The concept of “privileges”, or “high powers”, is fundamental in securing computers and networks, but this has not always been the case. It took several sophisticated attacks for the market to start taking a closer look.
Gartner listed Privileged Access Management (PAM) as the number one security project, along with nine others, and considers that “ the received signal strength indicators (RSSI) should focus on these ten security projects, to reduce risk and have a significant impact on the business.”
Originally, privileged accesses referred to the shared accounts that IT teams and administrators used to maintain networks and systems, with visibility and total control over system data and information. Anyone who controlled these accounts controlled the network.
Sarbanes-Oxley Act:
The introduction of the Sarbanes-Oxley Act (SOX) in 2002 made it possible for the protection of high-power accounts to become, for the first time, necessary for the compliance of a major regulation; before new U.S. laws such as the Health Insurance Portability and Accountability Act (HIPPA) continue these efforts. SOX thus constitutes the stage at which regulators have begun to understand the extent of the power that individual users, benefiting from privileged accounts, have been able to gain over networks and data.
The danger of this power was first demonstrated during the 2008 attack on the FiberWAN network in the city of San Francisco. Indeed, dissatisfied system administrator Terry Childs locked access to the network by resetting the administrator passwords for switches and routers, and by creating a new password giving him exclusive access to the systems.
This major denial of service attack (DDOS) was therefore made possible by an internal and malicious individual in possession of access to privileges. But what would have happened if Terry Childs had been an external attacker?
PAM: An extended scope
The answer appeared a few years later. From Edward Snowden to Yahoo!, to the US Office of Personnel Management (OPM) and the attacks against SWIFT or Uber, the common denominator of these attacks is the exploitation by access hackers traditionally attributed to an employee with very high administrator privileges; which allows them to launch and execute their attacks.
Today, privileged identifiers are present in each network, and the threat landscape continues to expand and become more complex. Attackers are aware of this, which is why the majority of today’s sophisticated attacks rely on the use of privileged identifiers to reach the most sensitive data, applications, and infrastructures of their targets.
Privileged Access Management (PAM) technologies help companies monitor and control access to high-power accounts as part of their compliance program. There was a time when it was his only role; however, compliance is not equal to security, and innovative PAM tools also protect companies from many attack techniques and internal threats like Terry Childs or Edward Snowden. They effectively prevent attacks that go beyond the perimeter, thereby protecting critical infrastructure, data, and assets.
Privileged accounts, secrets, and identifiers are in all large IT projects. From critical business applications to DevOps, to the cloud, through the automation of robotic processes and to connected objects; privileges exist and are necessary for the proper functioning of these initiatives. This is the reason why the management of privileged accesses namely the fact of managing and securing high-power accounts, secrets, and identifiers — is now recognized as the priority project on which RSSIs must be focus to mitigate risks that target businesses.
In addition, we believe that Foxpass has reaffirmed that strong security begins with good cyber hygiene and by securing the credentials and accounts used by hackers to achieve their objectives.
IT and security managers need to be more aware of the dangers of insecure Privileged Access Management by reading info at Foxpass.
