GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse – Source: www.lastwatchdog.com

By Ravi Srivatsav

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises.

Related: Why SMBs need to do PAM well

Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

Some nine out of ten cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired, and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Context needed

Organizations that are used to workflow-based access systems or ticket-based systems, i.e. traditional Privileged Access Management (PAM,) must now make a big cultural shift. PAM enables granular access and monitors, detects, and alerts instances of unauthorized access through policy guardrails.

However, while PAM and other legacy access management systems do alert to unauthorized access, these warnings lack a clear picture of the user’s intent and the context behind the alert.

Today’s alert fatigue is not caused by the sheer number of alerts but by the poor quality of individual alerts.

SaaS platforms have led to very different types of user profiles over the last few years. Users are now dynamic; they move from platform to platform, and their need for access changes continuously.

Key variables

A modern access management system should handle the following:

•The sprawl of user roles and their privileges and activities, growing at the same rate as the infrastructure proliferation.

•The traditional Role-Based Access Control (RBAC) provides perpetual access based on a user’s roles – a methodology that has run its course. Even with the addition of zero-trust-based access on a granular level, RBAC is no longer enough.

•Today’s enterprise users wear multiple hats and use different software with varying privileges. The nature of these privileges has to be dynamic, or the access management system becomes a bottleneck.

•A user with a specific level of access may need to temporarily elevate their privilege because they need access to protected data to complete a task. Scaling workflow-based systems to match larger teams’ needs is difficult and creates a chaotic situation with many users simultaneously bombarding the security admins for approval.

*Some access monitoring solutions rely heavily on automated access controls, such as group policies or other sets of criteria, that will allow access requests to be processed automatically. Automation lacks the intelligence to adapt to changing user behaviors and entitlements.

Noisy ‘observability’

PAM and SIEM solutions are classic systems built on observability. But observability is no longer enough to keep your organization safe.

Observability system work by alerting to unauthorized access, but they also create a lot of extra noise, and experience shows that they are often not fully implemented. Another problem is that alerts come in after the fact and not in real time. Privileged access abuse is a hear-and-now problem that must be addressed as it happens.

One of the functions of Inside-Out Defense – Automated Moving Target Defense SaaS – is that it can immediately remediate privileged user access abuse in-line. This is accomplished by determining the context and intent behind every user activity.

Srivatsav

It provides customers, for the first time, an aggregated view of users, their profiles, and activities across different environments which is a big challenge faced by enterprises today. We provide a comprehensive 360-degree view of what every user is doing at any one time, along with an immutable forensic log, thereby enabling enterprises to stay in compliance.

At Inside-Out-Defense we know that threat actors are constantly becoming more cybersecurity sophisticated as they work to find new avenues for disruption. Current solutions focusing on static signatures of threats often miss a crucial understanding of cyber attackers’ sophisticated yet unknown behaviors. Customers need solutions like ours that can work at scale and in real-time to address some of the most persistent problems in network security.

About the essayist: Ravi Srivatsav is co-founder and CEO of Inside-Out-Defense, which emerged from stealth in April 2023 with a solution to solve privilege access abuse and provide real-time detection and remediation to today’s most prolific attack vector – privilege access abuse.

June 21st, 2023 | Best Practices | For technologists | Guest Blog Post | Privacy | Top Stories