Intelligent CISO Issue 24 | Page 50

FEATURE Organisations have increasingly turned to Privileged Access Management (PAM) systems which impose control and management on accounts using the principle of least privilege. privileged identities can be difficult, let alone stopping a malicious party from accessing them. For this reason, organisations have increasingly turned to Privileged Access Management (PAM) systems which impose control and management on accounts using the principle of least privilege. Unfortunately, even PAM struggles under real-world conditions in which many privileged accounts slip through the net to the extent that Gurucul estimates from customer data that up to half remain unknown to IAM or PAM platforms. Hidden accounts Insider abuse is often cast as a general willingness by one or more employees to misuse systems but an essential part of this is the way they exploit privileged access. This can be both abuse of privileged accounts for which an individual has permission, but which is being misused, as well as access to non-authorised accounts. Clearly, permissions don’t act as a barrier to either because one form of access might appear legitimate while the other would remain invisible. On top of this is access bloat where over time, multiple users have been given access to a resource. This is not only a bad idea because it stretches user management but expands the attack surface for cybercriminals looking to execute a phishing attack. Finally, there is the under-estimated weakness of credentials and root keys left exposed in the cloud, which can allow an attacker to not only set themselves up as the admin but potentially lock out existing ones. Indeed, the cloud poses huge challenges of its own, not least because it has been the biggest driver for the expansion of privileged and risky accounts. This uncertainty can now be addressed using Identity Analytics (IdA) technology, which uses Machine Learning to discover and analyse privileged accounts and account access, working as an extension to existing IAM and PAM to spot accounts that are not being controlled. This includes not only accounts that have acquired more privileges after they were provisioned but also privileged credentials embedded within applications and unstructured data. IdA is particularly effective at finding associated accounts that might aid hidden backdoor access, which are today a major risk area for organisations of all sizes. Using Machine Learning to do this is ideal because it’s a technology perfectly suited to detecting anomalous access once it has modelled what baseline access looks like for an organisation. It’s also good at spotting and risk scoring orphaned or dormant ‘access outlier’ accounts that will often be unknown to admins. Once these accounts have been brought to the attention of admins, decisions can be made about which to de-provision or impose additional authentication upon on the basis of peers, activities and context, a process which can be automated through API integration with provisioning platforms. Achieving the same result through manual methods and old-world rules – the traditional technique for housekeeping privileged accounts – would be both time consuming and almost certainly fail at some point. It’s a lot to take in: organisations move to IAM, mature with PAM and then fill in the gaps and exceptions with IdA. But what is ultimately driving this evolution is the increasing complexity of businesses that now depend on cloud access, rapid development and ever more layered security. This is how business is and there is no evidence these trends will slow down. IdA, then, is another technology a company can use to make sense of this riskier world. u 50 Issue 24 | www.intelligentciso.com