitoring access to privileged accounts. Examples of privileged accounts are administrative accounts and service accounts. These accounts are used to access and manage critical resources. PAM adds a protection layer by working on the principle of least privilege – where employees have just enough access to do their jobs.
PAM solutions give organisations visibility into who uses privileged accounts and what they do while logged in. By limiting the number of users who have access to administrative functions, organisations can increase security. Additional layers of protection can be added to mitigate data breaches by threat actors.
In addition to identifying malicious activities linked to privilege abuse, a PAM solution helps organisations minimise the potential for a security breach and, in the event of a breach, helps limit its reach within the organisation’s system. It also reduces entry points and pathways for threat actors through limited privileges for people, processes and applications helping to protect against internal and external threats. In the event of a malware attack, a PAM solution makes it possible to remove excessive privileges to help reduce its spread.
Lodewyk de Beer, head of managed security services at Altron Security, reveals that many organisations don’t fully understand why there is a need to implement a PAM solution until a cyber breach occurs, and then they do so reactively.
“The biggest challenge with an account linked to a human – or named accounts – is that passwords are often shared or written down. Most users don’t reset their passwords regularly, compromising network security. Humans are inherently curious so it’s difficult for them to avoid what is often very sophisticated clickbait to lure them into a hacker’s orbit. Access is then gained to the same systems which the user has access. If this user is a system administrator, it is almost certain that administrative account credentials are cached on these systems. Hackers will find these cached credentials and use them to gain administrative access to systems.”
An even bigger challenge is service accounts, which are difficult to manage and secure. “Not only are service accounts hard to identify, but it is notoriously difficult to identify all service dependencies, i.e. all the services that use a specific service account. This then makes it very hard to manage the credentials for service accounts, which in turn make them very vulnerable for attacks,” says De Beer.
For hackers, the holy grail is access to an organisation’s domain controller. “Once hackers have access to the domain controller, via lateral movement across a network, they have the freedom to do anything including installing ransomware, locking or stealing data, or causing damage.”
Altron Security’s Managed Security Services takes a holistic view of an organisation’s security with three guiding principles underpinning its approach: Limiting privileged escalation and abuse, stopping lateral and vertical movement, and preventing credential theft.
“The most common identity security ‘blind spots’ are critical systems and protocols that don’t support multi-factor authentication (MFA), difficulties in mapping and protecting service accounts, and instances where security for privileged access is partial or even bypassed. The reality, however, is that breaches don’t only occur in obvious places, but can also occur anywhere with privileged data. Any gaps in visibility and detection pose a significant risk to organisations,” explains De Beer.
At Altron Security we do not view the implementation of a PAM solution as a finite project, but rather a as continuous program. We have a unique three-phase approach to kick off and run a PAM Program.
Phase one includes a privilege access risk assessment, and a rapid risk reduction baseline implementation. During this phase, upwards of 80% of potential credential breaches are prevented. To demonstrate the improvement in PAM compliance we will take a snapshot of the privileged account management compliance at the beginning and end of this phase.
Phase two, our value realisation phase, features our unique value proposition. During this phase, we implement a proactive health verification dashboard, which completely automates all health checking. This is done on an automated schedule that can be as frequent as every 30 minutes. This dashboard provides a near real-time view of the complete solution health. We also implement our compliance dashboard that provides a weekly updated view of the organisation’s level of privileged access management compliance. We continuously scan the customer IT landscape for any new privileged accounts to be managed. These are then onboarded for management to ensure continuous improvement of your PAM compliance. This includes finding all service accounts, understanding their dependencies, and then locking them down. Phase two generally lasts between three and six months.
Once Phase two has come to an end, we will continue the program as PAM as a service. Here we offer four different SLA categories.
“A network is a living entity that constantly changes, which means that we approach the implementation of PAM as a service as an ongoing programme rather than a fixed project. New security applications are regularly onboarded. We know we can mitigate upwards of 80% of an organisation's risk through the initial PAM solution. The balance of the risk is mitigated by systematically finding and taking ownership and control of service accounts,” says De Beer.
Not only do the majority of organisations embark on a journey to implement a PAM solution as something of a grudge purchase, but many PAM projects fail to deliver their full potential when there is little feedback or a visible barometer available on what the solution has achieved, reveals De Beer.
One of the many ways Altron Security differentiates itself in the market is by providing customers with a tangible measure of how the checks and balances implemented have diminished the organisation’s risk landscape. Our compliance dashboard provides a view of the improvement of the risk posture and therefore further reduces the risk of breaches.
“Altron Security’s Managed PAM Solution follows and demonstrates our guiding principles which are decreasing the average password age, increasing password compliance and ensuring that all privileged access is managed and facilitated by the PAM solution. Our goal is to ensure that no human knows any privileged account password. These initiatives ensure that organisations are more secure,” concludes De Beer.
