gain access to admin credentials, move laterally across their system and capture an organizations’ most valuable data and IP. “If there is an abundance of privileged access within an environment, an attacker can more easily move around the network by reusing privileged access,” Dodhiawala explained. “This reduces the complexity of the requisite attack and enables them to more deftly and quietly navigate the network, allowing lateral movement until attackers find the ‘crown jewels.’” Combatting the threat “Companies should minimize their privilege landscape by taking a zero-trust aligned ‘least privileges’ mindset. This means removing administrator access wherever and whenever possible to reduce the potential blast radius of an attack,” Dodhiawala explained. “Companies can do so by taking a zero-standing privileges approach, essentially removing admin from endpoints, only re-adding them for the minimum time and place they’re needed, also known as PAM+.” Remediant recently released its trademarked Remediant PAM+ solution during the 2022 Gartner Identity & Access Management Summit in Las Vegas. A just-in-time infrastructure is an admin-less one, Dodhiawala said, explaining, “If you pursue a goal of zero standing privilege (or zero admin), when an attacker lands on an endpoint, there are no administrator accounts to compromise. This leaves them largely trapped on their initial breach point and limits the blast radius until they can be eradicated by a blue team. It turns a boom into a blip.” Remediant calls PAM+ an emerging industry strategy that can protect access and accelerate enterprises’ zero-trust initiatives. According to the company, protecting credentials isn’t enough. Despite large investments in legacy PAM solutions, cyberattacks are successful because of the privileged identity sprawl. PAM+ goes beyond legacy approaches to address the dangers by removing the unnecessary always-on, always-available privilege access; eliminating the impact of compromised admin credentials; rendering passwordstealing malware ineffective; and routing all administrative access with multi-factor authentication, among other capabilities. “Privilege sprawl and credential misuse are a factor in nearly every cyberattack, so much so that both are being specifically identified as reasons for rapidly increasing cyber insurance premiums,” Dodhiawala said. “The innovative PAM+ strategy promises to disrupt the stagnant PAM solutions market and truly solve for today’s operational and cybersecurity pains.” Dodhiawala said, “Employee user access reviews should always be pursued to ensure that as employees roles and responsibilities change, their access changes with them.” He explained, “There are entitlement automations that help with this rights alignment. Despite this vetting, privilege access sprawls still occur, which is why having an effective least privilege strategy like PAM+ is of paramount importance. This will minimize the potential damage a compromised user can cause and does so without breaking the business.” Session monitoring So, what happens after employees are given privileged access? “Monitoring every employee activity can generate an overwhelming amount of overhead and provide diminishing returns,” Dodhiawala said. “Instead, companies should monitor privileged sessions to enable a forensics team to track what privileged users are doing with their permissions. “By connecting a privileged access tool to a capable SIEM [security information and event management], a security team is able to create intelligent alerts that show when privileged access is being used versus when it’s being abused by a likely threat actor,” he continued. “With these alerts, security teams are able to effectively deploy resources and stop an attack in its tracks.” One area of larger companies that is frequently targeted by bad actors is human resources, Dodhiawala said, adding the infiltrators go there to obtain confidential details about employees and other resources. “Knowing these data repositories house sensitive data, it is the responsibility of the IT department to ensure strong controls are put in place to validate access using a zero-trust approach, which is don’t trust, always verify,” he said. “Additionally, HR personnel should ensure the prompt and complete deletion of customer/employee/ partner data in alignment with requisite standards.” Companies today are already using traditional PAM approaches, such as vaults, “but that alone isn’t solving for privilege sprawl within an environment. Companies should take a PAM+ approach to solve the problem,” Dodhiawala said. “This means instead of focusing on credentials (through vaulting or obfuscating alone), companies should focus on the access that the administrative account allows for. “By assuming that accounts will be compromised, the focus shifts from a password centric approach to an access-centric approach and limiting where admins are deployed. This shifts the focus to how an attacker thinks, from how a defender thinks,” he explained. “A true focus on zero trust is a sound approach to security tooling and processes. Ensuring you’re validating identity and access wherever possible is a strong stance to defending your most important assets,” Dodhiawala said. “Additionally, routinely ensuring that you’re actively monitoring activity in your most sensitive areas and business critical workflows will better equip you to deal with potential disruptions caused by attackers or other bad actors.” J 13 REMOTE WORK SOLUTIONS rwsmagazine.com
RkJQdWJsaXNoZXIy NTg4Njc=