IDSO-013: All privileged access rights are continuously discovered

Description: Privileged access rights can be created from a number of sources – operating systems include built in admin rights; privileged users may confer privileged rights on other users or create privileged accounts. Applications may also inherit privileged accounts/rights in various ways; group membership changes may also confer privileged access rights. It is imperative to detect when new privileged rights are conferred so they can be properly audited, managed, and revoked.

Benefit: Reduces the threat landscape by limiting the abuse of privileged access for the purposes of lateral movement. Detect and automatically resolve policy-violating privilege access grants to maintain continuous compliance.

Watch the deep dive webinar to learn more about this security outcome.

Implementation Approaches

Security Frameworks

NIST Cybersecurity Framework 1.1

  • PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
  • PR.AC-3: Remote access is managed
  • DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed

NIST SP 800-207; Zero Trust Architecture

  • 3: Continuous diagnostics and mitigation (CDM) system
  • 3: Data access policies
TitleLocal Agent Discovery
Technology ComponentsPrivileged Access Management (PAM)
DescriptionSoftware agent is installed on every target system in order to continuously monitor and report any new privileged access created. Data is sent to a central management console for easy admin viewing, reporting and policy enforcement.
Pre-requisitesSoftware distribution system for local software agent
Asset management to identify target systemsNetwork connectivity for local agents to communicate to PAM
PAM is configured to control access based on continuous discovery of privileged access
Supporting Member CompaniesBeyondTrustCentrifyCyberArk
TitleAgentless Discovery via API Integration
Technology ComponentsPrivileged Access Management (PAM)
DescriptionPAM solution using native target system APIs to continuously monitor and report any new privileged access created.
Pre-requisitesTarget System exposes API for privileged access monitoring and control
PAM is integrated with these APIs on target systems
PAM is configured to control access based on continuous discovery of privileged access through APIs exposed by the target system
Supporting Member CompaniesBeyondTrustCentrifyCyberArkRemediant
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.