Privileged access management (PAM) has become an essential part of effective cybersecurity. In its first Magic Quadrant for Privileged Access Management, published on Dec. 3, 2018, Gartner made the necessity for PAM clear: “Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.”
PAM solutions such as CyberArk’s Core Privileged Access Security platform enable you to centrally protect and manage privileged credentials. CyberArk also provides tools for managing privileged access for systems, databases, applications, containers, and DevOps, and enforcing least-privilege access across all endpoints. CyberArk Discovery and Audit (DNA) scans your environment to locate all privileged credentials, identify vulnerable systems, and assess privileged access security risks.
It’s important to note, however, that PAM is not a one-time project or a “set-and-forget” operation. Many organizations start small with PAM on mission-critical systems. In that case, they need criteria for prioritizing other systems and applications and a timeline for bringing them into their PAM environments. They also need processes for onboarding new systems, applications, and cloud instances.
As more administrators and users begin accessing systems via the PAM tool, they will need to be trained in PAM processes and educated as to why PAM is important. Training must also be provided for application and database owners, software developers, and support staff.
Analytics, however, is the most important component of a mature PAM strategy. A PAM platform should be able to monitor privileged sessions and maintain an audit trail of privileged access activity. As more and more data is collected over time, an organization will have a rich resource that can be analyzed to detect policy violations and possible attacks.
Audit logs can help users determine if accounts have excess privileges or if privileged credentials are being shared by multiple users. Analytics tools should also be able to spot privileged accounts accessing critical systems at unusual times or locations, or a high volume of attempted privileged access or escalation that could point to a brute force attack.
CyberArk provides advanced functionality to aid in PAM analytics. The Enterprise Password Vault maintains an audit log detailing which individuals used which privileged credentials, when, and why. Clango’s Cyber Analytics Reporting Tool (CART) makes it easy for users to view, manipulate, and report on CyberArk data without database or coding skills.
Privileged Session Manager monitors and records privileged sessions and works with Privileged Threat Analytics to conduct risk assessments in real time. Data is gathered from multiple sources, correlated, and analyzed using statistical and deterministic algorithms. This enables CyberArk to alert on suspicious activities so IT teams can quickly block and remediate attacks. Active and recorded sessions are prioritized according to risk to streamline review. These capabilities can be extended natively and transparently to cloud platforms and applications, Window clients, and device command-line interfaces.
Implementing a PAM solution is the first step toward improved security — but only the first step. You need a strategy for bringing systems into your PAM environment, educating users, and monitoring and analyzing privileged activities. CyberArk gives you everything you need in one powerful platform.
For more information about PAM analytics, please send us an email at (email@example.com).