FEATURE
Organisations have
increasingly turned
to Privileged Access
Management (PAM)
systems which
impose control and
management on
accounts using the
principle of least
privilege.
privileged identities can be difficult, let
alone stopping a malicious party from
accessing them.
For this reason, organisations have
increasingly turned to Privileged Access
Management (PAM) systems which
impose control and management on
accounts using the principle of least
privilege. Unfortunately, even PAM
struggles under real-world conditions
in which many privileged accounts
slip through the net to the extent that
Gurucul estimates from customer data
that up to half remain unknown to IAM
or PAM platforms.
Hidden accounts
Insider abuse is often cast as a general
willingness by one or more employees
to misuse systems but an essential
part of this is the way they exploit
privileged access. This can be both
abuse of privileged accounts for which
an individual has permission, but which
is being misused, as well as access
to non-authorised accounts. Clearly,
permissions don’t act as a barrier to
either because one form of access might
appear legitimate while the other would
remain invisible.
On top of this is access bloat where over
time, multiple users have been given
access to a resource. This is not only
a bad idea because it stretches user
management but expands the attack
surface for cybercriminals looking to
execute a phishing attack. Finally, there
is the under-estimated weakness of
credentials and root keys left exposed in
the cloud, which can allow an attacker to
not only set themselves up as the admin
but potentially lock out existing ones.
Indeed, the cloud poses huge challenges
of its own, not least because it has been
the biggest driver for the expansion of
privileged and risky accounts.
This uncertainty can now be addressed
using Identity Analytics (IdA) technology,
which uses Machine Learning to
discover and analyse privileged
accounts and account access, working
as an extension to existing IAM and
PAM to spot accounts that are not
being controlled. This includes not
only accounts that have acquired more
privileges after they were provisioned but
also privileged credentials embedded
within applications and unstructured
data. IdA is particularly effective at
finding associated accounts that might
aid hidden backdoor access, which are
today a major risk area for organisations
of all sizes.
Using Machine Learning to do this is
ideal because it’s a technology perfectly
suited to detecting anomalous access
once it has modelled what
baseline access looks like for
an organisation. It’s also good
at spotting and risk scoring
orphaned or dormant ‘access
outlier’ accounts that will often
be unknown to admins. Once
these accounts have been
brought to the attention of
admins, decisions can be made
about which to de-provision or
impose additional authentication
upon on the basis of peers,
activities and context, a process
which can be automated
through API integration
with provisioning platforms.
Achieving the same result
through manual methods and
old-world rules – the traditional
technique for housekeeping
privileged accounts – would
be both time consuming and
almost certainly fail at some point.
It’s a lot to take in: organisations move
to IAM, mature with PAM and then fill in
the gaps and exceptions with IdA. But
what is ultimately driving this evolution is
the increasing complexity of businesses
that now depend on cloud access, rapid
development and ever more layered
security. This is how business is and
there is no evidence these trends
will slow down. IdA, then, is another
technology a company can use to make
sense of this riskier world. u
50 Issue 24 | www.intelligentciso.com