Privileged Access Management Best Practices - Behavior Analytics Can Prevent the Big Breach

Key takeaways from András Cser, Principal Analyst of Forrester

This blog comments on PAM best practices with special focus on privileged behavior analytics.

One Identity had the opportunity to interview András Cser, vice president and principal analyst of Forrester, about how the firm sees the Privileged Access Management (PAM) market and its challenges, drivers and future. Watch the videos of the interview to hear our frank conversation and András’ recommendations on how to get PAM right. 

It seems that every day we hear about large, well-known companies being hacked and precious customer data being stolen. It continues to happen despite millions of dollars spent on firewalls, antimalware, IDS/IPS and other systems. The bad guys – who could be external hackers or a rogue insider – still manage to wreak havoc. It turns out that privileged accounts are often the avenue for malfeasance. According to Forrester, about 80 percent of data breaches are somehow connected to the misuse of privileged accounts. It’s a shocking stat for sure.

What does it mean? It seems that many organizations do not pay enough attention to protection against attackers’ most popular method: stealing privileged passwords. Once they get their hands on these, they have the keys to the kingdom.

No doubt that password vaulting is a must-have for every organizations, small and big. But obviously storing and managing privileged passwords in a secure way is not enough. What else could be done? Companies should track what the admins are doing once they check out passwords from the safe to see which servers they are accessing, what commands they are executing, how they are modifying the firewall configuration or dumping sensitive databases.

Andras from Forrester says this is where privileged session monitoring and analytics (should) come into the picture.

Indeed, Privileged Behavior Analytics are increasingly important piece of the puzzle in understanding privileged activities and catching privilege misuse. Thanks to emerging technologies – such as machine learning, behavioral biometrics (e.g. mouse movement characteristics) and anomaly detection – analytic tools can detect deviations from the normal behavior in real-time. Privileged analytics is the hottest topic in the PAM space today. It can provide tremendous help to security teams in identifying the risk level and behavioral anomalies by admins.

So, watch the video interview to see recommendations from Andras to help organizations get PAM right, which includes:

  • Enforcing two-factor authentication
  • Implementing role-based access control (RBAC)
  • Building privileged access governance practices and
  • Auditing and analyzing privileged user data 

Audit EVERY action of privileged users from checking out passwords via elevating privileges to executing commands on the remote servers. Auditing is crucial to meeting compliance requirements as well. Data from auditing is the best source to build baseline profiles of users, which then can be used to detect and identify unusual activity and sound the alarm. If you are equipped with these tools, you stand a better chance of preventing privileged ID theft and insider threats.

Watch the full video series with Forrester’s Principal Analyst here.

Anonymous