ProHoster > Blog > Administration > Privileged Access Management as a priority task in information security (on the example of Fudo PAM)

Privileged Access Management as a priority task in information security (on the example of Fudo PAM)

Privileged Access Management as a priority task in information security (on the example of Fudo PAM)

There is a rather interesting document CIS Controls, which considers Information Security using the Pareto principle (80/20). This principle says that 20% of protective measures give 80% of the result in terms of company security. After reviewing this document, many "safeguards" find that when choosing protective measures, they do not start with the most effective measures. The document identifies 5 key protection measures that have the greatest effect on information security:

  1. Inventory of all devices on the network. It's hard to secure a network when you don't know what's in it.
  2. Inventory of all software. Software with vulnerabilities most often becomes an entry point for a hacker.
  3. Secure Configuration - or the mandatory use of built-in security features of software or devices. In a nutshell - change default passwords and restrict access.
  4. Finding and fixing vulnerabilities. Most attacks start with a known vulnerability.
  5. Privileged Access Management. Your users should only have the privileges they really need and only perform the actions they really need.

Within the framework of this article, we will consider exactly the 5th point using the example of using Fudo PAM. More precisely, we will consider typical cases and problems that can be detected after implementation or as part of the free testing of Fudo PAM.

Fudo PAM

Just a few words about the solution. Fudo PAM is a relatively new privileged access management solution. Of the key features:

  • Session recording. View session in real time. Connection to the session. Creation of evidence for the trial.
  • Proactive Monitoring. Flexible Policies. Pattern search. Automation of actions.
  • Threat Prevention. Misuse of Accounts. Threat level assessment. Anomaly detection.
  • Search for responsible. In the case of using one account for logging in by several users.
  • Performance analysis. Individual users, departments or entire organizations.
  • Precise access control. Restriction of traffic and access for users at certain intervals.

Well, the most important plus is that it unfolds literally within a couple of hours, after which the system is ready for use.

For those who are interested in the product, in .... a webinar will be held with a detailed overview and demonstration of the functionality. We will move on to the real problems that can be found in the pilot projects of privileged access control systems.

1. Network administrators regularly open access to prohibited resources

Oddly enough, but the first incidents that can be detected are violations by administrators. Most often - illegal change of access lists on network equipment. For example, to open access to a prohibited site or for a prohibited application. It should be noted that such changes may then remain in the hardware configuration for years.

2. Using one account by several administrators at once

Another common problem associated with administrators. Sharing one account between colleagues is a very common practice. Convenient, but after that it is quite difficult to understand who exactly is responsible for this or that action.

3. Remote workers work less than 2 hours a day

Many companies have remote employees or partners who need access to internal resources (most often remote desktop). Fudo PAM allows you to monitor real activity within such sessions. It is often found that remote workers work much less than advertised.

4. Use the same password for multiple systems

Pretty serious problem. Remembering multiple passwords is always difficult, so often users use a single password for absolutely all systems. If such a password is “leaked”, then a potential intruder will be able to gain access to almost the entire IT infrastructure.

5. Users have more rights than intended

It is often found that users with seemingly reduced rights turn out to have more privileges than they should. For example, they can reboot the controlled device. As a rule, this is either an error of the issuer of rights, or simply shortcomings of the built-in system for delimiting rights.

Webinar

If you are interested in the topic of PAM, then we invite you to upcoming Fudo PAM webinarwhich will take place on November 21st.

This is not our last webinar this year that we are going to host, so stay tuned (Telegram, Facebook, VK, TS Solution Blog)!

Source: habr.com